I'm following the setup guide of my VPN provider but they failed to specify how to input the credentials after:
openvpn_ikev2_username (for the auth file)
I tried it with openvpn_ikev2_username 'myusername' and the same with my password but my IP address is still showing. I'm waiting for them to email me back to confirm I thought I'd just ask here in the mean time. Which interface(s) should I cover for the VPN connection?
Does your provider support WireGuard? If so consider switching over to WireGuard?
Is this for an Openvpn connection or IKEv2?
I think so. How is wireguard better than openvpn?
Well the command in my original post is taken straight from my providers OpenWRT setup page so I'm guessing it's ikev2. I tried pasting my credentials over 'username' and 'password' part of the command but my IP is still showing. Yet to try the guide that was posted. Been trying to get this up and running for the past few days and it's had me so frustrated. I'll try again later.
Is ProtonVPN your provider?
NordVPN pushes its proprietary solution nordlynx but easy to get WireGuard credentials as described elsewhere on this forum.
WireGuard is like a Porsche and OpenVPN is like an old bus. I actually identified this picture after and not before writing the previous sentence. How cool is this:
My rusty German translates the above as: "Nobody needs him. Everyone wants him". The Germans classify objects like cars and computers as a he.
Thanks for posting it but this guide is incomplete. It doesn't tell you how to add the 'tun' interface, I found that in this guide:
I see. If wireguard provides better security I'll consider using it?
Yes, and now I'm having issues with authentication on boot. After searching I think I have to generate keys and certificates with EasyRSA because the ones I have now are password protected. OpenWRT log is telling me to use the option
Had a look at the protonvpn guide for openvpn and as you say its incomplete. No TUN device or setting up a "kill switch".
Got a free limited account from them and works ok for browsing.
If you know the password you can use the openssl utility to decrypt the keys into new files which are usable by OpenVPN.
openssl rsa -in original.key -out new.key
I haven't got the time or the patience for this anymore. I'm going to get an invizibox router instead. I managed to get the server, client, interface and necessary keys created but there are still issues. The trouble with these programs is they're not made with people who have limited knowledge of networking in mind. Not everyone wants to sit there all day sifting through articles and configuring something that could be made a lot easier to set up and a lot less redundant. I mean it even goes down to the words that are used to describe things, hardly any clarity. Just because the developers understand the programming doesn't mean everyone else is going to. Privacy should be easy to attain! Not difficult!
VPN doesn't really provide any additional privacy though, unless you live in some oppressed country, and want to bypass the government firewalls, and such.
A very long article about commercial VPNs
Making people aware of privacy and security topics is amazing. Showing them solutions to those issues is also awesome, but for that to be effective, we - as in the whole internet - have to suggest and rely on methods that actually do what we need them to do. Using a VPN does not protect you against hackers who hijack parts of the internet to read traffic. Using a VPN does not protect you against data breaches on the services you are using. Using a VPN does not automatically protect your privacy and your identity.
VPNs are tools you can use to achieve those goals, but you have to know how to use them.
.....Do you hear the tires screeching...
Amendments and Corrections
Since this article blew up in certain parts of the internet, I received more feedback than I could ever individually respond to. So, thank you very much to all of you who took the time to raise questions or provide feedback in a friendly manner. With the feedback I received throughout the day, I made some changes to the article, and I would like to add some additional points.
- An earlier version of this post’s introduction claimed that VPNs “do absolutely nothing” for your privacy. Writing this was a mistake, especially since I contradicted myself later in this article. I reworded the introduction point and expanded the end a bit so that it is clear that VPNs can be used as one of many tools to help your privacy if you know how to use that tool.
- In my list of valid use-cases for VPNs, earlier versions of this article missed the very thing VPNs were initially designed for: accessing private networks and resources within those networks. While I thought this post was clearly only addressing commercial VPNs, I have received multiple messages from people who got concerned about their company’s VPN, for example. I added commercial VPNs as an additional valid use-case, and I am sorry for the confusion this may have caused.
I received a lot of feedback from North American people explaining they have zero confidence in their ISPs, and some provided me with references of current legislature and previous data collection scandals with large ISPs. Although I used the top 3000 US domain list for my statistic, I am not living in North America, and in most European countries, ISPs acting as US ISPs did would be conducting illegal behavior. Because of that, I may have given that point not enough weight.
I am still working through lots of information I received, and since I am not familiar with US contracts and US laws, which will take me a while. What I gathered so far is that while it is legal for ISPs to collect some connection data, they have to provide their customers with legally-binding Opt-Out mechanisms.
While it is a terrible situation when you have to Opt-Out first, I need to do more research on this point, because I do not like writing stuff without solid knowledge. Generally speaking, though, I stand by what I wrote earlier: While ISPs might be the easier targets to dislike, they actually do have a lot more to lose than anonymous, overseas VPN companies. This is by no means a resolution to the dilemma of choosing which party you trust the most, but it may be something to keep in mind.
- Some folks raised concerns that while I spend lots of words on explaining why using VPNs can be misleading, I did not provide alternatives to educate people on what they could do instead. This is correct, and although this was a deliberate decision, I do understand the criticism.
There are a lot of things I could write about, Tor for example, that actually can be used as a very effective privacy-enhancing tool. However, I started this article with the intention of addressing VPN marketing claims and to explain those in a way that people with little to no technical understanding could grasp. While I would love to explain these alternatives in a similar fashion, doing so would turn this article from a very long text into a very long book. I simply do not have the resources to provide this information.
I will, however, continue to collect feedback. If I stumble upon resources explaining these concepts in a complete, yet easy to understand fashion, I will add references here.
Drew DeVault wrote a very similar article, mentioning some of the alternatives to commercial VPNs. Readers with some level of technical expertise might find that a good starting point for further research.
- I got approached by a person who wrote an article claiming that VPN review sites are rigged because they use VPNs affiliate programs and thus are mainly interested in maximizing their revenue. I looked at some numbers and could not find evidence for that, but I am linking my results anyway in case someone has similar thoughts.
- If you got this far, you should also check out the 2017 article by Brian Krebs about commercial VPNs . I would also like to bring your attention to this lovely 2017 tweet from @SwiftOnSecurity. strong text