how to vpn

[philo_neo71]

Hello,
I’m working on openBSD 7.1, amd64 architecture.
In Europe we have a 10 VPN provider, after some research, I chose protonvpn because it works with CERN and MIT.
Protonvpn is compatible with openBSD.
I have trouble loading the connection script, it’s a bit complicated!
Does anyone have an experience with protonvpn, I’d like to be consulted.

[jmccue]

If your provider allows wireguard, on 7.1 it works great. Steps:

1. install package wg-quick (edit it is wireguard-tools)
2. put your wg config from your provider somewhere, name mine /etc/wireguard/wg0.conf

Command to enable wireguard:

Code:

doas /usr/local/bin/wg-quick up CONFIGFILE

Command to disable wg:

Code:

doas /usr/local/bin/wg-quick down CONFIGFILE

I am sure there are other methods, but the above works great for my because there are times I do not want to use the VPN.

As for openvpn, I had a method but it was a big kludge and IIRC around 7.0 it started having issues due to resolvd(8) and dhcpleased(8).

But wireguard works without any issues and is easy to use

HTH

[philo_neo71]

I tried to install wg-quick but the reference does not recognize it! (pkg_add -v wg-quick)
I am a bit blocked from not having a secure vpn. I suffer from cyber attaks.
I think that with the VPN be not geolocalized.

The following commands do not respond.

Quote:

doas /usr/local/bin/wg-quick up CONFIGFILE
Command to disable wg:
doas /usr/local/bin/wg-quick down CONFIGFILE

respectful greetings.

[jmccue]

Sorry, typo, it is wireguard-tools, also CONFIGFILE is the file given to you from your vpn provider

[jggimi]

Quote:

Originally Posted by philo_neo71

I am a bit blocked from not having a secure vpn. I suffer from cyber attaks.
I think that with the VPN be not geolocalized.

You have stated you suffer from "cyber attacks" in three different threads today, without describing these "attacks." Whether you actually have a security problem or whether you merely misunderstand the cause of some problems you are experiencing, I am responding here, now, because you misunderstand the purpose and value of a VPN.

A VPN -- a Virtual Private Network -- permits private communication between trusted systems over an untrusted network. The communication behaves as if it is on a private network, even though the physical connections are through an untrusted public network.

A VPN does not prevent or stop "cyber attacks" on those trusted systems. A VPN merely provides a private communication channel between the trusted systems.

• Many organizations operate VPNs for incoming users so that remote staff (or remote students) can connect to the organizations' internal networks from the Internet when authenticated as trusted remote users.
• Many organizations operate VPNs between geographically dispersed servers to simplify operation or administration.

Many people purchase individual VPN services in order to route Internet traffic through a trusted remote router. The primary value of such an individual service is to reach out to the Internet from a different originating IP address. People who do this must trust the service with all of the traffic they route through it.

You are considering purchasing an individual VPN service. Such a service does not stop any system you have connected to the Internet from being attacked. It merely changes the originating IP address of your outbound packets to the Internet. In some cases, it can change the address of a "listening" service you may operate. But that does not prevent attack.

[jggimi]

One more consideration regarding individual VPN services for plaintext -- unencrypted communication -- such as we use here at daemonforums.org, which uses plaintext HTTP:

Consider a post card: a post card is readable by anyone and everyone who can see the card as it is sent through the post system to its destination. Plaintext packets are like post cards; they can be scanned and understood by any device between the sending system and its destination.

Additional privacy can be gained by using a VPN for plaintext traffic, but it is limited:

• The plaintext traffic becomes encrypted and cannot be understood by the local ISP as it transported via the VPN.
• This traffic becomes plaintext again when it exits the VPN. Outbound and return traffic can still be scanned and read by any system between the exit point and its destination.

The only privacy gain is local.