A Simple VPN Implementation

[festus]

Now testing "vpn-onoff" version 0.2
Added DNS handling using openresolv
Version upgrade of OpenVPN to 2.4.7
Update of freevpn.me configuration files to reflect changes and addition of 1 new server.
See first post.

Hello, OscarTalks

I am using and very pleased with version 0.2 of this package.

I tested the DNS for leaks here>
https://ipleak.net/
The results looked fine to me...

Thank you for taking the time to make and share this important piece

bliss,
festus

[fabrice_035]

Hello,

I can't run a script when the network is disconnected.
Of course i found option (placed in .ovpn script/file)

Code: Select all

...
up "/root/VPN/connect.sh"
down "/root/VPN/disconnect.sh"
...

but if I disconnect the network cable from my computer I don't receive any alert
'down' work only if i kill openvpn or exit .
Any suggestion ?

Thx

[OscarTalks]

Hello Festus,
Thanks very much for the report.

Hello Fabrice,
Sorry but I don't have a definite answer. I have been trying to study these functions as there are other things I would like to do including some more notifications. I guess that disconnecting the cable produces a different response within the program when compared to issuing a kill or exit command. You could try running openvpn from terminal and study the output to see if you can use any changes to run a script. That is my only suggestion at the moment.

[OscarTalks]

VPNbook have added 2 new free servers
Canada (CA198) has been added
France (FR8) has been added
CA222 and FR1 remain active, taking the total number of free servers available to 8
Users requiring p2p should use PL or DE (or one of the freevpn.me servers)
See http://vpnbook.com

I have added configuration files for these 2 new servers to my experimental vpn-onoff packages and re-uploaded. Package number remains the same at 0.2
http://smokey01.com/OscarTalks

[Mike Walsh]

Hallo, Oscar.

Mate, this works absolutely perfect. I can't thank you enough.....and so simple to use.

I thought it was time I got summat 'sorted' ahead of the forthcoming UK internet censorship law, coming into effect on the the 15th July 2019. Not that I visit very many 'dodgy' sites, if at all - - but from what some of the tech blog site sites have been reporting, the implementation is going to be so draconian that it'll throw the UK internet completely for a 'curve ball'.....and nothing will be the same going forward.

Even many relatively innocuous sites will be caught in the net.....and I have absolutely no intentions of registering my real name and credit card details, simply to 'prove my age'. Why the hell should any of us have to, come to that?

This article from WIRED.co.uk makes for interesting reading, and is a worrying taste of things to come.....

(Note section 3 in particular. Imagine that getting hacked, and all the possible ensuing blackmail on social media.....not to mention law-enforcement agencies taking it into their heads to conduct huge 'trawling' operations, based on the details within.)

Ouch. Literally.

----------------------------

I tried your early efforts on this, I'll admit, more out of curiosity than owt else. From those early 'manual' efforts this has matured into a beautifully easy-to-use way for any Puppian to use a VPN, newbie and veteran alike. Full marks to you.....and thanks again.

(According to my-ip-address.co, I'm posting this from a small village somewhere in south-eastern France...!!)

Well done, mate. You're a real credit to our community.





Mike.

[Gera]

I can't connect to freevpn servers. Has anyone been able to use FreeVPN in recent days?
Freevpn has this warning :

Updated September 2019. Download new certificate bundle below and the latest version of OpenVPN client software for your device.

Certificate bundle looks the same as from April 2019

How to update OpenVPN to latest version ?

And I offer to facilitate storage of passwords as FreeVPN has unique password for each server. Switching between servers requires too much copy-paste and symlink creations.

Opening http://my-ip-address.co/ in browser should be optional or turned off because it makes too much noise if you turning VPN on and off very often.

[OscarTalks]

Hello Gera,

Thanks for the feedback and suggestions.
I am unable to connect to the freevpn servers today. As you say, the .ovpn bundle appears to be the old one from April. Not sure what is happening, maybe they will get it resolved soon.

The OpenVPN in my packages is version 2.4.7 which I believe is the latest. If a more recent one is available and required it will be a case of compiling from source.

This was always intended to be a simple implementation which does the job. I am only a relative novice. Others are welcome to build on it if they have ideas with GUIs and things. With VPNs the user will always have to manually input passwords and such like. In the case of freevpn it is a free service, but the "price" is that you have to spend a few moments changing the password every few days which I don't consider too "expensive". If you have ideas for a method of grabbing and updating those passwords that would be an improvement, but I don't know how to do that and I am not sure what you are offering/requesting/suggesting.

What I have been doing is choosing one server and just changing password as required, so changing of symlinks is hardly ever necessary in my case. Again though, if it needs to be done it only takes a few moments.

If you don't like the opening browser you can always comment that line out or remove it in the scripts. Personally I like to have definitive confirmation of my IP address each time I click in or out. I have NetSurf browser doing that on my systems rather than a big browser. I am sure there are alternative ways of displaying IP address so it is something I will give some thought to.

[OscarTalks]

The FreeVPN situation is now fixed.
New .ovpn config file bundle is now available dated October 06th 2019
I have updated my packages of "vpn-onoff"
Using TCP port 443 with tweaks to the config files and all 7 servers tested and confirmed working correctly here.
Uninstall, re-download and re-install or extract the new config files and substitute.
http://smokey01.com/OscarTalks

[TiredPup]

Hi OscarTalks. Thank you for your work on this. I have downloaded and installed your software on my Bionicpup64 8.0 setup. VPN-Start opens as it should but does not start openvpn. It does open a browser window at my ip and displays the local ip address near my home. Clicking the icon for VPN-Stop yields a message "openvpn not running".

I am able to download the certificate package and run configuration from the command line when these are unzipped. At that point I can use the vpn with no issues.

So what I am I doing wrong when attempting to use VPN on/off?

EDIT: Forget it. I figured it out.

I failed to track down the appropriate config file and manually enter the password before starting the software.

[d4rkn1ght]

Will this work with paid services? I have been thinking about subscribing to TorGuard VPN but I don’t know if it will work with their config files.

[OscarTalks]

I believe it should work. You will need to select a .ovpn config file for the server you want to connect to and you will need to edit a few lines in it, mainly to enter the path to the pass file. Since I don't have a subscription to this provider I am unable to verify 100%

[rufwoof]

@ OscarTalks

Reconfigured everything for VPNbook and got the same results. Everything connects but no web access, so I went to bed frustrated.

Next Day (today) I took the laptop a few cities south to a location where I had access to a commercial account with the same ISP (Comcast). WAHLA!!! everything works perfectly, Comcast is blocking VPN use from residential accounts. Any suggestions on how to deal with this? I wonder if Comcast blocks a Tor browser?

Resort to alternatives. I ssh into hashbang (a free ssh server provider) and can do things directly from there (remote sites see the hashbang IP, not mine, and my ISP only sees ssh (encrypted) link). That also by default uses the DNS's that hashbang is set to use. I was using the US server, but recently they moved to a German based server, which for me (UK) runs even quicker. If wherever you are you can ssh out, then that's all that is needed.

Other choices include setting up your own ssh server at home, and using that whilst out and about.

Or nowadays you can rent your own VPS quite inexpensively $5/month type cost. A benefit there is that you're also in control of the logs (root authority on the server). A thought that crosses my mind is whether forum users should collectively set up our own shared VPS for the likes of VPN ..etc. There's certainly enough skills around the forum to do that. And available disk space on the VPS could be used for the likes of rockedge's updated version of murga linux.

[d4rkn1ght]

I believe it should work. You will need to select a .ovpn config file for the server you want to connect to and you will need to edit a few lines in it, mainly to enter the path to the pass file. Since I don't have a subscription to this provider I am unable to verify 100%

Thanks! I really like your VPN script.

[enrique]

OscarTalks 1rst thanks for helping me out with Linphone. This give me some air, as it never fail to connect.

Now I just saw this nice tread too. I am using debian BusterDog. I extracted your pet "vpn-onoff-0.2-x86_64-bionic.pet" to create a deb package. Well to be careful I did copied only vpn-onoff stuff not the openvpn or the resolvconf.

The app its perfect. I do the job very nice and simple.

Now regards http://vpnbook.com my downloaded "vpn-onoff-0.2-x86_64-bionic.pet" came with simlink pointing to "vpnbk-fr1.ovpn". I did not test the other ones, but this config work very badly it make at least 6 retries before connection. And Can not reconnect easily after disconnect. Listen I understand this configs has nothing to do with the nice app. I am just reporting my findings. I did download a config from Korea and it connects at once. Never fail. So it is not the connection. If I try later I will try other http://vpnbook.com.

Now the user Gera gave nice reports that I agree with him. So for future releases consider adding extra menu in tray app.

*Instead of closing and exit consider leaving the app in tray but with different icon symbol showing it as disconnected. Then add a menu to Exit just in case user wants to remove app from tray.
*Add a menu/script to look for all ovpn at "/etc/vpn-onoff" display and allow user to select, so that the symlink be created automatically.
*Finally I agree that the use of "defaultbrowser http://my-ip-address.co" is to costly. Instead you can leave this as an optional test in an extra menu item. **See next post for better approach using curl instead of the browser..

To my install I did some changes. For
vpn-start
Commented

Code: Select all

#openvpn --daemon --config /etc/vpn-onoff/vpnconfig

Instead used this to allow a new terminal to show me any trouble/success with openvpn

Code: Select all

lxterminal -e "openvpn --config /etc/vpn-onoff/vpnconfig"

Commented

Code: Select all

#defaultbrowser http://my-ip-address.co &

And now replace

Code: Select all

--command="defaultbrowser http://my-ip-address.co"

with new script

Code: Select all

--command="vpn-ip-route"

New vpn-ip-route

Code: Select all

#!/bin/sh
# Check ip route
ip route get 8.8.4.4 2> /dev/null
if [ "$?" -ne 0 ]; then
	yad --center --text="Network is unreachable"
else
	IPROUTE=$(ip route | head -10 | awk 'END{print $1}');
	yad --center --text="$IPROUTE"
fi

This new script run instantaneous. And it is true it does not report from a REAL Web Server but instead show the VPN IP by examining the content of ip route.


Finally vpn-stop
Again removed

Code: Select all

#$defaultbrowser http://my-ip-address.co &

Instead use the new script

Code: Select all

vpn-ip-route

Hope my Ideas can improve your future releases.

[enrique]

Even better I found this web. Simple command to get reply from the net for our Public IP Addresses:

If you want REAL web IP test replace

Code: Select all

IPROUTE=$(ip route | head -10 | awk 'END{print $1}');

with

Code: Select all

IPROUTE=$(curl ifconfig.me)

Comes from here:

Code: Select all

https://www.linuxtrainingacademy.com/determine-public-ip-address-command-line-curl/

Free from time consuming browser test. Enjoy.

Edit1:
Attached the changes I made. This are suggestions for future releases. /usr/bin contains the 3 files I suggest change. /etc/vpn-onoff contain the ovpn file I use for testing so that you can see that they load fast no need for big delays. Terminal window can be minimize or you can exchange comments in vpn-start to leave as it was. Rename attachment to vpn-onoff-sugestions.tar.xz before extraction. Hope you like it.

[jafadmin]

.. Simple command to get reply from the net for our Public IP Addresses:

Check this out ..
http://murga-linux.com/puppy/viewtopic. ... 33#1045733

[enrique]

@jafadmin You are the Man. Very nice.

So if you did install my script ignore or delete vpn-ip-route , we no longer needed. jafadmin's netinfo.yad is the way to go. So install that one.

For vpn-start change

Code: Select all

--command="vpn-ip-route"

replace with

Code: Select all

--command="netinfo.yad"

For vpn-stop change

Code: Select all

# 	Display info in GTK
	vpn-ip-route

replace with

Code: Select all

# 	Display info in GTK
	netinfo.yad

And you can get Public IP/VpnStatus without the need of the Slow Browser:


All thanks to OscarTalks's vpn-onoff & jafadmin's new geolocation script. Please note that I am not trying to take over, we are ONLY suggestion ways to improve for future releases.

[gabtech]

Hi enrique

I made your suggested changes but my lxterminal opens without any output. Check my attached vpn-start.

[OscarTalks]

Hello enrique,

Thanks very much for the feedback and comments which are most welcome. I will try to include at least some of them if I do any future "releases". I agree with you (and others) that it would be nice to replace the browser call with something else so thanks to jafadmin for the script which I will be testing for a while.

I would like to have simpler dialogs for the .ovpn selection and username/password entry, also some sort of immediate notification in the event that VPN server connection is lost, but I am only a relative novice so for me it is good if others are interested in joining in with their own ideas.

Some people have reported issues with vpnbook being very slow just recently. As you say, that is outside of my control. Maybe they are under heavy load from too many users. Hopefully they will take steps to improve things.

You can also use the .ovpn files from http://vpngate.net as you have done with your Korean server. Bear in mind that this is an experimental system and most of the servers are operated by volunteers on their own ISP's connections, rather than dedicated servers in a data centre.

[enrique]

I try your file and works perfect.

You need to make sure you new vpn-start and your netinfo.yad are executable and store at /usr/bin

Code: Select all

chmod + /usr/bin/netinfo.yad
chmod + /usr/bin/vpn-start

You should mod also vpn-start so that it also call netinfo.yad instaed of the browser.