GNU/Linux Desktop Survival Guide
by Graham Williams
Using a VPN can provide security to protect against linking connections as you browse the Internet directly back to you. A VPN does though also introduce a single point of potential failure if the VPN vendor is compromised. A problem with the VPN provider space is that it is all quite secretive. Who knows if the VPN provider is actually a front for some other agency, nefarious or not. Generally all that there is to go on is the web site advertising the VPNs stance on privacy without open oversight. They have generally not otherwise been audited.
proxy.sh seemed to be a good provider for many years, but seems to have stopped operating at the end of 2019. Potentially they were compromised and unable to communicate that, so simply stopped operating. Or else simply a technical glitch. But we would not know.
vpn.ac offer an opportunity to test them out for $2 for a week. Their closed source client, noted to be in beta, works well on GNU/Linux. Whilst again it is difficult to ascertain the credibility of the vendor, they claim to be based in Romania and hence subject to Romania's privacy laws.
ProtonVPN is apparently a team originating from CERN and based in Switzerland. There are named people who make up Proton which also covers the ProtonMail product.
To connect to a local network's VPN using openconnect:
$ sudo openconnect ktuvpn.ktu.edu sudo openconnect ktuvpn.ktu.edu POST https://ktuvpn.ktu.edu/ Connected to 22.214.171.124:443 SSL negotiation with ktuvpn.ktu.edu Connected to HTTPS on ktuvpn.ktu.edu XML POST enabled Please enter your username and password. GROUP: [KTU|MAINTENANCE]:KTU KTU POST https://ktuvpn.ktu.edu/ XML POST enabled Please enter your username and password. Username:fred@DCS fred@DCS Password: POST https://ktuvpn.ktu.edu/ Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected as 10.104.32.211, using SSL, with DTLS in progress Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1).
To avoid all the messages and to paste or type the password through standard input:
$ sudo openconnect --authgroup=DCS --user=fred@DCS --passwd-on-stdin ktuvpn.ktu.edu mYs3cr3tP8ssw0rd