LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   OpenVPN and Linux (https://www.linuxquestions.org/questions/linux-newbie-8/openvpn-and-linux-4175524911/)

MBA Whore 11-09-2014 07:53 PM

OpenVPN and Linux
 
Currently I use a commercial (subscription) OpenVPN-based service for general privacy. I have no complaints but I don't like the idea of relying upon commercial service. I started research self-configured OpenVPN and became very overwhelmed.

I am extremely new to the VPN concept, so forgive my ignorance. However, I frequently see these 2 terms: a) server and b) client

My understanding is that the "server" is what I connect to while using my subscription VPN service. The "client" in that case would be my pc.

Is this correct?

If that is correct, then how does that server-client model factor into "Do-It-Yourself" VPN service? Does it mean I would require a 2nd computer to act as a host (server) while my main computer acts as a user (client)?

Or is it possible to put server and client into 1 device (my main pc)?

I appreciate your insight. I would also appreciate any links to "beginner" level information, insight, instruction, etc regarding OpenVPN.

Thank you.

ceyx 11-10-2014 12:58 AM

Quote:

My understanding is that the "server" is what I connect to while using my subscription VPN service. The "client" in that case would be my pc.
Correct.

Quote:

If that is correct, then how does that server-client model factor into "Do-It-Yourself" VPN service? Does it mean I would require a 2nd computer to act as a host (server) while my main computer acts as a user (client)?
Yes, it implies a 2nd computer, ideally remote. The do it yourself model is ideal for say, logging into your home computer from work, which may piss off your network admin at work :)


Quote:

Or is it possible to put server and client into 1 device (my main pc)?
Don't really know if it is possible. Perhaps using the loopback adapter, but why would you want to if privacy is the issue ? It would all go out to your ISP the way it does without the 1 device setup.

What kind of 'privacy' are you after ? It is possible to use DNS servers from your PC that will not track you, ( or use Go Duck Go ) and it is possible to use encryption with emails, and HTTPS is supposed to be encrypted by default.

If you download torrents etc it probably is better to use a VPN though. There are caveats with that too though....

Regards

naitso 11-10-2014 12:58 AM

OpenVPN and Linux
 
hi one of the best place to look is here: https://openvpn.net/index.php/open-source/documentation/howto.html

Server is a pc where openvpn run in a "server" mode, for example; a pc at work turned on 24/24 hours that permit the access (openvpn in server/daemon mode) to the work network for the employers from their home pc or laptop when they are out of office...
Run server and client in the same pc have not sense

MBA Whore 11-10-2014 08:59 PM

Well, just general privacy is my goal. I am boring. I don't download torrents and I only used tor to see what that part of the web is like (scary - do not want to go there again).

I suppose my goals would be: encryption of all my outgoing traffic (OpenVPN will do so, correct?) and if possible, disguise my IP. For example, the service I now use somehow makes my IP look like I am in another country. I think the service actually has servers in those countries. I don't necessarily need to appear like I am coming from another country but I would like to disguise my IP somehow.

Would OpenVPN help with those 2 goals?

MBA Whore 11-10-2014 09:02 PM

ceyx - You stated "It is possible to use DNS servers from your PC that will not track you"

Could you (or anyone, really) clarify what that means? Please speak slowly and use small words. LOL.

haertig 11-10-2014 09:51 PM

Quote:

Originally Posted by MBA Whore (Post 5267904)
I suppose my goals would be: encryption of all my outgoing traffic

Whatever you are connecting to on the other end has to be able to decrypt your traffic. For example, when you connect to a website using HTTPS (as opposed to HTTP), your traffic is encrypted. But that website you are connecting to decrypts your traffic once it makes it there. But points in the middle cannot understand the traffic, although they CAN see where it's coming from and where it's going. Without decryption on the remote end that you are talking to, it would be like you going down to Mexico and speaking Chinese. Sure, you'd be "encrypted", but nobody would understand you and you wouldn't be able to accomplish anything. You'd be talking to yourself, and only yourself. Fairly useless if your goal is to communicate information. You would need another Chinese-speaker to listen to you and understand (decrypt) what you were saying.

Quote:

disguise my IP
Whoever you are directly talking to HAS to know your IP in order to talk back. Say you are "A" and you want to talke to "Z" without Z knowing your IP. You can use a proxy (call that "B") for that. A talks to B, and then B talks to Z on A's behalf. Z never knows A's IP address, but B does. So SOMEBODY will always know your IP address. If hiding your IP address from Z is your goal, then you can use B to do that. But you have to trust B. And Z will know B's address as part of the communication chain.

Quote:

For example, the service I now use somehow makes my IP look like I am in another country.
That would be a proxy service.

Quote:

Would OpenVPN help with those 2 goals?
Not in the way you are imagining. You can't "hide" from the remote end using VPN. Quite the contrary - the remote end will know everything about you. It's the people in the middle that will be cut out of the conversation. VPN provides encryption, and a mechanism for both ends to verify that they are talking to who they think they are talking to. It's not like you can "VPN to Google", and Google won't know who it's talking to. I think that's what you're envisioning (correct me if I'm wrong). But things don't work that way.

ceyx 11-10-2014 10:04 PM

Quote:

Would OpenVPN help with those 2 goals?
Yes, OpenVPN would help with those two goals, but from what I have seen the software isn't ( always ) the problem - it is the service provider ie those that run your OpenVPN server for your OpenVpn client that is the problem.

For example, some of them keep logs that can be subject to search, seizure etc. Some keep no logs at all. Some accept bitcoin, some accept Visa, Mastercard - so the latter knows who you are, and so will the authorities.

Another example is when OpenVPN setups use YOUR DNS settings to do your internet searches, so if say you do a search on google of AK-47's, child porn or whatever is taboo, it does not go out the VNP, it uses your IP to do searches, and it would be a direct link to you. Which brings us to DNS :

Quote:

It is possible to use DNS servers from your PC that will not track you
You probably know that DNS is something like the a phone book for the internet, but instead of the choice of yellow pages, white pages, whatever, we have google, yahoo, bing to do conversions for DNS names to IP addresses. It is google et al that do the converting, say of linuxquestions.org into a form the computer can use : 75.126.162.205. Of course google and pals are companies in business to make a sale, so they track your searches. If you look for shoes, or camping equipment for example using google, the next time you surf the web do not be surprised to see shoes on sale in the ads served up with your web browsing.

There are search engines that you can use that will not track your searches, such as Duck Duck Go, and there are DNS providers that you can setup by default in your router and on your computers that will not track your searches. Do a search on them !

There are many who would read this and think it does not go far enough - which is true there is much more you can do ( ala Snowden ) . But if you are just concerned about nosy parkers, and are not doing anything objectionable then this would work.

Read the Terms of Service from your OpenVPN provider. Get off Facebook ! Do not post anything you wouldn't want your Grandma to see :)

haertig 11-10-2014 10:30 PM

Quote:

Originally Posted by ceyx (Post 5267940)
so if say you do a search on google of AK-47's, child porn or whatever is taboo

I search for AK-47's all the time. Is that taboo?

ceyx 11-10-2014 10:42 PM

Quote:

I search for AK-47's all the time. Is that taboo?
I don't believe you ! Why would you? Anyhow, my answer would be that the real fear of many out there is giving 'them' a dot that they can group with other 'dots' to connect the dots into a pattern that they want to see - you are evil, and it is retroactive !

I read a story recently about an American Muslim who was born in the States, who went to visit his family in the Middle East. ( One Dot )
Much later, his son used his dads laptop to do searches on Flight Instruction, cause he wanted to learn to fly a glider or whatever. ( Two Dots )

The authorities busted down his door, arrested him and his son, confiscated the computer equipment. It all blew over after a while, but I am sure they were shaken by the incident.

Maybe now he does not use his regular DNS provider ?

The novel 1984 gets into this : the retroactive evidence sifting to paint the picture they wanted to see. Stalin did it too.

MBA Whore 11-13-2014 04:18 PM

DXWow - this got complicated quickly, but I do thank all for the replies.

I am aware of start page and duckduckgo. I use them regularly, even though I don't do anything illegal or taboo.

My VPN service does the following:

a) encrypt all my internet traffic. The company stated I must connect to it before doing anything online in order for the encryption to work.
b) provide proxy service by making my IP address appear as a different IP address. The company has servers in other countries so I assume it routes my encrypted traffic through those overseas servers.
c) the customer support gave me what it called "Google DNS" numbers to use when I first installed the VPN software.

My goal is replicating those 3 functions instead of purchasing them. How can I do it? Is openvpn all I require? Or would I require more?

I hope this followup clarifies my question and goal.

Thank you.

MBA Whore 11-14-2014 12:19 PM

I an closing this thread and reposting in the "Networking" section which seems more relevant.


All times are GMT -5. The time now is 04:17 AM.