Setting Up OpenVPN on Linux

There are lots of ways to do this – but this is more a reminder for myself of the steps to take. I’ve been using NordVPN and you can download a configuration file to connect to a VPN server. Many VPN providers provide apps or installers to set up the VPN. Given the choice I prefer to set up the VPN without having to use a 3rd parties installer or app.

I’ve been using OpenVPN over TCP/IP as the protocol of choice. And the config file I download from NordVPN for this has a .tcp.ovpn extension.

We need to make sure we have both the underlying OpenVPN software, and the user interface installed to do this use

% sudo apt install openvpn
% sudo apt install network-manager-openvpn

You can now use the config file to set up the connection. Go to Network Connections (typically the wifi signal symbol) and then Configure Network Connections. Click ‘Add Connection’ ((often just a + sign next to a list of connections) scroll down through the list of options and at the end there should be under ‘Other’ ‘Import VPN Connection…’. From the file selector that appears select the .ovpn that you previously downloaded.

Now all that is in principal needed is for you to set the username and password. Click Ok to save everything. To use the VPN,you must first be connected to the internet. Next click on ‘Network Connections’ and your new OpenVPN connection should now be in the list. Click on that and you will hopefully get a vpn connection. If nothing appears to happen it probably didn’t work – you can verify from NordVPN page or from a page showing your your systems IP address – it should have changed.

To trouble shoot you can use from a terminal…

% sudo tail -f /var/log/syslog

Then try and make VPN connection and see what appears in the log.

I’m setting up a Pinebook, and the syslog has lots of junk in it appearing regularly like…

localhost /usr/sbin/irqbalance: GUESSING AARCH64 CLASS FOR

Which makes the syslog hard to read. To get rid of it I did ..

% sudo vi /etc/systemd/journald.conf

Then changed the lines

MaxLevelStore=info
MaxLevelSyslog=info

WordPress Hack

The site has been broken for a few days, because it was hacked. After some hunting around it looks like there was a vulnerability in GDPR compliance plugin.

Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin

The hack enabled the hackers to change the site address to point to

https colon slash slash mytemplatewebsite.com slash 0.js?

I’ve replaced slashes and colons, to make the above not a valid url so nothing follows it.

Which then went to show a load of malware and rubbish. If you tried to login to the site to fix this, it would redirect to a login page on this site. If you typed in your password, then then password would be picked up by the hackers.

Digital Friction: Or why O2 sucks.

I’m going to do a piece on digital friction at some point, but I feel I have to relay an experience I had which illustrates some of the underlying issues. One aspect is if you are doing something a little unusual, systems built on computers will typically make your life miserable.

This was not the end of O2 Saga, see update below.

In August I needed to make a trip to Uk for family reasons. I stayed there for about 2 ½ weeks. Whilst I was there because of the situation it was vitally important that I was able to contact people – family members, hospitals etc by phone. When I had previously visited the Uk I had brought a phone from Car Phone Warehouse with a pay as you go O2 contract. For that trip the pay as you go-ness worked fine – because I didn’t need to use the phone much. This time my wife came with me, and she paid Verizon extra such that she could use her iPhone in the Uk.

When I arrived I went to Car Phone Warehouse where I originally bought the phone from to sort out a SIM. The people in the store had kind of weird passive aggressive argument in front of me as I tried to sort the SIM. I asked them to check if the phone worked – they refused, but said “you know it it will work in a while mate”. After a while it did indeed work and I thought I was set. I knew it was likely I was going to have to use the phone a lot – so I put on the maximum amount of credit on the phone.

Over the next few days I had to take and receive many calls and texts. My wifes phone was largely useless during all of this for two reasons – one that the signal she had was terrible, dropping all the time. The other reasons was any call cost a small fortune – because it was effectively like calling the US from the UK, so nobody could use it. This along with the lots of calls I was having to make meant that my credit ran out in a few days.

No problem I thought – all I need to do is add some more credit to phone. I try to add credit through calling the automatic number on the phone. It refused to add credit. I try again. Fail. I thought perhaps it was because of my card, so I tried another card. No. So I asked my sister if I could use hers. No that still didn’t work.

This was going on when it was absolutely necessary for me to be able to make and receive calls. So we got in the car and drove to a shopping center which we knew had a Car Phone Warehouse. We walk into the store and explain the problem. ‘Sorry mate, there’s nothing we can do here – you have to go back to the store where you bought it’. Wait. What? I’m in Car Phone Warehouse, I got the SIM from Car Phone Warehouse. It would take me over an hour to get to the original store. They said it’s not their problem.

So we step out frustrated, but see that there is an O2 shop. Okay – surely they can sort it out. We explain the situation again. The guy there was much more helpful. He eventually says – oh well you see there are two types of Pay as you Go services, one that limits the amount you can pay each month, and that’s what you have. Really? I mean I explained the situation when I originally got the SIM. Why would not being able to add credit be a thing? But ok. So he gives me another SIM card for the ‘correct’ Pay as you Go service and that I have to pay for a new SIM and put credit on. He says this will sort me. Unfortunately I will have to change my phone number. Sigh ok. And now I have to tell everybody the number I’ve been using for 2 days is wrong, and they need the new number.

So the phone works for a few more days, and just at the worst possible time it runs out of credit. No worries I think I can just put credit on it – because this is the right ‘Pay as you go service’. Right? So I try. Fails. I try again. Fails. I try a different card. Fails. I try my brothers card. Fails. All times no reason is given. Every time I have to listen to the same inane voice blathering on about some service.

So at this point I’m in central London. I have to find another O2 store to sort this out. Again. After wandering around and asking some people we find one. So I explain the situation again to the guy. He’s like huh ok – well you don’t want the pay as you go if you are making all these calls. You need a monthly contact, you can terminate at any time, and you can make calls to your wife cheaply by adding an ‘international bolt on’. Err. Ok. So fine here’s my debit card, and I’ll have the international bolt on. Oh no – sorry we can’t do that here. You’ll have to call this number. Wait, what? I’m in an O2 store, the bolt on is an O2 service right? Yes – but we can’t do that.

Ok. So now my phone is working again great. Eventually I get around to calling the bolt on service. To do so means going through another phone call decision tree of pain.

Mid August I’m going to head back to the US, and I’m at the airport. I need to terminate the O2 service and so whilst waiting at the gate I do that. I call the O2 number and have to wait a while in a queue so I can speak to a person. This might be more irritating but I’m just waiting at the gate so it’s not too bad. The person I speak to appears understand that I want to terminate my account. I even explain that I’m returning to the US. After a while and saying they needs to speak with someone else they say that it has been terminated and I am good to go. They say there will be one more bill, and that will be that. Great I think – I won’t have to deal with this anymore.

I see the bill go past for the end of that month. It’s more than I expect, but you know it is what it is.

This morning I wake up and look at my mail. Oh how odd I’ve got a bill from O2 in my email. Maybe it’s just some promotion or something. No. They have charged my 27 pounds for last month. What. The. Hell.

So I check the email to make sure it’s not some kind of phishing. No looks legit. So I go to the O2 website. Of course I can’t find a telephone number to call them. Oh because they want to push you through a FAQ, and then push you through online chat.

On chat I explain to the person whats going on. They say – well your account was never terminated. To which I say it absolutely was – the person I spoke to at O2 assured me it was. They checked and said “There is no note on your account that could state that a cancellation request has been placed”. I said I remember the day and the event, it was waiting at the gate for my plane back to the US.

Ok they say “I could connect you to our cancellation team right away”.

Eventually I get to the point that they will credit my account 27 pounds and terminate the account. Fine. I ask if I can have some confirmation number – not wanting this again. They say the chat window text can be proof. Err ok. There is no easy way to access the text of the chat window – the chat window has no controls. I eventually find a way to clumsily copy the text. The whole chat took about an hour that I’m never going to get back.

Update 1:

So this seemed like end, but it wasn’t. On 28/10/2018 I received another email, that seemed to be saying I had been charged 0 pounds. Hmm odd – I’ll see what happened to my account… I login, and O2 has taken 27 pounds out again!

So back I go again to O2 chat. They told me they generated a bill and that I’d paid it and that was all good. I said I’d terminated. They said I hadn’t. I told them I had proof from last discussion.

Then they said

O2: Yes, as per the new bill been generated today, there is a credit of £27 added which means you are getting the amount back which was debited today.
The total credit as per the final bill is £53.12.
Which means I will be refunding £53.12 to your bank account.
There wont be any more bills as I can see that the account is disconnected.
So as per your last conversation, the team had applied credit of £27 which has been taken today.

Me: i can see today they removed 27 pounds
there is no credit

O2: Yes, I agree, the team has applied a credit as well for the same.

And a bunch of back and forward. I’m still not sure what happened – but if they refunded me £54.12 then fine I could be done. When will I see it? Oh in up to 10 days time. Err ok. And *surprise* it turned up in exactly 10 days, and then I switched off direct debit for O2… hopefully that is the end of this. Also amusingly they gave me a chat ref number – when the previous person I chatted with claimed that I had to keep a copy of the whole text.

As a side note – I have in the past had Lloyds pay out on direct debit when I had cancelled it… so possibly it’s not all over.

Continued

So obviously this is terrible customer service, from both Car Phone Warehouse and O2. That at every point as a customer – I have to take the hit. I have to pay for multiple SIM cards. I have to pay to open other accounts. I have to waste time, and drive to all these physical places. On top of this I was supposed to have 10 pounds credit on the original card when I bought the SIM – that didn’t work either with no explanation.

The actual experience of interacting with their ‘system’ either through people using their terminals, or calling the top up line, or the phone decision trees of pain is ridiculous. Never knowing why something doesn’t work just adds to the frustration. Why wasn’t my account terminated originally? I have no idea. Nobody can tell me. The fountain of knowledge is their computer system – and it doesn’t know, so as far as they are concerned it didn’t happen.

If I hadn’t had given my email address – something I typically don’t do – it would have been months before I would have even noticed.

So just to round this out, I thought okay I’d better check what happened with my Lloyds bank account. So I try and log in and I get

“Access Denied: You don’t have permission to access “http://online.lloydsbank.co.uk/personal/primarylogin” on this server.”

Ok, that’s new. But I remember I’m on a VPN, and sometimes services don’t work well through VPN – say like Amazon. Okay, I’ll try from a non VPN connection. Same thing. So how am I going to make this work?

Well I remember when I was in the Uk I set up my laptop to connect to a Uk VPN service. And that thankfully connecting to that server and then Lloyds works…. But it’s kind of fortunate that I have a VPN service that’s got servers in the Uk, otherwise… yet another world of digital hurt.

Improving Privacy and Performance via DNS

I saw a Linus Tech Tips You Tube video yesterday for speeding up your internet. I was somewhat skeptical… but it turned out what the piece is really about is Cloudflares new DNS service.

DNS or domain name system, is one of the mains mechanisms of how text you type into the bar of your browser gets turned into something your computer can use to actually do something. More specifically it turns a domain name like ‘google.com’ or ‘amazon.com’ into an IP address – in effect a large number that identifies a computer on the internet.

Typically DNS is handed off to your ISP provider via how your router is configured. The trouble is that it seems not only are the ISP provided DNS servers very slow – they also store all the sites you have looked up associated with your IP address. As the ISP knows where you live, and may be able to identify requests from specific machines. They can and do sell this information on – to advertisers at a minimum and who knows who else.

The slowness of the ISPs DNS service is a known problem, and so some other companies have made their own services available. Google provides such a service and is promoted on being significantly faster than ISPs. I haven’t used it because googles business model is to capture as much data about users of the internet – such as it can exploit it and that seems to typically lead to attempts to exploit you. So it’s the same sort of privacy problem as with the ISPs, with the only advantage that it’s not as slow.

This is not cloudflares business model, and it claims it only stores logs for less than 24 hours for diagnosing problems, and never stores the information to disk. So assuming this is all true, it is great news. Moreover their service seems to be substantially faster than even google.

Note that if you have a VPN, you probably should be using the VPN services DNS service. The VPN companies business model is specifically about protecting your privacy. There might be an argument for using cloudflares so as not relying so much on VPN service – as it would be a way to not rely solely on a single entity. I’m not sure that is super compelling argument and so I have just stuck with the DNS of my VPN provider when using VPN.

Anyway if you are like me you have some machines behind VPN and others not – such as the set top box I use for netflix streaming. Making systems that are not behind the VPN use Cloudflares service seems like a double win – much better privacy and performance!

If you are somewhat technical the best place to do this is in the configuration of your router. Typically that’s as simple as logging into your routers web interface – and setting your primary DNS server to be 1.1.1.1 and your secondary to 1.0.0.1. Once you have done this you may wonder how to check if your change is working? You can use DNS leak test, click on ‘standard test’, and you should see the servers appear as ISP ‘Cloudflare’. You can also use this to check VPN is not using your ISPs DNS.

Yesterday I took 10 mins and configured my router to use Cloudflare DNS. It was easy to do and seems to work nicely. Is it significantly faster? For me it’s hard to say, because most of the time I’m behind the VPN and using the VPNs DNS. When I purposefully tested it – by going to hacker news without VPN and clicking a few articles –  it does indeed seem snappier.