Simple VPN implementation for FossaPup

Moderators: 666philb, Forum moderators

Post Reply
User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Simple VPN implementation for FossaPup

Post by OscarTalks »

Treat as experimental and use at your own risk, but I have been using it regularly for a long time without any observed problems in my everyday Pups. I have assembled a version of my Simple VPN implementation which I named "vpn-onoff". It is based around openvpn-2.4.10 compiled from source in FossaPup, with a dedicated yad for the tray icon also compiled from source. Thanks to jafadmin for the netinfo.yad script.

After installing the PET, usage is Menu > Network > VPN-Start to connect to VPN and Menu > Network > VPN-Stop to disconnect (or use the tray icon right-click).
Connection and disconnection takes some time, wait, observe the notifications, then click the OK in the dialog at the end of the process.

At the time of posting, this should connect to the free VPN service "cryptofree" by cryptostorm.is without needing any configuration. This service has no data limit, but the speed is restricted to some degree.

Beyond that, setting up VPN clients requires some configuration by the user. This is done inside the directory /etc/vpn-onoff using ROX, JWM and Geany as you would normally do with files in Puppy. See the README. There are some configuration files for vpnbook.com and FreeVPN.me which are 2 other free VPN services, but you need to switch the symlink and add in username and password. Other VPN services (free and paid-for) can be added if you are able to follow the instructions of the providers regarding openvpn configuration.

Attachments
vpn-onoff-0.4.0-x86_64-fossa.pet
(349.54 KiB) Downloaded 391 times
allendiggity
Posts: 9
Joined: Sat Oct 03, 2020 4:11 am
Been thanked: 3 times

Re: Simple VPN implementation for FossaPup

Post by allendiggity »

Thanks. For those who want to try Wireguard, I compiled a kernel: https://www.forum.puppylinux.com/viewto ... 146&t=1004

mow9902
Posts: 196
Joined: Fri Jul 24, 2020 11:57 pm
Has thanked: 15 times
Been thanked: 62 times

Re: Simple VPN implementation for FossaPup

Post by mow9902 »

I posted this a year ago - and use it myself continuously..
Works fine on fossapup

viewtopic.php?f=89&t=818

joet12345
Posts: 305
Joined: Sun Apr 04, 2021 12:00 am
Has thanked: 15 times
Been thanked: 6 times

Re: Simple VPN implementation for FossaPup

Post by joet12345 »

Is this compatible with stubby?

I have stubby DoT listening on 127.0.0.1 port 53 and your VPN app seems to be working fine along with stubby. If I go to https://whatismyipaddress.com/ I can see that my IP is different but I don't understand how stubby is working still? Is it encrypting DNS over the VPN?

Or is stubby lowering the performance of the VPN? I guess I am just wondering if there is conflict or not... :?: thanks

In a terminal when i do

Code: Select all

nslookup google.com

The proxy is 127.0.0.1 on port 53 which means stubby is active while at the same time your VPN app is running and working too...

User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Re: Simple VPN implementation for FossaPup

Post by OscarTalks »

I have never tried to use stubby so I don't know the answer to be honest. All I can tell you is that the VPN-Start function takes a backup of your existing DNS settings and then changes the DNS to Cloudflare. This is considered a reputable service and it eliminates DNS leaks (which often happen because DNS look-ups get sent to your Internet Service Provider). The VPN-Stop function restores your original settings when you exit VPN. I guess that if stubby is then making modifications to DNS it will depend on exactly how and when those modifications are carried out. Try using https://dnsleaktest.com/ to see if that confirms what is happening with DNS in your scenario.

joet12345
Posts: 305
Joined: Sun Apr 04, 2021 12:00 am
Has thanked: 15 times
Been thanked: 6 times

Re: Simple VPN implementation for FossaPup

Post by joet12345 »

I went to the dnsleak test site and it shows it is using studdy DNS...In other words, not Cloudflare.

I've been using it for a while and everything seems to be working fine meaning with your VPN app and Stubby - nice! :thumbup: Never thought one could encrypt DNS inside a VPN network :lol:

User avatar
festus
Posts: 11
Joined: Mon Jul 13, 2020 12:04 pm
Has thanked: 1 time
Been thanked: 4 times

Re: Simple VPN implementation for FossaPup

Post by festus »

This is working very well on fossapup64.

Thank you, Oscar, for this contribution.

kylerickards
Posts: 18
Joined: Thu May 27, 2021 1:39 pm
Has thanked: 14 times

Re: Simple VPN implementation for FossaPup

Post by kylerickards »

Hi

I've just found this and am having massive trouble in that I don't understand how to get it working. Normally I switch between Linux Mint and my VPN which I understand and works but I thought I would try using my VPN on my SD card installation of Puppy (bionicpup64 version 8.0). I have tried openvpn and not had much joy and I found this tool.

If I try the default settings and wait 30 seconds I am just connected to regular ISP after that period and I have gone through the instructions and I don't understand what I am changing and where to put my credentials in to use my paid for service - is anyone able to help or point me to something that would help?

Thank you.

User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Re: Simple VPN implementation for FossaPup

Post by OscarTalks »

The one posted in this thread was compiled in FossaPup so there is a strong chance it won't work in BionicPup64
There is one compiled in BionicPup64 which you can try. It has a slightly earlier version of openvpn if I recall correctly, but it should still work.
http://smokey01.com/OscarTalks/vpn-onof ... bionic.pet

kylerickards
Posts: 18
Joined: Thu May 27, 2021 1:39 pm
Has thanked: 14 times

Re: Simple VPN implementation for FossaPup

Post by kylerickards »

Hi Oscar

Thank you - that works first time :)

Is is easy for me to set my paid for VPN up with this system or am I likely to get stuck? I'm not that confident at doing things in Puppy if I am honest

User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Re: Simple VPN implementation for FossaPup

Post by OscarTalks »

You will need an .ovpn configuration file for the chosen server of your VPN provider. Many providers offer easy ways of downloading these. You will need to edit this file, at least the line pointing to the passfile. This should read auth-user-pass /etc/vpn-onoff/vpnpass
Then edit the vpnpass file, putting your username on the first line and your password on the second line. (Beware, some providers code your login details into something else, in which case you might need to dig deeper).
Then delete the vpnconfig symlink and create a new one with the same name (vpnconfig), but linking to your .ovpn config file which you have placed in the /etc/vpn-onoff directory.
Then test it and see if it connects. If the provider supports openvpn and all the details are correct, there is a good chance it will, but no guarantees.

User avatar
mikeslr
Posts: 2968
Joined: Mon Jul 13, 2020 11:08 pm
Has thanked: 179 times
Been thanked: 924 times

Re: Simple VPN implementation for FossaPup

Post by mikeslr »

Hi kylerickards,

You may be able to use 666philb's instructions here, viewtopic.php?p=7747#p7747 as a guide. IIRC, I followed them under Bionicpup64.

This thread could also be helpful. https://oldforum.puppylinux.com/viewtop ... 7#p1026517

But, if you need further guidance start a thread under the Bionicpup64 or User Section.

kylerickards
Posts: 18
Joined: Thu May 27, 2021 1:39 pm
Has thanked: 14 times

Re: Simple VPN implementation for FossaPup

Post by kylerickards »

Thank you both.

I managed to follow the steps, more than I thought I would be able to but it didn't work. I am not used to sim linking things so that's something I have learned. I was confused because I didn't have to put my certificate details in anywhere, just the username and password. I will start a new thread as you suggest but for now I will have to try and reverse what I have done for now so at least it works for me.

Thank you again

EDIT: I've just noticed, my .ovpn file has much less in it than the ones in the default folder?

Code: Select all

client
dev tun
proto udp
remote tpe-c02.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name tpe-c02.ipvanish.com name
auth-user-pass /etc/vpn-onoff/vpnpass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Re: Simple VPN implementation for FossaPup

Post by OscarTalks »

Often the certificate details are all included in the .ovpn file, but they can be in a separate file with the path or name defined in the .ovpn file. This seems to be the case here, so if you can find the certificate file you still might be able to get it going. Note the line ca ca.ipvanish.com.crt, but I am not sure of the exact configuration method as I have never needed to do this, so you may have to experiment a bit.

kylerickards
Posts: 18
Joined: Thu May 27, 2021 1:39 pm
Has thanked: 14 times

Re: Simple VPN implementation for FossaPup

Post by kylerickards »

Thanks Oscar, I have my certificate file along with a huge list of all the other locations I can link to, I am not sure where I would specify the certificate though?

joet12345
Posts: 305
Joined: Sun Apr 04, 2021 12:00 am
Has thanked: 15 times
Been thanked: 6 times

Re: Simple VPN implementation for FossaPup

Post by joet12345 »

OscarTalks wrote: Sat Apr 10, 2021 12:30 pm

Is there a way do edit a file to change the default Cloudfare DNS? :?:

I am trying to make it work on Fatdog64. I have it running and working except I cannot change the default DNS so I am thinking if I can edit the default DNS to one of my own?

User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Re: Simple VPN implementation for FossaPup

Post by OscarTalks »

You can change the DNS from Cloudflare to something else if you wish. In /usr/bin/vpn-start line 23 change the numbers 1.1.1.1 and 1.0.0.1 to the nameserver numbers of your desired DNS provider.

joet12345
Posts: 305
Joined: Sun Apr 04, 2021 12:00 am
Has thanked: 15 times
Been thanked: 6 times

Re: Simple VPN implementation for FossaPup

Post by joet12345 »

OscarTalks wrote: Mon Jun 07, 2021 11:08 pm

That worked thanks :thumbup:

By the way, in fatdog64, I installed the this fossa version VPN but the openVPN did not install/worked... so I just installed openvpn from the package manager and then it worked :)

miltonx
Posts: 160
Joined: Sat Nov 28, 2020 12:04 am
Has thanked: 13 times
Been thanked: 6 times

Re: Simple VPN implementation for FossaPup

Post by miltonx »

Thank you, OscarTalks!
I never expected such a small package to work so well and easy by just a single click!

On the other hand, I'm quite surprised that after turning on the vpn, my chrome browser and terminal instantly get connected through the vpn. I always thought that, on linux, I have to set the proxy config on browser or terminal to route their traffic through the vpn app. Why does vpn-onoff work instantly on my browser, terminal and maybe other apps?

Is there any alternative option for me to set the browser's proxy address to route through this vpn (so that I can config bypassing url hosts)?

User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Re: Simple VPN implementation for FossaPup

Post by OscarTalks »

Hello miltonx,
Yes, when you click VPN-Start it switches your internet connection so that traffic goes through the VPN server system-wide. This is an advantage over browsers such as Opera which offer a VPN connection (only for the browser) because other applications (such as torrent clients and media players) are all connected to the internet via the VPN. If I understand your question correctly, I'm afraid I don't know of any way to use a browser's proxy settings to route through a VPN server, because this requires the additional VPN client software (as contained within vpn-onoff) to handle the encrypted tunnel connection between you and the VPN server.

Sepp1945
Posts: 2
Joined: Mon Sep 25, 2023 7:01 am

Re: Simple VPN implementation for FossaPup

Post by Sepp1945 »

Dear OskarTalks,
i would like to use your VPNonoff to add to my client fossapup for loging to my company server.
so it would require that the username is not added by the file, but it is asked for in a popup.
Can this be done?
this is the conf file from our company VPN server.

Many thanks

Sepp

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 6e7c8r9.sg 1194

# Allow remote peer to change its IP address and/or port number
float

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Comment out user and group if you wish to increase security. Be advised you
# can experience some issues when reconnecting
# user nobody
# the group option may be wrong for some distributions
# normally distributions use wether 'nobody' (Fedora) or 'nogroup'
# for the no-priviligies group name
# group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# Write the PID file for compatibility with Ubuntu init.d script

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca "cacert.pem"
cert "134C32140A6E1E5A.pem"
key "mercury.pem"

# Verify server certificate by common name
verify-x509-name vpn-mercuryvpn name

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Explicitly notify disconnections
explicit-exit-notify 3

# Silence repeating messages
;mute 20

## Custom configuration
auth-user-pass

Sepp1945
Posts: 2
Joined: Mon Sep 25, 2023 7:01 am

Re: Simple VPN implementation for FossaPup

Post by Sepp1945 »

Dear OskarTalks,
i would like to use your VPNonoff to add to my client fossapup for loging to my company server.
so it would require that the username is not added by the file, but it is asked for in a popup.
Can this be done?
this is the conf file from our company VPN server.

Many thanks

Sepp

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 6e7c8r9.sg 1194

# Allow remote peer to change its IP address and/or port number
float

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Comment out user and group if you wish to increase security. Be advised you
# can experience some issues when reconnecting
# user nobody
# the group option may be wrong for some distributions
# normally distributions use wether 'nobody' (Fedora) or 'nogroup'
# for the no-priviligies group name
# group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# Write the PID file for compatibility with Ubuntu init.d script

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca "cacert.pem"
cert "134C32140A6E1E5A.pem"
key "mercury.pem"

# Verify server certificate by common name
verify-x509-name vpn-mercuryvpn name

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Explicitly notify disconnections
explicit-exit-notify 3

# Silence repeating messages
;mute 20

## Custom configuration
auth-user-pass

User avatar
OscarTalks
Posts: 623
Joined: Tue Jul 14, 2020 10:11 pm
Location: London UK
Has thanked: 2 times
Been thanked: 247 times

Re: Simple VPN implementation for FossaPup

Post by OscarTalks »

Sepp1945 wrote: Mon Sep 25, 2023 7:34 am

i would like to use your VPNonoff to add to my client fossapup for loging to my company server.
so it would require that the username is not added by the file, but it is asked for in a popup.
Can this be done?

I may not be able to answer this as I am not in a position to make a test connection to the company VPN server.
Some questions and observations though:-

Where is the popup originating from and what program displays it?

The line "dev tap" in the conf file would usually be "dev tun" or sometimes with a number like "dev tun1"

Normally it would be essential in the conf file to edit the line "auth-user-pass" by providing the path to the passfile which contains login credentials:-
auth-user-pass /etc/vpn-onoff/vpnpass
Or you could add a custom passfile only for your server with a different name and change that path accordingly

If the vpn-onoff program is installed (it contains a build of openvpn) you could try running in terminal to see if the output gives any clues, so if the conf file is named "conf.ovpn" try the command:-
openvpn --config /path/to/conf.ovpn
It may be that the server is using some sort of login and authorisation system which my little program does not support, or it may be possible to extract the correct information and place it in the vpnpass file (as you can do with protonvpn for example) but without further information I can't say for sure.

Post Reply

Return to “Fossapup64”