View previous topic :: View next topic |
Author |
Message |
Aranycsapat n00b
Joined: 05 Apr 2020 Posts: 23
|
Posted: Mon Apr 25, 2022 12:09 pm Post subject: VPN client for Gentoo |
|
|
I am looking for a working VPN client for Gentoo.
As far as I know the standard ebuilds like net-vpn/openvpn, net-vpn/wireguard and so on are barely useful without a server. I do not have a server, I am only an end user who just wants to open some blocked sites.
I tried several commercial services such as expressvpn, protonvpn, windscribe. All they offer linux users is debs and rpms. (Protovpn offers a gentoo package, too, but unmasking it is a true hell.) As for installation of rpms it failed since they require systemd which I do not use at all.
A browser extension could be a partial solution, but it is not helpful while using bittorrent, torbrowser.
So, how one can have a full-fledged VPN client on gentoo? |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3875
|
Posted: Mon Apr 25, 2022 12:23 pm Post subject: |
|
|
Quote: |
So, how one can have a full-fledged VPN client on gentoo?
|
Openvpn is the answer.But you will need to connect to a free or paid vpn server.
They will provide you with a .ovpn file that openvpn client will use to connect with.
In case of proton see
https://protonvpn.com/support/linux-openvpn/
Then connect using the provided file(s) by issuing
Code: |
openvpn --config /path/to/*.ovpn
|
_________________
|
|
Back to top |
|
|
Juippisi Developer
Joined: 30 Sep 2005 Posts: 722 Location: /home
|
Posted: Tue Apr 26, 2022 5:32 am Post subject: |
|
|
Many vpn provides provide a "configuration tool" where you can just generate a config and feed that to openvpn. Then it works when you start openvpn service in Gentoo.
https://wiki.gentoo.org/wiki/OpenVPN
WireGuard works in a similar fashion, but less providers support it yet.
https://wiki.gentoo.org/wiki/Wireguard
And then yes we have some specific clients in the repo, these usually aren't needed to actually run the vpn, but they provide a nicer GUI and maybe some nice features like changing servers with a mouse click. Do note that managing vpn connections is also easy with networkmanager.
And the final note I want to give is, some vpn providers offer browser extensions where you don't have to install / configure anything in your machine, just get the extension to your web browsing. Obviously this doesn't hide your traffic outside web browser. As you said yourself. |
|
Back to top |
|
|
Aranycsapat n00b
Joined: 05 Apr 2020 Posts: 23
|
Posted: Thu Apr 28, 2022 2:47 pm Post subject: |
|
|
Thank you, guys. I successfully established vpn on my laptop and phone. However the desktop is a different story. On desktop I prefer to use openvpn directly, unlike laptop, where I establish a vpn connection via a Network manager GUI configuration tool.
On desktop I use
Code: | openvpn --config /path/to/*.ovpn |
command. It requests username and password, and I have no problems with that. However it is too exhausting to enter them once I want vpn. I would like to automatize the process. I tried to write my login data into an auth file and then type its position into ovpn under auth-user-pass (as specified on Gentoo handbook), but in this case the command above crashes. Any suggestions? |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3875
|
Posted: Thu Apr 28, 2022 5:21 pm Post subject: |
|
|
Code: |
auth-user-pass ~/vpn-login.conf
|
and
Code: |
cat ~/vpn-login.conf
some-username
some-password
|
Quote: |
but in this case the command above crashes
|
How exactly?
Plz post terminal output.
and
Which kernel are you using?
Is it home made? _________________
|
|
Back to top |
|
|
Aranycsapat n00b
Joined: 05 Apr 2020 Posts: 23
|
Posted: Fri Apr 29, 2022 12:41 pm Post subject: |
|
|
Oops... It seems that my auth file contained extra spaces. I fixed it and everything is just fine.
However having terminal open is not convenient. Is it possible to launch openvpn with my data at boot? Also is it safe to keep login data and certificates as is, without encryption? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21490
|
Posted: Fri Apr 29, 2022 4:08 pm Post subject: |
|
|
Yes, you could choose to start OpenVPN at boot. You can keep the login data unencrypted in a file if you have other measures to maintain the security of that data, such as full disk encryption, or if you have a high level of confidence in the physical security of your computer, or if you don't care about whether the data is stolen. |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3104
|
Posted: Fri Apr 29, 2022 4:13 pm Post subject: |
|
|
You can start openvpn as a service.
Whether or not it's safe to keep passwords without encryption depends on your setup, use case, and threat model. I was fine with encrypted disk and making the file with credentials readable only by root. This way either full disk encryption makes it unreadable by 3rd parties or kernel keeps applications from prying. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3875
|
Posted: Fri Apr 29, 2022 6:35 pm Post subject: |
|
|
If you are using openrc then create a file
Code: |
echo '#!/bin/bash' > /etc/local.d/openvpn.start
echo "openvpn --config /path/to/*.ovpn" >> /etc/local.d/openvpn.start
chmod +x /etc/local.d/openvpn.start
rc-update add local default
|
Then this script will run @boot.
You could use the main config openvpn.conf to specify client|server config but not necessary.
This way you dont even need to enable openvpn service.
Dont worry too much about vpn username|password being unecrypted.I wouldnt.
In case it is compromised then issue a new pair from your proton mail dashboard.
But its up to you. _________________
|
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3104
|
Posted: Fri Apr 29, 2022 11:13 pm Post subject: |
|
|
Quote: | This way you dont even need to enable openvpn service. | And how is adding it manually to local better than enabling a service via an already provided script?
It gives you less control, and also by the time you have to change something, you're likely to forget you did it this way, so will have to reverse-engineer it in the future. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3875
|
Posted: Fri Apr 29, 2022 11:27 pm Post subject: |
|
|
Quote: |
And how is adding it manually to local better than enabling a service via an already provided script?
|
The OP apparently needs the client aspect of openvpn.
So its not necessary to start the openvpn service.
GRANTED he can rename his .ovpn to openvpn.conf.
What if he has 30 .ovpn files.
To me it seems "neater" via local.d.
The ideal would be a script to let him choose among multiple vpn connections.
This is what i use.
Plz see
https://forums.gentoo.org/viewtopic-t-1149662-highlight-.html _________________
|
|
Back to top |
|
|
|