I dunno if the title is comprehensible, what I mean is:
Is it better, in a privacy perspective, to use the desktop app your VPN service provides you with, or to get the config files and connect to them using OpenVPN? (or WireGuard)
I think many people would say the second is the best since VPN’s clients are usually closed source while OpenVPN/WireGuard are opensource, but, every time I tested connection using OpenVPN, my IPV6 is always leaking and websites can tell my location based on IP.
So, which do you guys use or think is the best?
amusing cough direful bright somber plough plants pathetic sand encouraging
This post was mass deleted and anonymized with Redact
I would add a few things.
- Sometimes to VPN app from the provider will not traverse some corporate firewalls. I’ve had better luck using OpenVPN for that. One of the most important uses of a VPN is to be able to connect to the net using a controlled and standard method while traveling.
- I prefer using a standard FOSS app because it’s probably better audited, and often comes from the standard repo. The providers app though of ours is easier to use, more likely to be configured correctly, and may have features the standard app does not have. So it’s a mixed bag.
- Like others said, VPNs are only a component of privacy… lot of other factors come to in to play too.
I recommend finding a VPN provider that has audited open source apps.
I would go the route of using the config files because you can use a FOSS client that is more privacy conscious than the proprietary client which can log analytics for use and software crashes. You can choose to disable IPV6 functionality based on your OS. You may have to research that option.
If you are new to this and can’t properly set up things, the VPN app would probably be better. Look for ones that are open source.
So, you trust your VPN provider for send all your internet traffic through their server but not for install an app on your PC ?
It’s weird but ok, look at Mullvad wireguard, it’s work very nice for me and they have CFG generator on their site for Wireguard and maybe for OpenVPN too
Use the OS-native (OpenVPN etc) client from your OS. Your VPN already sees all of your traffic, why potentially let their app see your files on disk too ?
If you have leaks, fix them. I think most consumer VPNs just disable IPv6 anyway.
Yes I know VPN is just a small component of privacy and many other things come into play as web browsers, adblockers, OS, e-mails, search engines etc and I’ve already changed all of these to privacy friendly alternatives (although still exploring with my web browser to see what works the best with me and trying to get the minimum of identifying bits as possible on panoptclick)
Anyways, I trust my VPN provider as they’re REAL verified no logs and hosted outside the 14 eyes. I just wondered if it would not be better to manually use their config files instead of downloading their desktop app (which is proprietary software)
I’m pretty aware VPNs are only a component of privacy and many other things come into play as well (like OS, adblocker, web browser, search engine, e-mail etc) and I’ve already switched to many privacy friendly-alternative services.
And well, so you prefer to get the config files from your VPN and connect to them using the OpenVPN then? (assuming you’re talking about this, as I don’t know any open-source vpn provider)
I tried doing so but as I said, I’ve experienced IPV6 leaked (found an script on github that would supposedly solve the IPV6 leak but it was poorly explained how to use it and I had no idea what to do) and plus it seems that, since I’m on Linux and the OpenVPN connection is made through the terminal, I’d need to let the terminal with the process running, and I’d really rather to not have many programs opened at the same time for aesthetics and practicality purposes.
Also, there’s probably a way to make it automatic but, I’d need to manually connect to my openvpn files every time I start the system instead of automatic correction, no?
So Use openVPN if you don’t trust your VPN with your information
I have disabled IPV6 on my OS but it still leaked for some reason, there was a bash script I found on github meant to fix it, but the creator poorly explained how to use it and I just couldn’t use it.
Also, I use Linux, connecting manually to config files requires the terminal, and it seems for the process to keep going I need to let the terminal with it working, and I personally (for aesthetics and practicality purposes) would like to be able to close it and keep the VPN working. I’d also like a way to automatically connecting into my openvpn files when starting the system rather than manually doing so.
I can’t see it making any difference. If you trust them you trust them.
Most VPN providers support OpenVPN and some support Wireguard. I currently use OpenVPN for now just because of history and that’s what my provider supports.
Can’t remember how I setup the config file… maybe from the provider… but I may have audited it too… can’t remember. One thing I had to do is tweak some things because I wanted certain servers on certain ports. Sometimes I have to use tcp over port 443 only because some firewalls won’t pass better connection for example. As you’ve figured out, configuring openvpn can be kind of techie… which means it’s beyond most people.
On ubuntu openvpn setup is just in my connection menu in the gnome3 applets area. You can add any number of connections there. I have used it on my laptop, but frankly I’ve used openvpn more on my android phone.
My OpenVPN is configured so I have to start it. It probably could be configured to auto start and with killswitch… it’s linux after all… but I don’t know how to do it. I know the android app supports these features.
Testing is the way to go… most VPN providers suggest testing sites you can use to test your vpn setup to make sure it does not leak… and there are a lot of ways for that to happen.
By your OpenVPN setup do you mean you set it up on the network manager? I read that the Network Manager would not be able to run the script I was told to use.
The script I tried to use was this one right here, but the instructions as to how to make it work were made unclear to me to be honest and I’ve tried many ways but none worked.
And yeah, I can imagine there could probably be a way to configure OpenVPN to autostart and have killswitch but it could probably very hard, as you said, configuring OpenVPN can be kinda techie and beyond most people, however, I’m willing to go beyond most people honestly lol.
My VPN currently only has support for OVPN, they said WireGuard support would be added soon (that being said last year’s April and still no ETA but I believe it may come out this year) so yeah, dunno if WireGuard would be less of a problem to configure but still.
