Jump to content

Stealthy Slacker Goes VPN w/ a Little Help from Josh


V.T. Eric Layton

Recommended Posts

V.T. Eric Layton

In the interest of privacy protections on the Internet these days, I've taken the plunge and purchased a year's worth of virtual private networking (vpn) though a company that received rave reviews from numerous techie sites and publications. It's called Private Internet Access (PIA)

--> https://www.privateinternetaccess.com/ I got that year's worth at a discounted rate of $31.95 thanks to an offer from PCMag online, which was where I read some of the information and reviews regarding vpn providers.

 

Right now, this is where the Internet thinks I'm located...

 

Y6SpAxt.png

 

Sneaky, huh?

 

There are a couple downsides that I'm seeing, though. There is a slowdown of speeds due to the encryption and the bouncing around servers here and there, but it's not really noticeable when just surfing. I only see the diminishing speeds when I use a speed test website of some sort. There may be ways to tweak that, though. I have an active ticket with PIA support right now regarding this.

 

The other noticeable thing is that all my email servers are freaking out (Google, Hotmail, Yahoo, etc.) because they all think my accounts have been hacked by some bloke in Arizona. HA! ;) I've replied to their security emails and told them that that new IP they're seeing is me and all is well. I'm using the US West exit server and the US Midwest, so I'm going to have to OK two different IP numbers for the email folks before they will stop freaking out.

 

The reason this is happening is because, unlike TOR, that only affects the browser's connection to the Internet via the TOR proxy, this vpn service operates on the Internet side of my router, so ALL connections on my computer are routed to the vpn. Everything leaving my local home network is encrypted and then send directly to the exit server. At that point the packets are decrypted and sent out with the exit server's information, as you see by the IP address above that shows I'm in Arizona. :)

 

Cool, huh? Well, we'll see how it works out in the next year, I s'pose. I have buyer's remorse big time, though, because I could use that $32 elsewhere for more practical things like meds, cat food, etc. :(

Link to comment
Share on other sites

V.T. Eric Layton

OK, I tweaked some connection settings and port assignments and VIOLA! Got my speedy groove back. :)

 

Using the US West exit server:

 

893gUQE.png

 

Using the US Midwest exit server:

 

ggJNFXh.png

 

The actual speed of the Internet that I'm paying for from my ISP is 50Mbps down/50Mbps up.

Link to comment
Share on other sites

securitybreach

Nice but I see a problem with using that provider if you care about your privacy at all. They are located in California and since they are in the US, they have to comply with any request government gives them. Using a VPN in the USA will automatically get you flagged and they will monitor your traffic even more hence why I mentioned that the one I use is located in Panama. Now you actually connect to a server located in whatever region you choose but the traffic then gets routed through Panama. Since they are located in Panama, they cannot be forced to comply with US requests to give up your name or any identifying information about you.

 

From their privacy statement:

APrivateInternetAccess.com is a business that strives to protect privacy and the privacy rights of our clients. Although we will comply with all valid subpoena requests, our legal team scrutinizes each and every legal request that we receive for compliance with both the "spirit" and letter of the law. For invalid or overly broad subpoenas, we will often question or attempt to narrow the scope of any subject matter sought. Moreover, when it is possible and a valid option we will provide the user an opportunity to object to any requested disclosures. We cannot provide information that we do not have. PrivateInternetAccess.com will not participate with any request that is unconstitutional.

 

The State of California requires us to post specific language related to our privacy policy. By default, PrivateInternetAccess does not share your private information with any third parties aside from the disclosures already made in this privacy policy. However, if you wish to inquire into how PrivateInternetAccess does not share our user's personal information with third parties for direct marketing purposes, you may contact:

https://www.privatei...privacy-policy/

 

Now do not get me wrong, I am not doing anything illegal but I have a real problem with prying eyes looking at all of my traffic.

  • Like 2
Link to comment
Share on other sites

V.T. Eric Layton

Well, I contacted them before signing on to ask a few questions. 1. Even if they are subpoenaed by the U.S., there's nothing they can provide. There are ZERO server logs and residual data from my comings and goings. The only info they keep on me is my email (not my real name) that I used to sign up with and my Paypal info that I used to pay them with. The U.S. Gov. probably already has that much info on me now.

 

From your quote above: "We cannot provide information that we do not have."

 

The only activity my ISP can report is my constant connection between my home network and the vpn server out West or wherever I happen to be located that day. That's it. They won't even have DNS records because all my requests are handled by the vpn server. While I'm in the tunnel, all data is encrypted, so even if some one could do a man-in-the-middle on the tunnel, they couldn't decrypt any of the data going back and forth in there.

 

Oh, and PLEASE don't put all your cookies in that one very insecure argument about having your vpn service provider outside of the U.S. The U.S. Dept. of State would have permission and access from the Panamanian government in a matter of minutes. That shield is made of tissue paper and balsa wood. It's not so much important where your company is located as it is that their integrity is such that they would not toss you under the bus when the GOV comes calling. We, as users, must trust their no-log/no-record policies. We must trust that they won't provide easy backdoor access to government entities. We must even trust that they AREN'T the government just running a sting/data mining front operation.

 

My main concern is privacy from hackers, spooks, men-in-the-middle, ad crawlers, etc. I don't do anything illegal, either. However, just because I don't do anything illegal when I'm laying in bed at night doesn't mean I want Google cameras in my bedroom monitoring me all night. And, like I said to someone at my board just a little while ago, I don't trust anything 100%. The ONLY time I'm completely secure on the Internet is when electrical connectivity of all type is removed from the soul-sucking box on my desk. ;)

 

 

 

 

 

 

 

.

Edited by V.T. Eric Layton
  • Like 2
Link to comment
Share on other sites

Folks in Canada use VPNs to get access to US sites like Hulu and US Netflix. But I don't see a real use for them unless you spend a lot of time in an Internet cafe sending emails. I use HTPPS everywhere on my browser. What does a VPN do to prevent ID theft?

Link to comment
Share on other sites

Curious how you set this up.

Do you install the VPN on your router so you can stealth your network?

What happens when you take your laptop to Starbucks? Do you then set up a VPN for the laptop only?

Link to comment
Share on other sites

securitybreach

Well most VPNs are compatible with openvpn so its just a matter of configuring your client and you can connect from any device. The one I use gives you a crossplatform client (even an archlinux package) but I just use openvpn as a daemon. Most routers support Openvpn so you can run it via your browser so that every device goes through it.

Link to comment
Share on other sites

securitybreach

This quote from Eric's article did give me a chuckle as its simply not true. Heck most of them offer a gui that just asks for username/password. So now logging in is difficult and requires a professional :hysterical: ??

 

You would want an IT professional to set one up, but you can learn a lot from reading up on the subject and examining your options.

 

Granted they are diving a little deeper into all the technology with that link but setting one up is very simple. Even with openvpn, its as simple as adding the address and the username/password.

Link to comment
Share on other sites

securitybreach

BTW if you want openvpn to store your username and password so you do not have to enter it everytime, simply make a file somewhere called auth.txt and add the following:

 

username(usually email addy)

password

 

Then add this to your /etc/openvpn/whatever.conf (replace whatever with the profile name):

 

auth-user-pass /whatever/location/auth.txt

(replacing /whatever/location with the actual location)

 

I know its plain-text, which sucks, but at least it is going straight to your VPN on whatever port you chose so it is highly unlikely that someone could sniff it out.

Link to comment
Share on other sites

V.T. Eric Layton

Yes, setup was relatively easy with Slackware and NetworkManager. I had one little password/keyring bugaboo, but it got solved this evening with a suggestion from someone on LinuxQuestions.org's forums where I had earlier posted a question asking for some assistance. You can read about it here, if you'd like...

 

https://www.linuxquestions.org/questions/slackware-14/initializing-vpn-in-networkmanager-cause-request-for-default-keyring-passphrase-4175580297/

Link to comment
Share on other sites

Looking into this a bit more, if you have your own wifi router that supports VPN why would you not just set it up on the router for your local machines? Seems easier than trying to configure a bunch of PCs and laptops. You could put local configuration on any machine you take away with you to a coffeeshop or on holiday. Most of my hardware doesn't go anywhere.

Only disadvantage I see is that it might slow things down a bit for your Roku box, if you have one.

Link to comment
Share on other sites

securitybreach
Onny disadvantage I see is that it might slow things down a bit for your Roku box, if you have one.

 

Well it does slow down a little but honestly if you choose a close server to connect to, then it will not slow down very much. For instance I get 150mbps from my ISP and when I run the VPN, I get 135mbps so the slowdown is very minimal.

 

I could set it up on my router but I have a lot of streaming devices (2 smarttvs, roku, chromecast, etc.) so I want my full bandwidth on those devices. That and the VPN I use offers dedicated IPs so I use a dedicated IP for my main machine so I can access via ssh. Since I do not remote into any of my other machines outside of the network, it doesnt matter if their IPs change when I carry them with me. Basically at home my main machine uses the dedicated IP and when I am on the go my laptop, netbook, tablet and phone connect to non-dedicated IPs my VPN offers. I do not know about others but the VPN I use has an android app so I can connect with phone and tablet. https://play.google.com/store/apps/details?id=net.torguard.openvpn.client

Link to comment
Share on other sites

V.T. Eric Layton

I only intend to use it on my main machine. I have no need for vpn on the shop system or the laptop on my office desk.

  • Like 1
Link to comment
Share on other sites

Hello,

 

In my case, I was tunneling back into the US from Europe via VPN concentrator colo'd at a US-based facility. Nice when you want to get your email, web traffic, etc. without getting warnings.

 

Regards,

 

Aryeh Goretsky

  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...

Hi,

 

It seems it is only becoming more common that a VPN is required if you don't want your government or ISP spying, throttling or limiting what is supposed to be a free and open internet. Although a VPN protects your data and location you might want to think about other methods of tracking, adverts, cookies etc. There's plenty of things out there to prevent against this such as browsers dedicated to security (tor) some VPN providers even allow VPN over tor theres also various extensions designed to protect you from tracking such as disconnect, decentraleyes, self-destructing-cookies.

 

Also you might want to read the forums daily on you VPN of choice as when there is a potential privacy risk someone would have posted it there. And of course I'm sure you already know about http://ipleak.net another I also found useful was whoer.net.

 

What gets me is that company's like Netflix decide the need to block VPN users who want to remain "anonymous" of sorts on-line because a minor majority of their user base use this to bypass GEO-restrictions just another indicator to how current rules are not viable for the modern world.

 

Side Note: I use Airvpn, also some ISP's find the need to throttle OpenVPN connections if you ever become subject to this OpenVPN over SSH usually works well (I have to currently use this as my ISP feels the need to throttle OpenVPN).

 

Kind Regards,

Edited by kiakeu
  • Like 2
Link to comment
Share on other sites

securitybreach

I am familiar with all of those but thanks for the info. :thumbsup:

 

As far as throttling, unless my ISP started blocking SSL, they wouldn't be able to throttle my VPN since the provider uses port 443.

Link to comment
Share on other sites

I am familiar with all of those but thanks for the info. :thumbsup:

 

As far as throttling, unless my ISP started blocking SSL, they wouldn't be able to throttle my VPN since the provider uses port 443.

 

My provider offers several ports, 80, 53, 2018, 443 and 22 (over SSH tunnel). Unless running OpenVPN its self through SSH or SSL tunnel as far as i'm aware they can detect OpenVPN. This only when using their gateway, if I was to use my own I wouldn't have this problem.

Edited by kiakeu
Link to comment
Share on other sites

securitybreach

Well I use my own router and my own modem so good luck figure out if I am using an vpn or not. That and I do not run the VPN on my router but instead on one of my local machine so all the ISP sees is a single connection to a server in Atlanta.

Link to comment
Share on other sites

Well I use my own router and my own modem so good luck figure out if I am using an vpn or not. That and I do not run the VPN on my router but instead on one of my local machine so all the ISP sees is a single connection to a server in Atlanta.

 

Mine is also run on my own machine. it's just their gateway that detects OpenVPN if I don't put OpenVPN its self through a SSL or SSH tunnel.

 

For example one person on the VM forums.

 

Standard OpenVPN over UDP on port 443: 5MB/sec

OpenVPN over UDP (with SSL tunnel) on port 443: 18MB/sec

 

It's strange as to why they do this but at least there's ways around it.

Edited by kiakeu
Link to comment
Share on other sites

Good deal with the workaround :thumbsup:

 

Luckily mine uses UDP with SSL tunnel by default anyway

 

Ah ok, fair enough. Seems I get lower speeds over SSL than SSH so I just stick with SSH.

  • Like 1
Link to comment
Share on other sites

  • 8 months later...

Bumping this older thread because I decided to go with Private Internet Access myself. I didn't get quite as good a price as Eric did last year but for $40/year I figured it was worth it. Less than a Starbucks coffee per month really.

My Impressions so far:

 

Installation

Pretty easy with Windows. Download and install as administrator. Not bad with Linux either - download a TAR package, extract and run a shell script. It worked fine in Linux Mint and MX-16. Android has an app that works great with a tablet.

 

Performance

Bandwidth tests a bit slower but still OK for surfing and videos. Nothing to be concerned about.

 

Interface

Quite minimal and unobtrusive. Seems to have the appropriate settings though.

 

Geolocation

Went over to the UK to read The Guardian in its UK edition rather than the International version. Works fine. I don't intend to mess with Netflix.

 

Settings

I found it's better to wait until you've booted up and then launch PIA. If you launch automatically on boot with Windows, ESET starts complaining about a new network. I got around this by having ESET automatically mark any new network as Public. I don't share data between the machines on my LAN so this is no problem.

With Linux Mint Cinnamon started crashing if I tried to launch PIA on boot.

 

The main reason for me to get a VPN is to be safe on coffee shop nets or if I travel. I am not concerned too much with privacy or government snooping as they'd be pretty bored with what they'd find out. But it's nice to safely use a public network when you need to.

  • Like 2
Link to comment
Share on other sites

V.T. Eric Layton

Bumping this older thread because I decided to go with Private Internet Access myself. I didn't get quite as good a price as Eric did last year but for $40/year I figured it was worth it. Less than a Starbucks coffee per month really.

 

I think my $31.95 was a special intro rate. When it renews (via auto-payment w/ PayPal) in May, I think it'll increase a bit.

 

My Impressions so far:

 

Installation

Pretty easy with Windows. Download and install as administrator. Not bad with Linux either - download a TAR package, extract and run a shell script. It worked fine in Linux Mint and MX-16. Android has an app that works great with a tablet.

 

It was a wee bit more complicated with Slackware using Network Manager, but no big deal.

 

]Performance[/b]

Bandwidth tests a bit slower but still OK for surfing and videos. Nothing to be concerned about.

 

Yup. The encryption payload does add some latency and slowness to the initial handshake packets, but it zips along close to my ISP rating after that.

 

]Interface[/b]

Quite minimal and unobtrusive. Seems to have the appropriate settings though.

 

In the advanced settings area, you can tweak ports and other settings to improve and stabilize speeds.

 

]Geolocation[/b]

Went over to the UK to read The Guardian in its UK edition rather than the International version. Works fine. I don't intend to mess with Netflix.

 

Settings

I found it's better to wait until you've booted up and then launch PIA. If you launch automatically on boot with Windows, ESET starts complaining about a new network. I got around this by having ESET automatically mark any new network as Public. I don't share data between the machines on my LAN so this is no problem.

With Linux Mint Cinnamon started crashing if I tried to launch PIA on boot.

 

As stated above, settings can be tweaked. One problem I developed a couple months after signing up for this is that my Thunderbird stopped sending (smtp) with some of my email accounts. I contacted PIA customer support and they explained that it was a DNS error and to change my server settings for my accounts to the IP addresses rather than URLs. For example: smtp.mail.yahoo.com became 63.250.193.228. That resolved that issue.

 

I've been very impressed with their customer/technical support, by the way. It's some of the best I've ever experienced with online services.

 

The main reason for me to get a VPN is to be safe on coffee shop nets or if I travel. I am not concerned too much with privacy or government snooping as they'd be pretty bored with what they'd find out. But it's nice to safely use a public network when you need to.

 

Ah, yes... I've heard that statement many, many times over the years when the topic of privacy/security comes up. My response usually is something like, "Well, you probably don't do anything illegal in your bedroom at night. That doesn't mean you like to have government cameras and mics in there monitoring your activities." I rarely do anything untoward on the Internet, either. However, it's the principle of the thing. Privacy is a RIGHT. Expectation of even minimal privacy in one's life is a must. ANYTHING that weakens privacy rights should be analyzed and considered very deeply before it becomes law. Unfortunately, in this day and age, privacy rights have been thoroughly trampled by governments in the stated interest of security. I italicize "stated" above because that's what they tell you, yet when they get the permission/means to spy on you they will, regardless of whether or not you're some perceived security threat. Why? Because they can.

 

A favorite quote of mine: "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." ~Ben Franklin*

 

*His quote was taken out of context and really has nothing to do with personal privacy/security issues. However, the words themselves speak volumes in that context in this day and age.

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...