[Solved] Re: Using OpenVPN client with wicd
On 07/08/2015 09:40 AM, James P. Wallen wrote: On 07/08/2015 03:17 AM, Petter Adsen wrote: On Tue, 07 Jul 2015 13:20:35 -0400 James P. Wallen jpwal...@comcast.net wrote: On 07/07/2015 08:34 AM, Petter Adsen wrote: https://wiki.debian.org/OpenVPN Have you seen this? It doesn't contain anything particular to wicd, but you could use what is there to set up a script. There are a few links at the bottom that might also be of help. Petter Thank you, Petter. I'll try following that document through to a conclusion. I should always remember to look at the debian.org onlin documentation first. However, the explanations seem to lean heavily toward explaining how to set up a server and a client, so I have to try to pick out carefully how to just do what I want to do. I'm currently working on setting up a VPN myself, so I was just reading that when I saw your message. It's perfect for what I want to do, but of course it might not fit your needs. You should be able to pick out enough from the examples given there to set up what you want, but of course it's not a step-by-step guide. The Arch wiki also has some useful information, you can find it at: https://wiki.archlinux.org/index.php/Openvpn It also has a few notes on connecting to a third party provider. Yes, I should also remember to look at archlinux.org docs when I have a project or issue like this. They're really good. It's funny that neither the Debian nor the Archlinux docs show up in the search engines I've been using. Either my choices of search terms aren't so hot, or the engines are doing a very superficial job of checking mostly commercial site and message list content. Or both. I think that I may be able to make this work if I just scrape all the data from the Debian and Archlinux docs together and sort through it. I just need to connect a client to a publicly available VPN over which I have no control. It surprises me that I haven't seen a simple howto for that. Surely there are lots of people who use such private VPNs but who don't want to use network-manager. Have you talked to the VPN provider, or looked at their site for hints on configuration? Send their support team an email, maybe they have been in that situation before. The most important of the VPN providers for my purposes is riseup.net. They are a no-charge system that I donate to on a monthly basis because they exist specifically to serve social and political activism. They are switching to a VPN system which uses bitmask. Unfortunately, their specific configuration requires (at least for now) use of a third party repository. I've tried it and had quite a bit of trouble with its functionality. I'll ask them about doing what I want to do with the old system, but they weren't very responsive even when I was trying to get help with the new system that they want everyone to use now. As is usually the case with such entities, they are long on work and short on workers. If you would rather have control over the server, and depending on whom you want to conceal your traffic from, you could consider paying for a VPS, then setting up a VPN between that and your home or mobile devices. One problem with that approach is that most VPS services come with quite a limited amount of bandwidth per month, but depending on what you want to do that may not be a big problem. I pay $10/month, and that is for up to 2TB transfer. The VPS provider would of course be able to snoop on your traffic, but that might be better than having your ISP snoop, if you have a bad ISP and choose the right provider. Just a thought. Good luck! Petter I've considered this alternative, too. I might well fall back on it -- especially if I can find a VPS provider which has established a good reputation with some of the activist communities. The trust factor is a big concern for me. I might have little or nothing to lose by compromised communications, but some of these folks hang on the hairy edge of disaster every day of their lives. So far, the worst safety issues these communities have faced have been the result of careless -- or worse, deliberately compromised -- treatment of communications by some of the third parties involved in the message path. Many, many thanks for your help. JP Between the Debian and Archlinux documentation and a little pondering I was able to use the OpenVPN client manually with wicd as the network manager. However, I'm going to hold what I learned as a fall-back at least for now. Curiosity got the better of me, and I tried the bitmask/LEAP solution again. Over the past few months it has been improved enormously. So, even though it is a very complex system which actually works to strictly (I hope) manage the OpenVPN client, it works very, very well. And it nicely manages establishing the connection to the VPN automatically at the time the user logs onto the system, which was at best an unreliable function with network-manager. Yeah, I didn't really
Re: [Solved, but not explained] Re: Using OpenVPN client with wicd
On 07/09/2015 11:56 AM, Chris Bannister wrote: On Thu, Jul 09, 2015 at 09:44:40AM -0400, James P. Wallen wrote: Between the Debian and Archlinux documentation and a little pondering I was able to use the OpenVPN client manually with wicd as the network manager. Which you are going to keep a secret? People are going to see the solved in the subject when they do an archive search thinking they're going to find a solution. I did consider posting what I had done. I actually experimented with three ways to accomplish the task at hand. I simply used the CLI to control the client in one instance, and I used a script in the other two instances. In one of those I ran the script manually after getting the network connection, and in the other I ran the script via wicd's ability to run post-connection scripts to execute the script. Easy. And reason enough why there aren't any write-ups specific to my needs. The documentation Petter Adsen pointed me to was sufficient for me with my limited grasp of the subject matter and my unusual circumstance. As he indicated, that document should be enough for anyone to accomplish the task. The riseup.net VPN is different enough from every other publicly available VPN I've seen that documenting my method wouldn't serve much purpose. The folks at riseup.net are doing their best to encourage new users to switch to the new system which uses bitmask/LEAP and is self-configuring. And that's what I wound up doing. I suppose I should have indicated all of this in my previous message as an explanation for lack of inclusion of a how-to. I absent-mindedly used the Solved indicator to indicate to the thread participants that I had succeeded. Not to indicate that I really had any new information to provide. Fuzzy thinking, I guess. (Hey, we let our world leaders get away with it!) In partial atonement for my misstep I provide the following links which were, in turn, provided to me by Petter: https://wiki.debian.org/OpenVPN https://wiki.archlinux.org/index.php/Openvpn The second link contains further links to other resources which might be helpful to those connecting to the more ordinary types of VPNs, but which weren't necessary for my purposes. Sorry for the miscue, Chris. Regards, JP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/559e9ebf.3020...@comcast.net
Re: [Solved] Re: Using OpenVPN client with wicd
On Thu, Jul 09, 2015 at 09:44:40AM -0400, James P. Wallen wrote: Between the Debian and Archlinux documentation and a little pondering I was able to use the OpenVPN client manually with wicd as the network manager. Which you are going to keep a secret? People are going to see the solved in the subject when they do an archive search thinking they're going to find a solution. -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150709155629.GA21464@tal
Re: Using OpenVPN client with wicd
On 07/08/2015 03:17 AM, Petter Adsen wrote: On Tue, 07 Jul 2015 13:20:35 -0400 James P. Wallen jpwal...@comcast.net wrote: On 07/07/2015 08:34 AM, Petter Adsen wrote: https://wiki.debian.org/OpenVPN Have you seen this? It doesn't contain anything particular to wicd, but you could use what is there to set up a script. There are a few links at the bottom that might also be of help. Petter Thank you, Petter. I'll try following that document through to a conclusion. I should always remember to look at the debian.org onlin documentation first. However, the explanations seem to lean heavily toward explaining how to set up a server and a client, so I have to try to pick out carefully how to just do what I want to do. I'm currently working on setting up a VPN myself, so I was just reading that when I saw your message. It's perfect for what I want to do, but of course it might not fit your needs. You should be able to pick out enough from the examples given there to set up what you want, but of course it's not a step-by-step guide. The Arch wiki also has some useful information, you can find it at: https://wiki.archlinux.org/index.php/Openvpn It also has a few notes on connecting to a third party provider. Yes, I should also remember to look at archlinux.org docs when I have a project or issue like this. They're really good. It's funny that neither the Debian nor the Archlinux docs show up in the search engines I've been using. Either my choices of search terms aren't so hot, or the engines are doing a very superficial job of checking mostly commercial site and message list content. Or both. I think that I may be able to make this work if I just scrape all the data from the Debian and Archlinux docs together and sort through it. I just need to connect a client to a publicly available VPN over which I have no control. It surprises me that I haven't seen a simple howto for that. Surely there are lots of people who use such private VPNs but who don't want to use network-manager. Have you talked to the VPN provider, or looked at their site for hints on configuration? Send their support team an email, maybe they have been in that situation before. The most important of the VPN providers for my purposes is riseup.net. They are a no-charge system that I donate to on a monthly basis because they exist specifically to serve social and political activism. They are switching to a VPN system which uses bitmask. Unfortunately, their specific configuration requires (at least for now) use of a third party repository. I've tried it and had quite a bit of trouble with its functionality. I'll ask them about doing what I want to do with the old system, but they weren't very responsive even when I was trying to get help with the new system that they want everyone to use now. As is usually the case with such entities, they are long on work and short on workers. If you would rather have control over the server, and depending on whom you want to conceal your traffic from, you could consider paying for a VPS, then setting up a VPN between that and your home or mobile devices. One problem with that approach is that most VPS services come with quite a limited amount of bandwidth per month, but depending on what you want to do that may not be a big problem. I pay $10/month, and that is for up to 2TB transfer. The VPS provider would of course be able to snoop on your traffic, but that might be better than having your ISP snoop, if you have a bad ISP and choose the right provider. Just a thought. Good luck! Petter I've considered this alternative, too. I might well fall back on it -- especially if I can find a VPS provider which has established a good reputation with some of the activist communities. The trust factor is a big concern for me. I might have little or nothing to lose by compromised communications, but some of these folks hang on the hairy edge of disaster every day of their lives. So far, the worst safety issues these communities have faced have been the result of careless -- or worse, deliberately compromised -- treatment of communications by some of the third parties involved in the message path. Many, many thanks for your help. JP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/559d2854.5010...@comcast.net
Re: Using OpenVPN client with wicd
On Tue, 07 Jul 2015 13:20:35 -0400 James P. Wallen jpwal...@comcast.net wrote: On 07/07/2015 08:34 AM, Petter Adsen wrote: https://wiki.debian.org/OpenVPN Have you seen this? It doesn't contain anything particular to wicd, but you could use what is there to set up a script. There are a few links at the bottom that might also be of help. Petter Thank you, Petter. I'll try following that document through to a conclusion. I should always remember to look at the debian.org onlin documentation first. However, the explanations seem to lean heavily toward explaining how to set up a server and a client, so I have to try to pick out carefully how to just do what I want to do. I'm currently working on setting up a VPN myself, so I was just reading that when I saw your message. It's perfect for what I want to do, but of course it might not fit your needs. You should be able to pick out enough from the examples given there to set up what you want, but of course it's not a step-by-step guide. The Arch wiki also has some useful information, you can find it at: https://wiki.archlinux.org/index.php/Openvpn It also has a few notes on connecting to a third party provider. I just need to connect a client to a publicly available VPN over which I have no control. It surprises me that I haven't seen a simple howto for that. Surely there are lots of people who use such private VPNs but who don't want to use network-manager. Have you talked to the VPN provider, or looked at their site for hints on configuration? Send their support team an email, maybe they have been in that situation before. If you would rather have control over the server, and depending on whom you want to conceal your traffic from, you could consider paying for a VPS, then setting up a VPN between that and your home or mobile devices. One problem with that approach is that most VPS services come with quite a limited amount of bandwidth per month, but depending on what you want to do that may not be a big problem. I pay $10/month, and that is for up to 2TB transfer. The VPS provider would of course be able to snoop on your traffic, but that might be better than having your ISP snoop, if you have a bad ISP and choose the right provider. Just a thought. Good luck! Petter -- I'm ionized Are you sure? I'm positive. pgpkAA00hp_Yb.pgp Description: OpenPGP digital signature
Re: Using OpenVPN client with wicd
On 07/07/2015 08:34 AM, Petter Adsen wrote: On Tue, 07 Jul 2015 07:55:26 -0400 James P. Wallen jpwal...@comcast.net wrote: On 07/07/2015 04:25 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Jul 06, 2015 at 04:23:28PM -0400, James P. Wallen wrote: [...] If any of you has managed to do this in conjunction with wicd, I'd really appreciate a pointer to information to help me get started. The man pages are kicking me in the boinloins. FWIW -- I set up OpenVPN (don't like it much[1], but had to) without either NetworkManager nor wicd. What's the functionality you expect from those? Automatic route setting? - - - - - - - - - [1] What do I do when I have to pierce the corp firewall? Just use socat on both sides, port 443 (corp firewalls believe in numbers), TLS encapsulated (don't know if they do deep packet inspection and don't want to find out). Yes, some consider me weird. Hi, Tomas! Thanks for your reply. No, my issue has nothing to do with corporate firewalls. I'm retired and go to places like libraries and coffee shops and hospitals where I connect to guest networks. I just use the Internet-located VPN to encrypt my connection through the AP and to prevent tracking by the service provider. At home I also use it for the same reasons. Network-manager, as you're aware, has plugins for various types of VPN software. It's easy to use, but it just seems to be awfully large and, occasionally, a little trouble-prone compared to wicd. I could generally just use /etc/network/interfaces and associated stuff, but was looking for a fiddle-free way to make my connections when I'm moving around while still enabling me to use OpenVPN. As I said, just about every write-up on using OpenVPN I can find tells me how to set up the server. Not what I want. All of the write-ups on OpenVPN client I've found tell me a) how to use OpenVPN with network-manager, or b) how to import a setup. Neither of those is of any use to me. I want to see if I can figure out how to use OpenVPN from the CLI or via script using a certificate and password to connect to my favorite VPN out on the Internet. Again, thank you for your reply. JP https://wiki.debian.org/OpenVPN Have you seen this? It doesn't contain anything particular to wicd, but you could use what is there to set up a script. There are a few links at the bottom that might also be of help. Petter Thank you, Petter. I'll try following that document through to a conclusion. I should always remember to look at the debian.org onlin documentation first. However, the explanations seem to lean heavily toward explaining how to set up a server and a client, so I have to try to pick out carefully how to just do what I want to do. I just need to connect a client to a publicly available VPN over which I have no control. It surprises me that I haven't seen a simple howto for that. Surely there are lots of people who use such private VPNs but who don't want to use network-manager. Still, I may be able to piece together what I need to build scripts from the debian.org page. I remember that wicd has a provision for launching scripts following establishment of a network connection, so I may be able to use that capability to get what I want. Thank you for the pointer! JP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/559c0a63.9030...@comcast.net
Re: Using OpenVPN client with wicd
On 07/07/2015 09:23 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Jul 07, 2015 at 07:55:26AM -0400, James P. Wallen wrote: [...] Hi, Tomas! Thanks for your reply. I wish I cold've been more helpful, but hey, you're welcome. No, my issue has nothing to do with corporate firewalls [...] Network-manager, as you're aware, has plugins for various types of VPN software. It's easy to use, but it just seems to be awfully large and, occasionally, a little trouble-prone compared to wicd. This was my impression too. Since I tend for simple, I try to avoid NM altogether. I could generally just use /etc/network/interfaces and associated stuff, but was looking for a fiddle-free way to make my connections when I'm moving around while still enabling me to use OpenVPN. Understood. [...] I want to see if I can figure out how to use OpenVPN from the CLI or via script using a certificate and password to connect to my favorite VPN out on the Internet. I see. Again, that's what I'm doing with socat: on the server there's a socat process running as server (duh ;) -- which unwraps the SSL layer and feeds its thing to the ssh server; on the client, a socat opens a local port and I connect my ssh client (courtesy of .ssh/config magic) to that: the socat wraps it in SSL and connects to the server: voilà -- a VPN. To the outside world it looks like any HTTPS connection. Since I have my own certificates, I (hope!) would notice any attempt at MITM. So -- if I understand -- you have control of a server out there on the Internet, and that's what makes this work for you. I know nothing of socat, but it sounds interesting. I suppose I could set up a server on the home network. That would protect my traffic from prying eyes when I'm a visitor on another network, but it wouldn't really keep my home ISP from snooping on me. Or am I missing something? Maybe I'm paranoid, but I really don't like the way Comcast (and many other ISPs) seem to think that they own their customers. I'm an activist of sorts, and I really do not like how cozy businesses and government are about our communications. Some of the people I communicate with have suffered greatly at the hands of various governments, and I don't want to take any more risk with their rights than is absolutely necessary when we contact each other. What turned me away from OpenVPN was that it wanted to be a service started at boot time, with all that; besides it wants to do magic to the routing tables and so on. A tad too heavyweight for my taste. But of course, it does many things automagically you'd otherwise have to script. Yes, I do prefer light(er) weight, but magic and ease of use are nice, too. Again, thank you. JP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/559c0d25.7040...@comcast.net
Re: Using OpenVPN client with wicd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Jul 06, 2015 at 04:23:28PM -0400, James P. Wallen wrote: [...] If any of you has managed to do this in conjunction with wicd, I'd really appreciate a pointer to information to help me get started. The man pages are kicking me in the boinloins. FWIW -- I set up OpenVPN (don't like it much[1], but had to) without either NetworkManager nor wicd. What's the functionality you expect from those? Automatic route setting? - - - - - - - - - [1] What do I do when I have to pierce the corp firewall? Just use socat on both sides, port 443 (corp firewalls believe in numbers), TLS encapsulated (don't know if they do deep packet inspection and don't want to find out). Yes, some consider me weird. regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlWbjQwACgkQBcgs9XrR2kb41wCfZG1Kgt2q8afUx5sJMYK60i3W nmoAn1+1mEYq17BcaIo0G9BLOIxZktTj =mAkd -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150707082548.ga32...@tuxteam.de
Re: Using OpenVPN client with wicd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Jul 07, 2015 at 01:32:21PM -0400, James P. Wallen wrote: On 07/07/2015 09:23 AM, to...@tuxteam.de wrote: [...] So -- if I understand -- you have control of a server out there on the Internet, and that's what makes this work for you. Right. That rules this out in your case, since the server side is, as I gather, out of your control. I know nothing of socat, but it sounds interesting. Socat is like nmap on steroids: a way of connecting streams together -- be it network sockets, stdin, whatever. Quite useful when deebugging things (as nmap is) -- but also for production. I suppose I could set up a server on the home network. That would protect my traffic from prying eyes when I'm a visitor on another network, but it wouldn't really keep my home ISP from snooping on me. Or am I missing something? There has to be a way to reach your network from outside (something not all providers offer, alas -- they sometimes insert traffic filters without telling you), and then you'd have to find the address (something with can be done with DynDNS). But there's a way to find out. Maybe I'm paranoid, but I really don't like the way Comcast (and many other ISPs) seem to think that they own their customers. I think this doesn't have anything to do with paranoia, rather with dignity and decency. I'm an activist of sorts, and I really do not like how cozy businesses and government are about our communications. Some of the people I communicate with have suffered greatly at the hands of various governments, and I don't want to take any more risk with their rights than is absolutely necessary when we contact each other. Definitely. [...] Yes, I do prefer light(er) weight, but magic and ease of use are nice, too. Ah, the embarrasment of riches, I know, I know :-) Again, thank you. The pleasure's on my side. regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlWcJ8gACgkQBcgs9XrR2kbNVwCfR5bi+YCZflTlqLx7dZZK3VGl D3IAnitA/FjWEWikpF/euFyPQhWHNq2o =P/PH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150707192600.ga24...@tuxteam.de
Re: Using OpenVPN client with wicd
On 07/07/2015 03:26 PM, to...@tuxteam.de wrote: ... I suppose I could set up a server on the home network. That would protect my traffic from prying eyes when I'm a visitor on another network, but it wouldn't really keep my home ISP from snooping on me. Or am I missing something? There has to be a way to reach your network from outside (something not all providers offer, alas -- they sometimes insert traffic filters without telling you), and then you'd have to find the address (something with can be done with DynDNS). But there's a way to find out. I have a business account with Comcast, so I have a fixed IP and (ostensibly) no filtering. I've used IP forwarding (and even port knocking and other weird stuff like that, just for kicks) on various routers over the years, so I'm acquainted with the process. Maybe I'm paranoid, but I really don't like the way Comcast (and many other ISPs) seem to think that they own their customers. I think this doesn't have anything to do with paranoia, rather with dignity and decency. Yup, that too. ;) Considering how much Comcast charges for its services, it's annoying to find them trying to sell me and my views to every nick-and-dime business partner. Best regards, JP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/559c3cff.5020...@comcast.net
Re: Using OpenVPN client with wicd
On 07/07/2015 04:25 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Jul 06, 2015 at 04:23:28PM -0400, James P. Wallen wrote: [...] If any of you has managed to do this in conjunction with wicd, I'd really appreciate a pointer to information to help me get started. The man pages are kicking me in the boinloins. FWIW -- I set up OpenVPN (don't like it much[1], but had to) without either NetworkManager nor wicd. What's the functionality you expect from those? Automatic route setting? - - - - - - - - - [1] What do I do when I have to pierce the corp firewall? Just use socat on both sides, port 443 (corp firewalls believe in numbers), TLS encapsulated (don't know if they do deep packet inspection and don't want to find out). Yes, some consider me weird. Hi, Tomas! Thanks for your reply. No, my issue has nothing to do with corporate firewalls. I'm retired and go to places like libraries and coffee shops and hospitals where I connect to guest networks. I just use the Internet-located VPN to encrypt my connection through the AP and to prevent tracking by the service provider. At home I also use it for the same reasons. Network-manager, as you're aware, has plugins for various types of VPN software. It's easy to use, but it just seems to be awfully large and, occasionally, a little trouble-prone compared to wicd. I could generally just use /etc/network/interfaces and associated stuff, but was looking for a fiddle-free way to make my connections when I'm moving around while still enabling me to use OpenVPN. As I said, just about every write-up on using OpenVPN I can find tells me how to set up the server. Not what I want. All of the write-ups on OpenVPN client I've found tell me a) how to use OpenVPN with network-manager, or b) how to import a setup. Neither of those is of any use to me. I want to see if I can figure out how to use OpenVPN from the CLI or via script using a certificate and password to connect to my favorite VPN out on the Internet. Again, thank you for your reply. JP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/559bbe2e.5080...@comcast.net
Re: Using OpenVPN client with wicd
On Tue, 07 Jul 2015 07:55:26 -0400 James P. Wallen jpwal...@comcast.net wrote: On 07/07/2015 04:25 AM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Jul 06, 2015 at 04:23:28PM -0400, James P. Wallen wrote: [...] If any of you has managed to do this in conjunction with wicd, I'd really appreciate a pointer to information to help me get started. The man pages are kicking me in the boinloins. FWIW -- I set up OpenVPN (don't like it much[1], but had to) without either NetworkManager nor wicd. What's the functionality you expect from those? Automatic route setting? - - - - - - - - - [1] What do I do when I have to pierce the corp firewall? Just use socat on both sides, port 443 (corp firewalls believe in numbers), TLS encapsulated (don't know if they do deep packet inspection and don't want to find out). Yes, some consider me weird. Hi, Tomas! Thanks for your reply. No, my issue has nothing to do with corporate firewalls. I'm retired and go to places like libraries and coffee shops and hospitals where I connect to guest networks. I just use the Internet-located VPN to encrypt my connection through the AP and to prevent tracking by the service provider. At home I also use it for the same reasons. Network-manager, as you're aware, has plugins for various types of VPN software. It's easy to use, but it just seems to be awfully large and, occasionally, a little trouble-prone compared to wicd. I could generally just use /etc/network/interfaces and associated stuff, but was looking for a fiddle-free way to make my connections when I'm moving around while still enabling me to use OpenVPN. As I said, just about every write-up on using OpenVPN I can find tells me how to set up the server. Not what I want. All of the write-ups on OpenVPN client I've found tell me a) how to use OpenVPN with network-manager, or b) how to import a setup. Neither of those is of any use to me. I want to see if I can figure out how to use OpenVPN from the CLI or via script using a certificate and password to connect to my favorite VPN out on the Internet. Again, thank you for your reply. JP https://wiki.debian.org/OpenVPN Have you seen this? It doesn't contain anything particular to wicd, but you could use what is there to set up a script. There are a few links at the bottom that might also be of help. Petter -- I'm ionized Are you sure? I'm positive. pgprFA1jq04KP.pgp Description: OpenPGP digital signature
Re: Using OpenVPN client with wicd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Jul 07, 2015 at 07:55:26AM -0400, James P. Wallen wrote: [...] Hi, Tomas! Thanks for your reply. I wish I cold've been more helpful, but hey, you're welcome. No, my issue has nothing to do with corporate firewalls [...] Network-manager, as you're aware, has plugins for various types of VPN software. It's easy to use, but it just seems to be awfully large and, occasionally, a little trouble-prone compared to wicd. This was my impression too. Since I tend for simple, I try to avoid NM altogether. I could generally just use /etc/network/interfaces and associated stuff, but was looking for a fiddle-free way to make my connections when I'm moving around while still enabling me to use OpenVPN. Understood. [...] I want to see if I can figure out how to use OpenVPN from the CLI or via script using a certificate and password to connect to my favorite VPN out on the Internet. I see. Again, that's what I'm doing with socat: on the server there's a socat process running as server (duh ;) -- which unwraps the SSL layer and feeds its thing to the ssh server; on the client, a socat opens a local port and I connect my ssh client (courtesy of .ssh/config magic) to that: the socat wraps it in SSL and connects to the server: voilà -- a VPN. To the outside world it looks like any HTTPS connection. Since I have my own certificates, I (hope!) would notice any attempt at MITM. What turned me away from OpenVPN was that it wanted to be a service started at boot time, with all that; besides it wants to do magic to the routing tables and so on. A tad too heavyweight for my taste. But of course, it does many things automagically you'd otherwise have to script. Regards - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlWb0sAACgkQBcgs9XrR2ka8ZQCfYg3FXZuOGyx/szTt/D92peSf S5wAn2nl4T511FKgVWiex+BfW590ISeJ =npSQ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150707132312.ga24...@tuxteam.de
