SecureMe is a project I started to try out and get some experience from running an operational combination like this, and I have been using it without much issues for the past quarter year to date.

I'm opening this as a service to people who'd like to make use of this service too, and for no minimum cost! I only ask for the following:
1. feedback/suggestions/complaints/compliments!
2. (if you're feeling generous) donations to help me upkeep my server at least (I don't intend to strike it rich with this anyway)

If you wish to use this, email me at secureme{@T}rayfoo[dot]info to enquire on availability. Alternatively you could tweet or FB me...

I'll support this as much as possible where time/resources permits, but for now I'd suggest that (at least) the slightly more technically inclined try this.

A short review on the different parts of this system so far...

1. Automatic starting

The OpenVPN client installed can be made to autostart and run as a background service, (re-)connecting to the VPN automatically whenever there's network connectivity to the OpenVPN server.  Coupled with automatic configuration of the client's DNS resolver list this allows for automatic protection/privacy of the DNS queries sent out.  The automatic configuration of the DNS resolver can be disabled too if need be.

2. Ease of use

Connecting to the proxy afterward is a "simple" proxy configuration change in the browser of choice.  This can be conveniently done (and undone) with extensions like Proxy Switchy! for Google Chrome, or FoxyProxy for Firefox.

3. Initial setup efforts needed

All this is working nice and dandy for me now, with little inconvenience involved in activating SecureMe. Now one of the problems faced in making this user-friendly/"idiot-proof" would be the high setup efforts needed (really plenty of hoops to jump through, especially for the no-so-technically-inclined user).  One way would be to come up with some sort of "portable" package that has been preconfigured as much as possible, or an installer that helps you to do most of the work.

4. DNS requests leakage

Another issue is the small possibility of DNS request leaks.  For example, the behaviour of the OpenVPN client in linux is to add the DNS resolver at the top of the resolver list (/etc/resolv.conf), but if the DNS query is deemed to take "too long", the request goes out to the next DNS resolver in the list, which usually is the DNS resolver for the public wifi hotspot.  Though this won't cause things to break, it does allow some queries to go out in the open network.  One of the ways I know of to solve this would be to configure a SOCKS proxy, so that it would be possible for browsers like Firefox to send all DNS queries to the SOCKS proxy.

Conclusion:

This seems to be working well so far, with Linode's rare downtime the past months.  More work could be done to make this simpler for others to setup, but I guess I will only do this sparingly in my free time.  No one seems to be geeky/interested enough to want to have this available to them for free so far, heh. ]]> http://blog.rayfoo.info/2010/02/secureme-so-far/feed 0 http://blog.rayfoo.info/2009/11/openvpn-client-fails-after-running-update-resolv-conf http://blog.rayfoo.info/2009/11/openvpn-client-fails-after-running-update-resolv-conf#comments Tue, 17 Nov 2009 02:46:17 +0000 ray http://blog.rayfoo.info/?p=352 OpenVPN client on Ubuntu "suddenly" stopped working.  A look through the logs showed that the update-resolv-conf script seems to be failing...

ovpn-openvpn[3552]: /etc/openvpn/update-resolv-conf tun0 1500 1542 x.x.x.x x.x.x.x init
ovpn-openvpn[3552]: script failed: external program exited with error status: 1

A quick trace of the update-resolv-conf script shows that the problem's with resolvconf:

resolvconf: Error: /etc/resolv.conf must be a symlink

And the fix for that based on another solution:

sudo rm /etc/resolv.conf
sudo ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf