Showing posts with label vpn. Show all posts
Showing posts with label vpn. Show all posts

03 March 2024

677. Cisco Anyconnect on debian 12.5 -- certificate issues

 If you're getting

"AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again."

and

"The certificate on the secure gateway is invalid. A VPN connection will not be established"

when you're using Cisco AnyConnect on Debian 12 and over, it's because of read permissions (you can confirm by running vpnui with gksu)). The solution is given here: Link

In brief, you'll need to edit /opt/cisco/anyconnect/AnyConnectLocalPolicy.xml and change 

<BypassDownloader>false</BypassDownloader><ExcludeFirefoxNSSCertStore>false</ExcludeFirefoxNSSCertStore><ExcludePemFileCertStore>false</ExcludePemFileCertStore>

to

<BypassDownloader>false</BypassDownloader>
<ExcludeFirefoxNSSCertStore>true</ExcludeFirefoxNSSCertStore>
<ExcludePemFileCertStore>false</ExcludePemFileCertStore>


29 June 2017

640. nordvpn with network-manager-openvpn-gnome (on debian 8), and speeds

So you've signed up for nordvpn, e.g. because you can't live without ABC for Kids and you're exiled to Europe. Unfortunately, while you can connect to a server using

sudo openvpn au35.nordvpn.com.udp1194.ovpn
you're having little luck using network-manager-openvpn-gnome, and the nordvpn official step-by-step guide isn't bleeding working.

Well, here's how to do it:
1. Go to network settings and add a new connection. Click on VPN:
The select import from file.
Select the file:

This will import some, but not all, of the settings.

You'll need to select the .crt file:
And then click on advanced. Got to the TLS Authentication tab:

You need to select 'Use additional TLS authentication' and select the tls.key. The key direction should be 1 (it's in the ovpn file)

Either way, the connection using the gnome network manager seems a lot less stable than what you get using openvpn in the terminal.

So, will it work for streaming? Not really, from what I can see. I do admittedly have a really crappy connection even w/o vpn, and I'm doing this over wifi. Here are results using google speed test:

No VPN: 6.36/9.75 Mbps Up/Down
uk32 (udp): 1.79/7.89
au10 (udp): 3.94/2.85 -- first try
au32 (tcp): 0.86(!)/0.96
us621 (udp): 0.47(!)/3.22
au10 (udp): 1.13/1.45 -- second try
No VPN: 7.53/2.96 -- second try

These are just random servers. There may be higher speed ones out there. Also, note how living in an area with a high concentration of students can cause large variations in your speeds in general.
****
Update: I ran a couple of tests from work where I have a /fast/ ethernet connection. I did it using Okla:
No VPN: 94.09/94.08 -- first try
No VPN: 94.10/94.02 -- second try
ch7 (udp): 87.95/87.87
au10(udp): 0.53/0.75 -- even just running the test took ages


****
Another fun little trick when using openvpn in the terminal is -- if you're not concerned about protecting your username/password -- to follow this post: https://my.hostvpn.com/knowledgebase/22/Save-Password-in-OpenVPN-for-Automatic-Login.html

After creating your auth.txt file, in the folder with your .ovpn files, do
sed -i 's/auth-user-pass/auth-user-pass auth.txt/' *.ovpn

Now you can switch vpns quickly and happily.