On 07/07/2015 09:23 AM, to...@tuxteam.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Jul 07, 2015 at 07:55:26AM -0400, James P. Wallen
wrote:
[...]
Hi, Tomas! Thanks for your reply.
I wish I cold've been more helpful, but hey, you're welcome.
No, my issue has nothing to do with corporate firewalls
[...]
Network-manager, as you're aware, has plugins for various
types of VPN software. It's easy to use, but it just seems
to be awfully large and, occasionally, a little
trouble-prone compared to wicd.
This was my impression too. Since I tend for "simple", I try
to avoid NM altogether.
I could generally just use /etc/network/interfaces and
associated stuff, but was looking for a fiddle-free way to
make my connections when I'm moving around while still
enabling me to use OpenVPN.
Understood.
[...] I want to see if I can figure out
how to use OpenVPN from the CLI or via script using a
certificate and password to connect to my favorite VPN out
on the Internet.
I see.
Again, that's what I'm doing with socat: on the server
there's a socat process running as server (duh ;) -- which
unwraps the SSL layer and feeds its thing to the ssh server;
on the client, a socat opens a local port and I connect my
ssh client (courtesy of .ssh/config magic) to that: the socat
wraps it in SSL and connects to the server: voilĂ -- a VPN.
To the outside world it looks like any HTTPS connection.
Since I have my own certificates, I (hope!) would notice any
attempt at MITM.
So -- if I understand -- you have control of a server out there
on the Internet, and that's what makes this work for you. I know
nothing of socat, but it sounds interesting. I suppose I could
set up a server on the home network. That would protect my
traffic from prying eyes when I'm a visitor on another network,
but it wouldn't really keep my home ISP from snooping on me. Or
am I missing something?
Maybe I'm paranoid, but I really don't like the way Comcast (and
many other ISPs) seem to think that they own their customers.
I'm an activist of sorts, and I really do not like how cozy
businesses and government are about our communications. Some of
the people I communicate with have suffered greatly at the hands
of various governments, and I don't want to take any more risk
with their rights than is absolutely necessary when we contact
each other.
What turned me away from OpenVPN was that it wanted to be a
service started at boot time, with all that; besides it
wants to do magic to the routing tables and so on.
A tad too heavyweight for my taste.
But of course, it does many things automagically you'd
otherwise have to script.
Yes, I do prefer light(er) weight, but magic and ease of use are
nice, too.
Again, thank you.
JP
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/559c0d25.7040...@comcast.net