Re: Using OpenVPN client with wicd

["James P. Wallen" <jpwallen@comcast.net>]

On 07/07/2015 09:23 AM, tomas@tuxteam.de wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> On Tue, Jul 07, 2015 at 07:55:26AM -0400, James P. Wallen
> wrote:
>
> [...]
>
> > Hi, Tomas! Thanks for your reply.
>
> I wish I cold've been more helpful, but hey, you're welcome.
>
> > No, my issue has nothing to do with corporate firewalls
> > [...]
>
> > Network-manager, as you're aware, has plugins for various
> > types of VPN software. It's easy to use, but it just seems
> > to be awfully large and, occasionally, a little
> > trouble-prone compared to wicd.
>
> This was my impression too. Since I tend for "simple", I try
> to avoid NM altogether.
>
> > I could generally just use /etc/network/interfaces and
> > associated stuff, but was looking for a fiddle-free way to
> > make my connections when I'm moving around while still
> > enabling me to use OpenVPN.
>
> Understood.
>
> > [...]                  I want to see if I can figure out
> > how to use OpenVPN from the CLI or via script using a
> > certificate and password to connect to my favorite VPN out
> > on the Internet.
>
> I see.
>
> Again, that's what I'm doing with socat: on the server
> there's a socat process running as server (duh ;) -- which
> unwraps the SSL layer and feeds its thing to the ssh server;
> on the client, a socat opens a local port and I connect my
> ssh client (courtesy of .ssh/config magic) to that: the socat
> wraps it in SSL and connects to the server: voilà -- a VPN.
> To the outside world it looks like any HTTPS connection.
> Since I have my own certificates, I (hope!) would notice any
> attempt at MITM.

So -- if I understand -- you have control of a server out there 
on the Internet, and that's what makes this work for you. I know 
nothing of socat, but it sounds interesting. I suppose I could 
set up a server on the home network. That would protect my 
traffic from prying eyes when I'm a visitor on another network, 
but it wouldn't really keep my home ISP from snooping on me. Or 
am I missing something?

Maybe I'm paranoid, but I really don't like the way Comcast (and 
many other ISPs) seem to think that they own their customers.

I'm an activist of sorts, and I really do not like how cozy 
businesses and government are about our communications. Some of 
the people I communicate with have suffered greatly at the hands 
of various governments, and I don't want to take any more risk 
with their rights than is absolutely necessary when we contact 
each other.

> What turned me away from OpenVPN was that it wanted to be a
> service started at boot time, with all that; besides it
> wants to do magic to the routing tables and so on.
>
> A tad too heavyweight for my taste.
>
> But of course, it does many things automagically you'd
> otherwise have to script.

Yes, I do prefer light(er) weight, but magic and ease of use are 
nice, too.

Again, thank you.

JP