I live in the UK, and we have just passed a law which allows the government to capture all our communications. (Well, they were doing it before anyway, but now it’s legal.)
So I’d like to preserve my privacy by buying some data allowance from a VPN provider in a nearby country and routing most outgoing traffic over that, transparently, with minimal performance loss. It also needs to be reliable, and bring itself back up if the link ever bounces. I have a 200Mbit/s connection, and ideally i’d like to maintain full throughput, or as close as I can get.
My media center streams video a lot, and needs to download from BBC iPlayer which requires a UK IP, and the data’s not sensitive, so I’d like that to not go over the VPN. I can connect that to a different port on the Omnia easily. So I’d want everything from the wifi and most hardware ports to go over the VPN, and one hardware port to not go over the VPN.
Can someone point me at the right software (strongSWAN? OpenVPN?) to be running on the Turris, the right HOWTO to configure it, and a sample VPN provider which will work with it?
As there are different examples/goals in each guide(and some are out-dated or not fully applies for TurrisOS), sometimes it is confusing what is necessary to make as next step. Especially when you need something special and not just p2p with static key or bridged-tap.
Thing is, it’s not a nice overview for someone who just wants to get it done. It gives about a billion options and fifty pages to read and no way of choosing between them. If I wanted to learn everything there is to know about VPN technology, it might be a nice overview. If I just want to get one working reliably, and don’t care too much how it’s done, it’s not that helpful.
But it’s that about having people VPNing in to your internal network, rather than all your traffic going out via a VPN?
This is my point. There are lots of things you can do with “a VPN”, and lots of guides with a billion options. I’m hoping that someone who wants to do roughly the same thing as me has written up how they did it, what software they used, what provider they used, what settings they used, and I can just copy them. Does that exist anywhere?
Openvpn is (in some cases easy to setup), but generally i agree with Turris team, that opevpn should be configured only by experienced users. You have to be familiar with cryptography, networking, routing, firewalls. I have like 20 pages open in parallel when messing with openvpn
ad_streamlined-server-setup: yep too many stuff around …. i spend like three days trying to make it working (with like four rollbacks via schnapps) … and i just wanted routed-multi-client server over tun device.
Regarding the anonymity, you can always use TOR package and/or setup your own secure-tunel to any vpn providers outside (using just openvpn-client, which is kind of easy scenario, as you dont need to create CA/PKI and there is luci-app-openvpn … which might help a bit)
what VPN client are you using, i have the VPN working but the routing specific hosts like Netflix and BBC iPlayer is nothing short of pure evil, im still working on it but i might be able to help with your VPN issues.
I live in the UK as well and share your concerns as well.
I’ve not picked a client yet - that was part of why I posted this thread. I don’t need to do server-specific routing; port-specific routing will do fine. In other words “everything that comes in over the first Ethernet port can go out directly, everything that comes in the second or third Ethernet port or over Wifi needs to go via the VPN”. Hopefully that should be easier?
I don’t want to use Tor for performance reasons, but that second thing sounds like exactly what I want to do. You say it’s an easy scenario - can you point me at the right documentation?
so although port specific you think might be easier, its not actually easier. the script i attached you just specify the sites you want to bypass, i would go with Nord VPN, i like them, if you want 20% off, i can send you a referral code.
im going to get round to making a full script of how to setup the VPN with settings for Nord and i will leave it to you guys to see if you want to change that for other providers.
As for the documentation, you have to pick your VPN provider and use their howto/guides for specific setup (as for NORDvpn https://nordvpn.com/tutorials/ ). Also that provider should provide also user(client) certificate/key for you.
Howto for TurrisOmnia … https://www.turris.cz/doc/cs/howto/openvpn ( i know it is in CZ, but
you just use this section with config you will get from your vpn provider )
@pierre That’s pretty awesome - a really good step-by-step guide. Thanks! The missing part is explaining how one can have particular network ports or ESSIDs not use the VPN. Is it much extra work to do that?
(Well, they were doing it before anyway, but now it’s legal.)
