Why Should I Use a VPN

mirimir you gona reply or what -.-

 

user.crt=client.crt
user.key=client.key

Other providers use different names. You should always get ca.crt, and it should have "ca" in its name. If there are just two more, one *.crt and the other *.key, those are the client.crt/client.key pair. There may be a fourth, ta.key, and it always has "ta" in its name.

 

Sorry, sleeping

 

Right.

Right.

Yes.

But now, if you "cd ~/host" you'll be in your host machine's user home folder, in your case "C:\Users\username". When the share isn't mounted, "cd ~/host" just takes you to an empty folder in the VM's home folder.

 

I get that. There are a few components to set up, and many steps. But to some extent, there are many steps because I've written (almost) everything explicitly. It's really not that bad, once you've done it a couple times.

It doesn't require much CPU, but you do need enough RAM. To run multiple VMs, the host machine needs at least 4GB RAM, and better 8GB. But I've run two small VMs on a hosted server with 1GB RAM

I'll think about the video tutorial thing. Most of my VMs are on servers with no audio, so it'd take some work.

 

Like I said, sleeping

As I said, configuring the pfSense OpenVPN client will be the hardest part.

Basically, you probably got ca.crt, user.crt, user.key and a few route_name.conf (or .ovpn) files from your VPN provider. You install ca.crt, user.crt and user.key using the pfSense System | Cert Manager page, as described in my tutorial.

If you got a ta.key, you install that in the pfSense OpenVPN: Client page, as described in my tutorial.

If you got a username and password, you just put those in a file named client-cred, one per line.

What you put in the Advanced configuration box on the pfSense OpenVPN: Client page depends on what's in the route_name.conf (or .ovpn) files that you got from your VPN provider. In my experience, the set that I put in my tutorial works for most VPNs:

ns-cert-type server;auth-user-pass /var/etc/openvpn/client-cred;key-direction 1;redirect-gateway def1;verb 5

 

OK, sorry about the confusion.

Indeed. I've decided that it's hopeless. And so I just assume that everything done on a particular VM using a particular VPN, Tor etc route will be correlated. I just use many VMs. And each one has its own pseudonym, with email addresses, and sometimes with physical addresses, telephone numbers, etc.

Yes. In pfSense, nothing goes out WAN when the VPN is down except VPN connection attempts, and DNS requests to the VPN's DNS servers. You can block those DNS requests with firewall rules in pfSense, allowing them to use only the VPN tunnel.

Is being long-lived an issue?

I'll review that, and may say more.

OK, sorry. I just recalled reading about the issue, probably on tor-talk.

 

nope only getting

user@ubuntu:~/host$

and nothing happening

 

So you don't see any files in ~/host?

If you've successfully created the VBox shared folder named "windows_share", and if running "sudo mount -t vboxsf windows_share ~/host" completes without errors, "cd ~/host" should put you in your Windows host's "C:\Users\username" folder. Is there anything actually in that folder on the host?

I'm not using Windows hosts, so maybe there's some file permission magic needed. But I don't remember that there was.

Maybe PD can comment here. He uses Windows, as I recall.

 

any file in ~/host ? no i see the terminal window with the command i type in and nothing happening -.-


well ive just ran the sudo mount -t vboxsf windows_share ~/host"


but i got this instead :


/sbin/mount.vboxsf:mounting failed with the error: Protocol error



vbox shared folder , huh ? the only shared folder ive set up was the one ive mentione aka


C:\Users\username under transient folder


and yes username has all the windows important folders for users contained including registry entries , settings , etc so no its not empty

 

Well, if you run "ls", you should see what's there.

OK, just to be clear, in "sudo mount -t vboxsf windows_share ~/host", "windows_share" represents the "Folder Name" from the VBox Shared Folders dialog ("C:\Users\username" being the "Folder Path").

If it's already mounted, you'll also get an error, because you can't mount it twice. To dismount, run "sudo umount ~/host".

Yes, that's what I mean by the shared folder.

OK, try it again.

 

ok ive done as you told and it works after entering

udo mount -t vboxsf windows_share ~/host", "windows_share" represents the "Folder Name" from the VBox Shared Folders dialog ("C:\Users\username" being the "Folder Path").


and then cd ~/host

when i go to home folder i see the folder named, host


and i can see all my username folders content, thanks

no i can continue with this i asume , finally


so now ive created the client-cred.txt file with my username and then my password below it , so i asume i dont need this in the config.txt anymore ?



user-cred

username <<<<these
password <<<<

 

Far out! FWIW, it took me forever to get shared folders to work when I was starting with VBox. I was also new to Linux, which made it even harder.

Yes!

The "config.txt" file is just a collection of all the information that you need to set up the OpenVPN client in pfSense. That's useful if you're creating multiple pfSense VMs, or if you ever need to recreate one later. It's not actually used anywhere in the pfSense VM.

 

lols , ok , then i guess ill just leave it, password and username in the list in config.txt, so i just realised in order to unmount host in vm i gotta exit and start a new terminal , lols

update:



"In the pfSense Dashboard, select "System | Cert Manager" from the top pfSense menu. In the "CAs" tab, click the plus sign at right to create one, and name it "ca.crt". In the "Certificate data" window, paste the certificate block under "ca.crt" in "Config.txt", and click "Save". In the "Certificates" tab, click the plus sign at right to create one, and name it "client.crt". In the "Certificate data" window, paste the certificate block under "client.crt" in "Config.txt". In the "Private key data" window, paste the key block under "client.key" in "Config.txt", and click "Save". You should see "ca.crt" as the issuer of this client certificate."


so one question do i fill in the stuff with my vpn info from the ca.crt , user.crt , user.key files ive downloaded from my vpn ? or just enter these repeating spaces


-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----


and what about user-crd

do i make one for that too and enter the password and username into the certificate data field?


i dont got no tls auth but i got my .ovpn config files for the servers

 

Right.

Paste the contents of those files in the appropriate places. You can open the files in Leafpad (Xubuntu's text editor). I just used spaces in the tutorial rather than making up fake certificate and key text.

You create the user-cred file in the /var/etc/openvpn folder in pfSense, as described in the tutorial.

OK, then make sure that "TLS Authentication" is unchecked when you're editing the "OpenVPN: Client" configuration page.

Pick what OpenVPN server to connect to from the OVPN file, and what port to use. Use UDP (usually 1182) for the outer VPN. For the inner VPN, you'll need to use TCP (usually 443) because Tor only carries TCP fully.

Pick what encryption algorithm to use from the OVPN file, and select it in the "Encryption algorithm" selector on the "OpenVPN: Client" configuration page.

The VPN client probably won't work the first time. You'll need to look at the connection log, and figure out what went wrong. I'll help

 

ok now since im as far as


Go back to "VPN | OpenVPN", and select the "Client" tab. Click the "e" button to edit, deselect "Disable this client", and hit "Save". Go to "Status | OpenVPN" and see if it worked. If OpenVPN status is "up", that's a good sign. We're almost done! Otherwise, go back and figure out what went wrong.


so what i wanted to say is my host machine is currently connected to my tap adapter aka airvpn , but now ive added the airvpn keys and certs as per instruction to the point above , or should i have done that with mullvad?

cause i want mullvad to be at the end of the vpn chain aka airvpn > tor > mullvad , and do i leave the server port at 1194 or set it to 443 since im using udp 443 with air,and set the server host to airvpn.org or its entry ip address

i did however download the tcp 443 .ovpn profile for my vpn server as well , awaiting further instructions


btw when i tested the openvpn status it showed down

 

Good

Not good If you're already connected to AirVPN with your host machine, the pfSense client won't connect, because AirVPN (as I recall) only allows one connection per account. Also, I'm not sure whether it would allow connections from its own exit IPs

But yes, you do want the pfSense VM set up for AirVPN. You'll be connecting to Mullvad with the Xubuntu VM.

Try again after disconnecting AirVPN in your host machine.

Use whatever port AirVPN wants for its UDP connections. And use the AirVPN IP address or hostname from the OVPN file, for the route that you want.

No, you want UDP for the outer VPN = AirVPN.

Try again. If it doesn't work, we'll need to look at the OpenVPN connection log at Status: System logs: OpenVPN.

 

one more thing to add , remember i told you my current firewall setup with comodo is set so that everything is routed through the tap adapter , should the vpn disconnect , no internet , so is this still ok if i just disconnect airvpn aka no internet , and connect airvpn in the vm ? as you said?


so about the ip address you meant to say to use the ip thats used to connect to my selected vpn route right and select the port you use with it, right


btw yes only one connection per account for air

 

Oh. You may need to disable those firewall rules, in order to let the OpenVPN client in the pfSense VM connect. Because now it won't be the Windows OpenVPN client that's connecting. And Windows will see traffic from the OpenVPN client in the pfSense VM as coming from VBox.

Yes. The same AirVPN server IP and port that your current Windows client is using to connect.

That's what I remember.

 

well it works without touching my fw rules, openvpn status shows up, and the rest of the mumbo jumbo info after entering what i suggested and you just confirmed

since im posting as you can see , i had to click on disable again and reconnect my airvpn in my host machine

so how do i do this from here on , go and do the same for mullvad in the same vm? or what and do i now go and install ras torgateway?, remember , i wanted airvpn>tor>mullvad for my host machine and my real ip in a seperate vm just for banking and real life stuff like paypal and ebay crap and real life mail etc



"Now we must tweak the pfSense setup a little. Go to "Status | System Logs", and select the "OpenVPN" tab. Find the "PUSH" line in the connection log, and see what DNS servers were specified by the provider ("dhcp-option DNS ..."). Go to "Services | DHCP Server”, enter their IP addresses under "DNS servers", and hit "Enter". This ensures that the pfSense DHCP server gives the VPN provider's DNS servers to clients (and doesn't just forward the DNS servers that pfSense uses on WAN).

Now we must route LAN through the VPN tunnel. Go to "Firewall | NAT | Outbound", select "Manual Outbound NAT rule generation", hit "Save" and then "Apply Changes". Click the "e" button to the right of "Auto created rule for LAN to WAN" to edit it. Change the "Interface" from "WAN" to "OpenVPN", edit the "Description" to reflect the change, hit "Save" and then hit "Apply Changes".

Now go to Firefox, and check your IP address. It should have changed. If so, good. If Firefox hangs, there's probably something wrong with the DNS server setup. If you have no luck with the provider's DNS servers, use OpenDNS or other public servers in "Services | DHCP Server”, and see if that works. If it does, maybe you don't have the right DNS servers for your provider.

Now we check what DNS servers the VPN tunnel is using. Go to -http://grc.com/dns, and initiate the standard DNS test. If all is well, you should see just one or two DNS servers, and none of them should be your ISP's (or whatever pfSense sees on its WAN adaptor).

Create OpenVPN Clients for Other VPN Services

Now you can create OpenVPN clients for other VPN services that you use. I typically create one for each route of each service, and incorporate the service and route information in the VM's name, and also in the name of the VirtualBox internal network that's attached to that VM's LAN adaptor. Track which VPN providers know your true identity, and connect directly to them. Conversely, also track which VPN providers do not know your true identity, because you paid anonymously (cash in the mail, Liberty Reserve or equivalent) and have never connected directly to their websites or OpenVPN servers. Make sure that you never connect directly to them. Only connect through another VPN service, or through Tor."


havent gotten there yet , since im still waiting for further instructions

 

Cool. But you're still not done with the VPN setup. Until you edit outbound NAT in pfSense, the OpenVPN tunnel (even though it's up) won't be routed to pfSense's LAN.

Do the pfSense tweaks in the text that you quoted, for the VPN's DNS server, and for outbound NAT. Then check that Firefox in your Xubuntu VM can see the Internet, and that you have the right AirVPN exit IP address.

OK.

Before proceeding, make sure that Firefox in the Xubuntu VM is set up securely (always private browsing, no history, etc).

The next step is installing ra's Tor gateway. It's WAN adaptor is by default NATed to VBox host. Change that to connect to the internal network from your pfSense VM. Leave the Tor gateway LAN adaptor as is. Once that's running, connect your Xubuntu VM to the internal network hosted by the Tor gateway.

Start Firefox, and check your IP address. It should be a Tor exit IP, not the AirVPN exit.

Right. So you'll need to create another pfSense VM, this one set up for Mullvad. Its WAN will connect to the Tor gateway internal network. Eventually, its LAN will connect to a host-only adaptor, but for now use another internal network, and test with the Xubuntu VM.

Cool. I'm about done for the evening, so hasta mañana

 

me too actually been way over my bed time

anyhow just wanted to let ya know im gona go and get the incognito ovm , since ras torgateway is discontinued

https://bitbucket.org/ra_/incognito-gateway

this from ras site


As of June 2012 all updates regarding the (fast) gateway will be posted on github.



https://github.com/ra--/Tor-gateway/


01/2013: This project has been obsoleted by Incognito Gateway, Incognito Workstation and Incognito Desktop. Besides it moved from Github to Bitbucket because Github decided to disable downloads.


and heres the new build ra project aka icognito

https://bitbucket.org/ra_/incognito-gateway/downloads


Incognito Gateway 0.6.0.ova

id asume

 

Yes, I meant ra's Incognito gateway.

I haven't used it yet, but don't expect it to work differently. Better, yes

 

ok ive tried connecting but this is what i get after following this instruction


Cool. But you're still not done with the VPN setup. Until you edit outbound NAT in pfSense, the OpenVPN tunnel (even though it's up) won't be routed to pfSense's LAN.

Do the pfSense tweaks in the text that you quoted, for the VPN's DNS server, and for outbound NAT. Then check that Firefox in your Xubuntu VM can see the Internet, and that you have the right AirVPN exit IP address.



this is what i get:

Code:

Jan 16 11:06:33 	openvpn[24438]: [server] Peer Connection Initiated with [AF_INET]94.185.85.170:443
Jan 16 11:06:36 	openvpn[24438]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jan 16 11:06:36 	openvpn[24438]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.6.38 10.4.6.37'
Jan 16 11:06:36 	openvpn[24438]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 16 11:06:36 	openvpn[24438]: OPTIONS IMPORT: LZO parms modified
Jan 16 11:06:36 	openvpn[24438]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 16 11:06:36 	openvpn[24438]: OPTIONS IMPORT: route options modified
Jan 16 11:06:36 	openvpn[24438]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 16 11:06:36 	openvpn[24438]: ROUTE default_gateway=10.0.2.2
Jan 16 11:06:36 	openvpn[24438]: TUN/TAP device /dev/tun1 opened
Jan 16 11:06:36 	openvpn[24438]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 16 11:06:36 	openvpn[24438]: /sbin/ifconfig ovpnc1 10.4.6.38 10.4.6.37 mtu 1500 netmask 255.255.255.255 up
Jan 16 11:06:36 	openvpn[24438]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.4.6.38 10.4.6.37 init
Jan 16 11:06:36 	openvpn[24438]: /sbin/route add -net 94.185.85.170 10.0.2.2 255.255.255.255
Jan 16 11:06:36 	openvpn[24438]: /sbin/route add -net 0.0.0.0 10.4.6.37 128.0.0.0
Jan 16 11:06:36 	openvpn[24438]: /sbin/route add -net 128.0.0.0 10.4.6.37 128.0.0.0
Jan 16 11:06:36 	openvpn[24438]: /sbin/route add -net 10.4.0.1 10.4.6.37 255.255.255.255
Jan 16 11:06:36 	openvpn[24438]: Initialization Sequence Completed
Jan 16 11:07:47 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:07:47 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:07:47 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:07:47 	openvpn[24438]: MANAGEMENT: Client disconnected
Jan 16 11:08:38 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:08:38 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:08:38 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:08:38 	openvpn[24438]: MANAGEMENT: Client disconnected
Jan 16 11:10:19 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:10:19 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:10:19 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:10:19 	openvpn[24438]: MANAGEMENT: Client disconnected
Jan 16 11:12:31 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:12:31 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:12:31 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:12:31 	openvpn[24438]: MANAGEMENT: Client disconnected
Jan 16 11:13:51 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:13:51 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:13:51 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:13:51 	openvpn[24438]: MANAGEMENT: Client disconnected
Jan 16 11:17:26 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:17:26 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:17:26 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:17:26 	openvpn[24438]: MANAGEMENT: Client disconnected
Jan 16 11:19:07 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:19:07 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:19:07 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:19:07 	openvpn[24438]: MANAGEMENT: Client disconnected
Jan 16 11:19:50 	openvpn[24438]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jan 16 11:19:50 	openvpn[24438]: MANAGEMENT: CMD 'state 1'
Jan 16 11:19:50 	openvpn[24438]: MANAGEMENT: CMD 'status 2'
Jan 16 11:19:50 	openvpn[24438]: MANAGEMENT: Client disconnected

no access , with and without comodo activated , with and without a dns set in my host machine physical net adapter, the best i got was the up sign for the openvpn as mentioned and that was with airvpn disconnected in my host machine, and i dont get any internet using firefox as was instructed, gona go and rest now , im beat , see ya

 

*YAWN* Who can be bothered. Just boot Talis/Liberte in a VM. Simple is often the best!