A Simple VPN Implementation

How to do things, solutions, recipes, tutorials
Message
Author
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#41 Post by OscarTalks »

@ AvidHunter

The VPN-Stop is supposed to open the browser (again) to confirm that you have exited VPN and returned to your normal ISP IP address. It also ensures that the tray notification "blue orb" icon is removed. These 2 functions are in addition to stopping the openvpn process.

If you click VPN-Stop when it is already stopped (or hasn't been started), you should get the pink notification. When you click "OK" in that pink notification, it will kill any "phantom" blue orb tray notification icons.

The change in your (wireless?) network icon may not, in itself, be a problem. Entering VPN can cause this sometimes, because the connection "looks" different to your system. Obviously though, if you then have no connectivity, that is a problem.

Your diagnostic output does indicate that you are connecting to the VPN.
See the line Initialization Sequence Completed towards the bottom?
The stuff below is a few minutes later, so I assume that is when you ran killall openvpn to shut it down.

That diagnostic command is just running openvpn from command line.
If you enter that and it gives you Initialization Sequence Completed, you should be able to leave the terminal open (minimized) and then surf normally in VPN. Test by bringing up the page manually (or some other test page). One problem here might be that if the VPN server is full to capacity it might appear that you have no connectivity, even though all the connections are OK.

Maybe try all of the 6 free servers if you have not already done so, remembering to edit each of the .ovpn files. If you have used the default UDP ones, try the TCP ones instead (option is in Proton dashboard - downloads a different .ovpn file for you). I actually used TCP from the beginning.

Otherwise I confess to being a little baffled about what is happening.
If testing this again, remember to killall openvpn at the end of the test.

I am also a little mystified as to why the browser and tray icon are not appearing with VPN-Start, especially since the openvpn part does appear to be configured correctly.
If clicking VPN-Start while the diagnostic is running, this is not surprising because openvpn is already running within the diagnostic.

One thing you may wish to try is configuring for one of the VPNbook servers with their username and password and re-creating the symlink. This should show you how my vpn-onoff thing is supposed to operate, but other than that I am stumped. I have tested it here with Proton in fresh boots of Puppy a couple of times and it all worked, but VPN is not always straight forward as there are lots of variables in networking.
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

diagnostic help

#42 Post by AvidHunter »

@ OscarTalks

No success today, will try again tomorrow.

Questions;

What are the visual signs that are supposed to happen;

a) After a clean boot and VPNstart is selected for the first time.

b) After running VPNstop and then VPNstart
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#43 Post by OscarTalks »

@ AvidHunter

Once it has been configured correctly:-

VPN-Start gives you the splash telling you to wait up to 30 seconds, followed by the browser to tell you your IP address (which you can close after you have read it), plus the tray notification icon appears.

VPN-Stop will open the browser again to tell you your IP address has returned to normal (and again you can close it after reading it), plus the tray notification icon is removed.
There is no splash with Stop, because Stop happens more quickly than Start.

If you then click VPN-Start again, the visual events will be as above.

VPN-Start when it is already started, or VPN-Stop when it is already stopped, will give only a pink notification to tell you that.

Perhaps I should mention one of the limitations or shortcomings of the visual indicators. The tray notification icon being present in the tray really only tells you that VPN-Start has been run. It does NOT prove that connection to the VPN server was successful. For that reason, the user should study the information in the browser to determine this. Left Click of the tray icon at any time opens the browser to check IP address again. This is on my list of things to look at in future, but this was always intended as a simple system that allows me to set up and then click in and out of VPN whenever I want.
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

ProtonVPN Games

#44 Post by AvidHunter »

@ OscarTalks

Reboot and rebuilt everything after downloading all 12 Proton config files then built several VPNconfig files to play with.

Results;

select VPN-start; the 30 second warning runs followed by the blue orb with the gold lock followed by the wireless icon changing into a blue globe with a monitor plugged into it at the approximate latitude and longitude of Switzerland (go figure) followed by the browser popping open to the "What is my IP?" tab but with no web access.

Opening the browser before selecting VPN-start gives the same results.

Deactivating the firewall before initiating VPN-start produces the same results.

I'm stumped! Any suggestion on what to try next?
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#45 Post by OscarTalks »

@ AvidHunter,

From what you have described over recent posts it sounds like the VPN connection is being established, but then traffic over it is blocked or not flowing for some reason. I am wondering if something in your hardware or your ISP is causing this block.

If you configure for VPNbook instead of ProtonVPN and then Start it, it would be interesting to know if you find that the VPNbook IP details display and if you have any web connectivity over VPNbook. This would be a test for some kind of blanket block on VPN traffic as well as proving that the core of the program does actually work.

The only other idea is to try the ProtonVPN command-line tool for Linux.
I tested that yesterday in 2 different Puppies, following the steps on their website, and I was able to connect with it and surf the web. Slightly less user-friendly than my thing to connect and disconnect VPN, but if it works for you it presents a viable option.
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

Comcast blocking VPN

#46 Post by AvidHunter »

@ OscarTalks

Reconfigured everything for VPNbook and got the same results. Everything connects but no web access, so I went to bed frustrated.

Next Day (today) I took the laptop a few cities south to a location where I had access to a commercial account with the same ISP (Comcast). WAHLA!!! everything works perfectly, Comcast is blocking VPN use from residential accounts. Any suggestions on how to deal with this? I wonder if Comcast blocks a Tor browser?
User avatar
festus
Posts: 235
Joined: Wed 14 Jan 2015, 19:10

#47 Post by festus »

@OscarTalks

I am using your "Simple VPN Implementation" successfully on upupbb & both 32 & 64 bit xenial-7.5

Is there any way to configure other pkgs, eg: claws-mail, to use this vpn pkg?

Thank you very much, for this important pkg.

bliss,
festus :)
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

Re: Comcast blocking VPN

#48 Post by OscarTalks »

AvidHunter wrote:Reconfigured everything for VPNbook and got the same results. Everything connects but no web access, so I went to bed frustrated.

Next Day (today) I took the laptop a few cities south to a location where I had access to a commercial account with the same ISP (Comcast). WAHLA!!! everything works perfectly, Comcast is blocking VPN use from residential accounts. Any suggestions on how to deal with this? I wonder if Comcast blocks a Tor browser?
At least that is partial good news in that it works on that computer.
Since I have no experience of ISP blocking I don't have any immediate ideas.
If this is a widespread issue I would have thought that search engines might reveal something.

There is still a possibility that the problem is caused by your router or a router setting, unless you have found official confirmation that the ISP domestic accounts are definitely VPN blocked.

Tor Browser Bundle is easy to test.
http://murga-linux.com/puppy/viewtopic.php?t=91141
Oscar in England
Image
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#49 Post by OscarTalks »

festus wrote:I am using your "Simple VPN Implementation" successfully on upupbb & both 32 & 64 bit xenial-7.5

Is there any way to configure other pkgs, eg: claws-mail, to use this vpn pkg?

Thank you very much, for this important pkg.

bliss,
festus
Hello Festus,
Thanks for the report.
This program does open the browser as a form of notification so you can see if your IP has changed, but it does route your main system connection through the VPN, so other programs that connect should also be doing so via the VPN. This applies to streaming media players and Transmission torrent client for example. Have you found that claws-mail doesn't work when connected to VPN? I don't use an e-mail client myself, only webmail.
Oscar in England
Image
User avatar
festus
Posts: 235
Joined: Wed 14 Jan 2015, 19:10

#50 Post by festus »

Have you found that claws-mail doesn't work when connected to VPN? I don't use an e-mail client myself, only webmail.
Hello, Oscar, thanks for the reply.

With the VPN active, these pks connected and worked fine:
PPM, Pup Advert Blocker, Palemoon, Firefox, dogradio, vlc

The only pkgs that would NOT work were my email pks, claws-mail & thunderbird

Here is the logfile from claws-mail:

Code: Select all

* Account 'xxxx@xxxx.net@pop3.xxxxx.net': Connecting to POP3 server: pop3.xxxxxx.net:995...
** Session timed out. You may be able to recover by increasing the timeout value in Preferences/Other/Miscellaneous.
I increased the timeout period from the default ~62 secs to 120 seconds with still no connectivity with either email client.

This behavior is alright with me; I just figure it is something to do with the big-bother gov't trying to catch "terrists". :lol:

Anyway, thank you, again Oscar...

bliss,
festus
LeithR
Posts: 338
Joined: Mon 24 Jan 2011, 12:15
Location: Kemnay, Aberdeenshire/Scotland

#51 Post by LeithR »

Thanks all for your efforts on this activity. I eventually got it going this afternoon.
Basically the steps I took to set it up on a new installation of xenialpup64-7.5-UEFI was as follows
Download from the smokey01/OscarTalks web page the openvpn files similarly named to your operating system so I downloaded openvpn-2.4.6-x86_64-xenial.pet and vpn-onoff-0.1-x86_64-xenial.pet.
I loaded both of them onto the machine, checked that I had VPN-Start and VPN-Stop showing in Menu>Network then went to
https://www.vpnbook.com/freevpn

I then downloaded from the Free OpenVPN column the FR Open VPN Certificate Bundle (Depends where in the world you are located so download one adjacent to where you live). Noted the Username and Password.

Then opened the file /etc/vpn-onoff/vpnpass as text and overwrote the words username and password in the file (2nd Tab called vpnpass). Don't forget to save the change.

To note that you are starting a vpn session, firstly run What is my vpn address as per suggestion in OcarTalks first note, take note of it, then start vpn from Menu>Network>VPN-Start then re-open what is my vpn address. The should be quite different thus indicating that you are running in VPN.

Many thanks to OscarTalks for putting this thread together, its been an interesting couple of days figuring it out.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#52 Post by OscarTalks »

Hello LeithR, glad to know you got it working.

Just a couple of points for yourself and others, the experimental vpn-onoff package does already contain all the needed components, including openvpn, so there is no need to install openvpn as well.

The openvpn packages are intended for people who want to run it from command line or as a dependency of other tools.

The vpn-onoff package also contains a selection of the .ovpn configuration files which allow connection to all the available servers (at the time of writing) of VPNbook and FreeVPN.me although these configuration files have been renamed for simplicity.

Users can (and should) download other configuration files if they want to use a different protocol (UDP or TCP) or a different port number, or in the event that these providers change server details or introduce new servers that you want to use.

As things stand, the vpn-onoff package should work on completion of only one step, which is to grab the VPNbook password and paste it into the second line of /etc/vpn-onoff/vpnpass in place of the word "password".
Oscar in England
Image
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

Router passthrough -- not!

#53 Post by AvidHunter »

@ OscarTalks

My ISP denies any culpability. I've been playing with my modem/router (netgear C6220) and it does not support VPN pass through. Even when I plug another router into the unit so the modem acts as a bridge only I still can't get through it with the VPN. Now begins the search for a new modem.

Anyway I greatly appreciate everything you have provided here, without your efforts I doubt that I would have gotten anywhere near this far. Thank you.
AvidHunter
Posts: 12
Joined: Sat 09 Feb 2019, 05:37

New Router Tests Comming

#54 Post by AvidHunter »

@ OscarTalks

I've got a new modem/router to install and test...coming soon.

However I have another curiosity question. I really like what you have done here and I have another laptop running Lubuntu. Since the latest version of puppy is based on ubuntu, or at least able to use ubuntu packages, what would it take to package this up so it would install on Lubuntu?
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

Re: New Router Tests Comming

#55 Post by OscarTalks »

AvidHunter wrote: what would it take to package this up so it would install on Lubuntu?
I have never tried to package anything as a .deb, I think it is not too difficult to do in Puppy, although I would not want to attempt to make a package for Lubuntu without first examining the structure of the Lubuntu system.

What you could try if you wanted to experiment is to extract the .pet and then copy or move the files into the Lubuntu directory tree (manual installation), leaving out anything which is already in Lubuntu (eg the openvpn executable).

By the way, I have still been using the ProtonVPN Free servers for quite a number of days now using the command-line tool which they provide. One advantage of it is that it even routes DNS lookups through the VPN for you. Speed is not quite as fast as FreeVPN.me but certainly quite acceptable. Once it is set up, it is just pvpn -c to connect and pvpn -d to disconnect. One disadvantage is that there is no tray icon to remind you that you are in VPN, but certainly worth having on board as an alternative to my system.
Oscar in England
Image
User avatar
MrDuckGuy
Posts: 155
Joined: Thu 31 Jan 2019, 09:06
Location: Hermosa Beach, CA, USA

Re: A Simple VPN Implementation

#56 Post by MrDuckGuy »

OscarTalks wrote: ... method uses openvpn ... Install
openvpn. ... Click the VPN-Start menu entry
and wait for around 30 seconds ... default
browser should open ... default browser
should open and show your normal IP address
... method can ... be adapted for other
VPN providers ... Ideas are welcome ...
Hello, I am trying this. I am a customer of
a VPN provider called 'Ivacy'.

Ivacy has a list of 30 or 40 VPN providers
on their website, and I have a username and
password that allows me to access the
service.

I tried to use the pre-installed
'Gpptp VPN v 2.0' and loaded in my username,
password, along with one of the VPN server
URL addresses. I think it's connected but I
don't know how to implement it.

Also I have loaded your widget as well and
it's succeeded in configuring one of the
open VPN clients but I found that it, when
browsing to many sites, the system hangs and
won't connect. I'd like to configure open
VPN to access one of my provider's sites.

I have edited the password as you directed.
I already know how to edit the username and
password from reading this thread, but how
do I change the url of the VPN provider?

Also how does one implement the
Gpptp VPN 2.0 system? My browser shows no
change in ip address.

As always, thanks in advance, Kelikaku. B'H.
Attachments
2019-03-13-GpptpVPNv2.0_output.png
Output from the GpptpVPN program. B'H.
(51.25 KiB) Downloaded 831 times
User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#57 Post by rcrsn51 »

Deleted.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#58 Post by OscarTalks »

PPTP and OpenVPN are alternative protocols for establishing a VPN connection so you would use either one or the other, therefore you would not use Gpptp in conjunction with my system which uses OpenVPN. I can't advise on Gpptp as I have no experience of it.

My thing is mainly designed to be used with the mentioned free providers. In practice it can be adapted to operate with other providers, but there are no guarantees with this.

You will need to obtain .ovpn config file(s) from Ivacy in order to configure my thing to connect to their servers. I asked them (in their chat applet) and they said they do provide these to their subscribers. You will need to pick out the one which corresponds to the server (location) you want to use. Place it in /etc/vpn-onoff along with the others, delete the vpnconfig symlink and make a new vpnconfig symlink which links to your Ivacy config file. Enter your Ivacy username and password in to the vpnpass file. Then see if it connects.

The URL of the VPN provider is contained within each of the .ovpn config files
There may be some other lines in it that you will need to edit.
The main one will need to read:-
auth-user-pass /etc/vpn-onoff/vpnpass
Without this it will not know where to look for the username and password so is unlikely to work.
Oscar in England
Image
User avatar
Indy
Posts: 73
Joined: Wed 01 Feb 2006, 10:52
Location: Sydney, Australia

#59 Post by Indy »

I can confirm that this works with (paid) Private Internet Access (PIA). I have it working on two machines, one running xenialpup32 and the other xenialpup64 and it's working very well on both, rock solid. Thanks, OscarTalks! :P

Everything worked exactly as per your instructions.

Here's how I did it:
  1. Installed vpn-onoff-0.1-i686-xenial.pet. It creates /etc/vpn-onoff. (installed vpn-onoff-0.1-x86_64-xenial.pet for the 64-bit laptop)
  2. Downloaded the .ovpn config files from the PIA website
  3. Copied all the (.ovpn) files into /etc/vpn-onoff.
  4. Went into /etc/vpn-onoff and recreated a symlink of vpnconfig to my chosen region (e.g. "AU Sydney.ovpn")
  5. Edited the .ovpn file of my chosen region, looked for the line "auth-user-pass" and changed it to "auth-user-pass /etc/vpn-onoff/vpnpass"
  6. Edited /etc/vpn-onoff/vpnpass and entered my PIA username/password
To run, Menu > Network > VPN-Start. (I didn't have to to mess with Gpptp.)

The PIA website (www.privateinternetaccess.com) reflects your IP address and tells you if you're protected by PIA (as in, if you're reaching that web page via their VPN, I suppose). I decided to use that to check my VPN status as a PIA user. So, I edited vpn-start and vpn-stop (both found in /usr/bin) and replaced everywhere I found "http://my-ip-address.co" with "https://www.privateinternetaccess.com". So now, every time I start or stop the VPN, that PIA website pops up for me.
User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#60 Post by OscarTalks »

Now testing "vpn-onoff" version 0.2
Added DNS handling using openresolv
Version upgrade of OpenVPN to 2.4.7
Update of freevpn.me configuration files to reflect changes and addition of 1 new server.
See first post.
Oscar in England
Image
Post Reply