StreisandEffect / discussions

30 stars 3 forks source link

OpenVPN Ubuntu Linux Client: Documentation confusion #97

Open bondbeau opened 6 years ago

bondbeau commented 6 years ago

As this may already be covered somewhere, I ask for suggestions as to where one finds a step-by-step guide related to the following please?

  1. I chose 'Firefox' under the first page (are they numbered or give indication of what needs done next?) of the post-install Streisand directions.
  2. I chose option #11 'Connecting to your Streisand Gateway', after completing each step given.
  3. I successfully entered the 'SSL' username/password as shown further down on that same page.
  4. I chose 'OpenVPN' and then Linux (Ubuntu) (direct)' under 'Connection Instructions'.
  5. And then, I'm totally lost, as it gives several options like 'absurd-worth', youth-scene and others. I arbitrarily began attempting to do 'afraid-diesel', but then realized I have no idea what's supposed to happen and stopped after the doing the first sub-step, 'CA Cert: ca.crt'.

Can anyone please assist me from there...as I was hoping to first attempt an Open VPN connection on Linux (ubuntu), instead of any other client or connection method (Stunnel, etc.)...just to see if I can get just one basic encrypted connection before trying anything else?

Thank you!

cpu commented 6 years ago

Hi @bondbeau,

The instructions in the generated docs are meant to be step-by-step guides. Unfortunately the OpenVPN support using NetworkManager on Ubuntu Linux makes things quite complicated because it doesn't seem to reliably support importing .ovpn profiles like other platforms. That's why there are so many highly technical steps for this particular platform choice.

And then, I'm totally lost, as it gives several options like 'absurd-worth', youth-scene and others. I arbitrarily began attempting to do 'afraid-diesel'

These are client profile names. You did the right thing by selecting one at random. You only need to make sure two users don't use the same profile choice at the same time. The randomly generated names are meant to be easier to distinguish than "client 1", "client 2" etc :-)

I have no idea what's supposed to happen and stopped after the doing the first sub-step, 'CA Cert: ca.crt'.

I don't have a Ubuntu desktop machine handy for walking through the OpenVPN NetworkManager connection instructions with you but I will try to make time for this in the near future if someone else isn't able to jump in with help.

Thanks for your patience,

bondbeau commented 6 years ago

Thanks much for your attention @cpu . Since writing the above, I've totally started from scratch with a new install of Ubuntu on dual-boot with Windows, and also of course the entire Streisand install and a new VPS instance on Vultr. So...ALL...new. And this time I tried Wireguard instead and...have apparently been successful (though truly, besides seeing where the IP is reported from, I've no way of knowing/testing the security...I just don't know how). After you (or another that may "jump in") has a chance to see what's one to do with OpenVPN, I'd like to try that one as well...and all of them eventually, unless I learn what's to be avoided? And I'd like to share the instance with a friend as well (I think he's on Mint, but I'm laughing because I don't even understand what 'link' one is supposed to share, even though that info. is somewhere, I guess, in the post-install "generated-docs" from the Streisand directory). I'm working at it, and as long as my dual-boot doesn't get corrupted somehow, I can always start from scratch, as I am almost totally at a loss with Linux terminal commands unless they're given absolutely step-by-step. And when I find ones I know I'll likely need again (i.e. how to start/stop Wireguard or get the SSH key into the right format for adding to a VPS provider, or recording my public key), I'm keeping a list of copy/paste commands. I apologize for apparently 'insisting' (of a sort)...on Vultr as a platform for now. I really have no allegiance...I'm merely trying for what may be 'among' the least costly/reliable (from snippets of online remarks I've read and barely understand) available replacements for a commercial VPN...so I'm not 'trying' to make it difficult for anyone...I promise! Thanks again for your generosity, and I really am enjoying this learning process!

cpu commented 6 years ago

Since writing the above, I've totally started from scratch with a new install of Ubuntu on dual-boot with Windows, and also of course the entire Streisand install and a new VPS instance on Vultr. So...ALL...new

Wow :-) Spring cleaning. You've been busy!

(though truly, besides seeing where the IP is reported from, I've no way of knowing/testing the security...I just don't know how).

With WireGuard if the IP you're seeing reported from a test on the client is the Streisand server's IP you're in good shape. Glad to hear you have it working. That's one of the best options Streisand has and will be a lot faster than OpenVPN.

And I'd like to share the instance with a friend as well (I think he's on Mint, but I'm laughing because I don't even understand what 'link' one is supposed to share

You would share the link and password that's in your generated-docs/ folder, the .html file for the Streisand server. See the part "Connecting to your Streisand Gateway" in that document.

Thanks again for your generosity, and I really am enjoying this learning process!

Glad to hear it! These aren't simple topics and everyone was new to them at some point in time. I remember keeping a "command line copy/paste file" like you describe once upon a time myself.

Let me know if you have any more questions. I'll still try to vet the OpenVPN Linux NetworkManager instructions in the near future. I'd like to try and see if there's anyway we can simplify them with .ovpn import support and knowing what needs to change to make that happen will be valuable.

bondbeau commented 6 years ago

Many apologies for my late response to your being so helpful @cpu !

For Wireguard: Yes, the IP appears to be the same as the server address in the Streisand doc. For the DNS leak test, none of the 'quite a few servers reported' match the Streisand server IP (good or bad?), and they all report the hostname as "none" and the ISP as "Google" (presumably good?), though in truth, I'd prefer for nothing to report as 'Google'...ever or for anything. They make me nervous, and I'd like to eventually escape them altogether in my life.

For OpenVPN: I had to play with it quite a bit, so am not sure it's configured just right (the Firefox instructions in Streisand don't quite match the later(est) Firefox). When turned on, the IP reports correctly to match Streisand's server, but the DNS leak test shows several servers from the same locale as when OpenVPN is turned off (so I'm assuming that's not so good?).

For Tor: Just as an FYI at least for now (as I likely won't use it at all, or very little), it reports the IP is Switzerland or London or Seattle so far (so obviously not mine), and the leak test never reports at all (so that's presumably good?).

Those are all I've tried working with so far. I'd like the OpenVPN to work properly (assuming it might not be), as I was able to get it to turn on with just two clicks in the Wi-fi settings. And for that matter, ideally, I'd very much like to have whatever I end up using, to start up automatically (and restart if the encryption is lost at any point) whenever I start or restart the OS. In other words to fault ON, rather than OFF, at all times. But perhaps you might advise whether/where to ask about that in Streisand on Github, or whether those questions belong elsewhere entirely?

bondbeau commented 6 years ago

Thanks again @cpu ...you were a great help. You haven't yet replied to my latest post, so perhaps you'd answered all you felt necessary, or I am off-topic somehow. I really am flying blind at most all of this, including what are all the 'rules' and/or congeniality of various sites/forums that more tech-versed people already know by heart. Apologies for any of such. I'll keep at it and maybe ask some things later. Much appreciation, BB

cpu commented 6 years ago

Hi @bondbeau - Apologies, I haven't had much Streisand time over the past week. I'm hopeful I can come back to your latest post shortly. Thanks for your patience! You're not off-topic or violating any etiquette rules :-)

cpu commented 6 years ago

Just dropping in to leave a message to say I still haven't had a chance to come back around to this topic. My full-time job has been frenzied lately.

bondbeau commented 6 years ago

Thanks @cpu.