OPENVPN for web surfing?

I get the impression that no matter what you do, the internet is keeping tabs on you.

Can OPENVPN be used to improve one’s security while surfing the internet?

Can someone clarify the server client paradigm for the case when you just want to surf the internet with a little privacy?

Thank you.

OpenVPN is just a VPN technology option, there are also other VPN technologies.

But if you want to know how VPNs in general are used, here is a couple common reasons…

  • Access a remote private network as though you were in that network, behind a firewall and trusted to access resources available only in that network.
  • Nowadays, there are also VPN services which Users can subscribe to which can change where your location appears to be. So, let’s say that a TV service imposes a blackout in your area. Or, a government is blocking access to specific websites and services on the Internet. You can use a VPN to “tunnel” to another location in the world so that your location appears to be wherever your VPN provider allows you to exit the VPN and now those restrictions won’t apply to you.

Of course, if enough people use various VPN services, then those who wish to restrict your activity will then try to block your use of VPNs.
And so goes the arms race…

As for security and “keeping tabs on you” – That’s a more complicated answer and VPNs can be a part of an answer but will not protect against a lot of things people do.

TSU

openVPN is also an application providing VPN functionality that can be used with a VPN provider, where openSUSE Leap currently uses version 2.3.8.

Some links

My personal opinion is, wrt privacy it depends on whom one is defending against. A VPN is good to protect against an average hacker, but it won’t protect one if they are in the ‘sights’ of a capable government organization (nor IMHO should they).

An application such as openVPN, will encrypt one’s traffic, including the IP where one is to surf, between one’s PC and the VPN server. However the instance the traffic leaves the VPN server, the traffic is back to its nominal state. If it is nominally unencrypted traffic, then it can be read, and of course the IP of the VPN server and also the IP of the site would be read regardless after the traffic leaves the VPN server.

Typically the VPN provider from its logs will know your IP and when you connect, and it will know the IP where you connect to. Some VPN providers claim they don’t keep keep log files, but take that with lots of grains of salt, as noted in a recent slashdot.org article where a VPN provider that advertises no log files, in fact kept some that they passed to the government to catch someone bad. In some countries the governments require the VPN providers to keep logs, so if the VPN providers do not keep such, they are breaking the law - so as noted, their claims of no log files from such countries should be taken with caution. Hence some people look for VPN providers based outside the countries with such laws requiring logs to be kept.

Further, not all VPNs provide the protection they advertise and one might hope. Read this article in Wired. One can have a VPN setup but have an IP leak. Not all VPNs will route IPv6 and hence even thou one’s IPv4 traffic is being routed via the VPN, one’s IPv6 traffic may be going direct outside of the VPN giving away one’s identity.

In addition, some Governments do not like their citizens using VPN, and they have laws against such and they block the VPN, often by IP blocking, port blocking, or Deep Packet Inspection to detect the VPN traffic or stop the VPN traffic.

Having typed that, if one is an a Hotel room or public location using the unencrypted wifi to connect to the internet, then one is very vulnerable to an average hacker, and using a VPN is a good start at adding some protection against the average hacker. Using a VPN in this scenario means one’s traffic from one’s PC to the VPN server, is likely out of reach of the average hacker, and hence one is safe from such.

Further, don’t go do something illegal with a VPN, as government resources are much larger than that of the average hacker, and with or without a VPN provider’s support, if one is in the Government’s sights, one can typically be tracked down and what one is surfing can be determined.

I use a VPN for protection in Hotel room / public spaces. My view is to restrict one’s use of a VPN for legal activity such as that.

Wifi in a Hotel room, great example.

I don’t understand the client server paradigm for the case when I want to check my Gmail account.

Is Gmail the VPN-client and I’m the VPN-server?

Can you use VPN all the time, even with sites that don’t have the established client-server connection?

Thank you.

No. VPN server is your “proxy” that you use to connect to Gmail.

A further clarification if any don’t understand the terminology concept with respect to a VPN and proxy … I’ll try to state the VPN operation in very simple description.

With a VPN account and with VPN application installed on one’s computer, then all internet traffic that leaves one’s computer will be encrypted and go direct to the VPN server (in the country of one’s choice, if that country is offered by the VPN company). It matters not if this is email, or browsing, or what ever. It will go straight to the VPN server. Then the VPN server then forwards one’s computer’s internet packets (email, browsing, what ever) to the appropriate Internet site/server.

So the VPN sits in between the Internet site that one wishes to visit/go-to and one’s home computer. This means to the Internet sites, one’s IP address looks like the VPN server.

This is great if one is using an un-encrypted Hotel Internet connection, and would like one’s Internet data encrypted when it leaves the Hotel , so that some hacker staying in the same hotel can not read one’s data.

But a VPN needs to be used carefully. Use that is not careful can cause a user problems. For example if one changes from one VPN server to another in a matter of minutes, and visits Facebook, or Hotmail, or other such sites using both servers, those websites (Facebook/Hotmail/others … ) will see a IP address change from one country to another country. Their software will flag that rapid IP address change (from country-A to country-B) as a possibly hacker from another country trying to hack one’s facebook/hotmail/other account, and possibly block one’s access. And it may be difficult to restart one’s access. Not to mentioned disruptive and annoying - all because one wanted to rapidly change IP addresses between multiple countries in a small number of minutes, for what purpose ?

Further many forums (and ours does also to a limited extent) if we note a VPN server is being used to put abusive content on the forum, we will block the VPN server IP address, which means the forum can not be accessed by any user using that VPN server.

So a VPN needs to be used intelligently, and not with the idea that one can abuse its home PC “IP cloaking” as that, in addition to being morally wrong, will end up with one still being blocked.

.

Hi there,
Very interesting indeed. That’s exactly what I need, as I’m to watch videos on indavideo in Hungary but can not because I’m i France. Anyone of you would know how to set up openvpn ??? cannot find it on therir website !
thanks

From what I know, the site openVPN ( https://openvpn.net/ ) is for an application - not for a service. Further one can dowload a packaged openVPN application for openSUSE and there is no need to go to that site: https://software.opensuse.org/package/openvpn

It is an open application that will work with various commercial VPN providers - so you will need an account with a VPN service provider.

Dependent on the commercial VPN service provider, for GNU/Linux, you may be able to download a .ovpn file for the country of choice (ie they need to support the country you wish to access) and one simply imports that into one’s network manager that is using openVPN application, check to ensure both ipv6 and ipv4 are re-routed (not all commercial VPN providers support ipv6 in which case you may need to block that), select that country server for use and that is pretty much it.

Some hotels (and indeed some countries) block the VPN servers IP address, so dependent on one’s location this may or may not work.