On 07/08/2015 03:17 AM, Petter Adsen wrote:
On Tue, 07 Jul 2015 13:20:35 -0400 "James P. Wallen"
<jpwallen@comcast.net> wrote:
On 07/07/2015 08:34 AM, Petter Adsen wrote:
https://wiki.debian.org/OpenVPN
Have you seen this? It doesn't contain anything
particular to wicd, but you could use what is there to
set up a script.
There are a few links at the bottom that might also be of
help.
Petter
Thank you, Petter.
I'll try following that document through to a conclusion. I
should always remember to look at the debian.org onlin
documentation first.
However, the explanations seem to lean heavily toward
explaining how to set up a server and a client, so I have
to try to pick out carefully how to just do what I want to
do.
I'm currently working on setting up a VPN myself, so I was
just reading that when I saw your message. It's perfect for
what I want to do, but of course it might not fit your
needs. You should be able to pick out enough from the
examples given there to set up what you want, but of course
it's not a step-by-step guide.
The Arch wiki also has some useful information, you can find
it at:
https://wiki.archlinux.org/index.php/Openvpn
It also has a few notes on connecting to a third party
provider.
Yes, I should also remember to look at archlinux.org docs when I
have a project or issue like this. They're really good.
It's funny that neither the Debian nor the Archlinux docs show
up in the search engines I've been using. Either my choices of
search terms aren't so hot, or the engines are doing a very
superficial job of checking mostly commercial site and message
list content. Or both.
I think that I may be able to make this work if I just scrape
all the data from the Debian and Archlinux docs together and
sort through it.
I just need to connect a client to a publicly available
VPN over which I have no control. It surprises me that I
haven't seen a simple howto for that. Surely there are
lots of people who use such "private VPNs" but who don't
want to use network-manager.
Have you talked to the VPN provider, or looked at their site
for hints on configuration? Send their support team an email,
maybe they have been in that situation before.
The most important of the VPN providers for my purposes is
riseup.net. They are a no-charge system that I donate to on a
monthly basis because they exist specifically to serve social
and political activism.
They are switching to a VPN system which uses bitmask.
Unfortunately, their specific configuration requires (at least
for now) use of a third party repository. I've tried it and had
quite a bit of trouble with its functionality.
I'll ask them about doing what I want to do with the old system,
but they weren't very responsive even when I was trying to get
help with the new system that they want everyone to use now. As
is usually the case with such entities, they are long on work
and short on workers.
If you would rather have control over the server, and
depending on whom you want to conceal your traffic from, you
could consider paying for a VPS, then setting up a VPN
between that and your home or mobile devices. One problem
with that approach is that most VPS services come with quite
a limited amount of bandwidth per month, but depending on
what you want to do that may not be a big problem. I pay
$10/month, and that is for up to 2TB transfer. The VPS
provider would of course be able to snoop on your traffic,
but that might be better than having your ISP snoop, if you
have a bad ISP and choose the right provider.
Just a thought. Good luck!
Petter
I've considered this alternative, too. I might well fall back on
it -- especially if I can find a VPS provider which has
established a good reputation with some of the activist communities.
The trust factor is a big concern for me. I might have little or
nothing to lose by compromised communications, but some of these
folks hang on the hairy edge of disaster every day of their
lives. So far, the worst safety issues these communities have
faced have been the result of careless -- or worse, deliberately
compromised -- treatment of communications by some of the third
parties involved in the message path.
Many, many thanks for your help.
JP