cqr
Posts: 4
Joined: Mon Feb 05, 2018 5:55 pm

Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Mon Feb 05, 2018 6:05 pm

Hello there, i have a Raspberry Pi 3 and i am using it with my TV. At the past, i heard about some hackers log in to Pi with bots using ip adresses. I was using raspberry pi as a normal pc so i was doing all my work in it(office works, web browsing etc.) after i hear theese news, i started using it lesser and lesser. Because i am connected to internet, i have my port 22, 23 and a few other ports open for some projects i have. So i need to hide my ip while i'm browsing in internet. So, is there any free VPN services for Raspberry Pi that i can use?(I am new in forum but i have been using Raspberry Pi's since 2016)

User avatar
HawaiianPi
Posts: 5255
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Mon Feb 05, 2018 9:12 pm

If you are running Raspbian and have changed the default password to something secure (not easy to guess or brute force) then your Pi is no more vulnerable than any other computer running Debian Linux (which is more secure than Windows). If you want a bit more security, change the username as well. I create my own user and disable the default pi account with sudo passwd --lock pi (I change the default hostname as well).

Raspberry Pi computers that get hacked are usually the ones that go online with the default username and password.

It's also not advised to open default ports (like port 22 for SSH). Use port forwarding instead (forward a normally unused port to port 22 in your router and use that port number for external SSH connections).
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

User avatar
solar3000
Posts: 1051
Joined: Sat May 18, 2013 12:14 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 12:34 am

I agree with everything except obscuring port 22. That just monkey wrenches everything. What security does that provide?
So, mr evil hacker simply has to switch to another port. Boy, I feel really safe. I have port 22 wide open for more than 23 years ( since 1994? ).

Also, you can access many resources via ssh. You can even do VPN-like stuff with SSH. You can mount drive shares over ssh. Many things. Depends on what specifics you want.
Antikythera

User avatar
HawaiianPi
Posts: 5255
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 8:25 am

solar3000 wrote:
Wed Feb 07, 2018 12:34 am
I agree with everything except obscuring port 22. That just monkey wrenches everything.
How does that "monkey wrench" anything?
solar3000 wrote:
Wed Feb 07, 2018 12:34 am
What security does that provide?
So, mr evil hacker simply has to switch to another port.
Sure, but which port? Mr. evil hacker won't know. The point is to not give anything away for free. Keep 'em guessing.
solar3000 wrote:
Wed Feb 07, 2018 12:34 am
I have port 22 wide open for more than 23 years ( since 1994? ).
And my father smoked for forty years before getting cancer. That doesn't mean it was a good idea for 39 years.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

User avatar
rpdom
Posts: 16350
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 9:33 am

HawaiianPi wrote:
Wed Feb 07, 2018 8:25 am
solar3000 wrote:
Wed Feb 07, 2018 12:34 am
What security does that provide?
So, mr evil hacker simply has to switch to another port.
Sure, but which port? Mr. evil hacker won't know. The point is to not give anything away for free. Keep 'em guessing.
Mr Evil Hacker has a port scanner. The most basic tool in his set. It will detect an SSH server whatever port it is running on.
solar3000 wrote:
Wed Feb 07, 2018 12:34 am
I have port 22 wide open for more than 23 years ( since 1994? ).
And my father smoked for forty years before getting cancer. That doesn't mean it was a good idea for 39 years.
Irrelevant.

Heater
Posts: 14725
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 9:45 am

If you are browsing the internet then having the ssh port open on the same machine at the same time is the least of your worries.

What are those other ports you have open?. I bet there is scope for security issues there.
Memory in C++ is a leaky abstraction .

cqr
Posts: 4
Joined: Mon Feb 05, 2018 5:55 pm

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 6:21 pm

Heater wrote:
Wed Feb 07, 2018 9:45 am
If you are browsing the internet then having the ssh port open on the same machine at the same time is the least of your worries.

What are those other ports you have open?. I bet there is scope for security issues there.
I have 22, 23, 80 and 8080 open.

cqr
Posts: 4
Joined: Mon Feb 05, 2018 5:55 pm

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 6:29 pm

HawaiianPi wrote:
Mon Feb 05, 2018 9:12 pm
If you are running Raspbian and have changed the default password to something secure (not easy to guess or brute force) then your Pi is no more vulnerable than any other computer running Debian Linux (which is more secure than Windows). If you want a bit more security, change the username as well. I create my own user and disable the default pi account with sudo passwd --lock pi (I change the default hostname as well).

Raspberry Pi computers that get hacked are usually the ones that go online with the default username and password.

It's also not advised to open default ports (like port 22 for SSH). Use port forwarding instead (forward a normally unused port to port 22 in your router and use that port number for external SSH connections).
I have already changed them except default username "pi", if i try to change it, it won't automatically login that user for me. I checked a few forums but none of them worked(I spent nearly 5 hours to fix that). So, if anyone have my ip adress and they want to hack a Raspberry Pi, they will try default username "pi" to hack it right? Even if i have a very strong password(Mine is 35 random letters generated from random.org), they should still be able to hack it with any bruteforce software. So, i researched and done everything in this 2 websites. I am able to create a new user and give it sudo access but i can't make it default user.

(Also i think the problem is about me, so you don't need to answer for changing default user)
Links for websites:
1) https://www.modmypi.com/blog/how-to-cha ... d-password
2) https://elinux.org/RPi_Beginners#Create ... privileges

garetha
Posts: 38
Joined: Sat Jan 05, 2013 12:07 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 8:29 pm

Hi,

You say you have those ports open on the Pi but have you actually set up your router to forward those ports onto your Pi? Most (I'd hope all) routers only allow incoming traffic on ports that you specifically open - if you've only set them up on your Pi but not the router then they'll only be accessible from your internal network.

If you are opening the ports then have a read of : https://www.raspberrypi.org/documentati ... ecurity.md - especially the bit at the bottom about fail2ban.

Gareth

User avatar
solar3000
Posts: 1051
Joined: Sat May 18, 2013 12:14 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 8:45 pm

I never knew Mr Joe Evil Hacker was too dum to find open ports. In that case, my password is 12345678. I have nothing to worry about. I can teach my 4 year old kid to scan ports.

Sir, leave ssh port on 22. Disable pi user. Disallow root over the internet. Use firewalls.
Antikythera

User avatar
solar3000
Posts: 1051
Joined: Sat May 18, 2013 12:14 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Wed Feb 07, 2018 8:55 pm

cqr wrote:
Wed Feb 07, 2018 6:21 pm


I have 22, 23, 80 and 8080 open.
I'm sorry, why do you have port 23 open? I hope you're not using that next generation technology called telnet.

BTW why do you trust some website to give you passwords? I can generate the same random password by banging my forehead on the keyboard. Don't trust them.
Antikythera

User avatar
HawaiianPi
Posts: 5255
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 1:41 am

For easy random passwords install APG (Automatic Password Generator).

Code: Select all

sudo apt-get install apg
Then enter something like:

Code: Select all

apg -a1 -n5 -m64 -c/dev/urandom
to generate a list of passwords.

-a = type of passwords (1=random, 0=pronounceable)
-n = number of passwords to generate
-m = minimum length of passwords
-c = seed
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

Heater
Posts: 14725
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 10:23 am

OK, you have ports 23, 80 and 8080 open.

Next question, do you actually have telnet listening on port 23? Why? Remove it. I have not used telnet for over a decade. There is nothing you need it for that cannot be done with ssh.

Do you actually have a web server listening on ports 80, 8080?

If so, there are two possibilities:

a) You only want to use it from your local LAN. In which case your router should not be configured to forward anything to those ports. The normal default but do check it.

b) You have configured your router to do port forwarding such that your web server can be accessed from the internet. In which case don't do that! Configure your server to use HTTPS on (port 443), get your certificates from letsencrypt.org. Implement at least basic authentication (log in) to allow access to your web pages.

Personally, if I was really concerned about securing my web browsing from the Pi whilst at the same time wanting to run a web server and other services on a Pi I would get a second Pi. Use one for browsing, the other to run those services.
Memory in C++ is a leaky abstraction .

jbudd
Posts: 1143
Joined: Mon Dec 16, 2013 10:23 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 12:29 pm

@solar3000
I never knew Mr Joe Evil Hacker was too dum to find open ports. In that case, my password is 12345678. I have nothing to worry about. I can teach my 4 year old kid to scan ports.

Sir, leave ssh port on 22. Disable pi user. Disallow root over the internet. Use firewalls.
Within minutes of opening port 22 on my router, my Pi /var/log/auth.log showed multiple attempts to login, mostly as root.
I changed the port to a much higher number some months ago and have not seen a single unauthorised attempt to connect since.

I conclude that hackers are not dumb but they mostly only scan for open ports within a restricted range.

This does not increase my security if your 4 year old is directly targetting my Pi, but if she is just randomly looking for a Linux login, it's easier for her to look elsewhere.

User avatar
HawaiianPi
Posts: 5255
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 1:03 pm

jbudd wrote:
Thu Feb 08, 2018 12:29 pm
Within minutes of opening port 22 on my router, my Pi /var/log/auth.log showed multiple attempts to login, mostly as root.
I changed the port to a much higher number some months ago and have not seen a single unauthorised attempt to connect since.

I conclude that hackers are not dumb but they mostly only scan for open ports within a restricted range.

This does not increase my security if your 4 year old is directly targetting my Pi, but if she is just randomly looking for a Linux login, it's easier for her to look elsewhere.
Yup, this is my point. No one scans all available ports all the time. Only common ports are scanned when looking for easy entry vectors on random systems. Don't leave anything at the defaults and the neighborhood script kiddies won't find anything. Leave common/default ports open, and even if your system is secure, your ports will get pounded all day long by people trying to get in. Why invite the hack attempts?
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

User avatar
solar3000
Posts: 1051
Joined: Sat May 18, 2013 12:14 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 2:52 pm

jbudd wrote:
Thu Feb 08, 2018 12:29 pm


Within minutes of opening port 22 on my router, my Pi /var/log/auth.log showed multiple attempts to login, mostly as root.
so what? those are bots. not humans. I have port 22 open. you use a simple firewall.

At the very least:
* iptables
* /etc/hosts.deny
* /etc/hosts.allow
* /etc/ssh: dont allow root
* disable user pi

And those are just what I thought up in 3 seconds. There's lots more.

Anyway I see only few attempts in my log in reference to ssh 'attacks'.

Ostrich sticks head in sand, no longer sees predators. He must be safe.
Antikythera

User avatar
solar3000
Posts: 1051
Joined: Sat May 18, 2013 12:14 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 2:53 pm

HawaiianPi wrote:
Thu Feb 08, 2018 1:03 pm
jbudd wrote:
Thu Feb 08, 2018 12:29 pm
Within minutes of opening port 22 on my router, my Pi /var/log/auth.log showed multiple attempts to login, mostly as root.
I changed the port to a much higher number some months ago and have not seen a single unauthorised attempt to connect since.

I conclude that hackers are not dumb but they mostly only scan for open ports within a restricted range.

This does not increase my security if your 4 year old is directly targetting my Pi, but if she is just randomly looking for a Linux login, it's easier for her to look elsewhere.
Yup, this is my point. No one scans all available ports all the time. Only common ports are scanned when looking for easy entry vectors on random systems. Don't leave anything at the defaults and the neighborhood script kiddies won't find anything. Leave common/default ports open, and even if your system is secure, your ports will get pounded all day long by people trying to get in. Why invite the hack attempts?

Ok fine. Keep your head covered. You're safe.
I give up. You win.
Antikythera

jbudd
Posts: 1143
Joined: Mon Dec 16, 2013 10:23 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 3:32 pm

Security is a complex issue. I certainly don't understand it.

It puzzles me that despite all of your list of key words, plus secure passwords, you consider it a risk to permit root login but not a risk to have port 22 open.

Why is that?

I am not being disrespectful or comparing you to any animals, I just hope that as a genuine expert in this subject you might expand your 3 second list into a workable tutorial.

epoch1970
Posts: 4478
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 6:49 pm

jbudd wrote:
Thu Feb 08, 2018 3:32 pm
It puzzles me that despite all of your list of key words, plus secure passwords, you consider it a risk to permit root login but not a risk to have port 22 open.
Because "root" is a well-known. You just have to try long enough to find its password.
With other accounts you have to guess both username and password. (Except with Raspbian and the ubiquitous "pi" account, for a while...)
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

User avatar
rpdom
Posts: 16350
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 7:12 pm

epoch1970 wrote:
Thu Feb 08, 2018 6:49 pm
Because "root" is a well-known. You just have to try long enough to find its password.
ssh login by password should be disabled anyway, especially for root. Private key login is considerably harder to crack.

User avatar
solar3000
Posts: 1051
Joined: Sat May 18, 2013 12:14 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 7:57 pm

jbudd wrote:
Thu Feb 08, 2018 3:32 pm

Why is that?

You're right opening port 22 is a security risk.
But if you need it open, then....you open it. Opening any port is a security risk.

I have ports open: HTTP, HTTPS, DNS, SSH.
Because I need them open. And yes, its a risk.

Banks have ports open too.

You have to constantly patch at the very, very, tiny bit least. Better if you learn about all the security threats.

And no, I'm not a security expert. I am forced to learn about all the security threads. That does not make me an expert. And I never claimed it either.
I have a guy at work who did that port obscure thing. But the firewall people refused to open random ports and rightly so.
Antikythera

User avatar
solar3000
Posts: 1051
Joined: Sat May 18, 2013 12:14 am

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 8:00 pm

jbudd wrote:
Thu Feb 08, 2018 3:32 pm

I am not being disrespectful or comparing you to any animals, I just hope that as a genuine expert in this subject you might expand your 3 second list into a workable tutorial.
and this....
A security expert, not me, would need to write for you several volumes, not a tutorial.

Really, I'm just telling you what any ragtag systems admin already knows.
Last edited by solar3000 on Thu Feb 08, 2018 8:02 pm, edited 1 time in total.
Antikythera

Heater
Posts: 14725
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Thu Feb 08, 2018 8:01 pm

The name of the game is not giving your attacker any information that might help him get in.

So as stated above, "root" is common to all Unix/Linux systems. As is "admin" on other devices. That is one piece of information your attacker can use. Ergo, don't allow root or admin logins.

The same applies to the user "pi". Everyone knows that. So get rid of it.

For this reason a failed login attempts should not tell the attacker that the password is incorrect. That already tells him he got the user name right.

From a not quite security related point of view, it's better to not habitually login as root. Locally or remotely. To protect yourself from yourself! It's so easy to inadvertently bugger up ones system with a mistyped "rm" command or whatever.

Certainly for maximum piece of mind it's better to use SSH keys than usernames and passwords.
Memory in C++ is a leaky abstraction .

parker55
Posts: 8
Joined: Tue Oct 16, 2018 4:13 pm

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Tue Mar 05, 2019 4:16 pm

avoid free vpn they keep logs and sell data

echmain
Posts: 290
Joined: Fri Mar 04, 2016 8:26 pm

Re: Is there any free VPN service for Raspberry Pi 3(instead of PiVPN)

Tue Mar 05, 2019 5:59 pm

parker55 wrote:
Tue Mar 05, 2019 4:16 pm
avoid free vpn they keep logs and sell data
In that case avoid the entire internet.

Return to “General discussion”