[ale] VPN recommendations?

Arie vW willigen.van.a at gmail.com
Tue Mar 20 11:55:38 EDT 2018


Not to hijack the thread, but I recently began toying with the idea of
purchasing Mullvad as an external VPN. I currently have an OpenVPN Server
running on my server at home which I use to access my home network from
time to time (mainly to stream my Plex library).
Now forgive my ignorance, and if I need to read up on a topic please don't
hesitate to point me in that direction; but is it possible to run my own
OpenVPN server next to a Mullvad VPN? Is it just a matter of having both
VPN's config files in /etc/openvpn and then choosing which instance to
launch? I probably would not attempt to run them in tandem, although if I
were to connect to my home server via my VPN then try and open Mullvad
would it cause issues?

>From https://mullvad.net/en/guides/linux-openvpn-installation/:
3. copy mullvad_ca.crt, mullvad_crl.pem, mullvad_xx.conf and
mullvad_userpass.txt  to /etc/openvpn/  (use sudo)
Cheers,
Arie

On Fri, Mar 16, 2018 at 2:04 PM, Alex Carver via Ale <ale at ale.org> wrote:

> On 2018-03-16 08:44, DJ-Pfulio via Ale wrote:
> > On 03/16/2018 10:32 AM, Steve Litt wrote:
> >> On Fri, 16 Mar 2018 09:04:24 -0400
> >> DJ-Pfulio via Ale <ale at ale.org> wrote:
> >>
> >>
> >>> I run my own VPN at home, for when I'm away.  It uses openvpn AES256
> >>> and works just like the VPN services.  Works surprisingly well for my
> >>> 15/3 slow-ass connection.
> >>
> >> Why wouldn't everybody do your openvpn solution for when they're on the
> >> road?
> >
> > I can think of a few good reasons, but mainly, you just don't want to
> tie your
> > current location with your home location.
>
> Depending on the application in use your current location can be hidden
> (e.g. mobile Firefox).  Your "location" ends up being the exit IP of the
> VPN.  This is what I see when I'm on my phone using my VPN at home.
>
> >
> > A few other reasons NOT:
> >
> > Sometimes you might be in a location that you really don't trust - even
> with a
> > VPN and wouldn't want to provide access to your HOME LAN for any
> attackers.
>
> Easy way out for this:  Give yourself two openvpn profiles with two
> static IP addresses for the tunnel (statics are easy to do as is).  Set
> up iptables on the VPN server to allow Profile A unrestricted access to
> your home LAN and Profile B is only allowed to reach the gateway and any
> IP address on the WAN.  If you're in a scary place, log in with Profile B.
>
> > Getting openvpn working seems to be non-trivial due to all the
> configuration
> > options.
>
> Most of the defaults work fine.  The only specific bits to choose are
> the encryption algorithms and the key sizes.
>
>
> > Perhaps the home has poor internet or poor power? Needing to use a VPN,
> but not
> > being able to connect will likely lead to poor security choices.
> >
> > Not everyone is comfortable running a server from their home. They might
> believe
> > that the ToS from their ISP prohibits it for personal use, which I don't
> believe
> > is the case, but everyone has to follow their conscience.  Personal use
> is fine,
> > even for residential accounts based on conversations I've had with ISPs
> over the
> > decades.
> >
> > Not everyone wants to leave **any** computer running at home when they
> aren't there.
>
> To tie two threads together I run openvpn on a Pi 2. :)  It takes about
> four seconds to negotiate a connection and then it works pretty well
> after that.  My ISP service isn't terribly fast in one direction so
> there's some sluggishness at times but for basic browsing, email and
> even VNC it works well enough.  I also have SSH on that Pi as well so I
> can tunnel in via that if VPN is being slow.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180320/91a960bb/attachment.html>


More information about the Ale mailing list