is it okay to replace your VPN provider's openvpn installer w/ openvpn.net's version?

Discussion in 'privacy technology' started by illumins, Feb 12, 2011.

Thread Status:
Not open for further replies.
  1. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    For example, a VPN company will have you install their own modified version of OpenVPN, but what about replacing it with the original installer from Openvpn.net?

    Any privacy or security implications from doing this?
    Are you less anonymous? Is your vpn encrypted traffic more prone to leaking?

    Thanks in advance.
     
  2. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    It depends. With the current version of XeroBank, you don't lose anything by using stock OpenVPN, and you may gain by using a newer version. However, with such services that use essentially stock OpenVPN, you probably want to secure VPN connections using instructions that XeroBank provides.

    For some other services, there may be capabilities in the client that you wouldn't get with stock OpenVPN. For example, the Mullvad client includes an option to block traffic if the VPN connection fails. Using stock OpenVPN, as noted above, you'd need to handle that yourself. And FWIW, I don't like the method that Mullvad uses, but that's another conversation.

    OTOH, some services use clients that do potentially annoying things. For example, there's one (which, I forget) that "hides" the TAP adapter in Windows -- in that it doesn't show up in Network Connections. Even worse, after uninstalling the software, TAP adapters created by other VPN services are also hidden. I'm sure that there's a way to fix that, but I never bothered to find it.
     
    Last edited: Feb 12, 2011
  3. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    Hierophant, so basically OpenVPN.net stock should include all the basics & critical components of OpenVPN in terms of VPN and encrypted traffic. Anything that a VPN provider might add would then appear to be "extra features," which can maybe improve privacy.


    I am not sure if our methods are any different but I secure my VPN connection using a route delete command:

    route delete 0.0.0.0 192.168.1.1

    After my OpenVPN connection is disconnected, my applications will not leak my real ip address. (Without this command, my real ip address will leak).

    For example, let's say OpenVPN is connected and my VPN ip address is "22.222.22.222" If my vpn connection is disconnected, firefox will leak my real ip address "166.167.166.167". With a route delete command, firefox will not leak my real ip address and simply not connect any longer. (As far as I understand)

    Is using route delete command not good enough? Am I missing something?
    Is your method any better/more secure?
     
    Last edited: Feb 12, 2011
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    There are various ways of securing openvpn. The problem is not openvpn itself, but the way windows does networking altogether. In a linux system, it is relatively trivial to make openvpn all-or-nothing. In windows, it is less so: no proper network stack or routing tables, adapters can fight for metric 1 (like hamachi), leaks are possible. and it gets worse with leaky protocols added on top.

    There are some new methods we are working on that should work much better, and when we release Safehouse, it will also act as a free and leakproof vpn client that you can use with any OpenVPN connection on any provider.
     
  5. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    There should not be a problem doing this as long as you have the VPN digital certificates, few VPN providers support Linux and Linux users end up doing exactly what you suggested, they take the digital certificates and use it with plain vanilla Openvpn.

    None that I can think of.

    IMO, it is the same security or even higher, but not less, you will just be losing any extra features your VPN proprietary client has, i.e. VPN updates, bandwidth/speed details, etc.
     
  6. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    You don't have to install any program from any particular VPN, you just need to ask them to provide you with the configuration files so you can use them with OpenVPN.

    OpenVPN is the standard and the problems are mainly outside of OpenVPN with IP and DNS leaks...



    hierophant the OPs question was general in nature as it relates to any VPN, yet you specifically reply starting out talking about Xerobanks... :(

    Please stay on topic as this doesn't relate to an particular company...


    CHEERS :)
     
    Last edited: Feb 15, 2011
  7. Dogbiscuit

    Dogbiscuit Guest

    Wilders is the unofficial Xerobank forum now?
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Nope. (But I do understand why you posted this question...)

    For those who wonder;

    link
     
    Last edited: Feb 16, 2011
Loading...
Thread Status:
Not open for further replies.