Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] VPN in Debian
- Date: Mon, 6 Nov 2017 08:02:17 -0800 (PST)
- From: Tim Osburn <tim@example.com>
- Subject: Re: [tlug] VPN in Debian
- References: <FCE50522-5361-4153-9305-BAC1D54D803C@me.scn-net.ne.jp> <1508464461.15999.3.camel@uchicago.edu> <20171021090847.lw4fru7ubhsqo4rg@agnostic.cynic.net> <CACr8RvHvq95MZjhW-FFUym5fY0LaUBZcQghafxM1GF9uQ-9Oyg@mail.gmail.com> <69D51201-63C1-412D-802F-DB7EE3A179EC@me.scn-net.ne.jp>
Kevin,You can configure OpenVPN to only use TCP port 443, I've found that to be very useful even in Japan where most of the limit free wifi at least lets HTTPS through, which then allows you to run your VPN and then any other app you want to use over that.
Tim Osburn W7RSZ / JG1MBR https://www.osburn.com On Mon, 6 Nov 2017, kts wrote:
Date: Mon, 6 Nov 2017 21:56:16 +0900 From: kts <kts@example.com> Reply-To: Tokyo Linux Users Group <tlug@example.com> To: Tokyo Linux Users Group <tlug@example.com> Subject: Re: [tlug] VPN in Debian Finally got it all set up and working… only to find OpenVPN is probably not so useful in China due to their implementation of the firewall (snooping the TLS handshake). There may be other ways to handle that, like a SOCKS5 or SSH tunnel… but… it gets into deep tech waters for this guy splashing in the shallow end. http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-china/ <http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-china/> There was mention of SoftEther using SSTP over :443, which may be better as HTTPS is not blocked, however my Apache web server is already lord of :443. Would it be possible to set up a Vhost on a subdomain (like softether.mydomain.com <http://softether.mydomain.com/>) that could intercept the :443 ? —————— I like the idea of setting up a google cloud server in the "always free” tier running only the softether on a RH micro machine. Though the data to china is priced higher, it could, for my limited use, be a good way to go. Though I have no experience whatsoever using such virtual machines… For the moment, OpenVPN is working which was the original goal. The real goal is getting access to google / FB, Twitter, etc. when in China. Regards, Kevin Sullivan kts@example.com JP M: +81456702373 USA M: +17853184287 Estonia M: +37254728541On Oct 22, 2017, at 11:12, Georgi Georgiev <chutz@example.com> wrote: That's pretty much what I did (in addition to having an instance at home). OpenVPN on the smallest possible GCP instance, which fits in the "Always Free <https://cloud.google.com/compute/pricing#freeusage>" tier. It's there when I need it, and you only "pay as you go" for the bandwidth at 23 US cents per GB <https://cloud.google.com/compute/pricing#internet_egress>. Which makes it perfect for the occasional trip to China. The only trick is that on Android, the "official" OpenVPN client (the top search result "OpenVPN Connect" - https://play.google.com/store/apps/details?id=net.openvpn.openvpn <https://play.google.com/store/apps/details?id=net.openvpn.openvpn>) is not up to date and does not support "tls-crypt", which seems to work better behind some of the firewalls over there. So I had to use "OpenVPN for Android" (https://play.google.com/store/apps/details?id=de.blinkt.openvpn <https://play.google.com/store/apps/details?id=de.blinkt.openvpn>). On Sat, Oct 21, 2017 at 6:08 PM, Curt Sampson <cjs@example.com <mailto:cjs@example.com>> wrote: On 2017-10-20 10:54 +0900 (Fri), Stuart Luppescu wrote:I don't know if it would be better if I used a bigger droplet with more memory.Check the details of both the network bandwidth and network traffic they're giving you with that VM. On systems not charging you separately for network traffic, you'll get specific bandwidth limits related to the overall "size" of the instance. (Just like memory and disk.) You might try bringing up an instance on something like Google Cloud, where you'll pay separately for every byte of outgoing traffic to the Internet from your host but where you have more control over the bandwidth limits. cjs -- Curt J. Sampson <cjs@example.com <mailto:cjs@example.com>> +81 90 7737 2974 <tel:%2B81%2090%207737%202974> To iterate is human, to recurse divine. - L Peter Deutsch -- To unsubscribe from this mailing list, please see the instructions at http://lists.tlug.jp/list.html <http://lists.tlug.jp/list.html> The TLUG mailing list is hosted by ASAHI Net, provider of mobile and fixed broadband Internet services to individuals and corporations. Visit ASAHI Net's English-language Web page: http://asahi-net.jp/en/ <http://asahi-net.jp/en/> -- Georgi -- To unsubscribe from this mailing list, please see the instructions at http://lists.tlug.jp/list.html The TLUG mailing list is hosted by ASAHI Net, provider of mobile and fixed broadband Internet services to individuals and corporations. Visit ASAHI Net's English-language Web page: http://asahi-net.jp/en/
- References:
- Re: [tlug] VPN in Debian
- From: kts
- Re: [tlug] VPN in Debian
- Prev by Date: Re: [tlug] VPN in Debian
- Next by Date: [tlug] Akihabara, used/refurbished Mac laptops?
- Previous by thread: Re: [tlug] VPN in Debian
- Next by thread: [tlug] Akihabara, used/refurbished Mac laptops?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |