VPN ideas


#1

Found this for anyone interested in Network Security and tinkering with their own VPN. It’s interesting the guys who built this don’t believe in using TOR and I tend to agree with them. If you are loving building this and want a secured internet connection with the web try this.


That second link is the story behind algo. I don’t use it at the minute but planning to it does come with its drawback though but they are typical of any VPN and TOR relay problem. But that’s another story for a different post. Just thought this would interest the tinkers of Parrot Community.


(Clean Zombie) #2

Interesting reads for sure but I am just wondering, have you actually done this and if so what kind of encryption standards can you implement to be extra secure?


#3

Yes I have actually done this for fun as a hobby also I go to a place called Farset Labs which is a crazy hackerspace.

I also user ProtonVPN on windows machines as it is the best fit for my needs.

Encryption tech is a complex matter generally speaking 2048 bit is perfectly fine or 4086 or whatever the bit is would be perfect however if you want extra security then you would need a great reason for it for example if your life depended on it. I would use Satellite encrypted internet with a one time pad system in place pretty impossible to beat while using tails and a 4G proxy on a device that I had sanitized.

That’s a very basic example of how extreme you can take things. You would have to do so much more than that.


#4

good for learning or for enterprise, but to individuals its unpractical, especially if you are nomad
though some think tor and i2p are unsecure, most users does not use it for its security but anonimity, they do not care if data is being intercepted as long they get the job done while being uncaught, so the efficiency of tor and i2p is dependent of the users goal

protonvpn is good but i would rather use a private community vpn rather than a commercial one, even if they are installed in switzerland
so vpn is for security, tor and i2p for anonym

satellite internet is the way to go if you are in isolated place, but if you are in a populated and concentrated place, the people will be your private network, you can use them to hide yourself, you wont even need proxy or vpn, just ingeniosity

as you said, the more secure and anonym one wants to be, the less usable their system will be

by the way nice place youre going to, its a good opportunity to learn from others and share knowledge


#5

I am just learning about VPN and TOR, and how to secure and anonymize the network.
But my idea is: we cant hide the fact that using vpn or tor (i know about bridges, but it is not relevent now), so what if i i set up two router with pi.
First pi (router) is connected to tor, and it is running 24/7 and change id from time to time.
Second pi (also a router) connected to a vpn service 24/7, change server from time to time.

If i need vpn i connect to the vpn router, if a need tor i connect to the tor router.

Based on my beginner knowledge, with this two router i can trick the isp,it sees a tor and a vpn tunnel, but cant determine which i am using, and i have a secure and anonymized network.
Am i right?
And @Kernel_Troll, if you have a good reading about this topic, please share with me :slight_smile:


#6

Yeah a couple of things people probably need to learn are books like this.

Thats a 800 page PDF by William Stallings probably an excellent start for understanding Networks and security. It really depends on what you want, do you just want to know how to secure your network or do you want to know how to troubleshoot all the issues understand how possible conflicts arise and what best practice is.

Problem with ISP is they can use packshapers to inspect Packets before they even get encrypted. Now I know this because we literally use it in our enterprise environment and I believe in the UK it is mandatory that the ISP has the capability to run SSL inspection and interception as well as keep complete records on DNS resolutions attached to meta-data specific to each home user. (they get that data by cross checking how you spend money via your bank account and card usage). VPNS do negate some of the problems this causes however there is a big but.

In theory you aren’t supposed to be able to see encrypted data via DPI but thing is technically you don’t really need to all you need to do is compromise the servers that are hosted by whoever runs your VPN and there you have it. Beautiful metadata packaged up that is user-specific and also real-time. Obviously I am not including all the steps as I am too lazy but most VPN hosters struggle with IPV6 setup and config as well as the fact the tech has still got a lot of teething troubles. For me though Spectre/ Meltdown and all those flaws as well as the CTC (AMD Flaws) suggest to me that regards of what measures you take that it is unthinkable to actually secure an internet connection.

What we can do though is make sure that criminals and other hackers don’t bother with us because we are not worth their time and effort.

In short there are a ton of other books and when i am not falling asleep I will defo post some interesting links for all.


#7

Thanks for the book!

Interesting and frightening at once :open_mouth:


#8

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108202

http://fuchs.uti.at/wp-content/uploads/DPI.pdf

If you are interested in how they do it here is a short article.

Regards

Troll


(517hum 54nd33p4) #9

ISP know our own IP addres and ISP know which IP addres do we connect but ISP can’t read what we communicate when we use Tor or VPN (encrypted tunnel); by the way
they can find (backtracking) us as ISP , VPN providers , VPS providers , proxy and node maintaining logs.

Finally we haven’t solutions for this problem (anonymity) on today protocol stack.


#10

That is the theory the reality of the world is entirely different to be honest. So yeah you’re not wrong in theory, however in practice life is extremely different I explicitly said that I work in an enterprise that use multiple variants of VPNs/Proxys and we can read them. You know it is that simple. TOR is still flawed in that all you have to do is compromise the machine which is actually cheaper than real-time interception which isn’t as hard as you think.

I recently went to a business conference about crypto and security and an Italian mathematician clearly stated he felt that AES and its modern variants from his point of view definitely had a mathematical backdoor. He made lots of reasonings for this and I can link his paper when I dig it out but this guy made a lot of sense. It’s kind of like the Spectre and Meltdown flaws which where theorised in 1983 by a harvard professor and actually first became apparent in 1998 but due to one reason or another didn’t actually gain traction until 2017.

So as I clearly stated VPNs and TOR are wonderful tools but my personal view point backed by experience would suggest that I would not rely on them protecting me if my life depended on it. However just keeping your own life private and surfing the web without interference everyday then VPN/TOR is perfect.


(Jorge Carretero) #11

@Kernel_Troll Hello everyone it is really interesting, but i think this solution is more compatible. Well just my point of view, but it supports also Tor Browser which ships with Parrot Sec and a lot of different VPN , it is easy to install you cant stop using it when you want to, but not really good for file sharing or torrents. What do you think ?

4nonimizer VPN

Good day


#12

hello, 4nonimizer is a really bad script, you will have lot of problems with it, it might cause problems to your link card if you dual boot and many others things, and in the end its just a script that badly automate things that should be done manually

if you still want a script then use anonsurf its the same but without vpn, and works without problems, you also have proxychains installed by default on parrot, and openvpn

avoid using 4nonimizer, anonym8 and things like that

edit; from the look of it im thinking that both are copy paste of parrots anonsurf but with some bad tweak


(Clean Zombie) #13

Yeah I figured the same when I first saw anonym8 lol its like a C&P with bits added to enable the use of a VPN but not tested so unsure how good they are, I prefer anonsurf but use whonix physical isolation for better privacy (no torrenting though!).


#14

you think tor be better when you use it with that joke-anonymity-vpn shit?

i ask only one question - if vpn is good for anonimity - why:

  1. T.A.I.L.S.
  2. Subgraph
  3. Impredia
  4. Liberty
  5. ParrotSec
  6. Whonix
  7. Qubes
  8. CR1ME

dont have preinstalled vpn. you think all this guys dumb? only kodachi make this mistake - but they make it only for advertising - tails dont have vpn - kodachi have one!

so what. who need that fucking shit kodachi? and who need that fucking shit vpn. maybe better llearn tor network and use tor on 100% instead 12% default setups?

read this for fuck sake

https://tails.boum.org/blueprint/vpn_support/

“You know, more hops must be better, right?. That’s just incorrect”

“that provides terrible anonymity”


(Clean Zombie) #15

Who is your post aimed at?


#16

his post is aimed to the owner post, dont mind the way he writes his post haha, he is like that but he really meant to advice users

i totally agree with @wartech, someone that uses tor well doesnt need vpn, a vpn can be counter productive to anonimity

if one really wants more anonimity/security, should learn about whonix and maybe install it on parrot (and if a bit paranoid, using kvm instead of virtualbox as its not totally open source anymore)

im not saying to install qubes-whonix because its not for everyone and requires some skills to navigate such a ship


(Clean Zombie) #17

Qubes-Whonix with Parrot box installed in a container is the way to go ! :heart_eyes: :stuck_out_tongue_winking_eye: :heart_eyes:


#18

parrot dont need that because of anonsurf. qubes and whonix do same - redirect trafic through tor with iptables. yes, they have isolation as well but i dont like that - i think more secure way dont trust anyone dont download anything and dont visit shitty sites and then you dont need isolation.

btw - whonix and qubes dont have support from torproject so its not “super anonymous fantastic distros” - just another debian/fedora based distros with nice tor setup.


#19

thats true, but what i liked most about isolation is the fact i can work with rfid/nfc/radio without the risk to compromise my system since you can create a disposable vm on the fly based on your working vm

also i never had a leak with whonix, where parrot it happens if not tweaked correctly

last thing is, when you live in a place where the internet connection is very slow, its nice when you need to reinstall your system,you can just select your template vm , create a based one from it and youre ready to go without downloading anything


(ConnectionistSystems) #20

Would someone please assist me with adding a VPN connection?

When I click on Add a new VPN, I get an empty list.

image

Thanks in advance!