Re: [Tails-dev] Please support VPN for Tails. Any workaround…

Delete this message

Reply to this message
Autor: Dr. Killswitch, D.V.M.
Data:  
Dla: The Tails public development discussion list
Temat: Re: [Tails-dev] Please support VPN for Tails. Any workaround for now?

Tor has things like obfsproxy - so your traffic looks like something other
than Tor. There is a whole body of knowledge of getting around
filtering/surveillance without needing VPN. I am not sure where to get
best practices for today, what is on torproject.org is definitive, but it
seems scattered.

Cryptostorm provides OpenVPN services and we are specifically angling to
get good integration with the adversary resistant computing platforms -
TAILS, Whonix, Qubes, maybe others.

Cryptostorm is a pioneer in Zero Customer Knowledge VPNs - you can not
only buy tokens with bitcoin, you can buy from resellers, and there is no
way for the organization to know who bought what token. The idea of a user
account and password does not exist for Cryptostorm users, access is via
digital tokens.

Cryptostorm is perfectly happy to loop traffic - VPN within VPN is fine.
The access nodes will accept both UDP and TCP as connection methods, so
the more traditional VPN before Tor is there, and if you want VPN after
Tor to avoid a Tor exit ban, that is fine, too.


There is a free 256kbit symmetric service available at
http://cryptofree.me - its meant for test drives, and for activists in
countries where a $5/month VPN service would be a significant expense.
There is no token needed to use this - just take this config file and go:

http://pastebin.com/rGxyXuEL

I am happy to answer any questions people might have about the service ...


On Sun, July 12, 2015 6:56 pm, tailsneedsvpn@??? wrote:
> Dear Tails Team!
>
>
> First of all I would like to thank you very much for the effort you have
> put to create this amazing distribution. I am sure you know how valuable it
> is nowadays.
>
> I would like to request something that was already reported two years
> ago, that is OpenVPN support for Tails
> (https://labs.riseup.net/code/issues/5858).
>
>
> * More important thing is to be able to run VPN on Tails, before entering
> TOR. This moves trust from ISP to VPN provider. In many cases it is very
> undesirable to bright attention just by using TOR directly.
>
> * Less important thing is to be able to run VPN after TOR, to make sure
> that sites are not blocked when you use TOR. I mean all of those very
> difficult to solve captchas (which are often also connected with Google
> by the way).
>
> Of course that would require using two different VPN accounts, so those
> are not correlated. Also, VPN account should be bought with mixed bitcoins.
> And finally there would be need for kill switch to make sure
> that when OpenVPN fails, internet connection goes down as well (Adrelano's
> kill switch for Linux is the best I have found so far).
>
> Can you suggest any workarounds for now? I mean I cannot install OpenVPN
> on router because it is shared router. I can buy the second router but that
> would be first of all weird and suspicious (and also can take some time to
> configure properly).
>
> I can also install OpenVPN on smartphone and enable hotspot mode, then
> connect from Tails to smartphone hotspot, rather than directly to the
> network. But then I'm not sure if I can trust smartphone (CyanogenMod)
> because of temporary files and things like this (after all data would be
> sent from computer to smartphone unencrypted, so smartphone would have
> access to unencrypted data and could save it in some temp locations. Not
> every site uses https or things like this so I expect that at least some
> of the traffic would go unencrypted).
>
> Also, I would like to be sure that I download trustworthy version of
> Tails. That would be advantageous to have on several different highly
> trusted websites control sums to verify integrity of Tails (to be able to
> download it from several different sources and make sure that they all
> are identical for the same version of Tails).
>
> For now I am not going to use Tails, which is sad because it's such
> amazing distribution (you have so many useful features). But without being
> able to hide TOR activity from ISP, I cannot use it.
>
> I also wanted to double check it. Are there any additional dangers
> connected with using TOR after connecting to VPN? Can VPN provider mess
> with TOR nodes to make it easier to become deanonymised?
>
> What are the main technical challenges you have with supporting VPN for
> Tails?
>
>
> Summing up, how could I hide my TOR activity on Tails from ISP (and
> provide additional encryption in traffic) with use of OpenVPN?
>
> I wish you best luck with your development!
>
>
>
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> Tails-dev-unsubscribe@???.
>
>