/cyb/ - cyberpunk and cybersecurity

>What is a Virtual Private Network (VPN)?
It's a virtual patch cord you wire between two remote computers. Thus being virtual, it goes over the Internet.
>Who are the fourteen eyes?
Some meme classification of countries based on their relationship with Estados Unidos. In fact, if you fuck up something really bad, even North Korea will happily give you up to US authorities.
>Why do I need a VPN?
You want to tunnel some old application or unencrypted protocols over Internet for them being unaware going through public network. Examples: FTP, old video games that only support LAN, plaintext corporate protocols for remote offices/roadwarriiors to use.
>What VPN to use?
IPSec, OpenVPN.

I've been using OpenVPN with VPN's from vpngate.net for a long time, and it pisses me off when the connection suddenly drops and my cover is blown. Is there a kill switch or something I could use for OpenVPN to prevent this?

>>2279
This is a prime example of why VPN is not an "anonymity" tool, but a mere solution to insecure pile of soykaf called TCP/IP. Well, if you are still unaware of kill switch solutions, I think your OVPN client leaks DNS queries too. In fact, systemdicks instead of being just an init system, takes role of DNS resolver too. Here's a solution to leaks: https://aaronhorler.com/articles/openvpn-17.10-dns-leak.html
It also contains UFW-based kill switch inside the script.

>>2279
For one: Don't use free (as in gratis) VPN providers–ever–for the purposes of privacy. None of them will think twice about turning over any and every bit of information on you if requested, in addition to not taking any steps to minimize the amount of damnable information on hand at any given time.

As for having your VPN fail closed (as opposed to failing open as you have experienced) all you need are some firewall rules to prevent connections to any IP address other than the VPN endpoint (and LAN/local IP addresses of course). Nothing special, really. Here's one implementation of a fail-closed VPN setup: https://github.com/adrelanos/vpn-firewall

>>2281
>do not use volunteer-run VPN service because it's gratis
>do not use Tor because it's gratis
Sure, what else should I stop using? Next post you'll give me an advice on this wonderful cool US-based anonymous privacy-respecting VPN provider PIA, right? Ain't gonna trick me, Solomon!

>>2283
I'm not arguing an intentionally warped reading of >>2281. Goodnight.

>>2285
What's the difference between using two almost identical for-gratis services? I mean, if Tor was paid, would it somehow come out better? My point is, that there is no difference between cheap, expensive, diy, or volunteer free VPN services like vpngate in "giving up user data to authorities" as you can't measure such thing. I am 100% sure if someone did an experiment of seeding CP and running terrorist groups using one of those "good paid offshore VPNs that 100% do not keep logs", CIA and Interpol would be at his next hop's doorstep 24 hours later.
Do not rely on VPNs for providing anonymity, use Tor for that matter, why Tor, because it is mostly run by volunteers, gratis as no one is trying to jew you for shekels, has 3 or 6 nodes in between you and site you visit, plus it obscures it's traffic to not stand out on the first hop between you and bridge you connect to.
Use VPN when you need to access your home network from abroad or play a game with your friends.

>>2287
>What's the difference between using two almost identical for-gratis services?

Tor and VPN are nothing alike, both in terms of infrastructure and amount of information each node has on you. See: https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#WhichTornodeknowswhat

Additionally, I'd recommend reading up on the difference between Tor and VPN, or their use together: https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

That should make you a more informed Alice.

>>2287
Also, privacy != anonymity. The difference is subtle but important when discussing these topics.

But if I have to spell out why VPNGate and similar "free" VPN services are no good, think about how the VPN provider has complete access to all of your browsing history (IP addresses, unencrypted webpage views, etc.). Would you rather put your browsing history into the hands of some shmuck who slapped OpenVPN onto a VPS somewhere or some other shmuck who makes it his business to do it correctly and attempt to minimize any log collection?

>>2291
I know what differences between Tor and generic VPN protocols are, between Tor infrastructure and infrastructure of your average "we do not keep logs" VPN provider. Linking decade old articles won't help newbies to understand the topic though. In fact it doesn't matter which Tor node knows what if three of them happen to be in France and France happens to have country-wide data logging and retention law, comprende, innit?
>>2292
None of those. I'd put it in hands of 3 shmucks who did apt-get install tor on their VPS and forgot about it. VPN should not be neither a service, nor it should be provided by third party rather than your company, your friend or yourself. However, VPNGate is comprised of volunteers from different countries, mostly Asian, but instead they use a SoftEther server. Similar to Tor node admins. It is not anonymous to the degree as Tor is, nor secure is. Therefore most people use it as circumvention tool, as most VPNs in fact are, just read their TOS closely. In fact I am 100% sure none of them will be interested in selling my hentai or chan preferences to advertisers, contrary to big so-called VPN """providers""" (what a stupid name, americans always come up with dumb terms tbh) who have access to thousands of user's data simultaneously. VPNGate is also a nice way of hiding your Tor exits from some half-assed websites that decided to block Tor connections for some reason.
>unencrypted webpage views
That's mostly old obscure pages from web 1.0 era, I am completely fine with it. Everything that has a login page today has https, but if a public page has https, it won't save you from snooping. You know, there is this thing called "Website fingerprinting attack" When you visit a website, even over VPN, SSH tunnel, or https every page has unique download patterns. The technique is pretty accurate around 90%, an adversary can detect what pages on "encrypted" site you visit. So, in order to at least hide what websites you visit from your ISP even when using VPN, you'll need a custom VPS with obfuscated shadowsocks rather than plain OpenVPN on someone else's computer.

Has anyone ever run their own OpenVPN server instance on a dedicated server before. I've considered doing this and running my own VPN service. Is there anything security wise wrong with doing this? Is there a reason why I never see anyone mentioning doing this?

>>4218

Well if your server is under your name then you're easier to find. If you're sharing servers with thousands of other people through a service you're less identifiable.
I'm not an expert, that's just my understanding of it.
You can certainly run your own VPN server, I do, because I'm not doing anything malicious or illegal. I just mainly use it when connecting to unfamiliar wifi.