[lug] neat trick with gnome + network manager + VPN

Bear Giles bgiles at coyotesong.com
Fri Sep 15 10:58:53 MDT 2017


I have noscript. Unfortunately there's so many exceptions to get these
sites to do what I went there for some of these ads sneak through anyway.

On Fri, Sep 15, 2017 at 10:46 AM, Davide Del Vento <
davide.del.vento at gmail.com> wrote:

> > poorly written javascript that cause my browser to slow down and crash
>
> For this issue, the right solution is https://noscript.net/ not VPN + DNS
> hijacking.
>
> On Fri, Sep 15, 2017 at 9:47 AM, Bear Giles <bgiles at coyotesong.com> wrote:
>
>> ​I've used HideMyAss in the past but I'm switching to my own servers on
>> Digital Ocean and AWS. ​ The cost with a nano instance is about the same as
>> the cost of a decent commercial offering - about $60/year. I know there are
>> cheaper sites but I just don't trust their economic model.
>>
>> I found an ipad app that takes openvpn config (and in fact it comes from
>> a site that seems to be a commercial offering from the openvpn group) but
>> haven't set it up yet since I don't have an imac and getting the .ovpn file
>> onto the ipad requires a little more work.
>>
>> I also need to regenerate my keys. I've been using a test set that don't
>> require a password - I want to switch to per-host keys with passwords.
>>
>> The funniest thing is that one of the biggest reasons for running your
>> own VPN is that you don't have to worry about the VPN logging your
>> activity. Running your own VPN is simultaneously less anonymous - someone
>> doing a reverse IP address lookup will find your hosting company and they
>> can identify what account has that IP address - but it's also more
>> anonymous since you own the logs. The big guys can put in  network tap and
>> see all the sites you go to but marketers can't get any information.
>>
>> So what's one of the first things I'm thinking of adding? My own caching
>> DNS server. Something that will keep a log of every site I visit - and that
>> means all of the ad servers, etc., not just the sites that appear in the
>> address bar.
>>
>> The reason to do this is to blackhole abusive ad sites. I'm not opposed
>> to ads at an abstract level, just the scammy ads and the ones that have
>> poorly written javascript that cause my browser to slow down and crash.
>> With the DNS server logs I can toss in my own DNS records that redirect
>> these sites to my own server that immediately returns either a 404 or a
>> blank page. Of course that now means that there's a nice handy list of all
>> of the sites I visited (but not the URLs) if someone does get into the
>> system.
>>
>> On Fri, Sep 15, 2017 at 8:16 AM, Quentin Hartman <qhartman at gmail.com>
>> wrote:
>>
>>> Good trick! Thanks for sharing. What VPN service are you using?
>>>
>>> I just started using TunnelBear and it's working pretty well so far.
>>> They don't "officially" support linux in that they don't build a client for
>>> it, but they have instructions available for using standard VPN tools to
>>> connect to their endpoints. The experience on my phone with their client is
>>> very seamless.
>>>
>>> Q
>>>
>>> On Thu, Sep 14, 2017 at 7:58 PM, Bear Giles <bgiles at coyotesong.com>
>>> wrote:
>>>
>>>> I came across this when playing with the VPN configurations.
>>>>
>>>> 0. install network-manager-openvpn-gnome.
>>>>
>>>> 1. right-click on network icon and go to bottom of menu - select Edit
>>>> Connections.
>>>>
>>>> 2. create your VPN entry. (This lets you easily select it by
>>>> right-clicking on the network icon and then selecting VPN Connections.) You
>>>> can import a .ovpn file, or just read the configuration and figure out what
>>>> values to use.
>>>>
>>>> 3. edit your wired and wifi connections. On the 'General' tab one of
>>>> the last items is "Connect to this VPN...". You can specify one of your VPN
>>>> connections.
>>>>
>>>> The wifi connections that launch without forcing me to a login page
>>>> work fine - they launch with the VPN enabled.
>>>>
>>>> I haven't had a chance to try it on a wifi connection that requires a
>>>> login page. It might be smart enough to recognize the private IP address
>>>> range and not route through the VPN for those connections.
>>>>
>>>> This solves one of my annoyances - I might have a VPN account but a lot
>>>> of traffic goes out between when I establish the connection and when I can
>>>> right-click on the network icon and turn on the VPN. Not everything uses
>>>> https. This should eliminate that window.
>>>>
>>>> _______________________________________________
>>>> Web Page:  http://lug.boulder.co.us
>>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>>> Join us on IRC: irc.hackingsociety.org port=6667
>>>> channel=#hackingsociety
>>>>
>>>
>>>
>>> _______________________________________________
>>> Web Page:  http://lug.boulder.co.us
>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>>
>>
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170915/14529887/attachment-0001.html>


More information about the LUG mailing list