[lug] neat trick with gnome + network manager + VPN

Davide Del Vento davide.del.vento at gmail.com
Fri Sep 15 10:46:46 MDT 2017


> poorly written javascript that cause my browser to slow down and crash

For this issue, the right solution is https://noscript.net/ not VPN + DNS
hijacking.

On Fri, Sep 15, 2017 at 9:47 AM, Bear Giles <bgiles at coyotesong.com> wrote:

> ​I've used HideMyAss in the past but I'm switching to my own servers on
> Digital Ocean and AWS. ​ The cost with a nano instance is about the same as
> the cost of a decent commercial offering - about $60/year. I know there are
> cheaper sites but I just don't trust their economic model.
>
> I found an ipad app that takes openvpn config (and in fact it comes from a
> site that seems to be a commercial offering from the openvpn group) but
> haven't set it up yet since I don't have an imac and getting the .ovpn file
> onto the ipad requires a little more work.
>
> I also need to regenerate my keys. I've been using a test set that don't
> require a password - I want to switch to per-host keys with passwords.
>
> The funniest thing is that one of the biggest reasons for running your own
> VPN is that you don't have to worry about the VPN logging your activity.
> Running your own VPN is simultaneously less anonymous - someone doing a
> reverse IP address lookup will find your hosting company and they can
> identify what account has that IP address - but it's also more anonymous
> since you own the logs. The big guys can put in  network tap and see all
> the sites you go to but marketers can't get any information.
>
> So what's one of the first things I'm thinking of adding? My own caching
> DNS server. Something that will keep a log of every site I visit - and that
> means all of the ad servers, etc., not just the sites that appear in the
> address bar.
>
> The reason to do this is to blackhole abusive ad sites. I'm not opposed to
> ads at an abstract level, just the scammy ads and the ones that have poorly
> written javascript that cause my browser to slow down and crash. With the
> DNS server logs I can toss in my own DNS records that redirect these sites
> to my own server that immediately returns either a 404 or a blank page. Of
> course that now means that there's a nice handy list of all of the sites I
> visited (but not the URLs) if someone does get into the system.
>
> On Fri, Sep 15, 2017 at 8:16 AM, Quentin Hartman <qhartman at gmail.com>
> wrote:
>
>> Good trick! Thanks for sharing. What VPN service are you using?
>>
>> I just started using TunnelBear and it's working pretty well so far. They
>> don't "officially" support linux in that they don't build a client for it,
>> but they have instructions available for using standard VPN tools to
>> connect to their endpoints. The experience on my phone with their client is
>> very seamless.
>>
>> Q
>>
>> On Thu, Sep 14, 2017 at 7:58 PM, Bear Giles <bgiles at coyotesong.com>
>> wrote:
>>
>>> I came across this when playing with the VPN configurations.
>>>
>>> 0. install network-manager-openvpn-gnome.
>>>
>>> 1. right-click on network icon and go to bottom of menu - select Edit
>>> Connections.
>>>
>>> 2. create your VPN entry. (This lets you easily select it by
>>> right-clicking on the network icon and then selecting VPN Connections.) You
>>> can import a .ovpn file, or just read the configuration and figure out what
>>> values to use.
>>>
>>> 3. edit your wired and wifi connections. On the 'General' tab one of the
>>> last items is "Connect to this VPN...". You can specify one of your VPN
>>> connections.
>>>
>>> The wifi connections that launch without forcing me to a login page work
>>> fine - they launch with the VPN enabled.
>>>
>>> I haven't had a chance to try it on a wifi connection that requires a
>>> login page. It might be smart enough to recognize the private IP address
>>> range and not route through the VPN for those connections.
>>>
>>> This solves one of my annoyances - I might have a VPN account but a lot
>>> of traffic goes out between when I establish the connection and when I can
>>> right-click on the network icon and turn on the VPN. Not everything uses
>>> https. This should eliminate that window.
>>>
>>> _______________________________________________
>>> Web Page:  http://lug.boulder.co.us
>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>>
>>
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170915/bd18fb76/attachment.html>


More information about the LUG mailing list