Page MenuHomeSolus

Safejumper
Closed, WontfixPublic

Description

Name: Safejumper
Homepage: https://proxy.sh/software
https://proxy.sh/open
https://github.com/proxysh/Safejumper-for-Desktop
Open Source: yes
Source: https://proxy.sh/linux
Description: VPN client software to connect to the Proxy.sh VPN network

Why? I'm kinda tired of seeing custom OpenVPN wrappers being requested

What *value* does this add over *stock* Network Manager OpenVPN plugin? O_o

Why do all these providers need their own insecure builds of openvpn? :P

I have tested both Mullvad and Safejumper in China and they work well. Servers get frequently blocked and with both I can easily select different server locations and ports without importing config files manually. Additionally, both obfuscate traffic which is necessary when you live in a country where state actors are capable of deep packet inspection and block all OpenVPN connections in real time. In general, I am very careful with VPN providers and not all of them are technically on the same level as well as trustworthy as a company. Mullvad and Proxy.sh (Safejumper) are among those I can recommend without reservations. They both actually have native Linux client software (as opposed to many other VPN providers), operate outside US jurisdiction and have a zero logging policy. Proxy.sh also has a Warrant Canary: https://proxy.sh/canary

VPN providers I cannot recommend: ExpressVPN (low standard of encryption, no zero-logging policy, US jurisdiction)

So I'm gonna weigh in. Ikey of course has the final say.
But no versioned tarballs of any sort of than when clicking the linux link it just downloads a zip file with no versioning what so ever. If anything the patches they use should be upstreamed into openvpn where the rest of the world can benefit and on top of that you, technically one can import the openvpn configs into openvpn itself or the network-manager openvpn plugin.
I honestly don't see much value in a openvpn wrapper like this.

baimafeima added a comment.EditedFeb 4 2017, 11:31 PM

But no versioned tarballs of any sort of than when clicking the linux link it just downloads a zip file with no versioning what so ever.

Versioned tarballs are inside the zip file.

technically one can import the openvpn configs into openvpn itself or the network-manager openvpn plugin.

Technically, not everyone can do that and as I understand, Solus aims to be as accessible as possible ("for everyone") and to provide an excellent OOTB experience. As I mentioned above, it is not simply about importing config files but about the option to obfuscate your traffic with a simple click. Safejumper supports Tor's obfsproxy and ECC & XOR: https://proxy.sh/panel/announcements/212/Proxysh-releases-new-Safejumper-supports-TORs-obfs-ECC-and-XOR.html

I also find both Mullvad and Proxy.sh refreshingly non-commercial for VPN providers and appreciate their responsive customer support team and careful choice of words when advertising for their VPN solution (there are tons of bad and misleading examples out there so I can understand some of the hatred one can have towards the entire industry).

Versioned tarballs are inside the zip file.

No those a pre-compiled binaries inside those zip files, debs and rpm's and standalone zip files. That isn't a proper versioned tarball. It isn't even a source tarball.

And with network-manager openvpn plugin iirc is manageable by the network-manager interface. So how is that difficult?

Just playing devils advocate because you kinda haven't really given a real solid reason and I'm just trying to get you to provide more. The true nitty gritty details. Other wise I don't really see a major benefit.

DataDrake closed this task as Wontfix.Feb 22 2017, 10:44 PM
DataDrake claimed this task.
DataDrake added a subscriber: DataDrake.

Per the policy, this needs to be accepted into both the Debian/Ubuntu repos (PPAs don't count) and the OpenSUSE Stable repo to be eligible for inclusion.

https://solus-project.com/articles/packaging/package-inclusion-policy/en/

baimafeima added a comment.EditedSep 8 2017, 5:34 PM

As the package inclusion policy has changed I am asking for this package to be re-evaluated. I hope the discussion doesn't lead into whether we need VPNs or not. To make it short: I trust selected VPNs more than my ISPs and depending on where you live, you should too. That being said, I think it is up to whether this package meets the inclusion criteria. Surely, if one of those packages (there were others like AirVPN, etc.) is accepted, it potentially opens the door for all of them (different people would want to use different customized VPN software) unless there are major reservations towards an actual VPN provider (like ExpressVPN for example). The only two main arguments against customized OpenVPN solutions are: to become your own VPN provider (trust issue) or to configure OpenVPN manually (reduce attack surface). If there is an easy way to do either of these and Solus can support this by helping with documentation and/or OOTB configuration, then I am all up for it as well.

@ZachBacon

That isn't a proper versioned tarball. It isn't even a source tarball.

They are releasing tarballs now. The latest one is available here: https://github.com/proxysh/Safejumper-for-Desktop/archive/3.2build79.tar.gz

If anything the patches they use should be upstreamed into openvpn where the rest of the world can benefit

https://github.com/proxysh/Safejumper-for-Desktop/issues/10

I have asked this: What patches do you use for OpenVPN and do you actively upstream them into OpenVPN so that others can benefit as well?
And got the following reply:

The only patches to openvpn we use are the Tunnelblick patches that openvpn community decided they do not want to merge in.

@ikey If I understand it correctly, there is no possibility to have Safejumper included into the Solus repositories because they added the Tunnelblick patches to openVPN. According to jpwhiting from their team:

If you use your own openvpn without the tunnelblick patches then a few protocols will fail to work at all. Namely ECC+XOR and ECC. Both of those use options in the .ovpn files that vanilla openvpn doesn't understand.

These two protocols are important as without them, I am unable to get openVPN to work at all from China. The only possibility then, it seems to me, is to get them to make either a snap or flatpak available. Would you then consider integrating either of these in the Software Center?