Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
VPN client for Gentoo
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Aranycsapat
n00b
n00b


Joined: 05 Apr 2020
Posts: 23

PostPosted: Mon Apr 25, 2022 12:09 pm    Post subject: VPN client for Gentoo Reply with quote

I am looking for a working VPN client for Gentoo.
As far as I know the standard ebuilds like net-vpn/openvpn, net-vpn/wireguard and so on are barely useful without a server. I do not have a server, I am only an end user who just wants to open some blocked sites.
I tried several commercial services such as expressvpn, protonvpn, windscribe. All they offer linux users is debs and rpms. (Protovpn offers a gentoo package, too, but unmasking it is a true hell.) As for installation of rpms it failed since they require systemd which I do not use at all.
A browser extension could be a partial solution, but it is not helpful while using bittorrent, torbrowser.
So, how one can have a full-fledged VPN client on gentoo?
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3875

PostPosted: Mon Apr 25, 2022 12:23 pm    Post subject: Reply with quote

Quote:

So, how one can have a full-fledged VPN client on gentoo?


Openvpn is the answer.But you will need to connect to a free or paid vpn server.
They will provide you with a .ovpn file that openvpn client will use to connect with.
In case of proton see
https://protonvpn.com/support/linux-openvpn/
Then connect using the provided file(s) by issuing
Code:

openvpn --config /path/to/*.ovpn


_________________
:)
Back to top
View user's profile Send private message
Juippisi
Developer
Developer


Joined: 30 Sep 2005
Posts: 722
Location: /home

PostPosted: Tue Apr 26, 2022 5:32 am    Post subject: Reply with quote

Many vpn provides provide a "configuration tool" where you can just generate a config and feed that to openvpn. Then it works when you start openvpn service in Gentoo.
https://wiki.gentoo.org/wiki/OpenVPN

WireGuard works in a similar fashion, but less providers support it yet.
https://wiki.gentoo.org/wiki/Wireguard

And then yes we have some specific clients in the repo, these usually aren't needed to actually run the vpn, but they provide a nicer GUI and maybe some nice features like changing servers with a mouse click. Do note that managing vpn connections is also easy with networkmanager.

And the final note I want to give is, some vpn providers offer browser extensions where you don't have to install / configure anything in your machine, just get the extension to your web browsing. Obviously this doesn't hide your traffic outside web browser. As you said yourself.
Back to top
View user's profile Send private message
Aranycsapat
n00b
n00b


Joined: 05 Apr 2020
Posts: 23

PostPosted: Thu Apr 28, 2022 2:47 pm    Post subject: Reply with quote

Thank you, guys. I successfully established vpn on my laptop and phone. However the desktop is a different story. On desktop I prefer to use openvpn directly, unlike laptop, where I establish a vpn connection via a Network manager GUI configuration tool.
On desktop I use
Code:
openvpn --config /path/to/*.ovpn

command. It requests username and password, and I have no problems with that. However it is too exhausting to enter them once I want vpn. I would like to automatize the process. I tried to write my login data into an auth file and then type its position into ovpn under auth-user-pass (as specified on Gentoo handbook), but in this case the command above crashes. Any suggestions?
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3875

PostPosted: Thu Apr 28, 2022 5:21 pm    Post subject: Reply with quote

Code:

auth-user-pass ~/vpn-login.conf

and
Code:

cat ~/vpn-login.conf
some-username
some-password

Quote:

but in this case the command above crashes

How exactly?
Plz post terminal output.
and
Code:

ls -l /dev/tun

Which kernel are you using?
Is it home made?
_________________
:)
Back to top
View user's profile Send private message
Aranycsapat
n00b
n00b


Joined: 05 Apr 2020
Posts: 23

PostPosted: Fri Apr 29, 2022 12:41 pm    Post subject: Reply with quote

Oops... It seems that my auth file contained extra spaces. :roll: I fixed it and everything is just fine.
However having terminal open is not convenient. Is it possible to launch openvpn with my data at boot? Also is it safe to keep login data and certificates as is, without encryption?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Fri Apr 29, 2022 4:08 pm    Post subject: Reply with quote

Yes, you could choose to start OpenVPN at boot. You can keep the login data unencrypted in a file if you have other measures to maintain the security of that data, such as full disk encryption, or if you have a high level of confidence in the physical security of your computer, or if you don't care about whether the data is stolen.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3104

PostPosted: Fri Apr 29, 2022 4:13 pm    Post subject: Reply with quote

You can start openvpn as a service.
Whether or not it's safe to keep passwords without encryption depends on your setup, use case, and threat model. I was fine with encrypted disk and making the file with credentials readable only by root. This way either full disk encryption makes it unreadable by 3rd parties or kernel keeps applications from prying.
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3875

PostPosted: Fri Apr 29, 2022 6:35 pm    Post subject: Reply with quote

If you are using openrc then create a file
Code:

echo '#!/bin/bash' > /etc/local.d/openvpn.start
echo "openvpn --config /path/to/*.ovpn" >> /etc/local.d/openvpn.start
chmod +x /etc/local.d/openvpn.start
rc-update add local default

Then this script will run @boot.
You could use the main config openvpn.conf to specify client|server config but not necessary.
This way you dont even need to enable openvpn service.
Dont worry too much about vpn username|password being unecrypted.I wouldnt.
In case it is compromised then issue a new pair from your proton mail dashboard.
But its up to you.
_________________
:)
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3104

PostPosted: Fri Apr 29, 2022 11:13 pm    Post subject: Reply with quote

Quote:
This way you dont even need to enable openvpn service.
And how is adding it manually to local better than enabling a service via an already provided script?
It gives you less control, and also by the time you have to change something, you're likely to forget you did it this way, so will have to reverse-engineer it in the future.
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3875

PostPosted: Fri Apr 29, 2022 11:27 pm    Post subject: Reply with quote

Quote:

And how is adding it manually to local better than enabling a service via an already provided script?


The OP apparently needs the client aspect of openvpn.
So its not necessary to start the openvpn service.
GRANTED he can rename his .ovpn to openvpn.conf.
What if he has 30 .ovpn files.
To me it seems "neater" via local.d.
The ideal would be a script to let him choose among multiple vpn connections.
This is what i use.
Plz see
https://forums.gentoo.org/viewtopic-t-1149662-highlight-.html
_________________
:)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum