LWM-Linux/04 - Networking in Linux/VPN and Proxy Configuration.md

i# VPN and proxy configuration in Linux

1. VPN Configuration

VPNs (Virtual Private Networks) provide secure, encrypted connections over public networks. There are several VPN protocols and clients available for Linux.

OpenVPN:

OpenVPN is one of the most popular and secure VPN protocols. To set it up:

• 1. Install OpenVPN: sudo apt install openvpn
• 2. Obtain configuration files from your VPN provider. Varies on each provider
• 3. Connect to the VPN: sudo openvpn --config /path/to/your/config.ovpn
• 4. For automatic connection, create a systemd service: sudo nano /etc/systemd/system/openvpn.service

• Add the following content:

[Unit]
Description=OpenVPN connection to YOUR_VPN
After=network.target

[Service]
ExecStart=/usr/sbin/openvpn --config /path/to/your/config.ovpn
Restart=always

[Install]
WantedBy=multi-user.target

Enable and start the service:

• sudo systemctl enable --now openvpn.service # Starts OpenVPN right "now" and "enable"s it on next boot as well
• sudo systemctl start openvpn.service # Just "start"s OpenVPN for the current boot.

WireGuard:

WireGuard is a newer, faster VPN protocol. To set it up:

• a. Install WireGuard: sudo apt install wireguard

• b. Create a configuration file: sudo nano /etc/wireguard/wg0.conf -Add your WireGuard configuration details specific to your vendor.

• c. Start the WireGuard connection:

• sudo wg-quick up wg0`

• d. To "enable" automatic connection on boot and right "now":

• sudo systemctl enable --now wg-quick@wg0

Built-in VPN clients:

Many Linux distributions include built-in VPN clients in their network managers, supporting protocols like OpenVPN, L2TP/IPsec, and PPTP.

2. Proxy Configuration

Proxies route your traffic through an intermediary server. There are several ways to configure proxies in Linux:

Environment variables:

Set these variables in your shell configuration file (e.g., ~/.bashrc):

export http_proxy="http://proxy_server:port"
export https_proxy="http://proxy_server:port"
export ftp_proxy="http://proxy_server:port"
export no_proxy="localhost,127.0.0.1,::1"

System-wide proxy settings:

For GNOME-based systems:

• a. Open Settings > Network > Network Proxy
• b. Choose "Manual" and enter your proxy details

For KDE-based systems:

• a. Open System Settings > Network Settings > Proxy
• b. Choose "Manual" and enter your proxy details

Application-specific proxy settings:

Many applications have their own proxy settings. For example:

• Firefox: Preferences > Network Settings > Configure Proxy Access to the Internet
• Chrome: Settings > Advanced > System > Open your computer's proxy settings

Command-line tools:

Use proxychains to route terminal commands through a proxy:

1. Install proxychains:

sudo apt install proxychains

2. Configure proxychains:

sudo nano /etc/proxychains.conf Add your proxy server details.

3. Use proxychains:

proxychains command_to_run

SOCKS proxy with SSH:

Create a SOCKS proxy using SSH:

• ssh -D 1080 -f -C -q -N username@remote_host
• Then configure applications to use SOCKS5 proxy at 127.0.0.1:1080.

3. Testing and Verification

To verify your VPN or proxy configuration:

• Check your IP address: curl ifconfig.me

• DNS leak test: dig +short myip.opendns.com @resolver1.opendns.com

• WebRTC leak test (in browsers)

• Use tools like ipleak.net or dnsleak.com

4. Security Considerations

• Keep your VPN client and system updated
• Use strong authentication methods (e.g., certificates for OpenVPN)
• Be cautious with free VPN or proxy services
• Consider using a kill switch to prevent traffic leaks if the VPN disconnects

5. Troubleshooting

• Check logs: journalctl -u openvpn or journalctl -u wg-quick@wg0
• Verify DNS settings
• Ensure correct permissions on configuration files
• Check for conflicting network settings