enrique,
I don't want to take any chances and system-level risk. I am not proficient in Linux. Maybe I will try your advices later. Thanks for help anyway.
A Simple VPN Implementation
I am sorry if I did scare you with the warning it was not my intention. Please notice that this commands are just normal uses. WE are only using openssl and openvpn via command line. Command line because we want to see the response to find the problem. That is all. No changes are made. I am talking about:
This command ONLY ask openssl to establish a secure connection (HTTPS) with google.com. Purpose is to see if it does completes without errors.
At the end you need to do [CTRL]-C to close it or close the Terminal Window..
This command ONLY connect to a vpngate server using OpenVPN terminal. Again Purpose to look at the errors.
At the end you need to do [CTRL]-C to close it or close the Terminal Window..
Up to here no changes to the system are made. Now the CA installation procedure do change your settings. I will be around. You can always send me a PM to wake me up if I do not response.
This command ONLY ask openssl to establish a secure connection (HTTPS) with google.com. Purpose is to see if it does completes without errors.
Code: Select all
openssl s_client -connect google.com:443 </dev/null | openssl verifyThis command ONLY connect to a vpngate server using OpenVPN terminal. Again Purpose to look at the errors.
Code: Select all
openvpn --config vpngate.ovpn --script-security 2 --capath /etc/ssl/certsUp to here no changes to the system are made. Now the CA installation procedure do change your settings. I will be around. You can always send me a PM to wake me up if I do not response.
I forget about netinfo.yad, thanks!enrique wrote:I try your file and works perfect.
You need to make sure you new Kodi VPN-start and your netinfo.yad are executable and store at /usr/bin
You should mod also vpn-start so that it also call netinfo.yad instaed of the browser.Code: Select all
chmod + /usr/bin/netinfo.yad chmod + /usr/bin/vpn-start
Last edited by markv on Fri 26 Jun 2020, 14:36, edited 1 time in total.
-
OscarTalks
- Posts: 2196
- Joined: Mon 06 Feb 2012, 00:58
- Location: London, England
OpenVPN latest release is now 2.4.9
OpenVPN works in conjunction with OpenSSL and it is always good to have your versions of both as recent as possible.
OPENSSL VERSIONS
Debian and Ubuntu compile their openssl with versioning symbols so you have to be careful when compiling and installing openssl from source, otherwise programs complain about "No Version Information" in the library. By tailoring your build environment you can install latest openssl (eg 1.1.1g) from source and then link openvpn against that. Libraries of openssl which have different numbers can co-exist in your system, but openssl 1.1.0 and openssl 1.1.1 both have the number suffix 1.1 so in the case of some Puppies which have 1.1.0 it is probably not good to upgrade to 1.1.1 system-wide from source?
Bionic is a dilemma because early .isos have 1.1.0 but later .isos have a 1.1.1 upgrade. Probably best to install latest via PPM.
In Tahr, openvpn gives an error against latest openssl which does not happen in other Puppies.
In older Puppies which are earlier than openssl 1.1.0 you can add latest 1.1.1g from source alongside as there are no conflicts. Works fine in Wheezy and Slacko 14.0/14.1
I am open to further clarification on this.
CRYPTOFREE VPN
I am looking at this free service from cryptostorm.is
They provide configs which use Ed25519 or Ed448 encryption which is supposedly extremely secure, but openssl must be at least version 1.1.1
It is working well in my tests. Data amount is unlimited but download speeds are restricted to around 1.6 to 1.8 Mbps (not 160kbps as some reports say). User name and password are wildcard so can be anything.
EXPERIMENTAL PACKAGES
Folks are advised to study this thread and build their own programs in accordance with their needs and wishes, but I am also still putting together some test packages compiled in different Puppies. These are mostly now at version 0.4.0 but should not be regarded as stable releases.
OpenVPN version 2.4.9
OpenSSL version 1.1.1g libs added if 1.1.1 not in the Puppy already (Bionic??)
Configs for CryptoFree added
New configs for freevpn.me which has been reduced to 2 servers now
Network info provided by script (thanks to jafadmin) rather than opening a browser
Different DNS handling avoids messy pushing and pulling and resolvconf - script uses reputable Cloudflare and then restores on disconnect
http://smokey01.com/OscarTalks
OpenVPN works in conjunction with OpenSSL and it is always good to have your versions of both as recent as possible.
OPENSSL VERSIONS
Debian and Ubuntu compile their openssl with versioning symbols so you have to be careful when compiling and installing openssl from source, otherwise programs complain about "No Version Information" in the library. By tailoring your build environment you can install latest openssl (eg 1.1.1g) from source and then link openvpn against that. Libraries of openssl which have different numbers can co-exist in your system, but openssl 1.1.0 and openssl 1.1.1 both have the number suffix 1.1 so in the case of some Puppies which have 1.1.0 it is probably not good to upgrade to 1.1.1 system-wide from source?
Bionic is a dilemma because early .isos have 1.1.0 but later .isos have a 1.1.1 upgrade. Probably best to install latest via PPM.
In Tahr, openvpn gives an error against latest openssl which does not happen in other Puppies.
In older Puppies which are earlier than openssl 1.1.0 you can add latest 1.1.1g from source alongside as there are no conflicts. Works fine in Wheezy and Slacko 14.0/14.1
I am open to further clarification on this.
CRYPTOFREE VPN
I am looking at this free service from cryptostorm.is
They provide configs which use Ed25519 or Ed448 encryption which is supposedly extremely secure, but openssl must be at least version 1.1.1
It is working well in my tests. Data amount is unlimited but download speeds are restricted to around 1.6 to 1.8 Mbps (not 160kbps as some reports say). User name and password are wildcard so can be anything.
EXPERIMENTAL PACKAGES
Folks are advised to study this thread and build their own programs in accordance with their needs and wishes, but I am also still putting together some test packages compiled in different Puppies. These are mostly now at version 0.4.0 but should not be regarded as stable releases.
OpenVPN version 2.4.9
OpenSSL version 1.1.1g libs added if 1.1.1 not in the Puppy already (Bionic??)
Configs for CryptoFree added
New configs for freevpn.me which has been reduced to 2 servers now
Network info provided by script (thanks to jafadmin) rather than opening a browser
Different DNS handling avoids messy pushing and pulling and resolvconf - script uses reputable Cloudflare and then restores on disconnect
http://smokey01.com/OscarTalks
Oscar in England
-
nilsonmorales
- Posts: 972
- Joined: Fri 15 Apr 2011, 14:39
- Location: El Salvador
gettexted version for tahrpup here, please checkit first
cheers.
Spanish locales in other attachment
cheers.
Spanish locales in other attachment
- Attachments
-
- MoManager-es-vpn-onoff-0.3.2-i686-tahr.tar.gz
- Spanish locales/Traducción al español
- (864 Bytes) Downloaded 151 times
-
- gettext_vpn-onoff-0.3.2-i6866-tahr.tar.gz
- gettexted version
- (1.73 KiB) Downloaded 146 times
[b][url=http://nilsonmorales.blogspot.com/]My blog |[/url][/b][b][url=https://github.com/woofshahenzup]| Github[/url][/b]
[img]https://i.postimg.cc/5tz5vrrX/imag018la6.gif[/img]
[img]http://s5.postimg.org/7h2fid8pz/botones_logos3.png[/img]
[img]https://i.postimg.cc/5tz5vrrX/imag018la6.gif[/img]
[img]http://s5.postimg.org/7h2fid8pz/botones_logos3.png[/img]
Regarding protonvpn:
Since my username and password are 1) encrypted and 2) don't change over time, instead of linking the auth-user-pass setting to /etc/vpn-onoff/vpnpass, is there a way to hard code them into the ovpn files?
That way when using Proton one wouldn't need to go to the trouble of changing the vpnpass file.
Tip: Having so many ovpn files in one directory became confusing, so I created separate sub directories for the different groups. Just need to be sure the new vpnconfig link goes to the proper directory, which is a simple matter of deleting out the sub directory name in the provided path. I notice that one does not have to delete the old vpnconfig file but can just choose to replace it when creating the new link. This way also ensures you are selecting the correct name and location because you get the "replace?" prompt therefore knowing you are replacing the file that exists.
Since my username and password are 1) encrypted and 2) don't change over time, instead of linking the auth-user-pass setting to /etc/vpn-onoff/vpnpass, is there a way to hard code them into the ovpn files?
That way when using Proton one wouldn't need to go to the trouble of changing the vpnpass file.
Tip: Having so many ovpn files in one directory became confusing, so I created separate sub directories for the different groups. Just need to be sure the new vpnconfig link goes to the proper directory, which is a simple matter of deleting out the sub directory name in the provided path. I notice that one does not have to delete the old vpnconfig file but can just choose to replace it when creating the new link. This way also ensures you are selecting the correct name and location because you get the "replace?" prompt therefore knowing you are replacing the file that exists.
-
OscarTalks
- Posts: 2196
- Joined: Mon 06 Feb 2012, 00:58
- Location: London, England
@phredo
Not sure if there is a way to put the username and password directly in the .ovpn file.
What you could do is create another passfile just for Proton.
For example /etc/vpn-onoff/protonpass
Best if this file does not have any write permissions.
Put your Proton login details in that.
Then set auth-user-pass to /etc/vpn-onoff/protonpass in the Proton .ovpn file.
Then so long as vpnconfig is a link to the Proton .ovpn file, everything is set and needs no editing.
This leaves the original vpnpass passfile for use with the others if ever you are switching to those.
Not sure if there is a way to put the username and password directly in the .ovpn file.
What you could do is create another passfile just for Proton.
For example /etc/vpn-onoff/protonpass
Best if this file does not have any write permissions.
Put your Proton login details in that.
Then set auth-user-pass to /etc/vpn-onoff/protonpass in the Proton .ovpn file.
Then so long as vpnconfig is a link to the Proton .ovpn file, everything is set and needs no editing.
This leaves the original vpnpass passfile for use with the others if ever you are switching to those.
Oscar in England
Thanks, what a simple, elegant idea! I take it making the file read only is just to keep me from inadvertently changing it?
I notice that freevpn.me reduced their servers to two and find neither of them seem to work much of the time. The next to last time I visited the site, I saw that there were separate passwords for the two servers, and the last time I visited, The link to Server2 didn't work. Is that me, or has anyone else problems with freevpn.me?
I notice that freevpn.me reduced their servers to two and find neither of them seem to work much of the time. The next to last time I visited the site, I saw that there were separate passwords for the two servers, and the last time I visited, The link to Server2 didn't work. Is that me, or has anyone else problems with freevpn.me?
-
OscarTalks
- Posts: 2196
- Joined: Mon 06 Feb 2012, 00:58
- Location: London, England
OpenVPN throws a warning if the passfile has write permissions because it regards it as a security vulnerability. I think it still works and you may not see any warning unless you are looking at it in terminal. Running as root you can still change the login details anyway in fact.
Yes, the freevpn.me service is now down to 2 servers. The link (or tab) for Server 2 account details refuses to load in some browsers but works in others. I think it must be a javascript thing which they have not got quite right. For a time the servers were a bit unreliable and I think there was some confusion about the passwords on the site being wrong, but on the occasions I have tried more recently the 2 servers have both loaded and worked OK.
Yes, the freevpn.me service is now down to 2 servers. The link (or tab) for Server 2 account details refuses to load in some browsers but works in others. I think it must be a javascript thing which they have not got quite right. For a time the servers were a bit unreliable and I think there was some confusion about the passwords on the site being wrong, but on the occasions I have tried more recently the 2 servers have both loaded and worked OK.
Oscar in England
