A Simple VPN Implementation

How to do things, solutions, recipes, tutorials
Message
Author
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

A Simple VPN Implementation

#1 Post by OscarTalks »

LATEST UPDATE
Experimental "vpn-onoff" packages now Version 0.2

- DNS handling, Switches when you click into VPN and back again when you click out of VPN. The instruction to do this must be in the configuration file. The VPNbook config files have this included.

- OpenVPN Version upgrade from 2.4.6 to 2.4.7

- FreeVPN.me server configurations have all changed. Configuration files updated accordingly. A 7th server freevpn.eu has been added.

- Splash message no longer exits on mouse-over

http://smokey01.com/OscarTalks

PREVIOUS UPDATE
I am now putting together some packages which contain everything to give all the features described in this thread. More details in this post here:-
http://murga-linux.com/puppy/viewtopic. ... 4&start=30

MOST OF THE ORIGINAL THREAD IS BELOW
________________________________________
This method uses openvpn and the free service provided by VPNbook.
Another free provider freevpn.me is also used.

1) Install openvpn. (Not needed if using vpn-onoff because already included)
Best to compile from source. There are some I compiled here if you prefer:-
http://smokey01.com/OscarTalks
Use the command which openvpn and/or openvpn --version to verify that it is installed.
Installing via PPM may or may not work and often offers older versions.

2) Install the vpn-activator .pet package (NOW REMOVED). This contains the config files for vpnbook (in /etc), scripts to start and stop VPN (in /usr/bin), the 2 .desktop files and the icon. This gives 2 menu entries "VPN-Start" and "VPN-Stop" in the Network section.
NOTE: Many of the config files from VPNbook in this original package no longer work.
EDIT: This old and outdated package has now been removed.

3) If /dev/net/tun does not exist in your system, use boot manager to add the kernel module named tun and reboot (or enter "modprobe tun" in terminal if running without save). LATER:- I have added code for this to the VPN-Start script so there is more chance of it working without the need for this step now.

4) Go to http://vpnbook.com and grab the Open VPN password. Paste this into the second line of /etc/vpn-onoff/vpnpass (replace the word "password"). Save and close.

5) Click the VPN-Start menu entry and wait for around 30 seconds
Your default browser should open and connect to http://my-ip-address.co in order to show that you are connected via the VPNbook server.

5) To deactivate the VPN, click the VPN-Stop menu entry and wait a few seconds.
Your default browser should open and show your normal IP address.

NOTES

1) If you try to start it when it is already running, or stop it when it is not running, you should just get a simple notification telling you.

2) The VPNbook password changes a couple of times a month. When this happens you will need to grab the new one and paste it in (which is a simple step). If your browser opens showing that the VPN has not activated this is usually the cause.

3) The available VPNbook servers are Canada, Germany, Poland, France, USA1 and USA2. Some of these allow p2p as well as surfing, see their website for details of which. To switch to a different server, delete the symlink /etc/vpn-onoff/vpnconfig, right-click the desired vpnbook config file in /etc/vpn-onoff and create a new symlink with the name vpnconfig (to replace the one you deleted) and then restart openvpn.

4) This method can easily be adapted for other VPN providers.

5) Obviously this is just a simple yet effective system that works for me. There is scope for further development such as a tray notification (EDIT:- See a few posts down) and a gtkdialog GUI. Ideas are welcome. Other VPN systems are available.
Attachments
vpn-menu-entries.jpg
Menu entry "buttons" to activate and deactivate the VPN once the password has been set. Just click and wait. Starting can take 20 to 30 seconds.
(96.5 KiB) Downloaded 5879 times
vpn-already-running.jpg
Clicking VPN-Start when it is already running should give you this notification
(16.59 KiB) Downloaded 5896 times
vpn-not-running.jpg
Clicking VPN-Stop if it is not running should give you this
(15.28 KiB) Downloaded 5898 times
Last edited by OscarTalks on Sun 21 Apr 2019, 17:11, edited 6 times in total.
Oscar in England
Image

User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#2 Post by trapster »

Any chance you have OpenVPN for puppy 410 ?
It's been my media server ever since it came out. Too many customizations to upgrade.
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#3 Post by OscarTalks »

Hello trapster,

Sorry, but I'm afraid I don't have anything that old. I usually only tinker with Wary5 or later.
Oscar in England
Image

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#4 Post by OscarTalks »

As an alternative to VPNbook, folks may wish to take a look at another free VPN provider.
I have been conducting a few tests with it and it seems to be working well.
They claim "no logging", torrents are allowed and the speed seems satisfactory.

There are 6 domains:-
https://freevpn.me
https://freevpn.se
https://freevpn.im
https://freevpn.it
https://freevpn.be
https://freevpn.co.uk

They have 6 servers to choose from. These show as being located in France, UK, Russia and Ukraine.
The config file bundle gives a choice of 2 TCP ports and 2 UDP ports for each server.
I have used TCP port 80 in all my tests so far.
I made a few changes to each of the config files:-
auth-user-pass /etc/vpnpass (I added the path to my passfile)
auth-nocache (added to stop any cache of passwords)
comp-lzo no (add this if it is missing)
ns-cert-type server (delete this line - deprecated)

Using my simple VPN implementation I put the 6 config files (one for each of the 6 servers) in /etc
To select the server I delete the symlink /etc/vpnconfig and create a new symlink with that same name (linking to the desired config file).

Then I grab the corresponding username and password for the selected server from the website and paste those into the first and second lines of /etc/vpnpass
The password seems to be changed once or twice per month.

The system then should activate and deactivate from the Menu "Buttons".

If ever you want to run a bit of a diagnostic, once all files are in place, open a terminal and enter:-
openvpn --config /etc/vpnconfig
Study the output.
Hopefully you will get to the line "Initialization Sequence Completed".
Any errors should point you towards the problem.
Any warnings may assist in further editing of the config file but this is probably optional.
Last edited by OscarTalks on Fri 18 May 2018, 15:03, edited 1 time in total.
Oscar in England
Image

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#5 Post by OscarTalks »

Using a few steps I have added a tray notification icon plus a splash message on start-up.

1) The start-up process does take 20 to 30 seconds so I added a "Please Wait" message using gtkdialog-splash which times out after 15 seconds. I put this in the VPN-Start script before the step which starts openvpn:-

Code: Select all

gtkdialog-splash -timeout "15" -text "Please Wait up to 30 Seconds" -icon "/usr/share/pixmaps/network-vpn.png" &
2) I made a version of the icon scaled down to 16 x 16 and named network-vpn16.png in /usr/share/pixmaps. This is used to keep the tray icon right-click pop-up from being too big. If you prefer a bigger one you can use the 48 x 48 icon.

3) Use yad --notification to create the tray icon.
Many Puppies have a rather old version of yad (0.12.x). Some Puppies don't have it at all. I used version 0.40.0 compiled from source with ./configure --prefix=/usr make make install.
Then I renamed the executable to yad-vpn
This allows me to start and kill this yad independently of any other instance of yad that may be running. (The newly created yad-vpn executable is in /usr/bin alongside the standard yad executable which may be the old version or a copy of the new version with the name unchanged).

4) Then I added a launch of yad-vpn as a tray applet to the VPN-Start script (after the step which launches the browser).
The initial browser launch is effectively a notification and it can be closed once you have observed it. I prefer to use NetSurf or Dillo for this rather than a big browser actually. The tray icon is in fact an indication that the VPN-Start script has been run. It does not guarantee that the VPN has been activated.
Mouse-over and the tooltip says "VPN Active?".
Left-click opens the browser again to check IP address and server location.
Right-click offers a pop-up button for VPN-Stop (alternative to using the Menu Entry Button).

Code: Select all

yad-vpn --notification --no-middle --image="/usr/share/pixmaps/network-vpn.png" --icon-size="48" --text="VPN Active?" --command="defaultbrowser http://my-ip-address.co" --menu="VPN-Stop!vpn-stop!/usr/share/pixmaps/network-vpn16.png" &
5) The step killall yad-vpn is added to the VPN-Stop script after the step to killall openvpn. This removes the tray notification but avoids killing any other yad.

Maybe not the most sophisticated solution, but for someone who just likes to click in and out of VPN from time to time it is nice to have the notification icon there as a reminder with a bit of basic functionality too.
Attachments
vpn-start-splash.jpg
Splash message to "Please Wait" while VPN tries to start.
(14.39 KiB) Downloaded 5907 times
vpn-tray-tooltip.jpg
Mouse-over tooltip says "VPN Active?" (question mark). Left click opens browser to check IP address and server location
(13.92 KiB) Downloaded 5912 times
vpn-tray-rightclick.jpg
Right-click pop-up offers VPN-Stop
(19.73 KiB) Downloaded 5923 times
Oscar in England
Image

Devonian
Posts: 11
Joined: Thu 30 Mar 2017, 08:32
Location: U.K.

using ipvanish

#6 Post by Devonian »

Can anyone please explain how to use ipvanish with this program, I am not sure where to edit in the user and password and how to access the opvn and profile files which I have placed in etc.
Thanks.

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#7 Post by OscarTalks »

Hello Devonian,

I have never tested ipvanish specifically.

As a general rule the username and password go in the first and second lines (respectively) of /etc/vpnpass

Your .ovpn file is your config file.
To use it, delete the existing symlink /etc/vpnconfig
Right-click your .ovpn file in /etc and create a new symlink to it, but give the new symlink the name vpnconfig (in /etc replacing the one just deleted).

Those should be the two fairly simple steps.
Not really sure what you mean by profile files. Is this a bundle of .ovpn files?
The provider may be giving you stuff which is surplus to requirements.
Oscar in England
Image

Devonian
Posts: 11
Joined: Thu 30 Mar 2017, 08:32
Location: U.K.

#8 Post by Devonian »

Thanks Oscar.
I have re-loaded the program and downloaded fresh ovpn files from ipvanish but when I run the START the computer freezes apart from the cursor movement and I have to force a stop by holding the cpu off buton.
The ipvanish opvn format is very different to the vpnbook one. Instead of two 20 line data blocks which I assume is the encoding parameter, there is a single line of data. I wonder if the program is not compatible with this.
You are correct in guessing that the configuration file contains all the opvn files compressed.

Devonian
Posts: 11
Joined: Thu 30 Mar 2017, 08:32
Location: U.K.

#9 Post by Devonian »

For the present I will go back to using ipvanish in the Windows environment. This does have a very useful additional feature in that there is a graphical presentation of the download speed so that you can abort if the server speed is unacceptably low.

Thanks again for your help,

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#10 Post by OscarTalks »

If ever you decide you want to look at it again I am willing to try to help, but of course it can be rather difficult without seeing exactly what you have in front of you and what steps you are taking. The VPN provider may be expecting you to use some sort of GUI to connect and switch between their servers. If so, you would need to ignore all that and probably lots of other stuff besides.

With the bundle of .ovpn files, I would expect that each one will relate to a specific combination of server IP, protocol (tcp or udp), and port number. With my simple system it is a case of choosing the one you want to use, plucking it out and using it to configure your openvpn. To change any (or all) of those 3 parameters you would switch the symlink to a different .ovpn file and restart. Not sure if the thing you were trying to START was the script or something else.
This thread was really a bit of "thinking out loud" but my system is working well for me so I thought others might find it helpful.
Oscar in England
Image

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#11 Post by OscarTalks »

The Free VPN dot me people have added 2 more servers
https://freevpn.be
https://freevpn.co.uk

For me, these work equally as well as vpnbook if not better.
Use at your own risk though.
I have edited my earlier post which talks a little more about these services.
http://murga-linux.com/puppy/viewtopic. ... 04&start=3
Oscar in England
Image

User avatar
paulh177
Posts: 975
Joined: Tue 22 Aug 2006, 20:41

#12 Post by paulh177 »

I note that freevpn.co.uk has implemented privacy over its whois entry, but their latest IP address for a vpn endpoint is given as 77.73.68.13.

A whois on this gives a registrant of Fishnet Communications in Leningrad/St.Petersburg, just round the corner from the notorious "Internet Research Agency trollfarm.

I'm not going to get all tinfoil-hat on your ass, but I think it's prudent to be careful when signing up to free services with no real public face.

It might all too easily turn out that "no logging" and "private browsing" means no such thing.

ortloffa
Posts: 33
Joined: Fri 18 Aug 2006, 22:12
Location: Metairie, Louisiana, USA

vpn-activator.pet

#13 Post by ortloffa »

I dont see it in http://smokey01.com/OscarTalks or in Puppy Package Manager....

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#14 Post by OscarTalks »

Hello ortloffa,
There are some early scripts and files available for download in the first post, but really this thread is more of a case of "thinking out loud" and I would suggest readers work through it and put together a package of their own for their own Puppy version. Packages really need to be compiled for the specific version so I would have to assemble and upload lots of different ones. I might try to produce a couple, maybe for Xenial since it is the most recent official Puppy. I am using this regularly in Stretch and Wheezy and it works very well for me.

Hello paulh177
You are wise to advise folks to be careful. Thanks for emphasising that. Maybe I should not have even mentioned the freevpn.me provider, but it has been apparently OK here so far. Perhaps anything sinister would be deliberately hidden from the user and therefore difficult to spot, but all I can say is that if anyone does report any confirmed issues I will edit my earlier posts. I have not come across any negative reports about vpnbook so users may want to stick with using that.

One thing I will mention is that I found and fixed an issue.
If the openvpn daemon failed to start or stopped at any time (maybe because of a password problem for example), running VPN-Stop would not remove the tray icon.
I just added a couple of lines of code
Now when I click the "OK" button in the gxmessage window
If yad-vpn (the tray icon) is running
Then killall yad-vpn
Now everything is working as it should in all scenarios.

I am also thinking that it might be good to have the configuration files in a sub-directory in /etc just to keep things more tidy.
Oscar in England
Image

ortloffa
Posts: 33
Joined: Fri 18 Aug 2006, 22:12
Location: Metairie, Louisiana, USA

Sorry right in front of me.

#15 Post by ortloffa »

I am using Zenial and it works. thanks. Dont know how I missed the link.

thanks!

Mr.Spenalzo
Posts: 6
Joined: Thu 28 Sep 2017, 17:29

A Simple VPN Implementation

#16 Post by Mr.Spenalzo »

Hello OscarTalks. Thank you for this! Works great on 32 bit TahrPup.

freddieodom

#17 Post by freddieodom »

Very useful and in-depth post. I amazed to read it. Can you let me know that Astrill VPN can run with this program? Thanks

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#18 Post by OscarTalks »

Thanks for the comments.
It is difficult to give a definitive answer regarding Astrill VPN or any of the other paid-for VPN services unless I sign up for them, but generally speaking it should be possible to use this system to access their services. I took a brief look and it appears that they do support OpenVPN which is what my system uses. If you sign up, they should provide you with a bundle of .ovpn configuration files. These are just text files. Not sure if you may also need to grab certificates and add those in as well. Often they are already included in the .ovpn file. Their wiki had some information which you might need to study. Essentially though, you just pluck out the .ovpn file for the VPN server you want to access and use that.
Oscar in England
Image

freddieodom

#19 Post by freddieodom »

Thank you so much @OscarTalks for taking time for me.

foxpup
Posts: 1132
Joined: Fri 29 Jul 2016, 21:08

openvpn in RC3 dPupStretch from radky

#20 Post by foxpup »

I tried simple VPN in the RC3 for Stretch from radky.
I expected that the openvpn pet for stretch from OscarTalks would work, but it didn't.

I compiled it from source then, and now it does work. The version is now 2.4.6.
You can download it here: https://drive.google.com/open?id=1Ead00 ... u5hxaJkm0f

Post Reply