Aktivix:VPN

From Aktivix
Jump to navigation Jump to search

The Aktivix VPN

The Aktivix VPN is a "virtual private network" for Aktivix users and friends. The VPN works to protect you from any snooping that may be occurring (and IS occurring!) on your internet traffic - whether that be email, browsing, instant chat or some other form of virtual communication.

If you have an @aktivix.org email account, you will have had this message and attachments sent directly to your mailbox. However, if you do not have an @aktivix.org address, then you have received a GPG encrypted attachment containing the same documents as you would have otherwise. The reason for this difference is that we believe that all connections to Aktivix servers are performed in as secure a fashion as possible, but we cannot say the same about equipment that is not under our control.

For all our users, to make use of the VPN properly, you'll need to install openvpn and, on Linux, the resolvconf packages. Instructions are provided below.

Getting it to work

Linux

$ sudo aptitude install openvpn resolvconf

Decrypt the file and unpack the tarball

$ gpg --decrypt your.config.dir.tgz.gpg | gunzip | tar xv
$ cd your.config.dir
$ sudo openvpn aktivix-vpn.conf

This will start the openvpn process.

To stop it, you need to do:

$ sudo killall openvpn

(and you might need to edit '/etc/resolv.conf' as root, too)

DNS

On Linux you will need to install the 'resolvconf' package. For example, on Debian or Ubuntu, you can do the following in a terminal:

$ sudo aptitude install resolvconf

Your DNS server settings in /etc/resolv.conf will be set to 10.151.82.1 automatically when the VPN is started and DNS requests should then be sent across the VPN.

Using network-manager with openvpn

If you want to use network-manager to connect to VPN, take these steps:

  • Unpack the tarball as above. Move the directory to a convenient and permanent place in your home directory.
  • Install network-manager-openvpn-gnome e.g. $ sudo apt-get install network-manager-openvpn-gnome
  • Click on the network manager applet >> VPN Connections >> Configure VPN
  • Click on Import
  • Select the file 'aktivix-vpn.conf.ovpn'. This will import the configuration and point network-manager to the correct certificates.
  • On the new VPN settings panel, click on the 'Advanced' button and select 'Use LZO data compression'.
  • Confirm that the IPv4 settings panel has the 'Automatic (VPN) method already selected.
  • Click 'Apply' and close the VPN configuration panel.
  • Click on the network manager applet >> VPN Connections and click on the aktivix VPN connection. In a few seconds you should see a lock appear next to the applet icon.
  • Go to http://aktivix.org/check-vpn.php to check that you are using the aktivix VPN.

Notes: If you don't select the LZO compression option, VPN will connect, but your connection will appear to be dead. If you use KDE rather than Gnome, there's an equivalent network-manager-openvpn-kde package you can use.

Mac OSX

Use Tunnelblick.

You can download it and find instructions at:


Windows

  • Download the openvpn application from openvpn.net
  • Decrypt the configuration file and unpack the tarball.
  • Open the configuration folder. Right click on the file aktivix-vpn.ovpn and select "Start OpenVPN with this". This will start the openvpn process.

DNS

If you are running Windows then your DNS server should be automatically set to 10.151.82.1 and DNS requests tunnelled through the VPN.

F.A.Q.

What is a VPN?

VPN stands for Virtual Private Network. VPNs are often used in large organisations, so that individuals can access the intranet (internal network of the organisation) from somewhere else, like at home or when at meetings elsewhere. These VPNs allow access to a restricted network.

The Aktivix VPN, however, acts in the other direction. That is, the Aktivix VPN allows people on the private/restricted network (i.e. you!) to access the entire web.

So why is this a good thing? Can't I just access the web anyway?

These are good questions. You can, of course, access the web anyway. But you will be spied upon! Internet Service Providers (ISPs) in the UK keep detailed logs on all the computers connected through them, and the connections those computers make to other computers on the internet. This includes all types of connections, such as email, web browsing, bittorrent etc.

Won't it be slow?

No - and yes. It's almost the same speed as you get anyway: the only delay can be when initially looking up the website address (domain name resolution) but other than that the speeds are the same. This means that there might be a short delay before a web page loads, but things like streaming services (e.g. video or audio) should not be affected.

Can I watch BBC iPlayer?

No. You will have to turn the VPN off for that. Currently, our exit node is overseas. This means you cannot get UK web services that are geo-restricted. We hope to resolve this issue with further expansion of our work - but that requires your support.

How do I "turn it off"?

That depends what operation system you are using.

Windows

[please add text here as i don't know]

Mac OSX

If you installed tunnelblick, you can click on the icon and you will be presented with a menu to disconnect from the VPN.

Linux =

There may be an option to disable the VPN in a graphical interface on your system. If not, you can do it via the command line:

$ sudo killall openvpn

You then will need to edit the /etc/resolv.conf file and comment out (place a # a the beginning of the line) the 10.x.x.x entry.