<div dir="ltr"><div><div><div><div>Not to hijack the thread, but I recently began toying with the idea of purchasing Mullvad as an external VPN. I currently have an OpenVPN Server running on my server at home which I use to access my home network from time to time (mainly to stream my Plex library). <br></div>Now forgive my ignorance, and if I need to read up on a topic please don't hesitate to point me in that direction; but is it possible to run my own OpenVPN server next to a Mullvad VPN? Is it just a matter of having both VPN's config files in /etc/openvpn and then choosing which instance to launch? I probably would not attempt to run them in tandem, although if I were to connect to my home server via my VPN then try and open Mullvad would it cause issues?<br><br></div>From <a href="https://mullvad.net/en/guides/linux-openvpn-installation/">https://mullvad.net/en/guides/linux-openvpn-installation/</a>:<br>3. copy mullvad_ca.crt, mullvad_crl.pem, mullvad_xx.conf and mullvad_userpass.txt to /etc/openvpn/ (use sudo)<br></div>Cheers,<br></div>Arie<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Mar 16, 2018 at 2:04 PM, Alex Carver via Ale <span dir="ltr"><<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 2018-03-16 08:44, DJ-Pfulio via Ale wrote:<br>
> On 03/16/2018 10:32 AM, Steve Litt wrote:<br>
>> On Fri, 16 Mar 2018 09:04:24 -0400<br>
>> DJ-Pfulio via Ale <<a href="mailto:ale@ale.org">ale@ale.org</a>> wrote:<br>
>><br>
>><br>
>>> I run my own VPN at home, for when I'm away. It uses openvpn AES256<br>
>>> and works just like the VPN services. Works surprisingly well for my<br>
>>> 15/3 slow-ass connection.<br>
>><br>
>> Why wouldn't everybody do your openvpn solution for when they're on the<br>
>> road?<br>
><br>
> I can think of a few good reasons, but mainly, you just don't want to tie your<br>
> current location with your home location.<br>
<br>
</span>Depending on the application in use your current location can be hidden<br>
(e.g. mobile Firefox). Your "location" ends up being the exit IP of the<br>
VPN. This is what I see when I'm on my phone using my VPN at home.<br>
<span class=""><br>
><br>
> A few other reasons NOT:<br>
><br>
> Sometimes you might be in a location that you really don't trust - even with a<br>
> VPN and wouldn't want to provide access to your HOME LAN for any attackers.<br>
<br>
</span>Easy way out for this: Give yourself two openvpn profiles with two<br>
static IP addresses for the tunnel (statics are easy to do as is). Set<br>
up iptables on the VPN server to allow Profile A unrestricted access to<br>
your home LAN and Profile B is only allowed to reach the gateway and any<br>
IP address on the WAN. If you're in a scary place, log in with Profile B.<br>
<span class=""><br>
> Getting openvpn working seems to be non-trivial due to all the configuration<br>
> options.<br>
<br>
</span>Most of the defaults work fine. The only specific bits to choose are<br>
the encryption algorithms and the key sizes.<br>
<span class=""><br>
<br>
> Perhaps the home has poor internet or poor power? Needing to use a VPN, but not<br>
> being able to connect will likely lead to poor security choices.<br>
><br>
> Not everyone is comfortable running a server from their home. They might believe<br>
> that the ToS from their ISP prohibits it for personal use, which I don't believe<br>
> is the case, but everyone has to follow their conscience. Personal use is fine,<br>
> even for residential accounts based on conversations I've had with ISPs over the<br>
> decades.<br>
><br>
> Not everyone wants to leave **any** computer running at home when they aren't there.<br>
<br>
</span>To tie two threads together I run openvpn on a Pi 2. :) It takes about<br>
four seconds to negotiate a connection and then it works pretty well<br>
after that. My ISP service isn't terribly fast in one direction so<br>
there's some sluggishness at times but for basic browsing, email and<br>
even VNC it works well enough. I also have SSH on that Pi as well so I<br>
can tunnel in via that if VPN is being slow.<br>
<div class="HOEnZb"><div class="h5">______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/<wbr>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo</a><br>
</div></div></blockquote></div><br></div>