Using SmartDNS and VPN on Ubuntu

Last month I wrote about the awesomeness of SmartDNS‘s DNS and VPN services. A lot has happened  since then in the political arena. Not least of which is the fact that we have a new President; something that was unthinkable when I wrote the piece.

The world is changing

Some have taken these changes to mean this is a new dispensation – an Egypt to Canaan shift. Even if you are to believe such analogies one would do well to remember that the road to Canaan had its share of calamities and took longer than most expected.

Do you still even need a VPN?

TLDR You still need to use a VPN when you are online because doing so will:

• Provide you with privacy
• Circumvent geo-blocking access Spotify, YouTube Red, Hulu, Google Play Music etc
• Will protect you from your ISP’s prying eyes
• Unlock blocked resources
• Allow you to use torrenting software without it being shaped i.e enjoy real net neutrality

I have been using Smart DNS proxy for months and I would recommend it. Apart from providing all of the above services via their DNS service and VPN their pricing is also reasonable:

• $4.90 a month if you choose the month to month package
• $12.90 every three months i.e. $4.30 per month
• $39.90 per year i.e. $3.33/month
• $49.90 every 2 years i.e. $2.08/month

Ubuntu and VPN

I am a strong fan of Ubuntu. I have used the Operating System (OS)  for the past 10 years. I don’t hate Windows and cannot afford a Mac but Ubuntu has been my darling and default OS for many years now. The thing about Ubuntu is that everything has to be explicitly set up. If you are using SmartDNS on Windows, Android, Mac you can just download their apps(which have improved a lot), login, click on a country flag,click connect and you are done.

Ubuntu is a little different. You have to learn all about the different VPN protocols out there:

• OpenVPN which is an open source protocol, this protocol is to be preferred to any other protocol. With OpenVPN you can use any port to connect this means you can connect to the VPN on say port 80 or port 443 both of which are unlikely to be blocked. We are assuming of course the server is set up to allow connections on these ports.
• PPTP this is an obsolete VPN protocol that is still in use as it is widely implemented on most Operating Systems. You should never ever use this protocol unless you have no choice. This protocol is broken and can be compromised.
• SSTP a protocol that uses TLS to encrypt traffic. This protocol uses port 443 by default which means you can bypass most firewalls.
• L2TP another protocol known as the Layer 2 Tunneling Protocol. Colloquially we can call this a Microsoft thing. It uses ports 500 and 1701(initial set up). These ports can be blocked by your ISP/Organisation and besides using a non standard port is like a flag so everyone will know you are using VPN.
• IKEV2 Internet Key Exchange another VPN protocol which also uses port 500.

Which protocol should you use?

By default Ubuntu 16.04 the current LTS version comes with PPTP installed. You need to eschew this in favour of OpenVPN, IKEV2 and SSTP instead in order of preference.

Steps to take

I will assume you are using Ubuntu 16.04 but these instructions should work on other versions of Ubuntu.

• Visit the SmartDNS Proxy site and sign up for their service. You are free to use your own VPN provider
• Activate VPN service by visiting this page choosing a username and clicking activate. Your VPN password is the same as your SmartDNS Proxy password
• Choose the VPN server you want to connect to for example za-jh-smart.serverlocation.co
• Decide which protocol you want to use
• Decide whether you want to use the command line or the graphical interface
• Remove resolvconf/openresolv both packages are in my experience a nuisance. You might also want to remove dnsmasq or you will find your life difficult. sudo apt purge resolvconf openresolve dnsmasq && sudo apt autoremove

The command line method

If you want to connect using OpenVPN do the following:

• sudo apt install openvpn
• Click on this link to download their OpenVPn configuration pack, unzip it and you will see configuration files for each server organized by port and protol
• Unless you run into a problem you should choose either port UDP 80 or  UDP 443
• run the command sudo openvpn /path/to/server/openvpn.config for example
  
• Press enter and you will be prompted for your username and password. Once you have done this you connection will be established. It might look like the process has frozen but that is how it works

  

   

• To disconnect type Ctrl+C in the terminal

Establishing an IKEV2 connection is a bit more involved:

• You need to run the following command in the terminal: sudo install strongswan*  . This might be an overkill as it installs all the strongswan plugins but you are better off safe than sorry
• Edit /etc/ipsec.secrets file and add your credentials.

  YOUR_USERNAME : EAP "YOUR_PASSWORD"

  Be sure to replace these with appropriate values. The qoutations are required for example if your password is 8M1x5RQeplFJe9bL ” and user name mhofu the values of the file would be:

   mhofu : EAP "8M1x5RQeplFJe9bL"

• Edit the /etc/ipsec.conf file and add the following at the end of the file:

  conn vpn
   keyexchange=ikev2
   dpdaction=clear
   dpddelay=300s
   eap_identity="USERNAME"
   leftauth=eap-mschapv2
   left=%defaultroute
   leftsourceip=%config
   right=SERVER
   rightauth=pubkey
   rightsubnet=0.0.0.0/0
   rightid=%any
   type=tunnel
   auto=add

  Be sure to change the user name part and include the quotes. Also change the server to the domain name of your preferred server

• Finally change the line in the file /etc/strongswan.d/charon/constraints.conf  from “load = yes” to “load = no”. What this means is that you will have to bring up the vpn connection manually rather than at boot/startup
• Run the commands: sudo ipsec restart && sudo ipsec up vpn
• To disconnect: sudo ipsec down vpn

NB The SmartDNS site has great guides on how to connect via NetworkManager. My experience though is that command line trumps GUI any day.

If you have any questions or run into any problems please leave a comment.