Jump to content

VPNs?


Hedon James

Recommended Posts

I think it's time I've looked into a VPN. I never really gave them much thought, but some recent experiences have me thinking I need to get educated. Perhaps it is the smart thing to do? But where do I begin?

 

I've done some googling, with tech jargon over my head, but it seems like zero-log VPNs are what I want, otherwise hackers can defeat the VPN...correct? And I want something linux-friendly...no M$ machines in this house, just linux and android...or perhaps it doesn't matter, as it's browser based? And I also see routers flashed with DD-WRT and Tomato software, configured for VPNs. Not sure of the "correct path", so I can't seem to figure out where to start.

 

I believe SB has indicated he uses VPNs for on-line surfing...is that for ALL surfing, or just certain websites, like Amazon shopping etc...? Anyone else use VPNs? I could use a tutorial, from start to finish, of how to select a VPN (perhaps including why YOU selected what you did?); how to install (software on each PC vs router vs browser add-on?); and how to use the VPN (for everything vs. select sites...can I turn "off" and "on" as needed?).

 

1) I have preliminarily identified IPVanish and ExpressVPN as linux-friendly candidates. Any thoughts on these 2 providers? Any thoughts on others? What makes 1 VPN a "better choice" than another? Cost isn't even one of my top concerns...while cheaper is better than more expensive, I want to surf the internet without worrying if some blackhat hacker is snooping for a credit card number or password...if it costs for that security, so be it.

 

2) Is it better to buy a router with VPN configuration, or to configure individual devices? It seems like VPN subscriptions are "per device" or licensed for X number of devices. I like the idea of a router VPN protecting ALL my local intra-net devices connected to it (i've probably got about 20 devices connected to my WLAN, including "smart home" devices); but I don't necessarily need that...at a minimum I want about 2-3 devices in the house that we do internet shopping from to have VPN benefits. But I can see the benefit of all devices behind a VPN router. Or do I need BOTH? Confused...

 

3) Assuming that a VPN router is the way to go, it looks like the going rate for a decent DD-WRT or Tomato router to suit my needs is about $250-$350. Any recommendations? Is it that simple that I hook up the pre-configured VPN router, connect my devices like I would with any new router, and I'm good to go with VPN? If not, what else is involved?

 

4) Assuming that individual devices are the way to go, how would I go about setting up my "critical" devices to use VPN? All are linux, and all are either Ubuntu/Lubuntu (computers) or Android (tablets & phones). Once setup, is VPN my new "default" internet protocol, or must I turn it off and on as needed? CAN I turn it off and on? I have some subscription sites that I MUST access for work...will a VPN connection cause me issues trying to connect to those sites with a geo-location different than what they're used to seeing me connect from? I can't have VPN issues with these sites, or I'm out of business...

 

As you can see from my questions, I'm a complete novice with VPN. I only understand the basic purpose and a very generalized understanding of how/why it works to protect my internet activity. Beyond that...I'm lost. Looking for practical advice on how to establish the correct criteria to make a decision, perhaps YOUR criteria and YOUR decision of why you chose what you chose, and a practical guide to setting up a VPN and day-to-day use of a VPN.

 

I also get a wide spectrum of good advice here at BATL, and I'm looking forward to hearing everyone's perspectives on this new subject to me. Thanks in advance for the education I'm about to receive!

  • Like 2
Link to comment
Share on other sites

securitybreach

I'm on mobile right now and will not be back twice home till late tonight but your best bet is Private internet access (PIA). They have been tested in US Federal court twice in 2018 alone and they had no subscriber info. I route all my traffic, including my phone through PIA.

Link to comment
Share on other sites

I second PIA as a good VPN service. I generally use it if I take a laptop or tablet out of the house and log on from a hotel or coffee shop. PIA provides both Linux and Windows access, and Android apps which I have used. PIA allows 5 simultaneous connections - which is fine for me. I don't know about how PIA would work with VPN routers - that would be better answered by Josh I think. I just configure PIA on any device where needed.

I can switch PIA on and off or go to another country to log in as required.

Edited by raymac46
Link to comment
Share on other sites

I have just updated PIA to version 82 on my main Linux desktop. 82 is stable. There is a Beta version if you want to be adventurous.

It's pretty easy to install. You just download the tar.gz file, unzip it and then run the shell script. It'll require your admin password of course.

Right now I am connected via Toronto and my ISP is in Ottawa.

Link to comment
Share on other sites

V.T. Eric Layton

I've been in the VPN tunnel now for a couple years. My provider is Private Internet Access (PIA). I've had nothing but awesomely wonderful experiences with this company. I highly recommend them.

 

Have fun!

  • Like 1
Link to comment
Share on other sites

It will work just fine with a router and they offer instructions on their website.

 

I've been all over the PIA website and it answers many of my questions (which I haven't even asked here yet!), and I like their prices, especially the 1 and 2 year subscriptions. But I don't see anything on their website that resembles a "how to" to setup for router; although I did see a FAQ that suggests that a router would allow all devices behind it to function as a single connection, thereby leaving the other 4 simultaneous connections for mobile devices.

 

Which brings me to my original questions posted above. What are the pros/cons of router vs. individual device configurations? Looks like individual devices are easy. Download the installer, click, and select the VPN in network connections. And looks like I can switch the VPN off & on, just by choosing different network connection. This is probably the most flexible for me, especially with respect to my work machine and required subscription sites. If I have problems accessing those sites via VPN, I'd like to be able to just turn it off without re-configuring my machine every time. So that's a pro in my eyes...what are the cons? I can't think of any, but I don't know what I don't know.

 

What about the router setup? Might be nice to have ALL my devices behind the router benefit from a VPN connection. But I don't see a router package, nor an online tutorial indicating how to set that up. And can I turn off the router VPN if its a problem? The only pro I see is for ALL devices behind my router to benefit from VPN connection, but potential cons include no "off switch" for other websites having issues with VPN. Or can the router be switched off & on to the VPN?

 

I see flexibility as a good thing, as I envision a VPN being active most of the time, only being switched off when/if a problem occurs accessing a critical website, then switched back on again. So I'd like the on-off switch to be quick, easy, and painless. Sure looks like I can do this on an individual device basis, correct? Can I do this with a router, without re-booting it, or some other similar PITA? I like the idea of all devices benefiting from a VPN, without configuring each device individually; and I have no issues "dropping the shield" to accommodate a problem website (which I imagine will be my work subscriptions, and possibly my wife's online banking), then raising the shields again when I'm done.

 

Am I missing something? Are there any other scenarios I might typically encounter with VPNs? Input appreciated!

Link to comment
Share on other sites

Okay, looks like i misunderstood SBs router post. Looks like I'd need to flash firmware (not gonna do that) or buy a pre-configured router. Seems like the smart thing to do would be to configure my individual "critical" devices for PIA and get familiar with how VPNs work, and how they behave with websites that I frequent often (that I frequently frequent? LOL!). Seems like that would fulfill my needs and later on, if I want to, I have the option of going the router way at a later date...putting a VPN "umbrella" over everything in my house.

 

But my original questions are still valid regarding router vs individual devices. Pros and cons of each? What are the scenarios to tip the scale in favor of one over the other? Personal preferences?

Link to comment
Share on other sites

securitybreach

Nah, most routers can be configured to use a VPN in the settings of the router or use openvpn.

 

I simply use the graphical client on my computers or the openvpn configs

 

I'm on a phone right now or I would elaborate further

Link to comment
Share on other sites

Well color me less paranoid than my American friends but I don't usually use a VPN at home. There is some overhead to any VPN and I like my fast downloads. I am therefore less likely to set up a router and I just fire it up on a device if I am out in the wild west of a coffee shop or hotel. I'm sure there is enough expertise here to get you going on a router though.

Link to comment
Share on other sites

securitybreach

Well color me less paranoid than my American friends but I don't usually use a VPN at home. There is some overhead to any VPN and I like my fast downloads. I am therefore less likely to set up a router and I just fire it up on a device if I am out in the wild west of a coffee shop or hotel. I'm sure there is enough expertise here to get you going on a router though.

 

It has little to do with the government but more to do with security and privacy from corporations.

Link to comment
Share on other sites

V.T. Eric Layton

I use OpenDNS for my router's DNS, but other than that, I did NOT have to do anything or make any kind of changes on my router to accommodate PIA's VPN set up. It was all done via setup within Slackware using Network Manager/Open VPN.

Link to comment
Share on other sites

Sorry didn't mean to imply that the US government was any more sinister than the Canadian one. I was simply referring to you folks as Americans while I am not. I understand the desire for privacy from nongovernmental organizations.

My own need is to protect myself from insecure hotspots and hotel systems and that is how I use PIA.

Link to comment
Share on other sites

Here is an interesting thing. If you install PIA on a system like Debian Stretch using GNOME as your desktop, it'll work just fine, connect automatically to a suitable IP but you do not have a control panel or any way to switch it off. If you log out and log in again with the LXQT desktop you have a tray icon which allows control. Curious.

Link to comment
Share on other sites

Okay folks, based on the trustworthy advice of everyone here, signed up for PIA and bought the 12 month subscription. Downloaded the latest version 82 app/script and followed the instructions found here:

 

https://www.privateinternetaccess.com/helpdesk/guides/desktop/linux/ubuntu-pia-app-setup

 

Everything was fine until the last step. In step #5, I input username & password with no issues, checked the settings I think I want, but no indication that PIA is even running, and no apparent way to switch it over in network manager. Desktop conky script confirms I'm still on the same ISP address as usual. What am I missing?

 

I'm running Lubuntu 16.04 (LXDE) if that matters. Google search indicates lots of folks having issues with Lubuntu setups, but much older versions of PIA (60s and 70s series). Seems like everything referenced (make script executable, installation directory, etc...) does not apply to version 82. Any suggestions?

Link to comment
Share on other sites

Update....looks like a restart has PIA auto-starting, so everything seems to be working fine in that respect. and my desktop conky script does show a new ISP location, so I appear to be "cloaked" to hackers. And I'm already experiencing issues with Google, especially e-mail alerts regarding suspicious activity. So maybe I want to leave PIA "down", but put it up for web sessions? Not sure yet. But in the meantime, it doesn't matter what I want, as I still have no system tray icon, so not sure how to start/stop.

 

So far, I have to check/uncheck startup applications and logout/login. I'm guessing a "sysctl" incantation might also work to enable/disable, but what a PITA. There's got to be an easier way to toggle on/off.

Edited by Hedon James
Link to comment
Share on other sites

V.T. Eric Layton

Google, in particular, is picky about changes to your normal IP address when accessing mail. I get the occasional Security Exception pop up in T-bird for Gmail, but confirming the IP usually clears it up for a while. My other email providers are not so picky, so no troubles with them.

 

Also, you'll find that some websites you go to will alert you that your IP is on their blacklist due to SPAMMING activities from that IP. This is an unfortunate consequence of the exit server IPs for PIA being abused by rectal orifices. PIA usually clears this up relatively quickly, though.

 

Note, too, it is recommended that you NOT login to your online banking with a VPN because the bank's security system often freaks out when your usual IP changes. They think it's a spoof/hack attempt on your account. So, sadly, when I login to do my online banking, I use my direct ISP IP. This kinda' seems to be the place (banks, etc.) where you WOULD DEFINITELY want to be in an encrypted VPN tunnel, but my two credit unions freak out when I log in with the VPN active, so... I just deal with that little burp.

 

Have fun!

 

By the way, if you have ANY questions/issues, contact PIA customer support. I'm not kidding in the least when I say that their CS is probably some of the best I've ever experienced in 18+ years online.

Link to comment
Share on other sites

How PIA behaves in Linux appears to be a function of desktop environment and how tray icons are supported.

Here's my experience so far:

Cinnamon - works great. Little PIA guy shows up in the system tray and changes color. All controls work.

Xfce - also works very well with little PIA guy.

LXQt - I get a small white gear instead of the PIA icon, but it works to control everything.

GNOME - A notification window comes up that PIA is launching and where it is connecting, but after that Zilch, Zip, Nada.

Link to comment
Share on other sites

V.T. Eric Layton

Can't say about any of that, Ray. In Slackware, I just use a specially ported NetworkManager that has OpenVPN integrated into it. In Slack, NetworkManager does everything regarding the VPN.

Link to comment
Share on other sites

I've been using the PIA client in Debian and Mint. Recent updates have added support for Linux independent of Open VPN (although of course that remains an option.)

Link to comment
Share on other sites

Okay, sent a support request to PIA outlining the issue and asking for assistance.

 

Was pleased to get a response overnight, but a little irritated in their response that Lubuntu was not a supported OS. It CLEARLY states in their "Most Common Questions", and I quote:

 

 

10. What Operating Systems Do You Support?

Currently we support:

  • iOS 9+
  • Android 4.1+
  • Extension (Chrome & Firefox & Opera)
  • Android TV / Nvidia Shield
  • FireOS
  • Windows 7, 8.1, 10
  • MacOS 10.10 +
  • Ubuntu 16.04 +
  • Mint 18 +
  • Debian
  • Fedora
  • Arch

Whilst the Linux distros are not exhaustive, the Desktop Environment affects our ability to support the client. As such, Linux distros that utilise Gnome, XFCE, LXDE, LXQt or KDE will function (and are tested by our QA Team).

 

 

In fact, I am using Lubuntu 16.04, which is simply Ubuntu 16.04 with an LXDE desktop environment. They specifically state that their QA team has tested LXDE and concluded that it functions. So kudos for the quick response time, but I'm going to have to dock you points for either an incorrect answer or a mis-leading statement on your marketing page.

 

But the suggestion was to uninstall the latest version 82 and to install the Beta version. Version 82 uninstall instructions were pretty clear terminal commands, simply copied & pasted in CLI, and Beta version was even simpler to install than Version 82. After some frustrating moments, I ended up re-booting (that probably should've been the last step for V.82 removal, before Beta install) and everything works fine now. I've got the application in a launcher in my top lxpanel, easily accessible to launch, and once launched VERY EASY to turn VPN on/off with simple power button interface.

 

Everything works as expected now. I can toggle the VPN "on" as desired, and "off" when it's a problem. VERY HAPPY! And since I can't really comment on the functionality of v.82 in comparison, I can only say that tech support indicated the Beta version is what the future versions of PIA App were moving toward. Works like a champ for me, so maybe it will address some of the other issues folks like Ray were having. Or maybe Ray's issues are simply mis-matched icon sizes for the sytem tray....google indicated this was a fairly common problem, with a super-simple fix...check this out Ray:

 

https://www.backtrai...lication-linux/

 

Otherwise, I'm good to go over here! Thank you to everyone for the excellent advice and guidance! As always! :clap:

Edited by Hedon James
  • Like 1
Link to comment
Share on other sites

Well, the Beta is much improved over stable. It's easier to install and update. In Xfce I get a nice control window to start up and a tray icon. GNOME is a bit flakier. I can start OK, I have a launcher icon in my dash to dock extension, but I must leave the control window open to make any adjustments. There does not seem to be any way to minimize the window. If I close the window it is gone from the desktop and I cannot get it to reappear although the VPN still seems to work. Probably I could move the window to another workspace if it gets in the way.

Link to comment
Share on other sites

Well, the Beta is much improved over stable. It's easier to install and update. In Xfce I get a nice control window to start up and a tray icon. GNOME is a bit flakier. I can start OK, I have a launcher icon in my dash to dock extension, but I must leave the control window open to make any adjustments. There does not seem to be any way to minimize the window. If I close the window it is gone from the desktop and I cannot get it to reappear although the VPN still seems to work. Probably I could move the window to another workspace if it gets in the way.

 

Correct, there is no way to minimize the window. At least not yet in this Beta.

 

The system tray in Lubuntu has always been a little flaky for me, so I've had an application launcher widget for years (I have a top bar lxpanel and a "shutdown" button for that application, as well as wicd and pavucontrol) and I just put the PIA app in there too. The PIA app doesn't change colors for a visual indication of PIA status, but it launches easy enough.

 

I ended up leaving the PIA app opened on another workspace that I reserve for "other systems". I keep my Teamviewer app, VirtualBox, Chrome RDP, and now PIA VPN on that workspace. It was a logical place to put it. Plus, I have a conky script on my desktop that shows Public address of ISP. If I'm really lazy, I can look at that and see if its my local IP address, or something else, to determine if PIA is running. Or I can work for it and switch to the "other systems" workspace and a look at the PIA app WILL provide color-confirmation of whether the PIA VPN is active or dis-connected.

 

Maybe less than ideal for other folks, but it fits within my workflows with no issues whatsoever. No complaints here...

Link to comment
Share on other sites

I have installed the PIA Beta on Linux Mint Cinnamon. I can get a little PIA green man launcher in the bottom panel with my other favorites. If I do close the PIA window I still have a white tray icon with a green indicator that allows total control. Bottom line, the Beta is far preferable in Linux.

Link to comment
Share on other sites

securitybreach

I have installed the PIA Beta on Linux Mint Cinnamon. I can get a little PIA green man launcher in the bottom panel with my other favorites. If I do close the PIA window I still have a white tray icon with a green indicator that allows total control. Bottom line, the Beta is far preferable in Linux.

 

I've never used the beta. I just use the normal client on my laptops and the openvpn config on my desktop.

Link to comment
Share on other sites

I was watching a video the other day about a fellow that has hit the road in his RV. He mentioned that using public wifi you could be opening yourself up to hackers. He suggested setting up a firewall for whatever OS you were using. This stuff makes my head spin. So I googled firewall for Slackware 14.1 and it brought a page that looked simple enough until I started scrolling down. Did I mention this stuff makes my head spin? I'm thinking if I don't use public wifi for banking etc...I shouldn't worry.....don't want to risk spinning my head off....Then I saw this post by OP Hedon James. It almost sounds like what the fellow in the video was talking about. Question.... are there any live versions that I could put on a thumbdrive that would have the security already set up? I'm thinking if I was ever in the situation that I had to use pubic wifi for banking I could just plug a thumb drive in and proceed. thanks....

Link to comment
Share on other sites

securitybreach

I was watching a video the other day about a fellow that has hit the road in his RV. He mentioned that using public wifi you could be opening yourself up to hackers. He suggested setting up a firewall for whatever OS you were using. This stuff makes my head spin. So I googled firewall for Slackware 14.1 and it brought a page that looked simple enough until I started scrolling down. Did I mention this stuff makes my head spin? I'm thinking if I don't use public wifi for banking etc...I shouldn't worry.....don't want to risk spinning my head off....Then I saw this post by OP Hedon James. It almost sounds like what the fellow in the video was talking about. Question.... are there any live versions that I could put on a thumbdrive that would have the security already set up? I'm thinking if I was ever in the situation that I had to use pubic wifi for banking I could just plug a thumb drive in and proceed. thanks....

 

Simply using a trustworthy VPN will elevate the issue. Firewall rules would be needed if you didn't have a VPN. Remember.. your provider (ISP or whomever is running the wifi signal) can only see one single connection to your VPN, everything else is encrypted and hidden. For instance, when I am connected to a VPN at home, my ISP only sees one single connection to my VPN provider and cannot see anything after that. As long as your VPN provider can pass DNS leak tests, the outside connection cannot see anything at all.

  • Like 1
Link to comment
Share on other sites

Apparently MX Linux is quite easy to set up as live USB with persistence on a flash drive. Sure you could set up VPN on that.

Good morning sunrat. Tnx for the reply. As a matter of fact, I do have MX-17 w/ persistence on a flash drive. I'll have to do more research. Tnx!
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...