LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-09-2014, 08:53 PM   #1
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 610

Rep: Reputation: 30
OpenVPN and Linux


Currently I use a commercial (subscription) OpenVPN-based service for general privacy. I have no complaints but I don't like the idea of relying upon commercial service. I started research self-configured OpenVPN and became very overwhelmed.

I am extremely new to the VPN concept, so forgive my ignorance. However, I frequently see these 2 terms: a) server and b) client

My understanding is that the "server" is what I connect to while using my subscription VPN service. The "client" in that case would be my pc.

Is this correct?

If that is correct, then how does that server-client model factor into "Do-It-Yourself" VPN service? Does it mean I would require a 2nd computer to act as a host (server) while my main computer acts as a user (client)?

Or is it possible to put server and client into 1 device (my main pc)?

I appreciate your insight. I would also appreciate any links to "beginner" level information, insight, instruction, etc regarding OpenVPN.

Thank you.

Last edited by MBA Whore; 11-09-2014 at 08:54 PM.
 
Old 11-10-2014, 01:58 AM   #2
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 338

Rep: Reputation: 56
Quote:
My understanding is that the "server" is what I connect to while using my subscription VPN service. The "client" in that case would be my pc.
Correct.

Quote:
If that is correct, then how does that server-client model factor into "Do-It-Yourself" VPN service? Does it mean I would require a 2nd computer to act as a host (server) while my main computer acts as a user (client)?
Yes, it implies a 2nd computer, ideally remote. The do it yourself model is ideal for say, logging into your home computer from work, which may piss off your network admin at work


Quote:
Or is it possible to put server and client into 1 device (my main pc)?
Don't really know if it is possible. Perhaps using the loopback adapter, but why would you want to if privacy is the issue ? It would all go out to your ISP the way it does without the 1 device setup.

What kind of 'privacy' are you after ? It is possible to use DNS servers from your PC that will not track you, ( or use Go Duck Go ) and it is possible to use encryption with emails, and HTTPS is supposed to be encrypted by default.

If you download torrents etc it probably is better to use a VPN though. There are caveats with that too though....

Regards
 
Old 11-10-2014, 01:58 AM   #3
naitso
LQ Newbie
 
Registered: Aug 2010
Posts: 14

Rep: Reputation: 2
OpenVPN and Linux

hi one of the best place to look is here: https://openvpn.net/index.php/open-source/documentation/howto.html

Server is a pc where openvpn run in a "server" mode, for example; a pc at work turned on 24/24 hours that permit the access (openvpn in server/daemon mode) to the work network for the employers from their home pc or laptop when they are out of office...
Run server and client in the same pc have not sense
 
Old 11-10-2014, 09:59 PM   #4
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 610

Original Poster
Rep: Reputation: 30
Well, just general privacy is my goal. I am boring. I don't download torrents and I only used tor to see what that part of the web is like (scary - do not want to go there again).

I suppose my goals would be: encryption of all my outgoing traffic (OpenVPN will do so, correct?) and if possible, disguise my IP. For example, the service I now use somehow makes my IP look like I am in another country. I think the service actually has servers in those countries. I don't necessarily need to appear like I am coming from another country but I would like to disguise my IP somehow.

Would OpenVPN help with those 2 goals?
 
Old 11-10-2014, 10:02 PM   #5
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 610

Original Poster
Rep: Reputation: 30
ceyx - You stated "It is possible to use DNS servers from your PC that will not track you"

Could you (or anyone, really) clarify what that means? Please speak slowly and use small words. LOL.
 
Old 11-10-2014, 10:51 PM   #6
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,114

Rep: Reputation: 330Reputation: 330Reputation: 330Reputation: 330
Quote:
Originally Posted by MBA Whore View Post
I suppose my goals would be: encryption of all my outgoing traffic
Whatever you are connecting to on the other end has to be able to decrypt your traffic. For example, when you connect to a website using HTTPS (as opposed to HTTP), your traffic is encrypted. But that website you are connecting to decrypts your traffic once it makes it there. But points in the middle cannot understand the traffic, although they CAN see where it's coming from and where it's going. Without decryption on the remote end that you are talking to, it would be like you going down to Mexico and speaking Chinese. Sure, you'd be "encrypted", but nobody would understand you and you wouldn't be able to accomplish anything. You'd be talking to yourself, and only yourself. Fairly useless if your goal is to communicate information. You would need another Chinese-speaker to listen to you and understand (decrypt) what you were saying.

Quote:
disguise my IP
Whoever you are directly talking to HAS to know your IP in order to talk back. Say you are "A" and you want to talke to "Z" without Z knowing your IP. You can use a proxy (call that "B") for that. A talks to B, and then B talks to Z on A's behalf. Z never knows A's IP address, but B does. So SOMEBODY will always know your IP address. If hiding your IP address from Z is your goal, then you can use B to do that. But you have to trust B. And Z will know B's address as part of the communication chain.

Quote:
For example, the service I now use somehow makes my IP look like I am in another country.
That would be a proxy service.

Quote:
Would OpenVPN help with those 2 goals?
Not in the way you are imagining. You can't "hide" from the remote end using VPN. Quite the contrary - the remote end will know everything about you. It's the people in the middle that will be cut out of the conversation. VPN provides encryption, and a mechanism for both ends to verify that they are talking to who they think they are talking to. It's not like you can "VPN to Google", and Google won't know who it's talking to. I think that's what you're envisioning (correct me if I'm wrong). But things don't work that way.
 
Old 11-10-2014, 11:04 PM   #7
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 338

Rep: Reputation: 56
Quote:
Would OpenVPN help with those 2 goals?
Yes, OpenVPN would help with those two goals, but from what I have seen the software isn't ( always ) the problem - it is the service provider ie those that run your OpenVPN server for your OpenVpn client that is the problem.

For example, some of them keep logs that can be subject to search, seizure etc. Some keep no logs at all. Some accept bitcoin, some accept Visa, Mastercard - so the latter knows who you are, and so will the authorities.

Another example is when OpenVPN setups use YOUR DNS settings to do your internet searches, so if say you do a search on google of AK-47's, child porn or whatever is taboo, it does not go out the VNP, it uses your IP to do searches, and it would be a direct link to you. Which brings us to DNS :

Quote:
It is possible to use DNS servers from your PC that will not track you
You probably know that DNS is something like the a phone book for the internet, but instead of the choice of yellow pages, white pages, whatever, we have google, yahoo, bing to do conversions for DNS names to IP addresses. It is google et al that do the converting, say of linuxquestions.org into a form the computer can use : 75.126.162.205. Of course google and pals are companies in business to make a sale, so they track your searches. If you look for shoes, or camping equipment for example using google, the next time you surf the web do not be surprised to see shoes on sale in the ads served up with your web browsing.

There are search engines that you can use that will not track your searches, such as Duck Duck Go, and there are DNS providers that you can setup by default in your router and on your computers that will not track your searches. Do a search on them !

There are many who would read this and think it does not go far enough - which is true there is much more you can do ( ala Snowden ) . But if you are just concerned about nosy parkers, and are not doing anything objectionable then this would work.

Read the Terms of Service from your OpenVPN provider. Get off Facebook ! Do not post anything you wouldn't want your Grandma to see

Last edited by ceyx; 11-10-2014 at 11:05 PM.
 
Old 11-10-2014, 11:30 PM   #8
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,114

Rep: Reputation: 330Reputation: 330Reputation: 330Reputation: 330
Quote:
Originally Posted by ceyx View Post
so if say you do a search on google of AK-47's, child porn or whatever is taboo
I search for AK-47's all the time. Is that taboo?
 
Old 11-10-2014, 11:42 PM   #9
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 338

Rep: Reputation: 56
Quote:
I search for AK-47's all the time. Is that taboo?
I don't believe you ! Why would you? Anyhow, my answer would be that the real fear of many out there is giving 'them' a dot that they can group with other 'dots' to connect the dots into a pattern that they want to see - you are evil, and it is retroactive !

I read a story recently about an American Muslim who was born in the States, who went to visit his family in the Middle East. ( One Dot )
Much later, his son used his dads laptop to do searches on Flight Instruction, cause he wanted to learn to fly a glider or whatever. ( Two Dots )

The authorities busted down his door, arrested him and his son, confiscated the computer equipment. It all blew over after a while, but I am sure they were shaken by the incident.

Maybe now he does not use his regular DNS provider ?

The novel 1984 gets into this : the retroactive evidence sifting to paint the picture they wanted to see. Stalin did it too.
 
Old 11-13-2014, 05:18 PM   #10
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 610

Original Poster
Rep: Reputation: 30
DXWow - this got complicated quickly, but I do thank all for the replies.

I am aware of start page and duckduckgo. I use them regularly, even though I don't do anything illegal or taboo.

My VPN service does the following:

a) encrypt all my internet traffic. The company stated I must connect to it before doing anything online in order for the encryption to work.
b) provide proxy service by making my IP address appear as a different IP address. The company has servers in other countries so I assume it routes my encrypted traffic through those overseas servers.
c) the customer support gave me what it called "Google DNS" numbers to use when I first installed the VPN software.

My goal is replicating those 3 functions instead of purchasing them. How can I do it? Is openvpn all I require? Or would I require more?

I hope this followup clarifies my question and goal.

Thank you.

Last edited by MBA Whore; 11-13-2014 at 05:21 PM.
 
Old 11-14-2014, 01:19 PM   #11
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 610

Original Poster
Rep: Reputation: 30
I an closing this thread and reposting in the "Networking" section which seems more relevant.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN assigning public & static IPs to pcs/devices behind an OpenVPN client dgonzalezh Linux - Networking 6 07-18-2010 10:50 AM
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 03:20 AM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM
Error When converting Routing OpenVPN to bridge mode openvpn danmartinj Linux - Software 0 11-06-2009 10:23 AM


All times are GMT -5. The time now is 11:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration