Free VPNs?

[RhombiKiet]

I've done extensive research, and I can't find a single free VPN compatible or installable with Fedora 17. HALP PLOX??

I'd prefer if it was simply downloadable. Also, I have a lynksis router I'm willing to change any setting on.

[flyingfsck]

A few years ago, I did see some SSH socks proxies, so maybe you should search again.

[stevea]

Quote:

I've done extensive research, and I can't find a single free VPN compatible or installable with Fedora 17.

Really ? What about openvpn, vpnc, ipsec ?
Another to explore is tinc


My *feeling* is that vpnc is a little buggy and no longer well supported.

[hmmsjan]

Dear RhombiKiet

An excellent VPN is OpenVPN with clients for all major platforms. There are plugins for NetworkManager
to connect to an OpenVPN server, in Windows there is an openvpn-gui.

You can make an additional subnet, or use the "bridge" mode to extend the local network IP range to remote.
The number of possibilities make the setup somewhat complicated, but there should be tutorials on the net
and example config files. Identification is either name/password or SSL certificates.
Due to the fact that only a single TCP or UDP port is needed, firewall setup is simple.


For a quick connection between Linux systems, one could consider ssh, see the "tunnel" options.

Good luck

[stevea]

Quote:

Originally Posted by hmmsjan

Dear RhombiKiet

An excellent VPN is OpenVPN with clients for all major platforms. There are plugins for NetworkManager
to connect to an OpenVPN server, in Windows there is an openvpn-gui.

You can make an additional subnet, or use the "bridge" mode to extend the local network IP range to remote.
The number of possibilities make the setup somewhat complicated, but there should be tutorials on the net
and example config files. Identification is either name/password or SSL certificates.
Due to the fact that only a single TCP or UDP port is needed, firewall setup is simple.


For a quick connection between Linux systems, one could consider ssh, see the "tunnel" options.

Good luck

Well I generally agree that openvpn is filled with goodness,
except that ipsec is part of the stack and aside from having some raw/rough tools for support IS the future.
http://docs.redhat.com/docs/en-US/Re...orks_VPNs.html

Yes ssh tunnel feature works as advertised, but it does nothing but set up the tunnel - no proxy forwarding or dhcp setup or routing tables. Good tool but a bag-of-bolts for making a practical tunnel.

[flyingfsck]

http://www.google.com/search?hl=en&q...sh+socks+proxy

BTW, a SSH socks proxy is a one liner, Firefox and Chrome can both forward DNS over socks and why do you want to do DHCP over a tunnel?

[beaker_]

Quote:

Originally Posted by stevea

Well I generally agree that openvpn is filled with goodness,
except that ipsec is part of the stack and aside from having some raw/rough tools for support IS the future.
http://docs.redhat.com/docs/en-US/Re...orks_VPNs.html

Yes ssh tunnel feature works as advertised, but it does nothing but set up the tunnel - no proxy forwarding or dhcp setup or routing tables. Good tool but a bag-of-bolts for making a practical tunnel.

Hmmm..., does more than tunnel here. Port forwarding for ex.,

[stevea]

Quote:

Originally Posted by beaker_

Hmmm..., does more than tunnel here. Port forwarding for ex.,

You misunderstand the context; the topic is VPNs. Port forwarding is NOT not a tunnel and not a VPN, - so your comment is off topic. The entire idea of a VPN is to 'join' another network via a secure channel, so you appear to be directly connected to the remote network. This requires creation of a new interface (like a 'tun' virtual interface) to permit routing. Ssh port forwarding does not do that and is irrelevant to this thread.


The ssh -w /tunnel options does create a tun device with a secure channel connection to the remote system. That's a big piece of the puzzle but not a complete solution.

ssh does have a proxy forwarding feature that can help - but has to be configured.
IIRC ssh tunnel does not create any routing tables for the tun.
it does not manage dhcp or dns configuration for the tun.
it does not have any cleanup for these things on exit.
You can surround ssh with scripts and get the desired effect - but ssh tunneling is not a VPN per se, it's just one component of a VPN..
These limitations probably explain why ssh tunnelling is rarely used or discussed - there are better solutions for VPN.



This is very unlike openvpn where the server pushes farside network arrangement (various internal lans, routes, masks) to the client, and the client creates an interface and uses this info to set local route tables. openvpn can also manage dhclient on the tun on the client. It knows how to tear this apart at disconnect.

[beaker_]

Quote:

You misunderstand the context; the topic is VPNs. Port forwarding is NOT not a tunnel and not a VPN, - so your comment is off topic. The entire idea of a VPN is to 'join' another network via a secure channel, so you appear to be directly connected to the remote network. This requires creation of a new interface (like a 'tun' virtual interface) to permit routing. Ssh port forwarding does not do that and is irrelevant to this thread.

Ummm... no I don't see it.

Quote:

The ssh -w /tunnel options does create a tun device with a secure channel connection to the remote system. That's a big piece of the puzzle but not a complete solution.

ssh does have a proxy forwarding feature that can help - but has to be configured.
IIRC ssh tunnel does not create any routing tables for the tun.
it does not manage dhcp or dns configuration for the tun.
it does not have any cleanup for these things on exit.
You can surround ssh with scripts and get the desired effect - but ssh tunneling is not a VPN per se, it's just one component of a VPN..
These limitations probably explain why ssh tunnelling is rarely used or discussed - there are better solutions for VPN.



This is very unlike openvpn where the server pushes farside network arrangement (various internal lans, routes, masks) to the client, and the client creates an interface and uses this info to set local route tables. openvpn can also manage dhclient on the tun on the client. It knows how to tear this apart at disconnect.

O come on. BS may baffle the OP's brains but we both know a VPN is about authentication & trust and not the amount of services you can push. If you want to guide him through setting up a hardened openvpn server & client, then, by all means, fill your boats. But I'm thinking like flyingfsck: here's a one-liner, so how hard did you check?