Pushed into a VPN…

There are those things you know you ought to do “someday” but just are not very motivated to do… until “someday” arrives.

For me, one of those was “use a VPN”. I’ve set up LOTS of VPNs (Virtual Private Networks) which is probably part of my sloth. I first did it somewhere around 1990? Router to Router. Another company took over the little company where I was the Rent-an-I-T-Guy, and they wanted to integrate the networks as fast as possible. Their “network guy” had, um, how shall we say it, “lots of Microsoft skill”… routing not so much… (At a later time I got to eliminate 2 pernicious ‘issues’ with routing at two different sites, both his ‘design’…)

Well, it took me about a week to sell him and his boss (my new boss) on the idea of a VPN as a rapid bring up while we worked through that whole AT&T leased line and order network equipment bit… Each site had Cisco routers and IP to the Internet. Some config later, the two networks were joined by a PPTP tunnel, encrypted, and I could get onto the loverly task of merging our DNS services, mail services, etc. etc.

Let’s just say that after a few dozens of that kind of thing, if you never have to set up a VPN and merge two corporate networks again, it’s just fine…

Well, times move on, and things get easier. Eventually VPNs got added to laptops and Windowz and ‘whatever’.


So I was happily watching Skynews for several days. Then this morning, the dreaded “blocked in your country” notice. Sigh. I’d gotten to like Sky News. Sure, I could just “flow around them” and watch someone else (and I did… this morning was RT and CBS) but, well, something in the soul was offended. Even if I never watched it again, it was the principle of the thing. “Time to be among them. –Sean Connery in Rising Sun“.

In fairly short order I had a VPN running on the Android Tablet. Almost too easy. Click some web search links, get the free login info, under “settings” on the android, choose “configure VPN” and enter the stuff. I now have about 8? VPNs up and tested. I can “land” in a few places in the UK, 4? in the USA not near me, one in Germany, 2 in Romania, etc. etc.

At some point I’ll figure out how to add it to the Chromebox and to the Raspberry Pi Linux that’s my daily driver. Or maybe I’ll just put it into the Pi that’s my DNS server and have it be my “VPN to the World” server as well. Who knows. But for now I’ve made my point. In about 20 minutes, free, to just about anywhere I’d want in the UK, EU, and North America.

I’m sure that there are a lot more, and many likely to be more stable or faster or more secure, but needing just a touch of money applied. IF I really had a serious need, I’d likely do that. But I don’t. Sky News is a bit slow on the link that seemed to work best. Some pauses and glitches. I’ll likely now just do that ‘flow past it’ that is the usual approach. There isn’t anything on Fox or Sky that is so compelling I just must have it, so if they want to play games, I can just let them limit the reach of their programming and flatten their own noses.

OTOH, I now can have the “fun” of dropping in on various sites with an IP address from Romania ;-) Nice for when you want to browse a site and NOT finger your actual location. Nice when someone wants to try “blocking by IP”. With a dozen or so (at least, I don’t know how many they ’round robin’ on their outside for any one vendor) to choose from it gives a lot of flex.

The Where and the How

OK, first off, I didn’t vet any of this. It’s just for playing and on a Tablet where there is nothing I really care about. Someone wants to see that I read WUWT and watch RT, who cares. I have no PII on the thing. About the only identifying stuff on it was the IP address and WiFi connections (and they mutate). Were I planning something serious, I’d do more work on it. (That is, it is quite possible these ‘free’ VPNs are set up by Agencies and they scan the traffic for nefarious things… or they could be 3 guys in a dorm room with a Bright Idea and safe, but likely to be gone next school year. I have not done any background stuff. Since THEY are the termination side of the encrypted tunnel, they can see the traffic ‘in the clear’… so for really important stuff, encrypt THAT inside the tunnel connection. i.e. https for web site end to end inside the PPTP encrypted tunnel you to VPN server.)

I just did a web search for “Free VPN”. Then chose this interesting article:


There are others with 2016 dates. So why pick one from 2009? Well, if they have stayed around for 6 years, that’s a good thing… But yeah, you can also check the new articles for better / newer / faster ones.

A semi-random selection was made from their list. I didn’t want to download an OpenVPN widget for the Tablet (as I don’t have a “login” for Google Play or any of the ‘track you’ apps sites… that’s the downside of a Samsung or Apple or Google Android App. You must ‘have an account’ to log in and get it, so get tracked. I use few apps on the thing for that reason (only downloaded a couple of ‘open’ apps for the browser, things like Opera and such that don’t require a track-me login). So I picked those that were PPTP. Point to Point Tunneling Protocol. An old, technically ‘obsolescent’ protocol with some security issues, but more than enough for my needs and it’s everywhere. It’s not like I’m some Agency Guy or hiding from some Agency Guy. Most I care about is being able to spoof some stupid georestrictions…

Then it was just implement them on the Android Tablet. Now each device operating system will have it’s own way of setting up a VPN tunnel. The basics are some kind of network application to do the setting, a name for the connection, the IP-site to use as the other end, a login and password. That’s it. For the Android, for reasons known only to their demented security team, you MUST put in a screen lock code or encrypting code before you can have a VPN tunnel. “Why? Don’t ask why. Down that path lies insanity and ruin. -E.M.Smith” .. so ‘exploring why’; my guess would be that since you want an encrypted tunnel, they figure you must want to hide things, so why oh why would you ever want the tablet to not lock? (Maybe their bogus encryption that has cost thousands of folks their saved data?… just do a web search on “samsung encryption recovery” or similar.) OK, I chose to set it to a trivial set of 4 digits and I think it is a screen unlock only, not encryption…

After that, it’s trivial. Go to ‘settings’. Choose “More Setting”. Chose VPN. chose “Add VPN Network”. Enter a name for the connection ( I used the vendor name), the type defaults to PPTP, enter the “server address” that is actually the domain name of the server, and then ‘save’. When you then click on the VPN connection by that name, it asks you to enter the “User name” and “password”, and you enter them. I also clicked “Save account information” as I see no need to type this each time. It isn’t some secure private company thing, it’s a public freebie.

Who did I choose? The one that worked best was “vpnbook.com” with several servers. 2 USA (that didn’t connect for me but acted like it was full), 2 Romainan, 1 German and a Canadian. Freeeurovpn worked as did websitevpn.com. Vpnip.net didn’t connect the first time, but did the second, and it, like some of the others, had many web sites it could not connect with (likely as geolocation blockers learned they were VPN sites and blocked their IP… a reason for newer VPNs and / or rotating server IPs… so don’t think you enter these configs once and are done forever…)

With that, some links and info:


Server #1: euro217.vpnbook.com
Server #2: euro214.vpnbook.com
Server #3: us1.vpnbook.com (US VPN – optimized for fast web surfing; no p2p downloading)
Server #4: us2.vpnbook.com (US VPN – optimized for fast web surfing; no p2p downloading)
Server #5: ca1.vpnbook.com (Canada VPN – optimized for fast web surfing; no p2p downloading)
Server #6: de233.vpnbook.com (Germany VPN – optimized for fast web surfing; no p2p downloading)
Username: vpnbook
Password: W2cadre
More servers coming…


Encryption: MPPE-128 Bit
Server Location: USA & UK

US Server Host: us.websitevpn.com
VPN Username: websitevpn.com
VPN Password: freevpn

UK Server Host: uk.websitevpn.com
VPN Username: websitevpn.com
VPN Password: freevpn


VPN Server: freeeurovpn.itshidden.eu
Username: itshidden
Password: itsallfree


Server Hostname: eu.vpnip.net
VPN Username: vpnip.net
VPN Password: 2013

Also has a US VPN I’ve not tried:

Server Hostname: na.vpnip.net
VPN Username: vpnip.net
VPN Password: 2013

In Conclusion

Are these the best, the fastest, the most secure? I have no idea, that wasn’t my criteria. I wanted “free and up fast” with maybe some security and with ‘connects to stuff I want’. Is it fast enough to watch Sky News? Not in early testing, but who knows. Several of the VPN servers were clearly being blocked at the other end for particular geolocating services (test a google search and it works, hit Sky and ‘nogo’ and for several other sites as well). So likely some “bad actors” have used this for bad things, so the IPs have been restricted by someone, and / or the bypass of the geolocate was noticed and thus blocked.

In any case, I’ve got ‘Sky News’ with sloth on at least one, and a whole new set of fun to be had by randomly and anonymously plopping down on parts of the internet with an IP address from around the northern hemisphere… All in less time than it took to type this article.

Have I mentioned lately: “It’s a very bad idea to annoy the geek. -E.M.Smith” ?
Just sayin’…

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits and tagged , , , . Bookmark the permalink.

12 Responses to Pushed into a VPN…

  1. Sandy McClintock says:

    Last week I had the same frustration as you and set up a anti-geo-blocking service again using this https://www.getflix.com.au/pricing OK its not free but its got a 15 day trial for part of the offering.
    They offer ‘Smart DNS’ and VPN; for most things the ‘Smart DNS’ seems to do a good job at circumventing geo-blocking and this service can be tested free.

    Also …
    Has anyone noticed more than usual number of emails arriving hours or even several days late? Perhaps its coincidence, perhaps only in Australia, or perhaps some screening system (!) ;)

  2. E.M.Smith says:

    Yahoo was just outed as having written custom software to screen ALL email in transit to their accounts for key phrases and content … at the request of NSA & FBI, if I’ve remembered the crawler correctly.

    IMHO, if you are not using end to end encrypted email, there are several places and agencies who need to “processes” it before you get it…

    That said, email is not a time synchronous service. Routers using QOS Quality Of Service prioritizing will be putting Facetime, music, youtube, and videos ahead of it. Heck, even regular browsing and adverts. So congestion would delay email most.

    I’d expect it to be worse on international email and long distance email.

  3. E.M.Smith says:

    @Sandy :

    Interesting trick they do at getflix with the DNS VPN bit. Route the dns lookup to them, for only the video sites, then do the handshake / spoof then {somehow} have the video provider route service directly to you…

    I don’t know how they swap the return traffic from them to you, but it avoids that whole routing via another continent for all your traffic just to get one video feed…

    On my “someday” list is to find out how I can config the AT&T boundary router on my desk so I can get things like VPN to my home from anywhere working. I think I’m locked out of it, but just don’t want to deal with AT&T to find out. Doing it from my router, inside from the AT&T one, would need some tricks and I’m too busy to figure them out…

    OTOH, I’m not on the road now, nor likely this year, so not very important to do…

    I’d mostly like to just be able to let selected overseas friends bounce off my router as a vpn of known speed and security. But sloth defeats me :-)


    Well, having talked about it I felt embarrassed enough to at least do the minimal look see… Seems I can get to the router via a browser interface and then change things via the access code they gave me for setting up wifi. OK, nothing left to stop me from making My Own Sweet VPN other than doing it. Looks like “IP Passthrough” is the key bit. Set an IP/port to pass through to a particular ‘my side’ box that does the VPN set-up serving… OK, one chip on a Pi and a VPN server build config, set the IP Passthrough and I ought to be done.

    Maybe on Sunday ;-)

    It would be Very Nice to have my own ad and crap filtering DNS server when I’m at Starbucks, and to block all the potential traffic scanning there (all my traffic would be encrypted, device to home, THEN sent out to the internet. Might be fun to config my home VPN to route some stuff out a Free European VPN server… so when at Starbucks, my “stuff” is encrypted all the way to Romania, THEN gets sent out into the world…

    Hmmm… Might also be nice to make a “Bounce Box” going the other way. VPN from home to a “box” in a Starbucks Somewhere (accomplice needed or leave in a closely parked car) then out THEIR connection to the world. At that point it could even have the VPN overseas thing. Then you could do things ‘for your hacking pleasure’ from the comfort of your couch that seemed to be coming from Romania and then they would think it came from a Starbucks that would think you were sitting there somewhere… with strange encrypted tunnel to my IP as the only real exposure… to hide THAT, I could put a ‘hotspot’ in the bounce box. Have home to BB over hotspot ISP as encrypted tunnel, then into Starbucks and VPN over to Romania… First public link comes from there, and 3 jumps to get back to me, one very hidden and subject to my collection and control later…

    I think I need to get another security gig… this doing nothing is leaving the brain idling waaay too much ;-)

  4. Gail Combs says:

    I mentioned before that GMail sent all of Trump’s first requests for donations, just after his nomination, to everyone’s TRASH (not even to spam) This was done so it looked like he had no support. The Wolverines caught the trick, spread it far and wide and he got lots of small donations from tons of people.

    The donation requests from the GOPe went right through BTW so it was very much targeted specifically to Trump. I have a GMail account and can verify this is exactly what happened.

  5. E.M.Smith says:


    This morning Sky News is working fine again, and without a VPN.

    I think their GeoLocate service must be screwed up…

    But my pattern now is to ‘try them last’ so I’ve already rotated through what was of interest. They were doing some non-interesting story about boats or something ( I wasn’t paying much attention, just noting it worked and seemed like the Awww story of the day…) so I dropped it after a half minute.

    Will they ever rise back to the top for me? Who knows… but for now they are “maybe sometimes” in the rotation…

    RT, OTOH, looks to have USA based cache repeaters. Fast high-def and ‘always there’… so they tend to be my #1 in online viewing. (Followed closely by the CBS news feed for the US Centric somewhat left POV)

  6. Larry Ledwick says:

    Somewhat related in a communications security sense. Unfortunately this secure messaging appears to only be available between smart phones and is not accessible by someone on face book with a desk top or lap top.


  7. E.M.Smith says:

    BTW to check your geolocation
    Seems to work well

  8. beng135 says:

    EM, thanks for the iplocation site. It gets close to me, but doesn’t quite nail me down. Interestingly it gives somewhat different (but close) locations for each detection method.

  9. Larry Ledwick says:

    The geolocations given for me are not as close as I anticipated they would be, 7-10 miles off for most of them and one around 15 miles off. Good enough to let you know what community an IP is in but not enough to walk up to someone’s house. Merged with other geo references stripped from social networks could easily get you within a mile or so to across the street if there are enough explicit references about land mark locations.
    (which is why I don’t understand folks who post status updates that they are at Joe Blow’s restaurant and grill for dinner on facebook)

  10. Larry Ledwick says:

    An item on Russian efforts to gain access to all web traffic in decrypted form for deep packet inspection.

  11. p.g.sharrow says:

    @EMSmith;That IP locater is not even close to me. We work off of Hughes Net satellite service. The cell phone has the same problem as our service is spotty and poor from distant cells…pg

  12. E.M.Smith says:


    Will be fun to watch the FSB drown in their own request…

    Let’s see, 100,000,000 encrypting CPUs distributed over the country will need how much central decrypting power?… only to find a jpg inside with stego… or a blowfish encrypted payload…

    OK Note to self: anything going to Russia, encrypt payload with pgp prior to send… and connection out from Russia, use external VPN first (I.e. encrypting to bypass local provider mandates… so they can get the telco to look inside my IP service, but not see my https traffic as it is inside OpenVPN to Romania…)

    Oh, and just think of the fun to be had sending encrypted packages (of, say, porn and applications for offshore bank accounts) to various government officers… some encrypted just enough to be cracked, some uncrackable…

    An attack (in this case on my privacy) is just a force to be turned back on the attacker… Aikdo…

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s