Jump to content


VPNs?


  • Please log in to reply
41 replies to this topic

#1 OFFLINE   Hedon James

Hedon James

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 903 posts

Posted 28 December 2018 - 10:09 AM

I think it's time I've looked into a VPN.  I never really gave them much thought, but some recent experiences have me thinking I need to get educated.  Perhaps it is the smart thing to do?  But where do I begin?

I've done some googling, with tech jargon over my head, but it seems like zero-log VPNs are what I want, otherwise hackers can defeat the VPN...correct?  And I want something linux-friendly...no M$ machines in this house, just linux and android...or perhaps it doesn't matter, as it's browser based?  And I also see routers flashed with DD-WRT and Tomato software, configured for VPNs.  Not sure of the "correct path", so I can't seem to figure out where to start.

I believe SB has indicated he uses VPNs for on-line surfing...is that for ALL surfing, or just certain websites, like Amazon shopping etc...?  Anyone else use VPNs?  I could use a tutorial, from start to finish, of how to select a VPN (perhaps including why YOU selected what you did?); how to install (software on each PC vs router vs browser add-on?); and how to use the VPN (for everything vs. select sites...can I turn "off" and "on" as needed?).

1)  I have preliminarily identified IPVanish and ExpressVPN as linux-friendly candidates.  Any thoughts on these 2 providers?  Any thoughts on others?  What makes 1 VPN a "better choice" than another?  Cost isn't even one of my top concerns...while cheaper is better than more expensive, I want to surf the internet without worrying if some blackhat hacker is snooping for a credit card number or password...if it costs for that security, so be it.

2)  Is it better to buy a router with VPN configuration, or to configure individual devices?  It seems like VPN subscriptions are "per device" or licensed for X number of devices.  I like the idea of a router VPN protecting ALL my local intra-net devices connected to it (i've probably got about 20 devices connected to my WLAN, including "smart home" devices); but I don't necessarily need that...at a minimum I want about 2-3 devices in the house that we do internet shopping from to have VPN benefits.  But I can see the benefit of all devices behind a VPN router.  Or do I need BOTH?  Confused...

3)  Assuming that a VPN router is the way to go, it looks like the going rate for a decent DD-WRT or Tomato router to suit my needs is about $250-$350.  Any recommendations?  Is it that simple that I hook up the pre-configured VPN router, connect my devices like I would with any new router, and I'm good to go with VPN?  If not, what else is involved?

4)  Assuming that individual devices are the way to go, how would I go about setting up my "critical" devices to use VPN?  All are linux, and all are either Ubuntu/Lubuntu (computers) or Android (tablets & phones).  Once setup, is VPN my new "default" internet protocol, or must I turn it off and on as needed?  CAN I turn it off and on?  I have some subscription sites that I MUST access for work...will a VPN connection cause me issues trying to connect to those sites with a geo-location different than what they're used to seeing me connect from?  I can't have VPN issues with these sites, or I'm out of business...

As you can see from my questions, I'm a complete novice with VPN.  I only understand the basic purpose and a very generalized understanding of how/why it works to protect my internet activity.  Beyond that...I'm lost.  Looking for practical advice on how to establish the correct criteria to make a decision, perhaps YOUR criteria and YOUR decision of why you chose what you chose, and a practical guide to setting up a VPN and day-to-day use of a VPN.

I also get a wide spectrum of good advice here at BATL, and I'm looking forward to hearing everyone's perspectives on this new subject to me.  Thanks in advance for the education I'm about to receive!

#2 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,264 posts

Posted 28 December 2018 - 10:21 AM

I'm on mobile right now and will not be back  twice home till late tonight but your best bet is Private internet access (PIA). They have been tested in US Federal court twice in 2018 alone and they had no subscriber info. I route all my traffic, including my phone through PIA.
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#3 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 28 December 2018 - 10:46 AM

I second PIA as a good VPN service. I generally use it if I take a laptop or tablet out of the house and log on from a hotel or coffee shop. PIA provides both Linux and Windows access, and Android apps which I have used. PIA allows 5 simultaneous connections - which is fine for me. I don't know about how PIA would work with VPN routers - that would be better answered by Josh I think. I just configure PIA on any device where needed.
I can switch PIA on and off or go to another country to log in as required.

Edited by raymac46, 28 December 2018 - 10:48 AM.

Posted Image

#4 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,264 posts

Posted 28 December 2018 - 10:59 AM

It will work just fine with a router and they offer instructions on their website.
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#5 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 28 December 2018 - 11:12 AM

I have just updated PIA to version 82 on my main Linux desktop. 82 is stable. There is a Beta version if you want to be adventurous.
It's pretty easy to install. You just download the tar.gz file, unzip it and then run the shell script. It'll require your admin password of course.
Right now I am connected via Toronto and my ISP is in Ottawa.
Posted Image

#6 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,621 posts

Posted 28 December 2018 - 12:46 PM

I've been in the VPN tunnel now for a couple years. My provider is Private Internet Access (PIA). I've had nothing but awesomely wonderful experiences with this company. I highly recommend them.

Have fun!
Posted Image

Posted Image

#7 OFFLINE   Hedon James

Hedon James

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 903 posts

Posted 28 December 2018 - 12:48 PM

View Postsecuritybreach, on 28 December 2018 - 10:59 AM, said:

It will work just fine with a router and they offer instructions on their website.

I've been all over the PIA website and it answers many of my questions (which I haven't even asked here yet!), and I like their prices, especially the 1 and 2 year subscriptions.  But I don't see anything on their website that resembles a "how to" to setup for router; although I did see a FAQ that suggests that a router would allow all devices behind it to function as a single connection, thereby leaving the other 4 simultaneous connections for mobile devices.

Which brings me to my original questions posted above.  What are the pros/cons of router vs. individual device configurations?  Looks like individual devices are easy.  Download the installer, click, and select the VPN in network connections.  And looks like I can switch the VPN off & on, just by choosing different network connection.  This is probably the most flexible for me, especially with respect to my work machine and required subscription sites.  If I have problems accessing those sites via VPN, I'd like to be able to just turn it off without re-configuring my machine every time.  So that's a pro in my eyes...what are the cons?  I can't think of any, but I don't know what I don't know.

What about the router setup?  Might be nice to have ALL my devices behind the router benefit from a VPN connection.  But I don't see a router package, nor an online tutorial indicating how to set that up.  And can I turn off the router VPN if its a problem?  The only pro I see is for ALL devices behind my router to benefit from VPN connection, but potential cons include no "off switch" for other websites having issues with VPN.  Or can the router be switched off & on to the VPN?

I see flexibility as a good thing, as I envision a VPN being active most of the time, only being switched off when/if a problem occurs accessing a critical website, then switched back on again.  So I'd like the on-off switch to be quick, easy, and painless.  Sure looks like I can do this on an individual device basis, correct?  Can I do this with a router, without re-booting it, or some other similar PITA?  I like the idea of all devices benefiting from a VPN, without configuring each device individually; and I have no issues "dropping the shield" to accommodate a problem website (which I imagine will be my work subscriptions, and possibly my wife's online banking), then raising the shields again when I'm done.

Am I missing something?  Are there any other scenarios I might typically encounter with VPNs?  Input appreciated!

#8 OFFLINE   Hedon James

Hedon James

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 903 posts

Posted 28 December 2018 - 01:04 PM

Okay, looks like i misunderstood SBs router post.  Looks like I'd need to flash firmware (not gonna do that) or buy a pre-configured router.  Seems like the smart thing to do would be to configure my individual "critical" devices for PIA and get familiar with how VPNs work, and how they behave with websites that I frequent often (that I frequently frequent?  LOL!).  Seems like that would fulfill my needs and later on, if I want to, I have the option of going the router way at a later date...putting a VPN "umbrella" over everything in my house.

But my original questions are still valid regarding router vs individual devices.  Pros and cons of each?  What are the scenarios to tip the scale in favor of one over the other?  Personal preferences?

#9 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,264 posts

Posted 28 December 2018 - 01:15 PM

Nah, most routers can be configured to use a VPN in the settings of the router or use openvpn.

I simply use the graphical client on my computers or the openvpn configs

I'm on a phone right now or I would elaborate further
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#10 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 28 December 2018 - 05:33 PM

Well color me less paranoid than my American friends but I don't usually use a VPN at home. There is some overhead to any VPN and I like my fast downloads. I am therefore less likely to set up a router and I just fire it up on a device if I am out in the wild west of a coffee shop or hotel. I'm sure there is enough expertise here to get you going on a router though.
Posted Image

#11 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,264 posts

Posted 28 December 2018 - 05:45 PM

View Postraymac46, on 28 December 2018 - 05:33 PM, said:

Well color me less paranoid than my American friends but I don't usually use a VPN at home. There is some overhead to any VPN and I like my fast downloads. I am therefore less likely to set up a router and I just fire it up on a device if I am out in the wild west of a coffee shop or hotel. I'm sure there is enough expertise here to get you going on a router though.

It has little to do with the government but more to do with security and privacy from corporations.
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#12 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,621 posts

Posted 28 December 2018 - 07:58 PM

I use OpenDNS for my router's DNS, but other than that, I did NOT have to do anything or make any kind of changes on my router to accommodate PIA's VPN set up. It was all done via setup within Slackware using Network Manager/Open VPN.
Posted Image

Posted Image

#13 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 28 December 2018 - 08:12 PM

Sorry didn't mean to imply that the US government was any more sinister than the Canadian one. I was simply referring to you folks as Americans while I am not. I understand the desire for privacy from nongovernmental organizations.
My own need is to protect myself from insecure hotspots and hotel systems and that is how I use PIA.
Posted Image

#14 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 28 December 2018 - 08:22 PM

Here is an interesting thing. If you install PIA on a system like Debian Stretch using GNOME as your desktop, it'll work just fine, connect automatically to a suitable IP but you do not have a control panel or any way to switch it off. If you log out and log in again with the LXQT desktop you have a tray icon which allows control. Curious.
Posted Image

#15 OFFLINE   Hedon James

Hedon James

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 903 posts

Posted 30 December 2018 - 03:53 PM

Okay folks, based on the trustworthy advice of everyone here, signed up for PIA and bought the 12 month subscription.  Downloaded the latest version 82 app/script and followed the instructions found here:

https://www.privatei...u-pia-app-setup

Everything was fine until the last step.  In step #5, I input username & password with no issues, checked the settings I think I want, but no indication that PIA is even running, and no apparent way to switch it over in network manager.  Desktop conky script confirms I'm still on the same ISP address as usual.  What am I missing?

I'm running Lubuntu 16.04 (LXDE) if that matters.  Google search indicates lots of folks having issues with Lubuntu setups, but much older versions of PIA (60s and 70s series).  Seems like everything referenced (make script executable, installation directory, etc...) does not apply to version 82.  Any suggestions?

#16 OFFLINE   Hedon James

Hedon James

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 903 posts

Posted 30 December 2018 - 04:30 PM

Update....looks like a restart has PIA auto-starting, so everything seems to be working fine in that respect.  and my desktop conky script does show a new ISP location, so I appear to be "cloaked" to hackers.  And I'm already experiencing issues with Google, especially e-mail alerts regarding suspicious activity.  So maybe I want to leave PIA "down", but put it up for web sessions?  Not sure yet.  But in the meantime, it doesn't matter what I want, as I still have no system tray icon, so not sure how to start/stop.

So far, I have to check/uncheck startup applications and logout/login.  I'm guessing a "sysctl" incantation might also work to enable/disable, but what a PITA.  There's got to be an easier way to toggle on/off.

Edited by Hedon James, 30 December 2018 - 04:35 PM.


#17 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,621 posts

Posted 30 December 2018 - 06:47 PM

Google, in particular, is picky about changes to your normal IP address when accessing mail. I get the occasional Security Exception pop up in T-bird for Gmail, but confirming the IP usually clears it up for a while. My other email providers are not so picky, so no troubles with them.

Also, you'll find that some websites you go to will alert you that your IP is on their blacklist due to SPAMMING activities from that IP. This is an unfortunate consequence of the exit server IPs for PIA being abused by rectal orifices. PIA usually clears this up relatively quickly, though.

Note, too, it is recommended that you NOT login to your online banking with a VPN because the bank's security system often freaks out when your usual IP changes. They think it's a spoof/hack attempt on your account. So, sadly, when I login to do my online banking, I use my direct ISP IP. This kinda' seems to be the place (banks, etc.) where you WOULD DEFINITELY want to be in an encrypted VPN tunnel, but my two credit unions freak out when I log in with the VPN active, so... I just deal with that little burp.

Have fun!

By the way, if you have ANY questions/issues, contact PIA customer support. I'm not kidding in the least when I say that their CS is probably some of the best I've ever experienced in 18+ years online.
Posted Image

Posted Image

#18 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 30 December 2018 - 07:37 PM

How PIA behaves in Linux appears to be a function of desktop environment and how tray icons are supported.
Here's my experience so far:
Cinnamon - works great. Little PIA guy shows up in the system tray and changes color. All controls work.
Xfce - also works very well with little PIA guy.
LXQt - I get a small white gear instead of the PIA icon, but it works to control everything.
GNOME - A notification window comes up that PIA is launching and where it is connecting, but after that Zilch, Zip, Nada.
Posted Image

#19 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,621 posts

Posted 31 December 2018 - 09:39 AM

Can't say about any of that, Ray. In Slackware, I just use a specially ported NetworkManager that has OpenVPN integrated into it. In Slack, NetworkManager does everything regarding the VPN.
Posted Image

Posted Image

#20 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 31 December 2018 - 10:06 AM

I've been using the PIA client in Debian and Mint. Recent updates have added support for Linux independent of Open VPN (although of course that remains an option.)
Posted Image

#21 OFFLINE   Hedon James

Hedon James

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 903 posts

Posted 31 December 2018 - 04:37 PM

Okay, sent a support request to PIA outlining the issue and asking for assistance.

Was pleased to get a response overnight, but a little irritated in their response that Lubuntu was not a supported OS.  It CLEARLY states in their "Most Common Questions", and I quote:


Quote

10. What Operating Systems Do You Support?
Currently we support:
  • iOS 9+
  • Android 4.1+
  • Extension (Chrome & Firefox & Opera)
  • Android TV / Nvidia Shield
  • FireOS
  • Windows 7, 8.1, 10
  • MacOS 10.10 +
  • Ubuntu 16.04 +
  • Mint 18 +
  • Debian
  • Fedora
  • Arch
Whilst the Linux distros are not exhaustive, the Desktop Environment affects our ability to support the client. As such, Linux distros that utilise Gnome, XFCE, LXDE, LXQt or KDE will function (and are tested by our QA Team).


In fact, I am using Lubuntu 16.04, which is simply Ubuntu 16.04 with an LXDE desktop environment.  They specifically state that their QA team has tested LXDE and concluded that it functions.  So kudos for the quick response time, but I'm going to have to dock you points for either an incorrect answer or a mis-leading statement on your marketing page.

But the suggestion was to uninstall the latest version 82 and to install the Beta version.  Version 82 uninstall instructions were pretty clear terminal commands, simply copied & pasted in CLI, and Beta version was even simpler to install than Version 82.  After some frustrating moments, I ended up re-booting (that probably should've been the last step for V.82 removal, before Beta install) and everything works fine now.  I've got the application in a launcher in my top lxpanel, easily accessible to launch, and once launched VERY EASY to turn VPN on/off with simple power button interface.

Everything works as expected now.  I can toggle the VPN "on" as desired, and "off" when it's a problem.  VERY HAPPY!  And since I can't really comment on the functionality of v.82 in comparison, I can only say that tech support indicated the Beta version is what the future versions of PIA App were moving toward.  Works like a champ for me, so maybe it will address some of the other issues folks like Ray were having.  Or maybe Ray's issues are simply mis-matched icon sizes for the sytem tray....google indicated this was a fairly common problem, with a super-simple fix...check this out Ray:

https://www.backtrai...lication-linux/

Otherwise, I'm good to go over here!  Thank you to everyone for the excellent advice and guidance!  As always!  :clap:

Edited by Hedon James, 31 December 2018 - 04:37 PM.


#22 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 31 December 2018 - 07:05 PM

I'll take a look at it, What I'd really like is to see if I can get some sort of control in the GNOME desktop.
Posted Image

#23 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 31 December 2018 - 07:45 PM

Well, the Beta is much improved over stable. It's easier to install and update. In Xfce I get a nice control window to start up and a tray icon. GNOME is a bit flakier. I can start OK, I have a launcher icon in my dash to dock extension, but I must leave the control window open to make any adjustments. There does not seem to be any way to minimize the window. If I close the window it is gone from the desktop and I cannot get it to reappear although the VPN still seems to work. Probably I could move the window to another workspace if it gets in the way.
Posted Image

#24 OFFLINE   Hedon James

Hedon James

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 903 posts

Posted 01 January 2019 - 10:01 AM

View Postraymac46, on 31 December 2018 - 07:45 PM, said:

Well, the Beta is much improved over stable. It's easier to install and update. In Xfce I get a nice control window to start up and a tray icon. GNOME is a bit flakier. I can start OK, I have a launcher icon in my dash to dock extension, but I must leave the control window open to make any adjustments. There does not seem to be any way to minimize the window. If I close the window it is gone from the desktop and I cannot get it to reappear although the VPN still seems to work. Probably I could move the window to another workspace if it gets in the way.

Correct, there is no way to minimize the window.  At least not yet in this Beta.

The system tray in Lubuntu has always been a little flaky for me, so I've had an application launcher widget for years (I have a top bar lxpanel and a "shutdown" button for that application, as well as wicd and pavucontrol) and I just put the PIA app in there too.  The PIA app doesn't change colors for a visual indication of PIA status, but it launches easy enough.

I ended up leaving the PIA app opened on another workspace that I reserve for "other systems".  I keep my Teamviewer app, VirtualBox, Chrome RDP, and now PIA VPN on that workspace.  It was a logical place to put it.  Plus, I have a conky script on my desktop that shows Public address of ISP.  If I'm really lazy, I can look at that and see if its my local IP address, or something else, to determine if PIA is running.  Or I can work for it and switch to the "other systems" workspace and a look at the PIA app WILL provide color-confirmation of whether the PIA VPN is active or dis-connected.

Maybe less than ideal for other folks, but it fits within my workflows with no issues whatsoever.  No complaints here...

#25 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,917 posts

Posted 01 January 2019 - 10:51 AM

I have installed the PIA Beta on Linux Mint Cinnamon. I can get a little PIA green man launcher in the bottom panel with my other favorites. If I do close the PIA window I still have a white tray icon with a green indicator that allows total control. Bottom line, the Beta is far preferable in Linux.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users