Open Source: yes
Frankly, I need to be able to use at least 10 of them and change them on a regular basis because at the location where I live they are frequently subject to DPI and access to their networks gets blocked. I will be requesting several more but these are good for the beginning.
Frankly, I need to be able to use at least 10 of them
Uh. All of these VPNs are reinventing crypto every time and that makes you feel *secure*? As opposed to using standardised well supported protocols? IDK how to break it to you man but tools like this and AirVPN etc concern me deeply.
Security is important but secondary in this case. I rather trust selected VPN providers than my ISPs. Given the amount of censorship at my place, not to speak of intentional bandwidth throttling for all foreign websites, the only viable way is to use VPN or proxy-related services. Different services provide different layers of security, privacy or anonymity (or none thereof). Just because a VPN is branded as secure doesn't make it secure and doesn't make me feel secure in any way. It is really a matter of choosing the lesser evil and having the flexibility to switch according to my use case. What particularly concerns you about AirVPN? Both Mullvad and AirVPN use standard protocols. In what way are they reinventing crypto? Both can be configured via OpenVPN but in my case I need additional obfsproxy configuration which frankly makes it a pain to use, hence, I really need native Linux clients and/or a universal VPN client like Fruho (which unfortunately is not compatible with systemd).
I have tested both Mullvad and Safejumper in China and they work well. Servers get frequently blocked and with both I can easily select different server locations and ports without importing config files manually. Additionally, both obfuscate traffic which is necessary when you live in a country where state actors are capable of deep packet inspection and block all OpenVPN connections in real time. In general, I am very careful with VPN providers and not all of them are technically on the same level as well as trustworthy as a company. Mullvad and Proxy.sh (Safejumper) are among those I can recommend without reservations. They both actually have native Linux client software (as opposed to many other VPN providers), operate outside US jurisdiction and have a zero logging policy (https://mullvad.net/blog/2017/1/13/clarifying-our-no-logging-policy/). Proxy.sh also has a Warrant Canary: https://proxy.sh/canary
VPN providers I cannot recommend: ExpressVPN (low standard of encryption, no zero-logging policy, US jurisdiction)
@baimafeima Even though I agree with you on the VPN providers, I think the problem is that we cannot (and should not) ask the Solus devs to make a decision regarding which VPNs should be included (trusted) and which shouldn't. They are not experts on VPNs (afaik?), and even if they were, choosing one or a few could lead to lots of hassle.
The real problem with the mullvad gui is that it is a python program, which you could install through pip as documented here for other distros: https://mullvad.net/guides/installing-mullvad-client-linux/
However, for some reason I have not gotten this to work on Solus. I *think* this has to do with the fact that the mullvad client uses an older, incompatible, python. It works on openSUSE Leap, but I'm getting errors on Solus. At the moment I think therefore that the problem lies with Mullvad, and not with whether or not Solus should package this (which I do not think it should). Keep in mind that obfsproxy won't work, if it is not packaged, even if you run the client. Packaging obfsproxy is imho more important.
Having said that, you should really run openVPN. The mullvad client would introduce another attack vector, not to mention that if it crashes silently, you're without a VPN. A combination of openVPN, iptables rules, and obfsproxy would be a much safer, kernel based, bet. Less convenient, surely, but there's some price to convenience for security :). Everything you can do through the client, you can do through the command line as well, and most of it you can even do through networkmanager gui. Here's a thought: have networkmanager include an obfsproxy option!
Here's a thought: have networkmanager include an obfsproxy option!
@anaknaga Do you have an idea how this could be done?
On https://thatoneprivacysite.net/vpn-comparison-chart/ I found five obfuscation options that could be investigated:
- TCP Port 443
- SSL Tunnel
- SSH Tunnel
On IRC someone recommended "setting up with TLS-Crypt and port 443, this will allow the authentication and connection to look like HTTPS". Last time I tried TCP Port 443 it didn't work from China.
The following chart may also be helpful to investigate what VPN software to get into the repository and which ones to reject. I think this is by far the best overview on the subject: https://thatoneprivacysite.net/simple-vpn-comparison-chart/
Not a clue honestly! But I suspect this will have to happen upstream.
Mullvad actually now supports both OpenVPN and Wireguard. There was a discussion on the OpenVPN forums in 2013 regarding the option to obfuscate OpenVPN traffic and it was rejected on the grounds that the patch was not tested thoroughly enough: https://forums.openvpn.net/viewtopic.php?f=15&t=12605&hilit=openvpn_xorpatch&sid=05c4d721ea2058ad1d2212e91bc3d897&start=60#p49837
The reality is that OpenVPN traffic is recognized as such in real-time by ISPs and state actors in countries such as China and blocked almost instantaneously.
EDIT: And honestly, with the coming of wireguard, it might not be necessary anymore, but I don't know.
A great discussion regarding Wireguard and obfuscation can be found here: https://lists.zx2c4.com/pipermail/wireguard/2016-July/000184.html
Wireguard in China: https://www.reddit.com/r/China/comments/68lk5n/wireguard_in_china/
China: https://github.com/jlund/streisand/issues/413 and http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-china/
VPN solutions for Linux users: http://www.techradar.com/news/best-vpn-solutions-for-linux-users/2
I made this package
name : mullvad version : 65 release : 1 source : - https://www.mullvad.net/media/client/mullvad-65.tar.gz : 952e01dbc889a5cfb086a11a048fbc8a1b1d5a3b978f14bbe6a068d39ae565d5 license : GPL-2.0 component : network.util summary : Mullvad VPN description: | Mullvad is a VPN service that helps keep your online activity, identity, and location private. builddeps : - python-setuptools rundeps : - openvpn - python-appdirs - python-ipaddr - python-netifaces - python-psutil - wxPython build : | %python_setup install : | %python_install
but when I ran the application to check it, I got the following error
CRITICAL: An uncaught exception occured: Traceback (most recent call last): File "/usr/bin/mtunnel", line 11, in <module> load_entry_point('mullvad==65', 'console_scripts', 'mtunnel')() File "/usr/lib/python2.7/site-packages/mullvad/tunnelprocess.py", line 126, in main main_args(args) File "/usr/lib/python2.7/site-packages/mullvad/tunnelprocess.py", line 116, in main_args tp = TunnelProcess(pipe_dir, settings, args.confdir) File "/usr/lib/python2.7/site-packages/mullvad/tunnelprocess.py", line 41, in __init__ self.tunnel = mtunnel.Tunnel(settings, conf_dir) File "/usr/lib/python2.7/site-packages/mullvad/mtunnel.py", line 139, in __init__ self.route_manager = route.get_route_manager() File "/usr/lib/python2.7/site-packages/mullvad/route.py", line 34, in get_route_manager return RouteManager() File "/usr/lib/python2.7/site-packages/mullvad/route.py", line 260, in __init__ self.gw = _find_default_gateway() File "/usr/lib/python2.7/site-packages/mullvad/route.py", line 405, in _find_default_gateway routing_table = proc.run_assert_ok(['netstat', '-r', '-n']) File "/usr/lib/python2.7/site-packages/mullvad/proc.py", line 49, in run_assert_ok return _get_proc().run_assert_ok(args, stdin) File "/usr/lib/python2.7/site-packages/mullvad/proc.py", line 194, in run_assert_ok (code, stdout, stderr) = self.run(args, stdin) File "/usr/lib/python2.7/site-packages/mullvad/proc.py", line 173, in run proc = self.open(args) File "/usr/lib/python2.7/site-packages/mullvad/proc.py", line 148, in open **hide_window) File "/usr/lib/python2.7/subprocess.py", line 390, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory
Since netstat will never find its way to Solus, I guess this should be reported upstream ?
Reading that review intrigued me enough to send Mullvad Support an e-mail regarding the netstat thing, here is their response:
We are at the moment working on a completely new application from
scratch, and I recommend you to use plain OpenVPN if you can't install
the client under your operating system.
So hopefully their new client will solve this issue. :)