Monday, 28 March 2016

Setup VPN

Every day millions of people uses different VPN service providers to protect their online privacy. But it not all VPN providers are as anonymous or as secured or dedicated to protecting your Online privacy as they claim to be. 


I never cared for BT, but I guess no discrimination on any type of traffic.

Which payment systems do you use and how are these linked to individual user accounts?
Anything and everything. Best would be BitCoin. Setup own BTminer and pay with that. In that way, little/no online trace whatever.

What is the most secure VPN connection and encryption algorithm you would recommend to your users?
AES-128, RSA2048 or higher supported. Don’t use SHA1. 

As I mostly use Kali Linux, my primary concentration would be on that. However, Kali Linux and Ubuntu uses same Network Manager, so this guide applies to the any Debian variant such as Kali Linux, and Ubuntu variants such as Linux Mint etc.  In short, if you follow this guide, you will be able to setup VPN on Kali Linux, Ubuntu, Debian Linux Mint etc.

Setup VPN on Kali Linux

I use Kali Linux despite many of it’s flaw and shortcomings and I have became used to it. If you’re seriously about Online privacy, stick with the distro you know and understand best. Kali is just another Linux distro and it is as secured as you make it. There are many ways you can do it. VPN to Tor to VPN via anon proxy.

Why use VPN – benefits?

Here’s my top 11 reasons why you would want to use VPN services.
  • VPN provides Privacy and cloaks your IP address.
  • Use any network (public or private or free WiFi) with encryption
  • Login to your home or Work network from anywhere with confidence.
  • Bypass censorship and content monitoring.
  • Browse and bypass Firewall and censorship policy at work or Anywhere!
  • Access region restricted services from anywhere (i.e. Youtube videos, NetFlix or BBC Player etc.)
  • Transfer or receive files with privacy.
  • Hide your voice/VOIP calls.
  • Use Search Engines while hiding some of your identity.
  • Hide yourself
  • Cause you like to be anonymous.

As you can see from the list above, VPN not necessarily hides everything. Search engines can probably still recognizes you based on your cookies, previous browsing behavior, account sign-in (duh!), browser plug-ins (i.e. Alexa, Google Toolbar etc.).

Step 1: Enabling VPN on Kali Linux

By default the VPN section is grayed out on Kali Linux. You can follow my guide on fixing VPN grayed out issue (with screengrabs) or just copy paste the commands from below:
There’s two variants on the commands I’ve used, the first one enables all sorts of VPN and PPTP mumbo-junbo’s so that you don’t have to work your way through it later.
root@kali:~# aptitude -r install network-manager-openvpn-gnome network-manager-pptp 
network-manager-pptp-gnome network-manager-strongswan network-manager-vpnc 
network-manager-vpnc-gnome



The second one is more specific to VPN and just enabling VPN
root@kali:~# apt-get install network-manager-openvpn
On some cases, you might have to restart network-manager and networking,
root@kali:~# service networking restart
[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble 
some interfaces ... (warning).
[ ok ] Reconfiguring network interfaces...done.
root@kali:~# 
root@kali:~# service network-manager restart 
[ ok ] Stopping network connection manager: NetworkManager.
[ ok ] Starting network connection manager: NetworkManager.
root@kali:~#


Once done, it will fix your VPN grayed out issues. For other Linux distro, this isn’t so much of a problem as those packages are usually pre-installed. (which I find a waste as your distro becomes bulkier).

Step 2: Download and extract openvpn certs from PIA

Download and extract the openvpn.zip file containing ca.crt in the correct directory:

root@kali:~# wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
--2015-02-27 13:14:14--  https://www.privateinternetaccess.com/openvpn/openvpn.zip
Resolving www.privateinternetaccess.com (www.privateinternetaccess.com)... 23.215.245.45
Connecting to www.privateinternetaccess.com (www.privateinternetaccess.com)
|23.215.245.45|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8242 (8.0K) [application/zip]
Saving to: `openvpn.zip'
 
100%[======================================>] 8,242       --.-K/s   in 0s      
 
2015-02-27 13:14:15 (149 MB/s) - `openvpn.zip' saved [8242/8242]
 
root@kali:~# 
root@kali:~# unzip -q openvpn.zip -d /etc/openvpn
root@kali:~# 


Step 3: Configure Network Manager to use PIA VPN
Go to Network Manager > Edit Connections


Change to VPN Tab. VPN> Add


Click [ADD +] click the drop down menu, and set the type as OpenVPN.
Click [Create]


Go to “VPN” and fill up the following details”.
  • Connection name: PrivateInternetAccess VPN
  • Gateway:  us-east.privateinternetaccess.com [**choose Gateway's from the list below]
  • Username: PIA Username
  • Password: PIA Password
  • CA Certificate: Browse to /etc/openvpn and select ca.crt



  • Click [Advanced]: Check the box next to “Use LZO data compression
  • Click [OK], [Save] and then [Close].


As for Gateways, choose on the following depending on your location:
PIA Regional Gateways
  • United States (US VPN)
us-midwest.privateinternetaccess.com
us-east.privateinternetaccess.com
us-west.privateinternetaccess.com
us-texas.privateinternetaccess.com
us-california.privateinternetaccess.com
us-florida.privateinternetaccess.com

  • Canada (CA VPN)
ca.privateinternetaccess.com
ca-toronto.privateinternetaccess.com

  • United Kingdom (UK VPN)
uk-london.privateinternetaccess.com
uk-southampton.privateinternetaccess.com

  • Switzerland (Swiss VPN)
swiss.privateinternetaccess.com
  • Netherlands (NL VPN)
nl.privateinternetaccess.com
  • Sweden (SE VPN)
sweden.privateinternetaccess.com
  • France (FR VPN)
france.privateinternetaccess.com
  • Germany (DE VPN)
germany.privateinternetaccess.com
  • Romania (RO VPN)
ro.privateinternetaccess.com
  • Hong Kong (HK VPN)
hk.privateinternetaccess.com
  • Israel (Israel VPN)
israel.privateinternetaccess.com
  • Australia (Australia VPN)
aus.privateinternetaccess.com
  • Japan (Japan VPN)
japan.privateinternetaccess.com

Step 4: Connect to PIA VPN

Click Network Manager > VPN Connections > PrivateInternetAccess VPN
You will see a yellowish colored connection indicator while connecting.

Setting up VPN on Ubuntu

Ubuntu parts were taken from PIA support site. This also covers Linux Mint or any Ubuntu variants.
This is almost as easy as it gets. There’s 3 variations you can try to connect to PIA
  • Use PIA script for Ubuntu 12.04 or higher
  • Setup manually via Network Manager for Ubuntu 12.04 or higher
  • Setup manually via Network Manager for Ubuntu 10.10
  • Ubuntu 1 : Ubuntu Linux 12.04: OpenVPN Installer
  • Download the openvpn ubuntu installer
  • Run sudo sh ~/Downloads/install_ubuntu.sh (replace path to installer accordingly)
  • Type ‘y’ to install python 2.7 in case it’s not installed.
  • Type ‘y’ to install network-manager-openvpn in case it’s not installed.
  • Enter the login for your account.
  • Wait for the installation to finish.
  • Connect using the Network Manager.
  • Enter your password when prompted (only needs to be done once per region).


Ubuntu 2: Ubuntu Linux 12.04: OpenVPN via Network Manager Setup


Open a Terminal, and run: sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome. This will prompt for both your password, and a Y/n answer, please provide it with your password, and Y
Once installed, open System Settings, then Network
Press the + symbol to add a new connection, and select the VPN Interface, then press Create
Choose OpenVPN as your VPN Connection Type, and press Create
The following will walk you though all configuration steps needed for the PIA VPN.
Gateway: Select one of the Hostnames provided on the Network page
Authentication
  • Type: Password
  • Username: The username provided with the PIA account
  • Password: The password provided with the PIA account

CA Certificate: Downloaded this zip file and extract the ca.crt file to somewhere it won’t be deleted. We suggest your Home folder. If you extract this to your home folder, when searching for it, please click on your username on the left side, which will take you right to the home folder, then select the ca.crt file from the options on the right.
Advanced: Under the general tab, check the Use LZO data compression
IPv4 Settings:

Method: Automatic (VPN) Addresses Only
Press Save. If you chose to have your password saved it may ask for you to verify your password to open your keyring.

Once connected, you would like to head the following websites to confirm if you are leaking any informations
  • For DNS Leak test, check here:
http://dnsleak.com/
  • For Email leak test, check here:
http://emailipleak.com/
  • Those who uses ipv6, check your leaks here:
http://ipv6leak.com/

Install Cario-Dock


To install cairo-dock you need to do the followings:
1.    Install Cairo Dock from Kali Repo
2.    Install Cairo-dock from Cairo-docks repo
o    Add Cairo-Dock repo in Kali Linux sources.list file
o    Add GPG Keys
o    Update package list via apt-get
3.    Install Cairo-Dock and Plugins
4.    Run Cairo-Dock

Install Cairo-Dock from Kali Linux Repo

If you’ve used the official Kali Linux repository, then you can install Cairo-Dock and all it’s requirements directly from Kali Linux repository.
Use the following command to install Cairo-Dock in Kali Linux from Official Kali Linux repository:
aptitude -r install cairo-dock cairo-dock-plug-ins
This will install all cairo-dock, it’s plugins and any recommended packages. Move to Running Cairo-Dock section from there.

Install Cairo-dock from Cairo-docks repo

In case you don’t want to install Cairo-dock from Kali Linux’s official repository, you can always add the repository for Cairo-dock and install from there.

Add Cairo-Dock repo in Kali Linux

First you need to edit /etc/apt/sources.list file
vi /etc/apt/sources.list

add the following line
deb http://download.tuxfamily.org/glxdock/repository/debian stable cairo-dock

Save and exit the file

Install GPG key
wget -q http://download.tuxfamily.org/glxdock/repository/cairo-dock.gpg -O- | apt-key add -

Update package list
Update source list
apt-get update

Install Cairo-Dock and Plugins
Run the following command to install Cairo-Dock and plugins
apt-get install cairo-dock cairo-dock-plug-ins

Run Cairo-Dock
Now you can launch Cairo-dock from
Applications  —> System tools —> cairo-Dock

Conclusion
Cairo-Dock is a nice tool to have and it adds some color to your Kali Linux’s boring desktop. I like monitoring and weather applets. They also got many theme’s that you can play with.
In fact since writing this post, I’ve done some more editing and ended up having a great Desktop. I’ve used black-element theme, conky-color and cairo-dock. Wallpaper was downloaded from Wallpaperswide. What a great community! Here’s a new screenshot of this desktop.