Jump to content
Not connected, Your IP: 3.235.75.174

sheivoko

Members2
  • Content Count

    214
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    28

Reputation Activity

  1. Like
    sheivoko got a reaction from satyano in From Windows 7 to Linux Problem   ...
    Two steps:
    - Tell the AirVPN client to automatically connect when launched
    - Add the AirVPN client to Mint's "Startup Applications".

    Here's a screenshot detailing all the steps:

    I tried this with Mint 17.1 MATE, but the Cinnamon edition features the same "Startup Applications" tool, afaik.

    Caveat: You still have to enter your sudo/user password every time AirVPN starts.
    If that bothers you, you can edit the "sudoers" file to let you run AirVPN as root without having to enter any password.
    If you're totally new to sudo and its sudoers file, I'd recommend reading Ubuntu's documentation first:
    ​https://help.ubuntu.com/community/Sudoers
    ​The paragraph "Shutting Down From The Console Without A Password" describes a similar use case to what we're doing here.
    The only way to edit sudoers is on the command line using:
     
    sudo visudo Add the following line to the very end of that file (replace the word "user" with your own user name):
     
    user ALL=(ALL) NOPASSWD: /usr/bin/airvpn Exit visudo with ctrl-x.
     

    Go back into Mint's "Startup Applications", edit the AirVPN entry.
    Change its command from ..
    /usr/bin/airvpn to ..
    sudo /usr/bin/airvpn and reboot.
  2. Like
    sheivoko got a reaction from cm0s in [How-To] [OBSOLETE] AirVPN through stunnel on Android   ...
    ATTENTION: This tutorial is out of date, incomplete and deprecated. 
    A new and improved version of this tutorial can be found here: https://airvpn.org/topic/24349-how-to-airvpn-via-sslstunnel-on-android-678/
     
     
    This thread is only kept online for historical reference.
     
     
     
     
     


    Goal and obstacles

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. On Android, a few obstacles have to be worked around:

    a. there is no AirVPN Eddie client for Android.
    Solution: We will use OpenVPN and stunnel directly.
    b. there is no stunnel app in any Android appstore.
    Solution: we will download the stunnel Android binary (provided by the stunnel project itself) and run it from the commandline.
    c. Android does not allow us to execute any programs from the sdcard.
    Solution: we will move stunnel to a special location (owned by the Terminal app), which will allow the Terminal app to execute stunnel.
    d. stunnel wants to write to /tmp/, but there's no /tmp/ on Android.
    Solution: we will modify the .ssl config file to change the pidfile location to a writable directory.





    Software RequirementsAndroid 4.0 or newer (device does not have to be rooted) stunnel compiled for Android (FOSS), via project website OpenVPN for Android (FOSS), via F-Droid or Play Store Jack Palevich's Terminal Emulator for Android (FOSS), via F-Droid or Play Store a separate computer to download/edit the necessary config files and binaries (entirely optional, but easier than doing everything on the Android device itself)



    Setup instructions

    1. Generate config files with AirVPN's config generatorchoose Linux pick one single server of your choice. I will use Nunki for this tutorial! for Connection Mode, choose SSL Tunnel, port 443 (visible after enabling Advanced Mode) enable Resolved hosts in .ovpn file leave all the other settings at their default values download and unzip the generated zip file this should result in an AirVPN folder, containing three files 2. Open the ssl config file (AirVPN_GB-Manchester_Nunki_SSL-443.ssl) in a text editor.

    Find the line:
    pid = /tmp/stunnel4.pidChange it to:
    pid = /data/data/jackpal.androidterm/app_HOME/stunnel4.pidSave and close the file.
     
    3. In a text editor, create a new file with the following contents:
    #!/system/bin/shcd /data/data/jackpal.androidterm/app_HOME./stunnel AirVPN_GB-Manchester_Nunki_SSL-443.sslSave it to a file named nunki (no file extension).
    Put the file into the AirVPN folder, next to our other config files.


    4. Download and unzip stunnel for Android from the stunnel website (stunnel-X.XX-android.zip)

    Put the stunnel file (only the file, not the folder) into the AirVPN folder.


    5. Make sure your AirVPN folder now contains the following files:
    AirVPN_GB-Manchester_Nunki_SSL-443.ovpnAirVPN_GB-Manchester_Nunki_SSL-443.sslnunkistunnelstunnel.crt6. Copy the whole AirVPN folder to your Android's SD card.

    The path should be:
    /sdcard/AirVPN/7. Install OpenVPN for Android via F-Droid or Play Store and import the .ovpn config file located at
    /sdcard/AirVPN/AirVPN_GB-Manchester_Nunki_SSL-443.ovpnDon't try to connect just yet.


    8. Install Terminal Emulator for Android, via F-Droid or Play Store


    9. Open Terminal Emulator and successively run the following commands:
    cdThe simple cd command should take you to the app's home directory (/data/data/jackpal.androidterm/app_HOME).
    This is where we need to put our config files and the stunnel binary. Let's move them over by running:
    mv /sdcard/AirVPN/* .It's important to type every character correctly (commandline is case sensitive); the "*" is a wildcard expanding to all files in the AirVPN folder, and the "." is a placeholder for the current directory /data/data/jackpal.androidterm/app_HOME. Typing commands on Android is a big pain, so I try to keep them as short as possible!

    Finally, we need to modify permissions for the binary and the script, allowing us to execute them:
    chmod 555 stunnel nunkiWe should be ready to go!





    Usage instructions

    I. Open Terminal Emulator and run the following two commands:
      cd ./nunkiA log message should appear: Configuration successful
    Great! Keep the Terminal app running, but use the Home button to get out.

    II. Open OpenVPN for Android and connect to the profile AirVPN_GB_Manchester_Nunki_SSL-443
    Unless something went wrong, you should get Initialization Sequence Completed - great!
    I recommend performing the usual leak tests and perhaps diving into OpenVPN's profile settings before relying on your configuration to work as you expect it to.


    III. To disconnect:
    Disconnect VPN in OpenVPN open Terminal Emulator, press VOLUME_DOWN + C to kill stunnel press the X button to close the terminal session IV. If stunnel isn't shutdown properly, you may see an error if you try to run stunnel again:
     
    [!] Error binding service [openvpn] to 127.0.0.1:1413[!] bind: Address already in use (98)[ ] Closing service [openvpn][ ] Service [openvpn] closedThis means stunnel is still running in the background. You can kill it by running:
     
    killall stunnel




    Footnotes

    I successfully followed my own tutorial using: CyanogenMod 12.1 nightly (≈ Android 5.1)stunnel 5.23OpenVPN for Android 0.6.35 (F-Droid)Terminal Emulator 1.0.70 (F-Droid)Testers welcome, especially if you're using different Android and software versions.

    Credits:
    Kevin Boone for the clever binary execution workaround.
  3. Like
    sheivoko got a reaction from freedom23 in Prevent Leaks with Linux & Firestarter (also Stop traffic when VPN Drops)   ...
    don1234, a manual iptables/ufw setup only makes sense for people who don't use AirVPN's "Eddie" client software:
    The lock symbol in the upper right corner indicates that you're using Eddie's network lock feature. The network lock will temporarily replace your iptables ruleset, which is why your ufw rules won't have any effect while Eddie is running with network lock enabled.

    I think you have two options:
    stop using ufw altogether keep using ufw with "Default Deny" Incoming & Outgoing The latter would offer some additional protection for the times that the Eddie is not running / has not been started yet. There shouldn't be any complications as long you don't reload / re-enable ufw while Eddie is running. Just understand that once Eddie's network lock takes over, none of your ufw rules matter.
    You can read more about Eddie's network lock here.
     
    By the way, it looks like you're using Linux Mint Cinnamon - pressing the "print" key on your keyboard should put a screenshot in your "Pictures" folder! Alternatively, there's gnome-screenshot (which I'm pretty sure comes pre-installed) or shutter which offers more functionality.
  4. Like
    sheivoko got a reaction from Wolf666 in Amule/Emule Low ID   ...
    1. There is no need to open any ports on your router, in fact, exposing the same ports you forward through AirVPN might open you up to correlation attacks (read Air's P2P FAQ)
     
    2. aMule lets you choose the "Standard TCP Port" but the UDP port is always set to TCP port + 3 (if your TCP port is set to 30500, UDP port will be 30503). Use the "Suggest a range of sequential free ports" tool on airvpn.org/ports to find 4 free, sequential ports.
     
    3. According to the P2P FAQ you should also avoid remapping Air ports to different local ports (example: don't forward Air port 30500 to local port 34012, just go with the default, straight forwarding).
     
    4. After configuring both ports I instantly received a "High ID" on every eMule server I tried. I also tried both US and Swedish AirVPN servers, no issues.
  5. Like
    sheivoko reacted to nemoAnon in [How-To] [OBSOLETE] AirVPN through stunnel on Android   ...
    I had the same problem, try copy instead "cp /sdcard/AirVPN/* .".
     
    Also if you edited your text files on Windows make sure that your
    text editor can save files with unix EOL, otherwise you'll get
    "no such file or directory" when you run ./nunki.
  6. Like
    sheivoko got a reaction from charles2003 in SSH-Tunneled VPN on Stock Android   ...
    Tutorial: SSH-Tunneled VPN on Stock Android
     
    0. Notes
     
    - no proprietary / commercial apps required. FOSS only! (Free and Open Source Software)
    - no root / custom ROM required
    - tested on Android 4.4.4
    - minimum requirement: Android 4.x
     
     
    1. Required apps
     
    - OpenVPN for Android
    - ConnectBot (any advanced SSH client will work, )
    - CyanogenMod File Manager (or pick any file manager you like)
    I highly recommend installing all of these apps via F-Droid, a Free Open Source Software platform:
    https://f-droid.org/

    In order to install F-Droid, you may need to temporarily "Allow installation of apps from unknown sources" in Android's security settings.
     
     
    2. Generate config files

    Use the AirVPN Generator (https://airvpn.org/generator/) to create SSH config files for Linux (not Android).
    Only pick one specific server.
    Screenshot #1: http://i.imgur.com/FWcuXH2.jpg


    3. Transfer config files
     
    We only need 2 out of the 3 generated files:
        - sshtunnel.key
        - the .ovpn profile
     
    Screenshot #2: http://i.imgur.com/p2L7T0l.jpg
    Transfer both of them to your Android's sdcard.
    Also, open the .ovpn file in a text editor and look for a line that starts with "route", it contains the server's IP - we will need it in step 5.
    Example:
     
    route 199.19.94.12 255.255.255.255 net_gateway
    That's the IP we will need.
     
     
    4. Import key file in ConnectBot

    Launch ConnectBot. Go into menu and "Manage Pubkeys".
    Screenshot #3: https://i.imgur.com/uGT3UgC.jpg
    Import the sshtunnel.key file.
    Screenshot #4: https://i.imgur.com/ZPYhI6V.jpg
     
     
    5. Configure SSH connection in ConnectBot

    Go to ConnectBot's main screen.
    At the bottom of the screen, enter:

    sshtunnel@199.19.94.12
    (Notice, that's the IP we took note of in step 3).
    Screenshot #5A: http://i.imgur.com/ludTDgv.jpg

    If the default port 22 is blocked, you can try an alternative port by appending it at the end:
    sshtunnel@199.19.94.12:80
    or
    sshtunnel@199.19.94.12:53

    - Press Enter on your keyboard. It will try to connect and ask you to continue. Choose "Yes".
    Screenshot #5B: http://i.imgur.com/UJNpB9n.jpg

    - Cancel the connection, we need to configure it now.
    Long-press the newly created connection and choose "Edit host".
    Screenshot #6: https://i.imgur.com/n3OtM2D.jpg

    - Change "Use pubkey authentication" to "sshtunnel.key".
    Screenshot #7: https://i.imgur.com/CwfFSoO.jpg

    - Disable the option "Start shell session"
    Screenshot #8: https://i.imgur.com/l2niHqG.jpg
    - Consider enabling the option "Stay connected".
     
     
    6. Configure SSH port forwarding
     
    - Go to ConnectBot's main screen.
    - Long-press the new connection again, but this time choose "Edit port forwards". "Add port forward" with the following values:
     
    Type: Local
    Source port: 1412
    Destination: 127.0.0.1:2018
    Screenshot #9: https://i.imgur.com/TBnsKQx.jpg
    - Press "Create port forward".
    Configuration of the SSH connection is now complete.
    - Go back to ConnectBot's main screen and tap the connection entry to establish a connection.
    Leave the ConnectBot app using your "home" button.
     
     
    7. Import OpenVPN config

    - Launch "OpenVPN for Android"
    - Tap the folder icon. In the "Open from" dialog, choose "File Manager"
      Screenshot #10: https://i.imgur.com/Nhc6fDa.jpg
     
    - Pick the AirVPN_...SSH-22.ovpn file
    - OpenVPN will present you with an "import log", tap the "Save" file to accept.
    - You may want to dive into the new profile's settings,
    go to "ROUTING" and enable "Use default route".
    - in the ALLOWED APPS tab, find and select ConnectBot to exclude it from OpenVPN's routing
     
     
    8. Start OpenVPN connection
     
    - In OpenVPN's main screen, tap the VPN profile to establish the connection.
    - Provided that the SSH connection is still running, OpenVPN will be able to connect. Congratulations
     
     
    9. How to connect / disconnect from now on

    When establishing a connection, always
    - start the SSH connection first
    - then launch OpenVPN
    When disconnecting, always
    - disconnect the OpenVPN connection first
    - then disconnect SSH in ConnectBot
     
     
    10. Thoughts on reliabilty and firewalling

    If avoiding network leaks is important to you: be careful on Android, especially on unreliable mobile or WiFi networks that might cause the connection to collapse quite often.

    I don't have a solution for this potential issue on stock Android, but if you're on a rooted device, you should absolutely consider installing AFWall+ (available in F-Droid).
    AFWall+ allows you to firewall individual apps, restricting their network access to VPN-only.    
    (You have to dive into its settings to enable VPN mode).
     
     
    Finally: Good luck!
  7. Like
    sheivoko reacted to zhang888 in Can other vpn users connect to my machine?   ...
    As a precaution, although 99.999% everything is perfectly configured on Air's side and it was verified
    by many users over the years, it's a good idea to have your own firewall rules set on tun0 interface.
    Not only it makes you more secure in case of failure on the provider side, but it also allows you to
    have the ability to switch between providers and never worry that something is poorly configured on
    their end. In other words, this shouldn't be a question, you should trust only your own setup always.
  8. Like
    sheivoko reacted to zhang888 in VPN comparison   ...
    The only good thing I can see in this review is the list of providers.
    Since when accepting Bitcoin is "Activism"?
    Donations - why only EFF? Other open source project do not count?
    Technical - what about dedicated vs. virtual servers (Which 90% of providers in that list use).
     
     
    Those are the main things such list should consist of.
  9. Like
    sheivoko reacted to zhang888 in What's the whole crowdfunding wave of snake-oil "security" devices lately   ...
    They even measured 100Mbit with OpenVPN on it, ofcourse it supports it.
    Turris Omnia does NOT belong to this list, it's a great team and a great product.
     
    The problem is with all the "wise guys" out there who think they can put some
    graphics in a modded RPI box and call it a security device.
  10. Like
    sheivoko got a reaction from cm0s in [How-To] [OBSOLETE] AirVPN through stunnel on Android   ...
    ATTENTION: This tutorial is out of date, incomplete and deprecated. 
    A new and improved version of this tutorial can be found here: https://airvpn.org/topic/24349-how-to-airvpn-via-sslstunnel-on-android-678/
     
     
    This thread is only kept online for historical reference.
     
     
     
     
     


    Goal and obstacles

    We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. On Android, a few obstacles have to be worked around:

    a. there is no AirVPN Eddie client for Android.
    Solution: We will use OpenVPN and stunnel directly.
    b. there is no stunnel app in any Android appstore.
    Solution: we will download the stunnel Android binary (provided by the stunnel project itself) and run it from the commandline.
    c. Android does not allow us to execute any programs from the sdcard.
    Solution: we will move stunnel to a special location (owned by the Terminal app), which will allow the Terminal app to execute stunnel.
    d. stunnel wants to write to /tmp/, but there's no /tmp/ on Android.
    Solution: we will modify the .ssl config file to change the pidfile location to a writable directory.





    Software RequirementsAndroid 4.0 or newer (device does not have to be rooted) stunnel compiled for Android (FOSS), via project website OpenVPN for Android (FOSS), via F-Droid or Play Store Jack Palevich's Terminal Emulator for Android (FOSS), via F-Droid or Play Store a separate computer to download/edit the necessary config files and binaries (entirely optional, but easier than doing everything on the Android device itself)



    Setup instructions

    1. Generate config files with AirVPN's config generatorchoose Linux pick one single server of your choice. I will use Nunki for this tutorial! for Connection Mode, choose SSL Tunnel, port 443 (visible after enabling Advanced Mode) enable Resolved hosts in .ovpn file leave all the other settings at their default values download and unzip the generated zip file this should result in an AirVPN folder, containing three files 2. Open the ssl config file (AirVPN_GB-Manchester_Nunki_SSL-443.ssl) in a text editor.

    Find the line:
    pid = /tmp/stunnel4.pidChange it to:
    pid = /data/data/jackpal.androidterm/app_HOME/stunnel4.pidSave and close the file.
     
    3. In a text editor, create a new file with the following contents:
    #!/system/bin/shcd /data/data/jackpal.androidterm/app_HOME./stunnel AirVPN_GB-Manchester_Nunki_SSL-443.sslSave it to a file named nunki (no file extension).
    Put the file into the AirVPN folder, next to our other config files.


    4. Download and unzip stunnel for Android from the stunnel website (stunnel-X.XX-android.zip)

    Put the stunnel file (only the file, not the folder) into the AirVPN folder.


    5. Make sure your AirVPN folder now contains the following files:
    AirVPN_GB-Manchester_Nunki_SSL-443.ovpnAirVPN_GB-Manchester_Nunki_SSL-443.sslnunkistunnelstunnel.crt6. Copy the whole AirVPN folder to your Android's SD card.

    The path should be:
    /sdcard/AirVPN/7. Install OpenVPN for Android via F-Droid or Play Store and import the .ovpn config file located at
    /sdcard/AirVPN/AirVPN_GB-Manchester_Nunki_SSL-443.ovpnDon't try to connect just yet.


    8. Install Terminal Emulator for Android, via F-Droid or Play Store


    9. Open Terminal Emulator and successively run the following commands:
    cdThe simple cd command should take you to the app's home directory (/data/data/jackpal.androidterm/app_HOME).
    This is where we need to put our config files and the stunnel binary. Let's move them over by running:
    mv /sdcard/AirVPN/* .It's important to type every character correctly (commandline is case sensitive); the "*" is a wildcard expanding to all files in the AirVPN folder, and the "." is a placeholder for the current directory /data/data/jackpal.androidterm/app_HOME. Typing commands on Android is a big pain, so I try to keep them as short as possible!

    Finally, we need to modify permissions for the binary and the script, allowing us to execute them:
    chmod 555 stunnel nunkiWe should be ready to go!





    Usage instructions

    I. Open Terminal Emulator and run the following two commands:
      cd ./nunkiA log message should appear: Configuration successful
    Great! Keep the Terminal app running, but use the Home button to get out.

    II. Open OpenVPN for Android and connect to the profile AirVPN_GB_Manchester_Nunki_SSL-443
    Unless something went wrong, you should get Initialization Sequence Completed - great!
    I recommend performing the usual leak tests and perhaps diving into OpenVPN's profile settings before relying on your configuration to work as you expect it to.


    III. To disconnect:
    Disconnect VPN in OpenVPN open Terminal Emulator, press VOLUME_DOWN + C to kill stunnel press the X button to close the terminal session IV. If stunnel isn't shutdown properly, you may see an error if you try to run stunnel again:
     
    [!] Error binding service [openvpn] to 127.0.0.1:1413[!] bind: Address already in use (98)[ ] Closing service [openvpn][ ] Service [openvpn] closedThis means stunnel is still running in the background. You can kill it by running:
     
    killall stunnel




    Footnotes

    I successfully followed my own tutorial using: CyanogenMod 12.1 nightly (≈ Android 5.1)stunnel 5.23OpenVPN for Android 0.6.35 (F-Droid)Terminal Emulator 1.0.70 (F-Droid)Testers welcome, especially if you're using different Android and software versions.

    Credits:
    Kevin Boone for the clever binary execution workaround.
  11. Like
    sheivoko got a reaction from oscuro in Can you load AirVPN automatically in Linux Mint 17?   ...
    Answer to question 1)
     
    There are two different types of credentials:
    - your AirVPN account / password (the client is able to save these credentials)
    - your Mint user account password (the client can't save this password. Every time you launch the client, it needs to ask the OS for root privileges)

    If you want to launch the client automatically on system boot, add it to Mint's autostart list (but you'd still have to enter your sudo password).

    If you want to run the client without having to enter your sudo password, that's possible too (but slightly tricky if you're totally unfamiliar with the process).

    I've already detailed both of these procedures with screenshots / commands in another thread:
    https://airvpn.org/topic/12797-from-windows-7-to-linux-problem/
     
     
    Answer to question 2)
     
    Linux uses the /etc/resolv.conf file which contains all DNS servers that the system may use. If it contains any other than AirVPN servers (which have IPs like 10.X.0.X), that would be the cause of your leaks. The AirVPN client offers options to manage the resolv.conf file, check the client menu, "Advanced" section.
    To see if it did its job, connect to AirVPN and then check the contents of the /etc/resolv.conf file.
  12. Like
    sheivoko got a reaction from satyano in From Windows 7 to Linux Problem   ...
    Two steps:
    - Tell the AirVPN client to automatically connect when launched
    - Add the AirVPN client to Mint's "Startup Applications".

    Here's a screenshot detailing all the steps:

    I tried this with Mint 17.1 MATE, but the Cinnamon edition features the same "Startup Applications" tool, afaik.

    Caveat: You still have to enter your sudo/user password every time AirVPN starts.
    If that bothers you, you can edit the "sudoers" file to let you run AirVPN as root without having to enter any password.
    If you're totally new to sudo and its sudoers file, I'd recommend reading Ubuntu's documentation first:
    ​https://help.ubuntu.com/community/Sudoers
    ​The paragraph "Shutting Down From The Console Without A Password" describes a similar use case to what we're doing here.
    The only way to edit sudoers is on the command line using:
     
    sudo visudo Add the following line to the very end of that file (replace the word "user" with your own user name):
     
    user ALL=(ALL) NOPASSWD: /usr/bin/airvpn Exit visudo with ctrl-x.
     

    Go back into Mint's "Startup Applications", edit the AirVPN entry.
    Change its command from ..
    /usr/bin/airvpn to ..
    sudo /usr/bin/airvpn and reboot.
  13. Like
    sheivoko reacted to Shift in From Windows 7 to Linux Problem   ...
    Fantastic thanks. Also works with lubuntu autostartup.
     
    Lubuntu uses Menu/Preferences/DefaultApplicationsforLXSession
    then tab Autostart add "sudo /usr/bin/airvpn" (make sure you have edited the sudoers file first)
    close and rebboot
     
    I have attached a screen shot of the sudoers file edited for super linux n00bs like me
     

  14. Like
    sheivoko got a reaction from satyano in From Windows 7 to Linux Problem   ...
    Two steps:
    - Tell the AirVPN client to automatically connect when launched
    - Add the AirVPN client to Mint's "Startup Applications".

    Here's a screenshot detailing all the steps:

    I tried this with Mint 17.1 MATE, but the Cinnamon edition features the same "Startup Applications" tool, afaik.

    Caveat: You still have to enter your sudo/user password every time AirVPN starts.
    If that bothers you, you can edit the "sudoers" file to let you run AirVPN as root without having to enter any password.
    If you're totally new to sudo and its sudoers file, I'd recommend reading Ubuntu's documentation first:
    ​https://help.ubuntu.com/community/Sudoers
    ​The paragraph "Shutting Down From The Console Without A Password" describes a similar use case to what we're doing here.
    The only way to edit sudoers is on the command line using:
     
    sudo visudo Add the following line to the very end of that file (replace the word "user" with your own user name):
     
    user ALL=(ALL) NOPASSWD: /usr/bin/airvpn Exit visudo with ctrl-x.
     

    Go back into Mint's "Startup Applications", edit the AirVPN entry.
    Change its command from ..
    /usr/bin/airvpn to ..
    sudo /usr/bin/airvpn and reboot.
  15. Like
    sheivoko reacted to zhang888 in Using AirVPN with Tor   ...
    Not sure what part of it is still confusing for you, but generally Tor Browser can be configured exactly for untrusted sites.
    All you have to do is clicking the green onion near the URL bar, click on Privacy and security settings and set it on High.
     
    For extra security you can use the built-in NoScript plugin to block all Javascript on new/untrusted sites.
    All browser exploits from the past required Javascript in order to run, Flash/Java/Silverlight are not bundled, so this makes this browser a pretty safe choice.
     
    If you want paranoid level of security, install a virtualized live OS, such as the great Tails, and use it on High security mode to access any unknown sites. The complexity of bypassing all those mechanisms makes it
    very hard to compromise your real machine.
  16. Like
    sheivoko got a reaction from gafthehorse in Configuration of Deluge on Raspberry Pi?   ...
    1. Using (Air)VPN on a Pi is really no different from doing so on any other Linux machine. I'll assume you use Raspbian. Install the "openvpn" package, its daemon looks for .conf files in /etc/openvpn/ .
    Put your generated AirVPN config file into that directory and change the suffix from .ovpn to .conf. You can control the daemon using the service command:
     
    service status/stop/start/restart openvpn  
    2. It would be a good idea to configure the iptables firewall in order to avoid any leaks. You will find examples in the How-to forum section.
    If you don't feel comfortable with iptables, you can try ufw which is an iptables front-end that provides easier syntax.

    3. Quick way to check your current IP on the Pi:
    wget -qO - ifconfig.me/ip 4. One thing to look out for: The Pi does not keep time well (at all) on reboots or power outages. If time is off by too much, you won't be able to establish VPN or SSL connections so make sure your Pi can always communicate to an NTP timeserver. If your router comes with a timeserver (many routers do), you can add its IP address to the ntp config file.
    https://raspberrypi.stackexchange.com/questions/24079/how-to-use-ntp-on-raspberry-pi-by-local-ntp-server
  17. Like
    sheivoko got a reaction from jc4cj7 in I got a bit coin wallet   ...
    flat4 downloaded a piece of Free Open Source Software. All of a sudden, flat4 is able to make and receive free of charge, international, instant payments in a decentralized, transparent system. No bank, no government, no company able to tell flat4 who they can or cannot deal with, or for what purpose. I think that's super awesome.

    Compare that to the world's most popular method of online payments:
     
     
    (CBC News)


    Sure, Bitcoin doesn't offer perfect privacy or anonymity. Point taken. But you can't expect the first iteration of a totally new technology to solve all problems at once. Alternative crpytocurrencies with a focus on privacy are already in the works:
    Zerocoin/Zerocash
    Monero
    Dash

    We will get there.


    flat4, what do you mean by "they're expensive to buy"?
    You don't have to buy a full bitcoin all at once! 0.1 BTC would cost you about $31 at this moment.
  18. Like
    sheivoko got a reaction from mazurka7 in P2P-safe servers / countries?   ...
    @ tuttifrutti & eyes878:
     
    I think this is one of the staff statements you're referring to.
  19. Like
    sheivoko got a reaction from snaggle in Firejail - sandbox your Linux apps   ...
    Yes it is a great tool, been using it myself too. Although AppArmor/SELinux can do all of that (and more) and are more tightly integrated/preinstalled in many Linux distros, I find firejail to be much easier to configure.
     
    Any firejail user should definitely spend some time to fully understand how to use the profiles in /etc/profile/firejail and how to customize them. Perhaps one of the most useful features: limit filesystem access.

    Remember the recent Firefox PDF exploit that allowed malicious websites to read and upload arbitrary files from your computer?
    Firejail could have protected your documents:
     
    blacklist ${HOME}/Documents  
    You still want Firefox to access your nested "Screenshots" folder?
     
    noblacklist ${HOME}/Documents/Screenshots  
    It's that easy!
  20. Like
    sheivoko reacted to snaggle in Firejail - sandbox your Linux apps   ...
    Hi there,
    I have been using Firejail for a while now and think it's pretty awesome.
    https://l3net.wordpress.com/projects/firejail/
    I can sandbox my browsers, mail clients, torrent clients pretty much any web facing app.
    I have just been poking around in the man pages and found...
    firejail --dns=8.8.8.8 --dns=8.8.4.4 firefox This command will run Firefox sandboxed and only allow the designated DNS.
    Obviously  Googles DNS is just an example.
     
    For those who haven't seen this app it's definitely worth taking some time to check it out.
     
     
     
  21. Like
    sheivoko got a reaction from zhang888 in local ads showing although on VPN   ...
    So, you seem to be leaking through both WebRTC and DNS.
     
    uBlock Origin, an addon available for both Firefox and Chrome/Chromium, can stop the browser from leaking IPs through WebRTC:
     

     
     
     
    Fixing the DNS leak depends on how you connect to AirVPN. Are you already using the AirVPN Eddie client software? What's your operating system?
  22. Like
    sheivoko reacted to Staff in control channel cipher satisfactory?   ...
    Hello,
     
    the Data Channel cipher for packets authentication is HMAC SHA (edit: note that there is no GCM support for the data channel yet... it will be probably implemented in OpenVPN 2.4). Perhaps your libraries do not support DHE-RSA-AES256-GCM-SHA384 with TLS 1.2 (also listed as "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" in OpenVPN 2.3.8). In this case use "TLS-DHE-RSA-WITH-AES-256-CBC-SHA".
     
    Edit: note that there is absolutely no rational reason to rush to SHA384 and drop HMAC SHA1 which is NOT vulnerable to SHA collisions. We often read (even in our forum) a confusion pertaining to SHA1 vulnerabilities, which are thought (with an unexplainable mistake) to be extended to HMAC SHA1. See also here:
    https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure
     
    Back to the Control Channel, which is the subject of this topic. By default, OpenVPN 2.3.3 or higher will first choose TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 if available, over TLS-DHE-RSA-WITH-AES-256-CBC-SHA, so if you needed an explicit directive for the first, very probably your system does not support it. So, at the end of the day, you normally do not need any additional directive, OpenVPN will pick automatically the best cipher between those available both in your and our systems. See also "openvpn --show-tls".
     
    One more edit: please see also here https://security.stackexchange.com/questions/92638/openvpn-cipher-vs-tls-cipher , in particular:
     
     
     
    Kind regards
  23. Like
    sheivoko reacted to giganerd in How To: Improve Cell (Mobile) Phone Security   ...
    A few notes.
    APG is not actively developed anymore. Use OpenKeychain instead. It's vital to know that CyanogenMod moved quite far away from the code basis of AOSP. Sure, they use it but they implemented so many features of their own into it, I wouldn't say it's AOSP-based anymore. Alternatives that are closer to the AOSP basis and which also implemented some of the features of CM are ParanoidAndroid (PA) and Android Open Kang Project (AOKP). Also look at those projects if you are planning on replacing your stock ROM. If you bought a smartphone just to communicate in a secure way, you probably are misusing your phone. Today's smartphones are mostly there for entertainment.  
    Well, the Android base is completely open source (AOSP). What this sentence tells is that things like drivers for example (which belong to the Android system, too) are phone-specific; these are provided by the manufacturers which in most cases do not publish the source code of them. Custom ROM writers just copy the driver files from the stock ROM and implement them into the custom ROM. So it's safe to say, an Android phone is never 100% open source, while the code basis can be.
  24. Like
    sheivoko got a reaction from zhang888 in What's the whole crowdfunding wave of snake-oil "security" devices lately   ...
    Yeah, funny, I had the exact same thought today when I saw this one offer an "Enhanced Tor experience for premium subscribers".
  25. Like
    sheivoko reacted to zhang888 in What's the whole crowdfunding wave of snake-oil "security" devices lately   ...
    1) https://www.kickstarter.com/projects/veiltower/veiltower-where-connected-and-protected-converge/
    2) https://www.indiegogo.com/projects/don-t-get-hacked-get-cujo
     
    Amazing how those charlatans exploit the average people fear of home devices being hacked, and offer an OpenWRT+VPN router as a solution.
    Probably you can become very rich doing some photoshop slides and throw tech buzz words around...
×
×
  • Create New...