# VPN



## dalpets (Mar 23, 2021)

I notice that VPN over IPsec was abandoned in 2014. Why is it still included in the documents @ 14.7
Is OpenVPN ready for prime time in 12.2

Thanks


----------



## SirDice (Mar 23, 2021)

A VPN is not a specific protocol, it's a technique that can be implemented in various ways. IPSec is one way, OpenVPN is another. They're just different ways to create a VPN. 



dalpets said:


> Is OpenVPN ready for prime time in 12.2


What do you mean? security/openvpn has been in the ports tree for ages and works just fine.


----------



## msplsh (Mar 23, 2021)

All of the VPN solutions have problems and OpenVPN's are the most "solvable."  Once Wireguard gets fixed up, that might be the new go-to solution.


----------



## dalpets (Mar 24, 2021)

I've been to https://www.ovpn.com/en/guides/freebsd but I'm unaquainted with their VPN & if it suits my non-business personal needs. There appears to be a number of types of VPN's but I only want one that can connect anywhere on the internet, as does Nord on my Windows box. Is it OK for my purposes?
In what circumstances  would I need their add-ons & which one, if any?

Thanks


----------



## SirDice (Mar 24, 2021)

dalpets said:


> if it suits my non-business personal needs.


What are your needs?

I'm a little worried about all those VPN adverts I see everywhere. Most of them are selling snake-oil.


----------



## dalpets (Mar 24, 2021)

SirDice said:


> What are your needs?
> 
> I'm a little worried about all those VPN adverts I see everywhere. Most of them are selling snake-oil.


My answer in short is 'total internet security that surpasses https'.
My Nord Windows service example should be enough explanation. They don't ask me questions before using their software, questions that are tantamount to an invasion of privacy.
Where do I find VPN software that is not 'snake oil' & not drastically complicated to install & maintain.
Could you be more helpful?


----------



## SirDice (Mar 24, 2021)

dalpets said:


> total internet security


Doesn't exist, unless you unplug. 



dalpets said:


> that surpasses https


Why do you think SSL/TLS isn't enough? What makes you think a VPN is any better? What do you think a VPN will protect you against that an SSL/TLS connection can't? 

(I'm genuinely curious, there's so much nonsense being presented nowadays I'm actually wondering what people think these things do)


----------



## zirias@ (Mar 24, 2021)

SirDice said:


> I'm a little worried about all those VPN adverts I see everywhere.





SirDice said:


> What makes you think a VPN is any better?


Uhm, go figure… 

Well seriously, the kind of "security" they offer is hiding your network address from services you use. So, how does it help? Depending on the scenario (e.g. you're for whatever reason in the focus of some investigation officials or whatever): not at all. They just have to take one additional step tracking you down, knocking on the VPN provider's door. Or maybe you're worried about tracking? Well, this doesn't rely on network addresses, there are much better methods. But hey, it helps for irrelevant cases for sure 

The one sane usecase for a VPN is for accessing a *private* network over an encrypted tunneled connection – hence the name. Btw, for my private needs with that, I find OpenVPN works quite fine.


----------



## SirDice (Mar 24, 2021)

Zirias said:


> Well seriously, the kind of "security" they offer is hiding your network address from services you use. So, how does it help? Depending on the scenario (e.g. you're for whatever reason in the focus of some investigation officials or whatever): not at all. They just have to take one additional step tracking you down, knocking on the VPN provider's door. Or maybe you're worried about tracking? Well, this doesn't rely on network addresses, there are much better methods. But hey, it helps for irrelevant cases for sure


I think you need to worry a lot more about company's tracking you everywhere than governments or law enforcement. And those companies don't track you based on IP addresses. If you're on the radar of a government or law enforcement they're going to find you regardless of that VPN. That's exactly what I mean by many of these VPN providers selling you snake-oil, it feeds a false sense of security.



Zirias said:


> The one sane usecase for a VPN is for accessing a *private* network over an encrypted tunneled connection – hence the name.


That's not what these VPN companies are selling you though.


----------



## msplsh (Mar 24, 2021)

Oh, you want VPN software to hide "something" and not just connect one point to another.

In that case, you're not really picking software as much as you're picking the service.


----------



## dalpets (Mar 24, 2021)

Zirias;​Basically what you are saying is that other than for a private network VPN is a marketing scam!
Don't hold back please tell me what the 'much better methods' are!


----------



## SirDice (Mar 24, 2021)

msplsh said:


> you're not really picking software as much as you're picking the service.


You're putting your trust in some other company, that's really all you're doing. Otherwise it's just your ISP. I trust my ISP a lot more than I do any of those so-called VPN "privacy" providers. My ISP is a Dutch company, it has to abide by Dutch law, so I know exactly what they can and cannot do. I can also easily take them to court if I can prove they're doing something they shouldn't. Now, try doing the same with some of these companies, that are in another country, having to abide by other laws and regulations. Laws and regulations I don't know. 

I like the bit from the OVPN link dalpets posted:

```
Conflicts are expensive and complicated, especially when crossing country borders. We've decided to sign up for an insurance that covers legal fees as an additional layer of safety, which grants us the financial muscles to refute any requests for information. 

In the case of any third party demanding information about our customers, we are fully prepared to go to court and will do everything in our power to prevent anyone from getting access to customer information.
```
That's great and all, but what happens when that judge decides they must hand over the data? Or worse, gets a court order to capture all your data as it passes through them. Then what?


----------



## dalpets (Mar 24, 2021)

msplsh said:


> Oh, you want VPN software to hide "something" and not just connect one point to another.
> 
> In that case, you're not really picking software as much as you're picking the service.


Not paedophilia or the dark web , if that's what you are implying, just plain & simple internet security at its best.


----------



## zirias@ (Mar 24, 2021)

SirDice said:


> I think you need to worry a lot more about company's tracking you everywhere than governments or law enforcement. And those companies don't track you based on IP addresses. If you're on the radar of a government or law enforcement they're going to find you regardless of that VPN. That's exactly what I mean by many of these VPN providers selling you snake-oil, it feeds a false sense of security.


That's basically exactly what I said, in all points. IOW, I just completely agreed with you 


dalpets said:


> Don't hold back please tell me what the 'much better methods' are!


I was talking about better methods for tracking you. Nobody trying to track users will look at the network address. Cookies are an important part, but not the only thing used…


----------



## zirias@ (Mar 24, 2021)

dalpets said:


> just plain & simple internet security at its best.


That's nothing a VPN could (even remotely) help with. Apart from what VPNs are _designed_ for (which is, again, securely connecting over the untrusted internet to a private network), the _advertized_ use is "privacy", and that's at least *very* questionable, see above. If you need that on "level paranoid", better have a look at e.g. TOR.

Example how VPNs do *not* help with security: Let's say a braindead website exchanges sensitive information over plain http, unencrypted. Now, add a VPN to the picture for encryption. Nice, now the part of the path between you and your VPN provider is encrypted, but the part between there and the web server still isn't. Exactly nothing to gain.


----------



## SirDice (Mar 24, 2021)

dalpets said:


> Just plain & simple internet security at its best.


Those VPNs aren't going to protect you against rogue websites (or ads) that exploit weaknesses in your browser for example. But a lot of them are sold as some sort of "magic armor" that will make your internet connection bulletproof. 

The only thing a VPN does is protect your traffic from eavesdroppers that could potentially sit between you and the end-point. In that sense it provides the exact same protection SSL/TLS already does.


----------



## dalpets (Mar 24, 2021)

msplsh;​Not paedophilia or the dark web, if that's what you are implying!
Every week that goes by I see more & more disinformation & deceptive conduct with the web & technology, that in this  post modern world have both become the great global enablers of scams & criminality. A sorry world!  It's hard to know who to believe these days, particularly with the use of unsavory algorithms that are largely able to falsify reality.


----------



## SirDice (Mar 24, 2021)

dalpets said:


> Every week that goes by I see more & more disinformation & deceptive conduct with the web & technology, that in this post modern world have both become the great global enablers of scams & criminality.


Crime and criminal activity has always existed and will continue to exist for eternity. Even the most deplorable stuff. Every piece of technology will eventually be used or abused by criminals. They too evolve just like the rest of us.


----------



## zirias@ (Mar 24, 2021)

Let's start by stopping the disinformation that a VPN will magically increase your security _on the internet_ 


SirDice said:


> The only thing a VPN does is protect your traffic from eavesdroppers that could potentially sit between you and the end-point. In that sense it provides the exact same protection SSL/TLS already does.


Not even that, half of the path will stay unencrypted. On the web, only correctly deployed TLS gives sane protection. And if it's about "privacy", manage cookies, scripts and so on, and be careful with your own data. And as stated above, if even revealing your network address is somehow a problem → TOR.


----------



## Jose (Mar 24, 2021)

SirDice said:


> That's great and all, but what happens when that judge decides they must hand over the data? Or worse, gets a court order to capture all your data as it passes through them. Then what?


I get to try and quash the subpoena and maybe publicly embarrass whomever is trying to get at my data, that's what. A "cloud" provider is likely to just hand over my data and not even tell me they did.



SirDice said:


> The only thing a VPN does is protect your traffic from eavesdroppers that could potentially sit between you and the end-point. In that sense it provides the exact same protection SSL/TLS already does.


The other thing a VPN allows you to do is pretend to be somewhere you're not. Netflix is the most trivial case, but there are serious use cases for those unfortunate enough to live in countries with repressive governments.


----------



## zirias@ (Mar 25, 2021)

Jose said:


> The other thing a VPN allows you to do is pretend to be somewhere you're not. Netflix is the most trivial case, but there are serious use cases for those unfortunate enough to live in countries with repressive governments.


Well, for repressive governments, it's not "prentending to be somwhere else" but "getting through whatever blocking they employ". But yes, that's indeed a use case. The one time I travelled to China, I made sure I had OpenVPN installed on my android phone and able to connect to my endpoint at home


----------



## msplsh (Mar 25, 2021)

dalpets said:


> Not paedophilia or the dark web , if that's what you are implying


No.

But protection from "scams" and "criminals"?  IDK if that's what a VPN is for.


----------



## a6h (Mar 25, 2021)

Whatever you're using, without VPN kill switch, it's useless. One DC, and it'll hose you down.


----------



## Deleted member 30996 (Mar 25, 2021)

dalpets said:


> My answer in short is 'total internet security that surpasses https'.
> My Nord Windows service example should be enough explanation.


Well,  Nord did stop using the "Military Grade" buzzword and switched to "Next-Generation Encryption" after word got out people were on to that.

Using a proxy was SOP for me a long time and I am very security minded. When I never heard back from MultiProxy about getting it in ports I looked at the alternatives. A paid VPN being one as well as  security/openvpn and net/proxychains viable alternatives.

None of the paid VPN looked worth paying for and the alternatives were overkill for the few sites I visit on a regular basis.

Those that I don't frequent so often don't worry me enough to use a proxy or VPN. Not enough to see Drowning Pool - Bodies played on youtube and have it, the live and demo version loaded in Audacious and listening to them before the following video was over.

Please tell me how a VPN makes you any more secure than I am without one.

I can prove your Windows box isn't secure against drive-by downloads using a VPN if you don't disable JS globally. I just checked and the site is down but a Cloudflare page said try later.


----------

