VPN

The way your data makes it to the desired server and back to your laptop computer or a mobile device is not as straightforward as it might rst seem. Say, you are connected to a wireless network at home and opening a wikipedia.org page. The path your request (data) takes will consist of multiple middle points or hops“ in network-architect-terminology. At each of these hops (which are likely to be more then 5) your data can be scooped, copied and potentially modi ed.

  • Your wireless network (your data can be sni ed from the air)
  • Your ISP (in most countries they are obliged to keep detailed logs of user activity)
  • Internet Exchange Point (IXP) somewhere on another continent (usually more secure then any other hop)
  • ISP of the hosting company that hosts the site (is probably keeping logs)
  • Internal network to which the server is connected
  • And multiple hops between. . .

Any person with physical access to the computers or the networks which are on the way from you to the remote server, intentionally or not, can collect and reveal the data that’s passing from you to the remote server and back. This is especially true for so called `last mile‘ situations the few last leaps that an internet connection makes to reach a user. That includes domestic and public wireless or wired networks, telephone and mobile networks, networks in libraries, homes, schools, hotels. Your ISP can not be considered a safe, or `data-neutral‘ instance either in many countries state agencies do not even require a warrant to access your data, and there is always the risk of intrusion by paid attackers working for a deep-pocketed adversaries. VPN a Virtual Private Network is a solution for this `last-mile‘ leakage.

VPN is a technology that allows the creation of a virtual network on top of an existing infrastructure. Such a VPN network operates using the same protocols and standards as the underlying physical network. Programs and OS use it transparently, as if it was a separate network connection, yet its topology or the way how network nodes (you, the VPN server and, potentially, other members or services available on VPN) are interconnected in relation to the physical space is entirely rede ned. Imagine that instead of having to trust your data to every single middle-man (your local network, ISP, the state) you have a choice to pass it via a server of a VPN provider whom you trust (after a recommendation or research) from which your data will start its journey to the remote location. VPN allows you to recreate your local and geopolitical context all together from the moment your data leaves your computer and gets into the VPN network it is fully secured with TLS/SSL type encryption. And as such it will appear as pure random noise to any node who might be spying after you.

It is as if your data was traveling inside a titanium-alloy pipe, unbreakable on all the way from your laptop to the VPN server. Of course one could argue that eventually, when your data is outside the safe harbour of VPN it becomes just as vulnerable as it was but this is only partially true. Once your data exits the VPN server it is far away from you way beyond the reach of some creeps sning on the local wireless network, your venal ISP or a local government obsessed with anti-terrorism laws. A serious VPN provider would have their servers installed at a high-security Internet exchange location, rendering any physical human access, tapping or logging a dicult task. Today everything you do on the Internet is monitored and we want to change that. With our fast VPN service you get totally anonymous on the Internet. It’s also possible to surf censored web sites, that your school,
ISP, work or country are blocking. [DarkVPN] will not only help people to surf anonymously, it also helps people in countries like China to be able to surf censored web pages. Which is your democratic right. DarknetVPN
gives all VPN users an anonymous IP address. All electronic tracks will end up with us. We do not save any log les in order to achieve maximum anonymity.

„With us you always sur ng anonymously, secure and encrypted.“ (http://www.darknetvpn.com/about.php) Another interesting and often underrated features of VPN is encoded in its name – besides being Virtual and Private it is also a Network. VPN allows one not only to connect via the VPN server to the rest of the world but also to communicate to other members of the same VPN network without ever having to leave the safety of encrypted space. Through this functionality Virtual Private Network becomes something like a DarkNet (in a broader sense of the de nition) a network isolated from the Internet and inaccessible to others“. Since a connection to VPN server, and thus the private network it facilitates, require a key or a certi cate, only invited“ users are allowed. There is no chance that Internet stranger would gain access to what’s on a VPN without enrolling as a user or stealing someones keys. While not referred to as such, any corporate Intranet type of network is a DarkNet too.

A virtual private network (VPN) is a technology for using the Internet or another intermediate network to connect computers to isolated remote computer networks that would otherwise be inaccessible..“  Many commercial VPN providers stress the anonymity that their service provides. Quoting Ipredator.org page (a VPN service started by the people behind The Pirate Bay project): You’ll exchange the IP address you get from your ISP for an anonymous IP address. You get a safe/encrypted connection between your computer and the Internet“. Indeed, when you access the Internet via a VPN connection it does appear as if the connection is originating from the IP address of IPredator servers. You’ll exchange the IP address you get from your ISP for an anonymous IP address. You get a safe/encrypted connection between your computer and the Internet.“ (https://www.ipredator.se)

VPN on MacOSX

Setting up a VPN on MacOSX is very easy once you have your account details ready, Let’s assume have your credentials from your VPN provider for L2TP/IPSec connection ready. This information should contain the following:

  • Username, ex. bill2
  • Password, ex. verysecretpassword
  • VPN server, ex. tunnel.greenhost.nl

A Pre-Shared-Key or Machine-certificate

Setup

1. Before getting started, please be sure you’ve read the paragraph “testing before and after account set up”, this way you will be able to validate if your connection is actually working after set up.

2. A VPN is configured in the network settings, that are accessible via “System Preferences..” in the Apple menu.

3. Next, open the Network preferences.

4. OSX uses this nifty system to lock windows. To add a VPN it is necessary to unlock the screen: you can do this by clicking on the lock on the left bottom of the screen.

5. Enter our user credentials

6. Now we can add a new network. Do this by clicking on the “+” sign

7. In the pop-up you need to specify the type of connection. In this case choose an VPN interface with L2TP over IPSec. This is the most common system. Also don’t forget to give the connection a nice name.

8. Next comes the connection data. Please fill in the provided server name and user name (called ‘Account Name’). If this is done, click on the “Authentication Settings. . . ” button

9. In the new pop-up you can specify connection specific information. This is the way the user is authenticated and how the machine is authenticated. The user is very commonly authenticated by using a password, although other methods are possible. Machine authentication is often done by a Shared Secret (Pre-Shared-Key/PSK), but also quite often by using a certificate. In this case we use the Shared Secret method. When this is done click OK.

10. Now you return back to the network screen. The next step is very important, so click on “Advanced. . . ”

11. In the new pop up you will see an option to route all trafic through the VPN connection. We want to enable this, so all our trafic is encrypted.

12. Well, all is done. Now hit the Connect button!

13. A pop-up appears. You need to confirm your changes, just hit “Apply”

14. After a few seconds, on the left side the connection should turn green. If so, you are connected!

15. Ok, now test your connection!

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN on Ubuntu

If you use Ubuntu as your operating system, you can connect to a VPN by using the built-in NetworkManager. This application is able to set up networks with OpenVPN. PPTP should not be used for security reasons. Unfortunately at the time of writing a L2TP interface is not available in Ubuntu. (It can be done manually, but it goes beyond the scope of this document). The following example will explain how to connect with an OpenVPN-server. Under all situations we assume you already have a VPN account as described earlier in this section.

Preparing Network Manager for VPN networks

For Ubuntu there is an excellent network utility: Network Manager. This is the same utility you use to set up your Wireless (or wired) network and is normally in the upper right corner of your screen (next to the clock). This tools is also capable of managing your VPNs, but before it can do so, it’s necessary to install some extensions.

Installing OpenVPN extension for Network Manager

To install the plugins for Network Manager we will use the Ubuntu Software Center.

1. Open the Ubuntu Software Center by typing software in the Unity search bar

2. The Ubuntu Software Center enables you to search, install and remove software on your computer. Click on the search box at the top right of the window.

VPN

VPN

3. In the search box, type in “network-manager-openvpn-gnome” (which is the extension that will enable OpenVPN). It’s necessary to type the full names because the packages are classified as “technical” and don’t pop-up earlier. These packages include all the files you need to establish a VPN connection successfully.

4. Ubuntu may ask you for additional permissions to install the program. If that is the case, type in your password and click Authenticate. Once the package is installed, you can close the Software Center window.

5. To check if the extensions are correctly installed, click on the NetworkManager (the icon at the left of your system clock) and select VPN Connections > Configure VPN.

6. Click Add under the VPN tab.

7. If you see a pop-up asking for the type of VPN and the tunnel technology (OpenVPN) option is available, this means that you have installed the VPN extension in Ubuntu correctly. If you have your VPN login information ready, you can continue right away, else you first have to get a VPN account from a VPN-provider. If this is the case, click cancel to close the Network Manager.

VPN

VPN

VPN

VPN

VPN

Configuring an OpenVPN network

Let’s assume you received your configuration files and credentials from your VPN provider. This information should contain the following
an *.ovpn file, ex. air.ovpn

The file: ca.crt (this file is specific for every OpenVPN provider)
The file: user.crt (this file is your personal certificate, used for encryption of data)
The file: user.key (this file contains your private key. It should be protected in a good manner. Losing this file will make your connection insecure)

In most cases your provider will send these files to you in a zip file. Some openvpn providers use username and password authentication which will not be covered.

1. Unzip the file you have downloaded to a folder on your hard drive (e.g.: “/home/[yourusername]/.vpn”). You should now have four files. The file “air.ovpn” is the configuration file that you need to import into NetworkManager.

2. To import the configuration file, open NetworkManager and go to VPN Connections > Configure VPN.

3. Under the VPN tab, click Import.

4. Locate the file air.ovpn that you have just unzipped. Click Open.

5. A new window will open. Leave everything as it is and click Apply.

6. Congratulations! Your VPN connection is ready to be used and should appear on the list of connections under the VPN tab. You can now close NetworkManager.

VPN

VPN

VPN

VPN

VPN

VPN

Using your new VPN connection

Now that you configured NetworkManager to connect to a VPN service using the Open-VPN client, you can use your new VPN connection to circumvent Internet censorship. To get started, follow these steps:

1. In the NetworkManager menu, select your new connection from VPN Connections.

2. Wait for the VPN connection to be established. When connected, a small padlock should appear right next to your NetworkManager icon, indicating that you are now using a secure connection. Move your cursor over the icon to confirm that the VPN connection is active.

3. Test your connection, using the method described in the “Make sure it works” section of this chapter.

VPN

VPN

4. To disconnect from your VPN, select VPN Connections > Disconnect VPN in the NetworkManager menu. You are now using your normal connection again.

VPN

VPN on Windows

Setting up a VPN on Windows is very easy once you have your account details ready. Let’s assume have your credentials from your VPN provider for L2TP/IPSec connection ready. This information should contain the following:

Username, ex. bill2
Password, ex. verysecretpassword
VPN server, ex. tunnel.greenhost.nl
A Pre-Shared-Key or Machine-certificate

Setup

1. Before getting started, please be sure you’ve read the paragraph “testing before and after account set up”, this way you will be able to validate if your connection is actually working after set up.

2. We need to go to the “Network and Sharing Center” of Windows to create a new VPN connection. We can access this center easily by clicking on the network icon next to the systemclock en click on “open Network and Sharing Center”

VPN

3. The “Network and Sharing Center” will popup. You will see some information about

your current network. Click on “Connect to a network” to add a VPN connection.

4. The wizard to setup a connection will popup. Choose the option to “connect to a workplace”, which is Microsoft’s way of naming a VPN connection.

5. The next screen asks us if we want to use our Internet connection or an old-school phone line to connect to the VPN. Just choose the first option then.

6. The next screen asks for the connection details. Enter here the server of your VPNprovider (called “Internet address” in this dialog). On the bottom please check the box “Don’t connect now; just set it up”. Using this option the connection will be automatically saved and it’s easier to control extra settings. If this is all done, hit the “next” button

7. Next up are your username and password. Just give them like you received them from your VPN-provider. If the connection fails, Windows forgets them. So keep them with you, you maybe need them later. If this is done. Click “create”.

8. Your connection is now available, if you click the the network icon again, you will see a new option in the network menu, the name of your VPN connection, just click it to connect.

9. And click “connect”

10. A VPN connection dialog appears.This give us the opportunity to review our settings and to connect. You can try to connect, Windows will try to discover all other settings automatically. Unfortunately, this does not always work, so if this is not working for you, hit the “properties” button.

11. The properties windows appear. The most important page is the “Security” page, click on the Security tab to open it.

12. In the security tab you can specify VPN type, normally L2TP/IPSec. Do not use PPTP as it has several security vulnerabilities. For L2TP/IPSec also have a look at the Advanced settings.

13. In the Advanced Settings window, you can specify if you are using a pre-shared key or a certificate. This depends on your VPN-provider. If you have received a preshared-key, Select this option and fill in this key. Hit ok afterwards. You will return to the previous window, click ok there also

14. Back in to connection window try to connect now. Please be sure your username and password are filled out.

15. A connection popup will appear

16. Online! Don’t forget to check if your VPN is working properly.

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

VPN

Making Sure Your VPN Works

Once you’re done setting up your VPN, one of the first things you should do is test whether your data is actually being transferred through your VPN network. The simplest way to test this is to check your public IP address, which is the IP address you’re exposing to the internet. There are numerous websites that will tell you what your IP address is, and where that IP address is located (also known as its geolocation). Many search engines will report your IP address if you search for “My IP,” but you can also use dedicated services like http://www.myip.se and http://www.ipchicken.com. Check your IP address before connecting to your VPN. Once you connect to your VPN, your computer’s public IP address should change to match that of your VPN server, and your geolocation should change to wherever your VPN server is located. Once your external IP is the same as the IP of your VPN server, you can rest assured your communication is encrypted.