You are not logged in.

#1 2017-11-25 03:09:20

ratcheer
Member
Registered: 2011-10-09
Posts: 912

[Resolved] How to use (not configure) a VPN service

I'm a total newbie with this. I signed up for the Proton VPN service. I was able to figure out how to install and configure it. I also installed openvpn-update-resolv-conf from the AUR to get it to successfully connect. So far, so good.

So, after connecting to the VPN, do I just use the internet as usual, and everything goes through it? I tried to find info about using a VPN, but everything searches turn up seem to tell you how to configure it and then leave you on your own. Maybe that's all there is to it.

My last question is, how do I terminate it cleanly? openvpn.net's HOWTO said to just send it a SIGTERM. I did that, it said it received my SIGTERM, and exited. That sounds great, but my resolv.conf still pointed to the VPN tunnel DNS. I had to manually edit resolv.conf to get my normal internet access back. Is there a way to exit and restore normal DNS?

Tim

Last edited by ratcheer (2017-11-28 15:45:25)

Offline

#2 2017-11-25 14:46:01

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: [Resolved] How to use (not configure) a VPN service

It would help if you told us how you're managing your network.


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#3 2017-11-25 16:25:11

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: [Resolved] How to use (not configure) a VPN service

Two things.  First, without the VPN, find out what others think are your IP addresses using a site such as http://whatip.me/
There are many out there; I choose this one because it is simple and tries to resolve both your IPv4 and IPv6 addresses. It does not (appear) to geolocate you, and it does not try to sell you anything.

Note your addresses.  Then try it with the VPN engaged. Compare them -- your IPv4 will certainly be different.  If that is your only address, and you only have one network interface (not wifi and wired) active, you should be good to go.

If you have an IPv6 address, be careful.  If the site you visit has an IPv6 server, your system may use the IPv6 stack causing an address leak.

Finally, when connected to the VPN, post the output of ip route and let us take a gander at it.  As to a clean exit, slithery is right -- how do you manage your network?


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2017-11-26 02:00:07

ratcheer
Member
Registered: 2011-10-09
Posts: 912

Re: [Resolved] How to use (not configure) a VPN service

slithery wrote:

It would help if you told us how you're managing your network.

I'm just starting the OpenVPN client from the terminal.

The network is managed by some systemd scripts that I set up a long time ago. The main script is network@.service, which runs a oneshot service calling
net-up.sh at startup and net-down.sh at shutdown. The network itself is an ethernet connection to the router. The connection is a static LAN IP.

The net-up.sh sets the network device "up", adds the IP address, and adds a route via the gateway.

The net-down.sh flushes the ip address, flushes the route, and sets the network device down.

Maybe it's all too simple, but that's what I'm doing. It has been very reliable.

Tim

Offline

#5 2017-11-26 02:19:13

ratcheer
Member
Registered: 2011-10-09
Posts: 912

Re: [Resolved] How to use (not configure) a VPN service

@ewaller - Ok, this particular PC only shows an IPv4 address. For IPv6, it shows "IPv6:     Could not get your IPv6 address". However, my main LAN router gets a native IPv6 address from my ISP. Other nodes on my LAN do get and use IPv6 addresses. So, I'm not really sure whether I need to say I have IPv4 only, or IPv4 and IPv6. As of now, I'm only running OpenVPN from this Arch Linux  node with IPv4, only. My secondary router serves only this node. It is a bridged dd-wrt router that only serves the purpose of giving this node an ethernet connection, while the main router is on another floor on the other end of the house. So, it looks like: Cable Modem > Main Router > 802.11ac > Bridged Router > Ethernet > this node running OpenVPN client.

Yes, with the VPN connection running, I get a different IPv4 address, and IPv6 still says "Could not get your IPv6 address".

With the VPN connection running, ip route gives:

0.0.0.0/1 via 10.8.8.1 dev tun0 
default via 10.0.1.1 dev enp4s0 
10.0.1.0/24 dev enp4s0 proto kernel scope link src 10.0.1.24 
10.8.8.0/24 dev tun0 proto kernel scope link src 10.8.8.34 
128.0.0.0/1 via 10.8.8.1 dev tun0 
185.159.157.16 via 10.0.1.1 dev enp4s0

Thank you for your help.

Tim

PS - Everything is such a kludge because my Arch PC is over 6 years old and it has no wireless card. I tried a USB dongle, but it performed horribly, giving me only 802.11g speeds even though it was supposed to be an 802.11n card. After trying to fix that for weeks or months, I broke down and built the bridged router. It gives me 700+ mb/sec speeds.

Last edited by ratcheer (2017-11-26 02:24:44)

Offline

#6 2017-11-27 14:06:03

lo1
Member
Registered: 2017-09-25
Posts: 584

Re: [Resolved] How to use (not configure) a VPN service

As I'm seeing it, you're already using the VPN, only you need to specify which route should be the default (if that is what you seek), thus via tun0.
Also, I did a quick search and it seems protonVPN doesn't support IPV6 yet. You should see if that means a sort of an unwanted IP load balancing between the two routes, but my guess is you're going to end up with a network working only on IPV4.

Offline

#7 2017-11-27 17:14:56

ratcheer
Member
Registered: 2011-10-09
Posts: 912

Re: [Resolved] How to use (not configure) a VPN service

Thanks, lo1. My only real, technical question was whether I could get it to automatically restore my normal DNS after terminating the VPN. If manually editing resolv.conf is the proper way to do it, I guess it's not such a big deal.

My nebulous question was for tips on the dos and don't of using a VPN. Such as, I have heard that I should never visit sites and sign on to them, because then I could be traced back via my username and normal surfing habits. I was wondering whether there are other similar warnings I should be aware of. I suppose I should just drop that question, because no one seems to want to talk about it.

Tim

Offline

#8 2017-11-28 15:45:03

ratcheer
Member
Registered: 2011-10-09
Posts: 912

Re: [Resolved] How to use (not configure) a VPN service

Ok, never mind. I'll just manually edit resolv.conf after using the VPN.

Marking thread as Resolved.

Tim

Offline

#9 2017-11-28 18:52:02

positronik
Member
Registered: 2016-02-08
Posts: 94

Re: [Resolved] How to use (not configure) a VPN service

https://wiki.archlinux.org/index.php/OpenVPN#DNS

You can write your custom script that rewrites the correct dns if the script you are using doesn't find the correct DNS, as probably your network setup doesn't provide the script with the DNS.

I'd also recommend to use systemd services to start and stop the vpn.

Last edited by positronik (2017-11-28 18:55:29)

Offline

#10 2017-11-28 19:56:26

ratcheer
Member
Registered: 2011-10-09
Posts: 912

Re: [Resolved] How to use (not configure) a VPN service

Thanks, @positronic. I'll look into that.

Tim

Offline

Board footer

Powered by FluxBB