Re: VPN ideas
On Thu, 10 Dec 2020 10:47:13 +0200 Andrei POPESCU wrote: > On Mi, 09 dec 20, 11:53:20, Celejar wrote: > > > > As to ProtonMail, as we've discussed in the past, I'm sort of tempted, > > but I'm not willing to give up standards based email, nor am I that > > interested in running their proprietary (albeit apparently GPL?) bridge > > application. > > Yes, lack of IMAP/SMTP support is definitely a hassle and the bridge > would just ad complexity. > > One thing that is difficult to replace though is their support for > encrypted communication with *non*subscribers. There's apparently Open-Xchange / OX Guard - no idea how well it works or how easy it is to set up: https://www.wired.com/2014/09/oxguard/ https://www.oxpedia.org/wiki/index.php?title=AppSuite:Open-Xchange_Installation_Guide_for_Debian_10.0 > This is already off-topic for debian-user so I'll stop here. This part of the discussion at least is certainly relevant to Debian, so I'm leaving it here. Celejar
Re: VPN ideas
On Mi, 09 dec 20, 11:53:20, Celejar wrote: > > As to ProtonMail, as we've discussed in the past, I'm sort of tempted, > but I'm not willing to give up standards based email, nor am I that > interested in running their proprietary (albeit apparently GPL?) bridge > application. Yes, lack of IMAP/SMTP support is definitely a hassle and the bridge would just ad complexity. One thing that is difficult to replace though is their support for encrypted communication with *non*subscribers. > > I still have my contacts on Gmail, because of the convenient integration > > with Android, though I'd like to migrate those away as well at some > > point. And some of my calendar, will migrate that to ProtonMail as well, as soon as the (limited) free calendar is available (currently still in beta and only for paying customers). For the avoidance of doubt, I'm not affiliated with ProtonMail in any way, I'm just quite happy with their free services and their stance on privacy and freedom (including free software). > At this point, I pretty much use Gmail only for public list traffic > (although my other email accounts are also with (other) free services). > I keep thinging I really should go with either one of the inexpensive, > dedicated email providers (like Newsguy that John Hasler > often recommends) or a self-hosting solution (but I'm scared of the > apparently enormous hassle necessary to ensure reliable delivery, etc.). Similar thoughts here, though I'm rather interested in Kolab Now. This is already off-topic for debian-user so I'll stop here. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Mi, 09 dec 20, 19:06:27, Joe wrote: > > It's not more secure, (apart from using wifi only occasionally) but the > kind of people looking at other peoples' network activities are more > likely to target public wifi than to sit outside my house. It will > require significantly more resources and risk to tap into an ISP cable > than to sit in a cafe somewhere with a laptop (running Linux) and some > black hat software. Apparently you are assuming that in order to compromise your internet connection (spy, subvert, etc.) one has to physically tap into the cable between the ISP and your premises. As far as I understand (from my limited knowledge of networking and security) this would indeed make some (class of) attacks easier, but is *not* a strict requirement. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Wed, 9 Dec 2020 10:03:59 -0500 Henning Follmann wrote: > On Wed, Dec 09, 2020 at 11:00:41AM +, Joe wrote: > > On Wed, 9 Dec 2020 12:49:44 +0200 > > Andrei POPESCU wrote: > > > > > On Mi, 09 dec 20, 10:21:46, Joe wrote: > > > > On Wed, 9 Dec 2020 11:49:45 +0200 > > > > Andrei POPESCU wrote: > > > > > > > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > > > > [...] > > > > > > > Let me rephrase that: how is connecting to the internet from some > > > public hot-spot decreasing my security? > > > > > > I can think of possibly messing with DNS queries (use "own" DNS > > > server instead, maybe with DNSSEC) and possible some attacks are > > > easier via the local network (e.g. by other hot-spot users or > > > local staff). > > > > > > Other that that, as far as I'm aware, the biggest threat are the > > > servers I access with my client software (typically web sites > > > accessed with a browser), in which case it doesn't make any > > > difference whether I access them via some VPN and/or (home) > > > firewall. > > > > > > (Assuming one doesn't run NFS, Samba, etc. *listening* software on > > > the laptop in which case stopping those and/or running a firewall > > > would be indicated.) > > > > > > > I suppose it may depend on where you are. In the UK, public wifi > > normally uses no encryption, because there are no local staff who > > can help with problems. So any unencrypted protocol you use can be > > overheard. > > > > So let me be devils advocat here. > > Is the network connection from your ISP encrypted? > I guess not. So why is it more secure or trustworthy? > It's not more secure, (apart from using wifi only occasionally) but the kind of people looking at other peoples' network activities are more likely to target public wifi than to sit outside my house. It will require significantly more resources and risk to tap into an ISP cable than to sit in a cafe somewhere with a laptop (running Linux) and some black hat software. -- Joe
Re: VPN ideas
On Wed, 9 Dec 2020 17:04:43 +0200 Andrei POPESCU wrote: > On Mi, 09 dec 20, 11:00:41, Joe wrote: > > > > I suppose it may depend on where you are. In the UK, public wifi > > normally uses no encryption, because there are no local staff who can > > help with problems. So any unencrypted protocol you use can be > > overheard. > > It doesn't matter much whether the public WiFi is using encryption or > not. > > Any unencrypted communication over the internet is vulnerable. Period. > > Even if some segments[1] are somewhat protected, the segment between the > router/firewall/VPN exit point and the server on the internet is still > completely vulnerable. > > It's probably a good idea to always assume your system is connected > directly to the internet. If you really need to run (vulnerable) > listening services on it configure them to be stopped and/or firewalled > whenever outside your home/company network. > > [1] in this case the segment between the laptop and the AP via WPA, or > the segments between the laptop and the VPN exit point. It's certainly true that "any unencrypted communication over the internet is vulnerable," but security is not black and white. Say we're talking about some sort of 0-day MITM vulnerability. Yes, you'll never be entirely safe insofar as you don't control the entire network path, but I might be (marginally?) more worried about random people having access to my network traffic via an unencrypted wireless connection than about the proprietor of that wireless network or the staff at my ISP. Unless my threat model includes state actors, in which case compromising my ISP might actually be easier and more straightforward for them ;) But of course, they could also just use the $5 wrench ... Celejar
Re: VPN ideas
On Wed, 9 Dec 2020 12:03:33 +0200 Andrei POPESCU wrote: > On Ma, 08 dec 20, 17:37:43, Celejar wrote: > > On Tue, 8 Dec 2020 17:00:44 -0500 > > Roberto C. Sánchez wrote: > > > > > On Tue, Dec 08, 2020 at 02:48:26PM -0500, Celejar wrote: > > > > On Tue, 8 Dec 2020 11:44:36 +0200 > > > > Andrei POPESCU wrote: > > > > > > > > ... > > > > > > > > >Unless you have access to a system on the internet to set up your > > > > > own > > > > >VPN server you have to rely on (paid) VPN providers. > > > > > > > > There are free ones as well, e.g.: > > > > > > > > https://www.techradar.com/vpn/best-free-vpn > > > > > > > > I don't know how good they are - but then, again, I don't know how good > > > > all the paid ones are, as well ;) > > > > > > > If something is free, you aren't the customer, you are the product. > > I'd have a reasonable degree of trust in ProtonVPN. > > > A fair point, but an overstatement insofar as you're implying that one > > *cannot rely* upon a free VPN service. Many people are willing to rely > > upon free services for at least some of their online activity. After > > all, Andrei himself is using Gmail (as am I). > > I'm using Gmail to post to public mailing lists or similar. All private > correspondence currently goes to a ProtonMail account. Of course. My point just was that most people are willing to put up with "being the product" when they consider the cost of "being the product" to be low ;) As to ProtonMail, as we've discussed in the past, I'm sort of tempted, but I'm not willing to give up standards based email, nor am I that interested in running their proprietary (albeit apparently GPL?) bridge application. > I still have my contacts on Gmail, because of the convenient integration > with Android, though I'd like to migrate those away as well at some > point. At this point, I pretty much use Gmail only for public list traffic (although my other email accounts are also with (other) free services). I keep thinging I really should go with either one of the inexpensive, dedicated email providers (like Newsguy that John Hasler often recommends) or a self-hosting solution (but I'm scared of the apparently enormous hassle necessary to ensure reliable delivery, etc.). Celejar
Re: VPN ideas
On Mi, 09 dec 20, 11:00:41, Joe wrote: > > I suppose it may depend on where you are. In the UK, public wifi > normally uses no encryption, because there are no local staff who can > help with problems. So any unencrypted protocol you use can be > overheard. It doesn't matter much whether the public WiFi is using encryption or not. Any unencrypted communication over the internet is vulnerable. Period. Even if some segments[1] are somewhat protected, the segment between the router/firewall/VPN exit point and the server on the internet is still completely vulnerable. It's probably a good idea to always assume your system is connected directly to the internet. If you really need to run (vulnerable) listening services on it configure them to be stopped and/or firewalled whenever outside your home/company network. [1] in this case the segment between the laptop and the AP via WPA, or the segments between the laptop and the VPN exit point. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Wed, Dec 09, 2020 at 11:00:41AM +, Joe wrote: > On Wed, 9 Dec 2020 12:49:44 +0200 > Andrei POPESCU wrote: > > > On Mi, 09 dec 20, 10:21:46, Joe wrote: > > > On Wed, 9 Dec 2020 11:49:45 +0200 > > > Andrei POPESCU wrote: > > > > > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > [...] > > > > Let me rephrase that: how is connecting to the internet from some > > public hot-spot decreasing my security? > > > > I can think of possibly messing with DNS queries (use "own" DNS > > server instead, maybe with DNSSEC) and possible some attacks are > > easier via the local network (e.g. by other hot-spot users or local > > staff). > > > > Other that that, as far as I'm aware, the biggest threat are the > > servers I access with my client software (typically web sites > > accessed with a browser), in which case it doesn't make any > > difference whether I access them via some VPN and/or (home) firewall. > > > > (Assuming one doesn't run NFS, Samba, etc. *listening* software on > > the laptop in which case stopping those and/or running a firewall > > would be indicated.) > > > > I suppose it may depend on where you are. In the UK, public wifi > normally uses no encryption, because there are no local staff who can > help with problems. So any unencrypted protocol you use can be > overheard. > So let me be devils advocat here. Is the network connection from your ISP encrypted? I guess not. So why is it more secure or trustworthy? -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: VPN ideas
> I suppose it may depend on where you are. In the UK, public wifi > normally uses no encryption, because there are no local staff who can > help with problems. So any unencrypted protocol you use can be > overheard. Around here we have a mix: - for small businesses (like coffeehouses or family-owned businesses), it's typically WPA-PSK with the password displayed somewhere like at the bottom of the menu, on the bathroom door, you name it (and/or given upon request). - for more "corporate" environments, it's typically an open wifi with a "portal" where they get to show some advertisement and collect email addresses. Supposedly with WPA other machines connected to the same wifi can't see your traffic, but often enough the AP is likely easy to hack into, so it's safer to assume that your network packets are easy for someone to see. Nevertheless, I largely agree with Andrei that this is but a small part of the potential attacks. Stefan
Re: VPN ideas
On Wed, Dec 09, 2020 at 09:46:07AM +0100, to...@tuxteam.de wrote: > On Tue, Dec 08, 2020 at 05:00:44PM -0500, Roberto C. Sánchez wrote: > > [...] > > > If something is free, you aren't the customer, you are the product. > > All generalizations suck. > chuckle, that was a good one. :) -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: VPN ideas
On Wed, 9 Dec 2020 12:49:44 +0200 Andrei POPESCU wrote: > On Mi, 09 dec 20, 10:21:46, Joe wrote: > > On Wed, 9 Dec 2020 11:49:45 +0200 > > Andrei POPESCU wrote: > > > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > > > > This application is also useful with a home VPN server, if > > > > you're not trying to hide anything, but just want to use the Net > > > > reasonably safely from an unsafe location e.g. Internet cafe. > > > > You can tailor a set of firewall rules to allow nothing in or > > > > out except DNS, DHCP and HTTP (normally a local web login is > > > > required), not forgetting the tunnelling protocol port out. A > > > > VPN client will normally have a switch to route everything > > > > through the tunnel to achieve this. > > > > > > Sorry, I must be dense. How is this improving safety compared to > > > accessing the internet from my home network? > > > > > It isn't. It's improving safety compared to surfing the web from > > public wifi or other untrusted network. It then uses your home > > Internet connection for surfing the web, etc., which should be > > safer. > > Let me rephrase that: how is connecting to the internet from some > public hot-spot decreasing my security? > > I can think of possibly messing with DNS queries (use "own" DNS > server instead, maybe with DNSSEC) and possible some attacks are > easier via the local network (e.g. by other hot-spot users or local > staff). > > Other that that, as far as I'm aware, the biggest threat are the > servers I access with my client software (typically web sites > accessed with a browser), in which case it doesn't make any > difference whether I access them via some VPN and/or (home) firewall. > > (Assuming one doesn't run NFS, Samba, etc. *listening* software on > the laptop in which case stopping those and/or running a firewall > would be indicated.) > I suppose it may depend on where you are. In the UK, public wifi normally uses no encryption, because there are no local staff who can help with problems. So any unencrypted protocol you use can be overheard. -- Joe
Re: VPN ideas
On Mi, 09 dec 20, 10:21:46, Joe wrote: > On Wed, 9 Dec 2020 11:49:45 +0200 > Andrei POPESCU wrote: > > > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > > > This application is also useful with a home VPN server, if you're > > > not trying to hide anything, but just want to use the Net > > > reasonably safely from an unsafe location e.g. Internet cafe. You > > > can tailor a set of firewall rules to allow nothing in or out > > > except DNS, DHCP and HTTP (normally a local web login is required), > > > not forgetting the tunnelling protocol port out. A VPN client will > > > normally have a switch to route everything through the tunnel to > > > achieve this. > > > > Sorry, I must be dense. How is this improving safety compared to > > accessing the internet from my home network? > > > It isn't. It's improving safety compared to surfing the web from public > wifi or other untrusted network. It then uses your home Internet > connection for surfing the web, etc., which should be safer. Let me rephrase that: how is connecting to the internet from some public hot-spot decreasing my security? I can think of possibly messing with DNS queries (use "own" DNS server instead, maybe with DNSSEC) and possible some attacks are easier via the local network (e.g. by other hot-spot users or local staff). Other that that, as far as I'm aware, the biggest threat are the servers I access with my client software (typically web sites accessed with a browser), in which case it doesn't make any difference whether I access them via some VPN and/or (home) firewall. (Assuming one doesn't run NFS, Samba, etc. *listening* software on the laptop in which case stopping those and/or running a firewall would be indicated.) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Wed, 9 Dec 2020 11:49:45 +0200 Andrei POPESCU wrote: > On Ma, 08 dec 20, 12:27:40, Joe wrote: > > > > This application is also useful with a home VPN server, if you're > > not trying to hide anything, but just want to use the Net > > reasonably safely from an unsafe location e.g. Internet cafe. You > > can tailor a set of firewall rules to allow nothing in or out > > except DNS, DHCP and HTTP (normally a local web login is required), > > not forgetting the tunnelling protocol port out. A VPN client will > > normally have a switch to route everything through the tunnel to > > achieve this. > > Sorry, I must be dense. How is this improving safety compared to > accessing the internet from my home network? > > It isn't. It's improving safety compared to surfing the web from public wifi or other untrusted network. It then uses your home Internet connection for surfing the web, etc., which should be safer. Only local DHCP, DNS and HTTP must be allowed to the local network initially, and once the VPN is up, even these are routed through the encrypted tunnel. -- Joe
Re: VPN ideas
On Ma, 08 dec 20, 17:37:43, Celejar wrote: > On Tue, 8 Dec 2020 17:00:44 -0500 > Roberto C. Sánchez wrote: > > > On Tue, Dec 08, 2020 at 02:48:26PM -0500, Celejar wrote: > > > On Tue, 8 Dec 2020 11:44:36 +0200 > > > Andrei POPESCU wrote: > > > > > > ... > > > > > > >Unless you have access to a system on the internet to set up your > > > > own > > > >VPN server you have to rely on (paid) VPN providers. > > > > > > There are free ones as well, e.g.: > > > > > > https://www.techradar.com/vpn/best-free-vpn > > > > > > I don't know how good they are - but then, again, I don't know how good > > > all the paid ones are, as well ;) > > > > > If something is free, you aren't the customer, you are the product. I'd have a reasonable degree of trust in ProtonVPN. > A fair point, but an overstatement insofar as you're implying that one > *cannot rely* upon a free VPN service. Many people are willing to rely > upon free services for at least some of their online activity. After > all, Andrei himself is using Gmail (as am I). I'm using Gmail to post to public mailing lists or similar. All private correspondence currently goes to a ProtonMail account. I still have my contacts on Gmail, because of the convenient integration with Android, though I'd like to migrate those away as well at some point. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Ma, 08 dec 20, 12:27:40, Joe wrote: > > This application is also useful with a home VPN server, if you're not > trying to hide anything, but just want to use the Net reasonably safely > from an unsafe location e.g. Internet cafe. You can tailor a set of > firewall rules to allow nothing in or out except DNS, DHCP and HTTP > (normally a local web login is required), not forgetting the tunnelling > protocol port out. A VPN client will normally have a switch to route > everything through the tunnel to achieve this. Sorry, I must be dense. How is this improving safety compared to accessing the internet from my home network? Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Tue, Dec 08, 2020 at 05:00:44PM -0500, Roberto C. Sánchez wrote: [...] > If something is free, you aren't the customer, you are the product. All generalizations suck. Cheers - t signature.asc Description: Digital signature
Re: VPN ideas
On Tue, 8 Dec 2020 17:00:44 -0500 Roberto C. Sánchez wrote: > On Tue, Dec 08, 2020 at 02:48:26PM -0500, Celejar wrote: > > On Tue, 8 Dec 2020 11:44:36 +0200 > > Andrei POPESCU wrote: > > > > ... > > > > >Unless you have access to a system on the internet to set up your own > > >VPN server you have to rely on (paid) VPN providers. > > > > There are free ones as well, e.g.: > > > > https://www.techradar.com/vpn/best-free-vpn > > > > I don't know how good they are - but then, again, I don't know how good > > all the paid ones are, as well ;) > > > If something is free, you aren't the customer, you are the product. A fair point, but an overstatement insofar as you're implying that one *cannot rely* upon a free VPN service. Many people are willing to rely upon free services for at least some of their online activity. After all, Andrei himself is using Gmail (as am I). Celejar
Re: VPN ideas
On Tue, Dec 08, 2020 at 02:48:26PM -0500, Celejar wrote: > On Tue, 8 Dec 2020 11:44:36 +0200 > Andrei POPESCU wrote: > > ... > > >Unless you have access to a system on the internet to set up your own > >VPN server you have to rely on (paid) VPN providers. > > There are free ones as well, e.g.: > > https://www.techradar.com/vpn/best-free-vpn > > I don't know how good they are - but then, again, I don't know how good > all the paid ones are, as well ;) > If something is free, you aren't the customer, you are the product. Regards, -Roberto -- Roberto C. Sánchez
Re: VPN ideas
On Tue, 8 Dec 2020 11:44:36 +0200 Andrei POPESCU wrote: ... >Unless you have access to a system on the internet to set up your own >VPN server you have to rely on (paid) VPN providers. There are free ones as well, e.g.: https://www.techradar.com/vpn/best-free-vpn I don't know how good they are - but then, again, I don't know how good all the paid ones are, as well ;) Celejar
Re: VPN ideas
On Tue, 8 Dec 2020 09:43:31 +0100 wrote: > On Tue, Dec 08, 2020 at 08:12:09AM +0100, john doe wrote: > > On 12/8/2020 1:50 AM, Charles Curley wrote: > > >On Mon, 7 Dec 2020 23:27:25 +0200 > > >ellanios82 wrote: > > > > > >> - any suggestions please , for a handy VPN for everyday use : no > > >>specific purpose, but only to add a little more privacy ?? > > > > > >With no requirements, it is difficult to say. > > > > > >Will a VPN be overkill? Would you be better off with openSSH to log in > > >remotely? > > > > > > > If you use SSH only the SSH connection will be encrypted, the way I read > > the OP's question is that all traffic should be encrypted through the VPN. > > You can tunnel things through an SSH. See the -X option (to tunnel an > X connection) and all the -L and -R options to proxy a socket. > > As a simple-to-set-up VPN, SSH is unbeatable. It has its downsides, mind > you; the SSH protocol isn't optimised for such things. But if you're using > SSH day-to-day, then starting with it and re-thinking once you reach some > bandwidth/latency limit is a very sensible path. Yes - I don't do X tunneling, but I frequently do LocalForwarding (usually via config file stanzas) to securely access insecure local HTTP services (e.g., OpenWrt and Home Assisstant GUIs). It's a lot simpler than configuring each one to use HTTPS, or setting up a reverse proxy. I do use Wireguard for general remote access, though. Celejar
Re: VPN ideas
On Tue, 8 Dec 2020 11:44:36 +0200 Andrei POPESCU wrote: > 2. Access the internet from a different point in the world > >This done for some increase in privacy[1] and/or to pretend you > are in a different location (country) and/or to hide your traffic > from your ISP. > >Unless you have access to a system on the internet to set up your > own VPN server you have to rely on (paid) VPN providers. > >Tor is also an option for this use case. > > Which of the above would apply for you? > > > - and , is this a reasonable idea ? > > Depends on the use case (see above) and/or your country and/or your > ISP, internet connection speed, VPN provider etc. > > [1] a VPN will just hide your public IP address and the traffic > between you and the exit point. It doesn't do anything about your > browser user agent, cookies and many other methods you can still be > identified and traced on the internet, if this is what you are > worried about. > This application is also useful with a home VPN server, if you're not trying to hide anything, but just want to use the Net reasonably safely from an unsafe location e.g. Internet cafe. You can tailor a set of firewall rules to allow nothing in or out except DNS, DHCP and HTTP (normally a local web login is required), not forgetting the tunnelling protocol port out. A VPN client will normally have a switch to route everything through the tunnel to achieve this. -- Joe
Re: VPN ideas
On Ma, 08 dec 20, 11:44:36, Andrei POPESCU wrote: > On Lu, 07 dec 20, 23:27:25, ellanios82 wrote: > > Hi List :) > > > > > > - any suggestions please , for a handy VPN for everyday use : no specific > > purpose, but only to add a little more privacy ?? > > This is quite vage. VPNs are generally used for two purposes: > > 1. Connect a remote system (e.g. a laptop) to the "home" network >(home server, company network, etc.). Or connect two remote company or home networks, of course. The rest still stands. >This is its originally intended use. Once the VPN tunnel is >configured one can work remotely as if directly connected to the >"home" network (barring speed penalties). > >This is especially useful in case some of the used services should >never be exposed to the internet (e.g. NFS or Samba). > > 2. Access the internet from a different point in the world > >This done for some increase in privacy[1] and/or to pretend you are >in a different location (country) and/or to hide your traffic from >your ISP. > >Unless you have access to a system on the internet to set up your own >VPN server you have to rely on (paid) VPN providers. > >Tor is also an option for this use case. > > Which of the above would apply for you? > > > - and , is this a reasonable idea ? > > Depends on the use case (see above) and/or your country and/or your ISP, > internet connection speed, VPN provider etc. > > [1] a VPN will just hide your public IP address and the traffic between > you and the exit point. It doesn't do anything about your browser user > agent, cookies and many other methods you can still be identified and > traced on the internet, if this is what you are worried about. > > Kind regards, > Andrei > -- > http://wiki.debian.org/FAQsFromDebianUser Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On Lu, 07 dec 20, 23:27:25, ellanios82 wrote: > Hi List :) > > > - any suggestions please , for a handy VPN for everyday use : no specific > purpose, but only to add a little more privacy ?? This is quite vage. VPNs are generally used for two purposes: 1. Connect a remote system (e.g. a laptop) to the "home" network (home server, company network, etc.). This is its originally intended use. Once the VPN tunnel is configured one can work remotely as if directly connected to the "home" network (barring speed penalties). This is especially useful in case some of the used services should never be exposed to the internet (e.g. NFS or Samba). 2. Access the internet from a different point in the world This done for some increase in privacy[1] and/or to pretend you are in a different location (country) and/or to hide your traffic from your ISP. Unless you have access to a system on the internet to set up your own VPN server you have to rely on (paid) VPN providers. Tor is also an option for this use case. Which of the above would apply for you? > - and , is this a reasonable idea ? Depends on the use case (see above) and/or your country and/or your ISP, internet connection speed, VPN provider etc. [1] a VPN will just hide your public IP address and the traffic between you and the exit point. It doesn't do anything about your browser user agent, cookies and many other methods you can still be identified and traced on the internet, if this is what you are worried about. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: VPN ideas
On 12/8/20 9:43 AM, to...@tuxteam.de wrote: On Tue, Dec 08, 2020 at 08:12:09AM +0100, john doe wrote: On 12/8/2020 1:50 AM, Charles Curley wrote: On Mon, 7 Dec 2020 23:27:25 +0200 ellanios82 wrote: - any suggestions please , for a handy VPN for everyday use : no specific purpose, but only to add a little more privacy ?? With no requirements, it is difficult to say. Will a VPN be overkill? Would you be better off with openSSH to log in remotely? If you use SSH only the SSH connection will be encrypted, the way I read the OP's question is that all traffic should be encrypted through the VPN. You can tunnel things through an SSH. See the -X option (to tunnel an X connection) and all the -L and -R options to proxy a socket. As a simple-to-set-up VPN, SSH is unbeatable. It has its downsides, mind you; the SSH protocol isn't optimised for such things. But if you're using SSH day-to-day, then starting with it and re-thinking once you reach some bandwidth/latency limit is a very sensible path. For the occasional customer with some (stupid Java) app which can't live without a GUI (go figure!), I do regularly tunnel X11 VNC over SSH. Works like a charm. Another interesting approach is VirtualGL over ssh: https://virtualgl.org/About/Introduction In some cases works really smoothly. Best, Alex
Re: VPN ideas
On Tue, Dec 08, 2020 at 08:12:09AM +0100, john doe wrote: > On 12/8/2020 1:50 AM, Charles Curley wrote: > >On Mon, 7 Dec 2020 23:27:25 +0200 > >ellanios82 wrote: > > > >> - any suggestions please , for a handy VPN for everyday use : no > >>specific purpose, but only to add a little more privacy ?? > > > >With no requirements, it is difficult to say. > > > >Will a VPN be overkill? Would you be better off with openSSH to log in > >remotely? > > > > If you use SSH only the SSH connection will be encrypted, the way I read > the OP's question is that all traffic should be encrypted through the VPN. You can tunnel things through an SSH. See the -X option (to tunnel an X connection) and all the -L and -R options to proxy a socket. As a simple-to-set-up VPN, SSH is unbeatable. It has its downsides, mind you; the SSH protocol isn't optimised for such things. But if you're using SSH day-to-day, then starting with it and re-thinking once you reach some bandwidth/latency limit is a very sensible path. For the occasional customer with some (stupid Java) app which can't live without a GUI (go figure!), I do regularly tunnel X11 VNC over SSH. Works like a charm. Cheers - t signature.asc Description: Digital signature
Re: VPN ideas
On 12/8/2020 1:50 AM, Charles Curley wrote: On Mon, 7 Dec 2020 23:27:25 +0200 ellanios82 wrote: - any suggestions please , for a handy VPN for everyday use : no specific purpose, but only to add a little more privacy ?? With no requirements, it is difficult to say. Will a VPN be overkill? Would you be better off with openSSH to log in remotely? If you use SSH only the SSH connection will be encrypted, the way I read the OP's question is that all traffic should be encrypted through the VPN. -- John Doe
Re: VPN ideas
On Mon, 7 Dec 2020 23:27:25 +0200 ellanios82 wrote: > - any suggestions please , for a handy VPN for everyday use : no > specific purpose, but only to add a little more privacy ?? With no requirements, it is difficult to say. Will a VPN be overkill? Would you be better off with openSSH to log in remotely? -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: VPN ideas
On Mon, Dec 07, 2020 at 04:35:09PM -0500, Roberto C. Sánchez wrote: > On Mon, Dec 07, 2020 at 11:27:25PM +0200, ellanios82 wrote: > > Hi List :) > > > > > > - any suggestions please , for a handy VPN for everyday use : no specific > > purpose, but only to add a little more privacy ?? > > > > - and , is this a reasonable idea ? > > > It is difficult to know since you don't specify any actual requirements, > but OpenVPN or WireGuard should be suitable for most uses. > +1 for OpenVPN. I've used it for some years and love it. Some time ago I also used HMA (stands for "Hide My A$$" I believe), as something I could use across Android devices and Linux. It also did the job and let me pretend I was in a different country. Mark
Re: VPN ideas
On 12/7/20 11:35 PM, Roberto C. Sánchez wrote: On Mon, Dec 07, 2020 at 11:27:25PM +0200, ellanios82 wrote: Hi List :) - any suggestions please , for a handy VPN for everyday use : no specific purpose, but only to add a little more privacy ?? - and , is this a reasonable idea ? It is difficult to know since you don't specify any actual requirements, but OpenVPN or WireGuard should be suitable for most uses. Regards, -Roberto - Many thanks Roberto & Georgi : looks like OpenVPN should be 'just-the-ticket' .. Saludos
Re: VPN ideas
On 12/7/20 11:27 PM, ellanios82 wrote: > Hi List :) > > > - any suggestions please , for a handy VPN for everyday use : no > specific purpose, but only to add a little more privacy ?? > > - and , is this a reasonable idea ? > > Hey ellanios82, many people and companies use openvpn here in Bulgaria. I saw that network manager has openvpn support as well so you can check if it is suitable for your needs. Kind regards Georgi
Re: VPN ideas
On Mon, Dec 07, 2020 at 11:27:25PM +0200, ellanios82 wrote: > Hi List :) > > > - any suggestions please , for a handy VPN for everyday use : no specific > purpose, but only to add a little more privacy ?? > > - and , is this a reasonable idea ? > It is difficult to know since you don't specify any actual requirements, but OpenVPN or WireGuard should be suitable for most uses. Regards, -Roberto -- Roberto C. Sánchez