(OLD) (ARCHIVED) Puppy Linux Discussion Forum Forum Index (OLD) (ARCHIVED) Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info

This forum can also be accessed as http://oldforum.puppylinux.com
It is now read-only and serves only as archives.

Please register over the NEW forum
https://forum.puppylinux.com
and continue your work there. Thank you.

 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups    
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 22 Oct 2020, 16:21
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
A Simple VPN Implementation
Moderators: Flash, Ian, JohnMurga
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies. View previous topic :: View next topic
Page 6 of 7 [100 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Author Message
jafadmin

Joined: 19 Mar 2009
Posts: 1258

PostPosted: Thu 26 Dec 2019, 04:20    Post subject:  

enrique wrote:
.. Simple command to get reply from the net for our Public IP Addresses:

Check this out ..
http://murga-linux.com/puppy/viewtopic.php?p=1045733#1045733
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Thu 26 Dec 2019, 10:31    Post subject:  

@jafadmin You are the Man. Very nice.

So if you did install my script ignore or delete vpn-ip-route , we no longer needed. jafadmin's netinfo.yad is the way to go. So install that one.

For vpn-start change
Code:
--command="vpn-ip-route"

replace with
Code:
--command="netinfo.yad"


For vpn-stop change
Code:
#    Display info in GTK
   vpn-ip-route

replace with
Code:
#    Display info in GTK
   netinfo.yad


And you can get Public IP/VpnStatus without the need of the Slow Browser:


All thanks to OscarTalks's vpn-onoff & jafadmin's new geolocation script. Please note that I am not trying to take over, we are ONLY suggestion ways to improve for future releases.
Back to top
View user's profile Send private message 
gabtech

Joined: 14 Apr 2013
Posts: 107

PostPosted: Fri 27 Dec 2019, 06:10    Post subject: netinfo  

Hi enrique

I made your suggested changes but my lxterminal opens without any output. Check my attached vpn-start.
vpn-start.gz
Description 
gz

 Download 
Filename  vpn-start.gz 
Filesize  1023 Bytes 
Downloaded  212 Time(s) 
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 2202
Location: London, England

PostPosted: Fri 27 Dec 2019, 10:26    Post subject:  

Hello enrique,

Thanks very much for the feedback and comments which are most welcome. I will try to include at least some of them if I do any future "releases". I agree with you (and others) that it would be nice to replace the browser call with something else so thanks to jafadmin for the script which I will be testing for a while.

I would like to have simpler dialogs for the .ovpn selection and username/password entry, also some sort of immediate notification in the event that VPN server connection is lost, but I am only a relative novice so for me it is good if others are interested in joining in with their own ideas.

Some people have reported issues with vpnbook being very slow just recently. As you say, that is outside of my control. Maybe they are under heavy load from too many users. Hopefully they will take steps to improve things.

You can also use the .ovpn files from http://vpngate.net as you have done with your Korean server. Bear in mind that this is an experimental system and most of the servers are operated by volunteers on their own ISP's connections, rather than dedicated servers in a data centre.

_________________
Oscar in England

Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Fri 27 Dec 2019, 10:36    Post subject:  

I try your file and works perfect.

You need to make sure you new vpn-start and your netinfo.yad are executable and store at /usr/bin

Code:
chmod + /usr/bin/netinfo.yad
chmod + /usr/bin/vpn-start


You should mod also vpn-start so that it also call netinfo.yad instaed of the browser.

Last edited by enrique on Fri 27 Dec 2019, 10:58; edited 1 time in total
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Fri 27 Dec 2019, 10:54    Post subject:  

@OscarTalks thanks for considering our suggestion.

I am not sure if you have Firewall Setup 0.7 by Alien Bob. The one that comes with most Puppys. Look at the Tray Menu. When you do Right-Click you have:
*Quit Firewall( I guess exit)
*Firewall Setup
*Firewall Remove
*Firewall ON

What I suggest is similar approach.
*Exit - to close openvpn and remove tray Icon
*openvpn setup -where we can either select ovpn or ask to rotate between the ones we have store at /etc/vpn-onoff
*Test openvpn no Browser- just as we suggest
*Test openvpn with Browser
*username/password entry
*Turn ON/OFF (Toggle) - where we turn it On if Off, or Off if where On. But NOT leaving the tray icon. Tray Icon should change color to demonstrate is on or off.

Just as you said we users have to consider that this is a freeservice "most of the servers are operated by volunteers on their own ISP's connections,". Best option is to have more that 10 .ovpn files. Then automate the process so that when we leave a new .ovpn is selected by our vpnconfig. I personally will be trying that for your the vpn-stop script. New VPN server every time we go in.

Edit1:

And yes your suggestion is good. A daemon to test when our Public IP change and we lost openvpn connection. I wonder if openvpn should have some default on this? I guess this should be a common need(standard) by all.
Back to top
View user's profile Send private message 
d4rkn1ght


Joined: 19 Jan 2010
Posts: 55

PostPosted: Sat 28 Dec 2019, 00:31    Post subject: VPN Switch  

I made this simple widget so I can have the two vpn-start and vpn-stop, password changing, and config files in a single place. I just wanted a simple GUI with all these shortcuts. I also added jafadmin Geolocation great script. Cool

Please do as you wish with this. I'm sure someone here can make this better.

This works great in Tahrpup64 and Bionicpup64. I think it should work on Xenialpup, but I haven't tested other puppies.

---Updated---

Just added a few simple features and performance improvements. Hopefully it's a little more useful.

Download here.
vpn-switch-3.png
 Description   
 Filesize   30.04 KB
 Viewed   710 Time(s)

vpn-switch-3.png


Last edited by d4rkn1ght on Sat 01 Feb 2020, 20:51; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Sat 28 Dec 2019, 04:19    Post subject:  

@d4rkn1ght at 1rst I could not make it work. As always I uninstall all previous versions to start clean. This means vpn-onoff too. So I did not work. Now I see. While having OscarTalks's vpn-onooff installed, then we install vpn-switch.pet. And it will open a window with you nice app. I guess we all have our best choise. I like OscarTalks's vpn-onooff. I know he has put 2 startup apps in Internet folder. I do not see that as a problem. If not that is an advantage. If something goes wrong and programs stop to work(hangup) we can use vpn-stop as a killall rescue, no need for task manager or another terminal.

Now, Do not get me wrong. What you done is beautiful. I will have it store with my other yad/gtkdialog apps. It contains a full app function with menus submenus, etc in gtkdialog. I will be studding that even when I am trying to stick to only one of this dialog. I do not know if I am wrong but I had personally selected yad over zenith and gtkdialog. I am starting to learn bash, learning only yad should allow me to learn faster. To all keep the good work.
Back to top
View user's profile Send private message 
d4rkn1ght


Joined: 19 Jan 2010
Posts: 55

PostPosted: Sat 28 Dec 2019, 10:46    Post subject:  

enrique wrote:
@d4rkn1ght at 1rst I could not make it work. As always I uninstall all previous versions to start clean. This means vpn-onoff too. So I did not work. Now I see. While having OscarTalks's vpn-onooff installed, then we install vpn-switch.pet. And it will open a window with you nice app. I guess we all have our best choise. I like OscarTalks's vpn-onooff. I know he has put 2 startup apps in Internet folder. I do not see that as a problem. If not that is an advantage. If something goes wrong and programs stop to work(hangup) we can use vpn-stop as a killall rescue, no need for task manager or another terminal.

Glad you got it working. Cool This is just a simple GUI with shortcuts to Oscar's vpn-start and stop scripts. For example, when you press Disconnect, it's like clicking on the vpn-stop script.
enrique wrote:

Now, Do not get me wrong. What you done is beautiful. I will have it store with my other yad/gtkdialog apps. It contains a full app function with menus submenus, etc in gtkdialog. I will be studding that even when I am trying to stick to only one of this dialog. I do not know if I am wrong but I had personally selected yad over zenith and gtkdialog. I am starting to learn bash, learning only yad should allow me to learn faster. To all keep the good work.


I don't have that much experience with gtkdialog or the others you mention. My knowledge comes from designing and making websites back in the old HTML 3.2 days, long long time ago. Laughing I just started making little simple gtkdialog scripts just for learning purposes, and this is one of them.

Feel free to do what ever you want with the script. Smile
Back to top
View user's profile Send private message Visit poster's website 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Mon 30 Dec 2019, 17:40    Post subject:  

I been sending PM to OscarTalks for 3 days. I know new year eve is coming. Well as I said I use this as an excuse to practice/learn bash. I love OscarTalks 's vpn-onoff but to my like it need to show its correct status ( up or down) and simplify the choosing of ovpn. I was hopping to allow OscarTalks to decide if he likes my suggestions. But since he has not been around I will expose this to all. I will not give you a new pet, I will instead suggest you try it without installing but just from your Home folder. Please notice that all are scripts and no binary is provided. You can navigate thru the files and open them with your prefer editor and read whats is in it. When you are finished you do not have to worry about uninstalling. You ONLY need to erase the folder /root/vpn-onoff-test as all the propose files will be there only.
To test I will do just as you will do. Here are suggested steps to test:

1-For this test I am using peebee's LxPupBionic-18.05 and created a new/blank puppy save to make sure all works. ( I am not saying you need this puppy. You will try it in yours)
2-I downloaded then OscarTalks 's vpn-onoff from
Code:
http://smokey01.com/OscarTalks/vpn-onoff-0.2-i686-bionic.pet

3-Then I test it just to make sure all works just as oscar wanted. Well there is the usual bad connection to the VPN server.
Please notice that this are cause by the provider vpn server. OscarTalks 's vpn-onoff works perfect.
Well this trouble is the one motivating me to make an improve. So 1rst make sure you OscarTalks 's vpn-onoff is install and working as is.
4-Now download the attachment vpn-onoff-test.tar.xz.gz and copy it to /root folder.
Open a terminal and:
Code:
cd \root
mv vpn-onoff-test.tar.xz.gz vpn-onoff-test.tar.xz
tar -xf vpn-onoff-test.tar.xz

Now you have in folder \root
Code:
VPN-Start-test
VPN-Stop-test
vpn-onoff-test
vpn-onoff-test.tar.xz

NOTE:
a-If in the future you want to remove this suggestion, you will only need to delete this 4 files.
b-To prevent any confusion, this is will not interact with the original OscarTalks 's files & setups. All will be contain inside to just /root/vpn-onoff-test
c-This will then ignore all your config at /etc/vpn-onoff, so if you need you special ovpn just copy from /etc/vpn-onoff and install it to /root/vpn-onoff-test/ovpn.
d-In any case I suggest you go to
Code:
https://www.vpngate.net/en/
There you can get free volunteer servers from all around the word. But mostly from asia. You meed to download from the 5ft Column OpenVPN
Config file
.
e-I strongly suggest you download 5 or more ovpn. So that your load gets spread on multiple different servers. Again store this ovpn in /root/vpn-onoff-test/ovpn
f-You can copy/move the VPN-Start-test & VPN-Start-test. But please leave the main folder in /root/vpn-onoff-test. If you will like to move the folder to other location you can try editing /root/vpn-onoff-test/scripts and modify VPNONOFF="/root/vpn-onoff-test"to new location. It should work even when I have not test it.
g-When you are done uninstall by just deleting the 3 files + folder I mention before.

Hope you like it.Wink
enrique
vpn-onoff-test.tar.xz.gz
Description 
gz

 Download 
Filename  vpn-onoff-test.tar.xz.gz 
Filesize  12.8 KB 
Downloaded  237 Time(s) 

Last edited by enrique on Mon 30 Dec 2019, 20:52; edited 1 time in total
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Mon 30 Dec 2019, 18:06    Post subject:  

So whats new.
*You do not have to create anymore the symlink
*You can add more than one opvn to /root/vpn-onoff-test/ovpn and the program will automatically rotate/select a new one.
*Instead of a daemon for openvpn it runs in xterm. So you can see what is doing or status.
*If openvpn fail to connect and drop from xterm, then a popup warning will show and the Auto retry with next ovpn.
*If openvpn hangs just trying, you can Click on Xterm then [CTRL]-[C]. Again this will Auto retry. At the moment I set retry for 3. But you can change this with RETRY=3 by editing /root/vpn-onoff-test/scripts/vpn-onoff-config.
*vpn-onoff icon will stay RED as long as openvpn reports a down conection. It will change to normal BLUE once it working.
*Does not use Browser to test Public IP. Instead uses jafadmin's script.

gabtech wrote:
Hi enrique
I made your suggested changes but my lxterminal opens without any output. Check my attached vpn-start.

I did miss your question before. But I am pretty sure I did correct this as I test it in Puppy bionic this time.
Back to top
View user's profile Send private message 
Gera

Joined: 21 Sep 2019
Posts: 9

PostPosted: Sat 21 Mar 2020, 20:08    Post subject:  

enrique, I've tried your script. It worked well with freevpn set of ovpn files, but didn't work with vpnbook and vpngate.
With all vpngate files I had same error:
Quote:
VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
...
TLS error: TLS handshake failed


My idea was to have all passwords in 1 file because every 1-2 weeks passwords are changed and it will be convenient to edit only 1 file. For now I have separate username-password files for each freevpn' ovpn file.
That 1 file with passwords may look like this:
#ovpn filename mask Username,Password
Quote:
vpnbk* vpnbook,temppass
vpngate* vpn,vpn
fvpn-be.ovpn freevpn.be,temppass
fvpn-se.ovpn freevpn.se,temppass
...

Files that have same password are grouped with asterisk(*): vpnbk-pl,vpnbk-us1,...
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Sun 22 Mar 2020, 02:58    Post subject:  

Gera

1rst of all I thanks again OscarTalks for this nice project. I am a happy user of it. I only submitted what I think is possible upgrades for his consideration on future releases.

Regards vpngate configs.
I seen in the past problems connecting on just a few servers. I did assume in the past was a server issue. Sadly it seems now there are more falling than connecting. So I assume now is it the Client (we the users). I am not sure what is the final problem; ca-certificates, openssl or openvpn?

I am no expert. My best guess is that our openssl is not finding valid ca-certificates and the fact that we run as root. I am using BusterDog64.

What Puppy are you using?
What is the content of your /etc/ssl/certs

I made a small change. I hope you want to try it. See attachement. What I need you to do is to rename vpn-onoff-test/scripts/vpn-onoff-openvpn to vpn-onoff-test/scripts/vpn-onoff-openvpn.bck. Then copy the attached file to vpn-onoff-test/scripts/vpn-onoff-openvpn

See if that helps. If that fail the we may have to update your ca-certificates. But first try that file and let us know.

If you want to know what I did was to add --capath /etc/ssl/certs to the line:
Code:
xterm -T "Openvpn" -si -sb -fg white -bg SkyBlue4 -geometry 80x22 -e sh -c "openvpn --config $VPNONOFF/vpnconfig --script-security 2 --up $VPNUPSCRIPT --down $VPNDOWNSCRIPT --capath /etc/ssl/certs"
vpn-onoff-openvpn-mod.tar
Description 
tar

 Download 
Filename  vpn-onoff-openvpn-mod.tar 
Filesize  10 KB 
Downloaded  158 Time(s) 
Back to top
View user's profile Send private message 
Gera

Joined: 21 Sep 2019
Posts: 9

PostPosted: Sun 22 Mar 2020, 11:07    Post subject:  

In /etc/ssl/certs folder I have many *.pem, *.crt, *.0 files.

All in all, with your scripts I managed to connect to at least 1 of vpngate, vpnbook and freevpn servers at least once.

Your script connected only to one of 30 vpngate servers. With that 1 server and RETRY=6 setting without addition (--capath /etc/ssl/certs") I connected in 3 of 4 attempts (most time with last 5th/6th try), but with addition in 0 of 4 attempts.

For those few vpnbook .ovpn files that are working from time to time with OscarTalks VPN-Start, it often takes 15-60 seconds before IP will be changed(and icon of active interface in tray will change from green).
With your script it connected to vpnbook server twice(from 6-7 attempts) both times after 2nd retry. When I couldn't connect with your script at the same time with OscarTalks VPN-Start I connected to that vpnbook server in 15 seconds. Probably it is because 5 seconds waiting time in your script is not enough.

For FreeVPN servers yesterday I managed to connect with your script, but today openvpn fails every time after "Peer Connection Initiated" line, with and without addition(--capath /etc/ssl/certs"):
Quote:
VERIFY KU OK
...
VERIFY EKU OK
...
[www.FreeVPN.im] Peer Connection Initiated with [AF_INET] 212.129.4.6:443

For 1 FreeVPN server openvpn fails right after the call without any trace.
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Sun 22 Mar 2020, 15:35    Post subject:  

Gera
Just for your knowledge, After the change I have no trouble connecting fast. And my Puppy is in fact BusterDog64.

You never told me what Puppy you are using.

I am guessing the problem is not with vpn-onoff or my suggested scripts. It almost has nothing to do with VPN. But instead with initial TSL handshake where normal user/password is provided. I know we are not doing user/password. But it is at that stage. It is Openssl the one failing.

WARNING: I am no expert. I do not know the perfect way to correct this. I can only suggest possible solutions. Now If you use you Puppy for Financial/Banking or Important personal USER/PASS situation. STOP Please create a backup of your Puppy Save to test in a different Save file.

To do our test just ignore vpn-onoff or the suggested scripts I provided. For now on lets just open a terminal and do manual commands. This will allow you to see the error and then you can post what you see. Mean while I will try to create a solution to offer you. But I need to know your Puppy version.

1rst command. Lest see what errors show OpenSSL it self
Code:
openssl s_client -connect google.com:443 </dev/null | openssl verify


I am attaching a sample config I had test. I know it works. IMPORTANT: If you are reading this please go to https://www.vpngate.net/en/ and get your own config. This people are volunteers, please do not ALL at once try to connect to same VPN server. There are Hundreds to chose at https://www.vpngate.net/en/. This exception is for a test for gena.
This will be how we will test OpenVPN. IMPORTANT, this free service is up so that people can bridge any government firewalls. PLEASE do not use for movies or Netflix. We need to consider this volunteers.
Code:
openvpn --config vpngate.ovpn --script-security 2 --capath /etc/ssl/certs


You should see Initialization Sequence Completed Fast with almost or none retry.

Now I am on Debian. So to update my CA I only have to do:
Code:
apt install ca-certificates
dpkg-reconfigure ca-certificates


On Puppy you may have to go to PPM and search for ca-certificates. The install. Lets us know if it works for you.
vpngate.ovpn.tar
Description 
tar

 Download 
Filename  vpngate.ovpn.tar 
Filesize  20 KB 
Downloaded  151 Time(s) 
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 6 of 7 [100 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies. View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.2912s ][ Queries: 12 (0.0754s) ][ GZIP on ]