After having looked-at several “free” VPN services, and trying several, I’ve had great luck with VPNBook.com.
In this case, I’m not doing anything illegal nor am I using this VPN connection to send anything personal. I’m just using it to do benign, white hat, pentesting of systems that I own.
I wrote about how to use OpenVPN from Kali Linux before. However, there are several steps involved, so I thought I’d write a script to make it easier to use!
The current process:
With the current process, you navigate to https://www.vpnbook.com/freevpn and download the “Certificate Bundle” for each region through which you would like to connect. I put those all in my ~/openvpn/ folder. You just have to do this once. Then, you navigate to ~/openvpn/ and type:
$ openvpn ./vpnbook-us1-tcp443.ovpn
if you wanted to connect over port 443. I never remember the name of the file, so you have to type “ls” first, or just <TAB><TAB> to get the file name. It’s not a huge inconvenience, but I run that and then I get prompted for credentials. Shoot, I already closed the browser. So, I open another browser and go back to https://www.vpnbook.com/freevpn and see what the latest username/password is. They change it regularly to cut down on automation.
Now, I don’t want to infringe on their preference to have people not-automate. However, that doesn’t mean I can’t make it easier on myself. So, I wrote a script which programmatically goes out to the website and gets the latest username and password, and dumps that on the screen. Then, I give a menu for which VPN region you want to connect through:
This way you can just run vpnbook.sh, choose a region, and the username/password are right on the screen for you to type or copy/paste! You can view/download the file from this gist:
Or, if you want to pull it down and mark it as executable, you can run:
$ cd ~
$ wget https://gist.githubusercontent.com/RobSeder/ee413f6a684d5b5c408a/raw/f6b7e0f9e1ee2ebb8d4dde4b3766c02d57651cae/vpnbook.sh && chmod +x ./vpnbook.sh
In the script there are a few distinct sections.
- First, we pull the web page from the vpnbook website which has the password.
wget -q -O ~/vpnbook.tmp http://www.vpnbook.com/freevpn
- We then grep for that specific HTML (e.g. “<li>Username:”) and –m 1 just returns the first instance – and returns that line to the screen.
grep -m 1 -i “<li>Username:”
- Then we replace the known HTML elements with nothing (empty text).
replace “<li>Username: <strong>” “”
- Finally, we strip away any tabs or spaces leaving just the username or password value.
tr -d “t” | tr -d ” “
This gives use the actual username and password from the HTML, which we can put into a variable and dump to the screen. The rest of the script simply lets you select which region file you want to use for vpnbook, and then calls the openvpn command with that file to initiate the connection.
I definitely wouldn’t recommend a “free” VPN for any personal/private information. It costs actual money, significant money, to process gigabytes of data. So, places like vpnbook.com are either run by a government, or it’s a big honeypot where they are trying to glean valuable information.
With that said, if you are doing lawful, white hat pentesting or forensics, a VPN like this is probably going to be fine – and now with this little script, it’s a little easier to use.
If you have other .ovpn definitions, you could of course adapt this script to select other files – and maybe only run the vpnbook code if you are using one of those .ovpn files. Maybe you’ll find this useful. As for me, I wanted to get it off my computer and somewhere centralized where I can go pull this script from other computers, easily. Let me know if you end up using or adapting this script!