Discussion:
How can we programmatically distinguish between a failed/successful VPN connection attempt?
(too old to reply)
Andy Burnelli
2023-03-29 19:14:10 UTC
Permalink
*How can we programmatically distinguish between a failed VPN*
*connection attempt versus a successful VPN connection?*

This is a general purpose solution _everyone_ can use instantly.
For free. To connect to any one of _thousands_ of free VPN servers.
Around the world. Perfectly legally. Maintained by a university in Japan.

All the necessary free vpn files are provided in the request below
such that anyone can test it out fully to use thousands of vpn servers.

*The question is what's a reliable test of whether the connection worked*
*or failed, so that the script can either sit still on the current vpn*
*server (if successful) or move to the next vpn server (if it failed)?*

Please *focus on the _technical_ question* (and not on the merits of VPN!)
(see explanation why in the sig)

The technical question is aimed to find a way to programmatically determine
either a failed VPN connection - or - vice versa - if necessary - to
determine success).

There is a batch question below but everything is testable since it's my
goal is a generic solution that _everyone_ can use at this very moment
and for years to connect to thousands of free VPNs around the world.

I've been using this process for years - where my question below is
simply to ask experts who know Windows batch better than I do, for
help in streamlining a _test_ to see if we're connected, or not.

All you need to test this is any openvpn client & the text config files.
Nothing else is needed.

Here's just one openvpn client (but any openvpn client should work).
<https://openvpn.net/community-downloads/>
<https://swupdate.openvpn.org/community/releases/OpenVPN-2.6.2-I001-amd64.msi>

Almost any openvpn configuration file should work, so here's just one
site that provides configs for thousands of rotating openvpn servers:
<http://vpngate.net> (username=vpn, password=vpn)

The only files you need from that web site are the links at the 7th column
which are listed as "OpenVPN Config file", each of which is uniquely named.

While some of these free vpn server configuration files last for months,
others go stale in just weeks or days (reasons explained at that web site).

Hence, I refresh my cache of thousands of free VPN servers periodically.

To connect to any given free openvpn server, I run the following batch
(which requires administrative permission to change the routing table):
set vpncmd=C:\the\path\to\openvpn\bin\openvpn.exe
set configdir=C:\the\path\to\the\config-files\config\
cd %configdir%
set vpnserver=219.100.37.1.ovpn
set vpnserver=219.100.37.2.ovpn
set vpnserver=219.100.37.3.ovpn
"%vpncmd% %configdir%%vpnserver%

The actual LIFO script is slightly more complex (as it skips UAC requests
and it adds the username & password to the VPN file and I delete the last
IP address after each run if it fails, etc.) but that's the fundamental
essence of what the script does to test a single openvpn configuration.

Since I'm deleting the last configuration file if/when it fails to connect,
the next configuration file will be the penultimate configuration file.
First it tries 219.100.37.3.ovpn
If that fails, I delete that line manually
Second it tries 219.100.37.2.ovpn
If that fails, I delete that line manually
Third it tries 219.100.37.1.ovpn
Where I repeat this process manually until I get a good connection.

This works for a list of thousands of files, but what would be more
efficient is to not have to _manually_ delete the failed configuration
files from the script itself after each failed connection attempt.

Hence the fundamental batch file question of...
*How can we programmatically distinguish between*
*a failed versus a successful VPN connection attempt?*

The question is what _test_ can I run inside that batch file to
automatically skip to the next configuration file if any one fails?

Something like this:
set vpngatefile=219.100.37.3
"%vpngatecmd% %vpngatedir%%vpngatefile%
if that fails, then set vpngatefile=219.100.37.2
"%vpngatecmd% %vpngatedir%%vpngatefile%
if that fails, then set vpngatefile=219.100.37.1
etc.

I'm aware of a "curl icanhazip.com" will show the same IP address for
a working connection but I do not wish to abuse their kind server.

Hence...

The question is what's a reliable test of whether the connection worked
or failed, so that the script can either sit still on the current vpn
server (if successful) or move on to the next vpn server (if it failed)?
--
Every Usenet question with the keyword VPN in it seems to always instigate
a plethora of trolls who tell us how dangerous it is to rely on VPN. Please
do not do that as this question isn't a philosophical question of the
merits of VPN or of the merits of privacy or even of the merits of free VPN
services (we all know everything you could possibly pontificate on that
subject so you will only be trolling us if you try to steer us from VPN).
JJ
2023-03-30 04:39:11 UTC
Permalink
Post by Andy Burnelli
*How can we programmatically distinguish between a failed VPN*
*connection attempt versus a successful VPN connection?*
This is a general purpose solution _everyone_ can use instantly.
For free. To connect to any one of _thousands_ of free VPN servers.
Around the world. Perfectly legally. Maintained by a university in Japan.
All the necessary free vpn files are provided in the request below
such that anyone can test it out fully to use thousands of vpn servers.
*The question is what's a reliable test of whether the connection worked*
*or failed, so that the script can either sit still on the current vpn*
*server (if successful) or move to the next vpn server (if it failed)?*
[snip]

A reliable test will depend on how competent a software developer is. That
is, whether the software provide output/result which is usable for
determining the result of the connection or a task.

All programs have an exit code which can be checked with `errorlevel`, or
`%errorlevel%` variable (if under Windows NT's CMD). It should be set
according the result of the task given to the program, where zero is
commonly a successful result, and a specific non zero for specific error
code which are usually vendor specific.

If the software developer is not competent enough to set the program exit
code, we can try to use the program's console output to find a specific
keyword such as "connected", "successfully", etc. which is unique enough to
indicate a successful result. We can use the FIND (or FINDSTR if Windows NT)
tool to search for the keyword, where the tool will provide the result of
the search in form of program exit code.

Some programs generate logging outputs onto the console's standard error
handle, instead of the standard output handle. So, you'll have to check
first, from which console's standard handle should the keyword be searched
for.

Some programs only generate logging outputs into a file using an optional
command line switch. In ths case, the switch must be used and the keyword
should be searched from that file.
Andy Burnelli
2023-03-30 15:48:33 UTC
Permalink
Post by JJ
A reliable test will depend on how competent a software developer is. That
is, whether the software provide output/result which is usable for
determining the result of the connection or a task.
I guess I didn't word the problem set correctly, and I apologize that I
really don't know what the correct words are since I'm not a coder.

The problem, as I see it, is not whether the test is reliable since a ping
or a curl icanhazip.com will be "reliable enough" as long as the result is
an IP address that isn't what you already know to be yours from your ISP.

C:\> ping vpnserver.com
C:\> curl icanhazip.com

The problem as I see is it that there's _nothing_ you can do inside the
command window that is connecting to the VPN service other than kill it.

I must make it clear if you've never done it (although I thought it was
obvious - so that's my mistake) that you run the command and up pops
a window but there's _nothing_ you can do _in_ that window anymore.

All you can do is control-C (or more gracefully, F4) that command window.

If it works - you control-C (or more gracefully, F4) out when you want.
If it fails - you control-C (or more gracefully, F4) out of that failure.
Post by JJ
All programs have an exit code which can be checked with `errorlevel`, or
`%errorlevel%` variable (if under Windows NT's CMD). It should be set
according the result of the task given to the program, where zero is
commonly a successful result, and a specific non zero for specific error
code which are usually vendor specific.
But how can you test for that exit code when anything you do inside the
command window will accomplish nothing (other than F4 to gracefully exit)?
Post by JJ
If the software developer is not competent enough to set the program exit
code, we can try to use the program's console output to find a specific
keyword such as "connected", "successfully", etc. which is unique enough to
indicate a successful result. We can use the FIND (or FINDSTR if Windows NT)
tool to search for the keyword, where the tool will provide the result of
the search in form of program exit code.
The problem is there is no "console" when connecting to VPN using this:
set vpncmd=C:\the\path\to\openvpn\bin\openvpn.exe
set configdir=C:\the\path\to\the\config-files\
cd %configdir%
set vpnserver=219.100.37.1.ovpn
set vpnserver=219.100.37.2.ovpn
set vpnserver=219.100.37.3.ovpn
"%vpncmd% .\%vpnserver%

If that works, all you see are these obscure lines which, for illustrative
purposes, I'll put EXACTLY verbatim below of _this_ very VPN connection!
2023-03-30 11:39:59 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2023-03-30 11:39:59 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
2023-03-30 11:39:59 Windows version 10.0 (Windows 10 or greater) 64bit
2023-03-30 11:39:59 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2023-03-30 11:39:59 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-03-30 11:39:59 TCP/UDP: Preserving recently used remote address: [AF_INET]211.10.41.160:1534
2023-03-30 11:39:59 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-03-30 11:39:59 UDP link local: (not bound)
2023-03-30 11:39:59 UDP link remote: [AF_INET]211.10.41.160:1534
2023-03-30 11:39:59 TLS: Initial packet from [AF_INET]211.10.41.160:1534, sid=2c3480fa 29ab1b52
2023-03-30 11:39:59 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-03-30 11:39:59 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
2023-03-30 11:39:59 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
2023-03-30 11:39:59 VERIFY OK: depth=0, CN=opengw.net
2023-03-30 11:39:59 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-03-30 11:39:59 [opengw.net] Peer Connection Initiated with [AF_INET]211.10.41.160:1534
2023-03-30 11:40:00 SENT CONTROL [opengw.net]: 'PUSH_REQUEST' (status=1)
2023-03-30 11:40:01 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.105 10.211.1.106,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.106,redirect-gateway def1'
2023-03-30 11:40:01 OPTIONS IMPORT: timers and/or timeouts modified
2023-03-30 11:40:01 OPTIONS IMPORT: --ifconfig/up options modified
2023-03-30 11:40:01 OPTIONS IMPORT: route options modified
2023-03-30 11:40:01 OPTIONS IMPORT: route-related options modified
2023-03-30 11:40:01 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-30 11:40:01 Using peer cipher 'AES-128-CBC'
2023-03-30 11:40:01 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-03-30 11:40:01 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-30 11:40:01 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-03-30 11:40:01 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-30 11:40:01 interactive service msg_channel=0
2023-03-30 11:40:01 open_tun
2023-03-30 11:40:01 tap-windows6 device [Local Area Connection] opened
2023-03-30 11:40:01 TAP-Windows Driver Version 9.24
2023-03-30 11:40:01 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.105/255.255.255.252 on interface {8970EFE9-1460-429C-B94D-FD7EAC28BF7C} [DHCP-serv: 10.211.1.106, lease-time: 31536000]
2023-03-30 11:40:01 Successful ARP Flush on interface [17] {8970EFE9-1460-429C-B94D-FD7EAC28BF7C}
2023-03-30 11:40:01 IPv4 MTU set to 1500 on interface 17 using SetIpInterfaceEntry()
2023-03-30 11:40:06 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
2023-03-30 11:40:06 C:\Windows\system32\route.exe ADD 211.10.41.160 MASK 255.255.255.255 192.168.1.1
2023-03-30 11:40:06 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
2023-03-30 11:40:06 Route addition via IPAPI succeeded [adaptive]
2023-03-30 11:40:06 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.106
2023-03-30 11:40:06 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
2023-03-30 11:40:06 Route addition via IPAPI succeeded [adaptive]
2023-03-30 11:40:06 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.106
2023-03-30 11:40:06 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
2023-03-30 11:40:06 Route addition via IPAPI succeeded [adaptive]
2023-03-30 11:40:06 Initialization Sequence Completed


If it fails, it fails in many ways, where here is just one of them
that I tested using one of the VPN connections that fails but the point
is that whether or not it works or fails, there is no console to access.
2023-03-30 11:37:06 Windows version 10.0 (Windows 10 or greater) 64bit
2023-03-30 11:37:06 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2023-03-30 11:37:06 TCP/UDP: Preserving recently used remote address: [AF_INET]167.179.45.158:1314
2023-03-30 11:37:06 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-03-30 11:37:06 UDP link local: (not bound)
2023-03-30 11:37:06 UDP link remote: [AF_INET]167.179.45.158:1314
2023-03-30 11:38:06 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-03-30 11:38:06 TLS Error: TLS handshake failed
2023-03-30 11:38:06 SIGUSR1[soft,tls-error] received, process restarting
2023-03-30 11:38:06 Restart pause, 5 second(s)
2023-03-30 11:38:11 TCP/UDP: Preserving recently used remote address: [AF_INET]167.179.45.158:1314
2023-03-30 11:38:11 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-03-30 11:38:11 UDP link local: (not bound)
2023-03-30 11:38:11 UDP link remote: [AF_INET]167.179.45.158:1314

The only thing you _can_ do (AFAIK) in that command window is kill it.
Post by JJ
Some programs generate logging outputs onto the console's standard error
handle, instead of the standard output handle. So, you'll have to check
first, from which console's standard handle should the keyword be searched
for.
That may be a good idea to redirect some kind of output to a log file.
But how?
Post by JJ
Some programs only generate logging outputs into a file using an optional
command line switch. In ths case, the switch must be used and the keyword
should be searched from that file.
That's a good idea to see if the openvpn.exe command has those switches.
<https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/>

Note that most people use the openvpn client GUI but I use "openvpn.exe"
so almost everything you find in a search does NOT apply to "openvpn.exe" itself.
<https://stackoverflow.com/questions/61456939/how-can-one-use-the-command-line-to-use-openvpn-on-windows>
<https://superuser.com/questions/547396/arguments-to-connect-using-open-vpn-windows-client>
<https://openvpn.net/community-resources/running-openvpn-from-a-console-window/>
etc.
--
Posted out of the goodness of my heart to disseminate useful information
which, in this case, is to faithfully try to solve this general problem.
JJ
2023-03-31 11:08:00 UTC
Permalink
Post by Andy Burnelli
The problem as I see is it that there's _nothing_ you can do inside the
command window that is connecting to the VPN service other than kill it.
I must make it clear if you've never done it (although I thought it was
obvious - so that's my mistake) that you run the command and up pops
a window but there's _nothing_ you can do _in_ that window anymore.
All you can do is control-C (or more gracefully, F4) that command window.
If it works - you control-C (or more gracefully, F4) out when you want.
If it fails - you control-C (or more gracefully, F4) out of that failure.
If all you can do is hitting CTRL+C or F4 even when it fails, it would mean
that, the VPN profile/setting is configured to retry connection error
indefinitely (either by software default, or set manually).

In order to differentiate between success result and failed result, the VPN
profile/setting should be configured not to retry indefinitely. So that, if
it fails (after a number of limited retries), it'll terminates itself. And
the next line in the batch file will only be executed when the connection
has failed. If it succeeds on making connection, then it'll never terminates
and the next line in the batch file will never be executed (without user
intervention).

There's one connection settings command line switch which involve connection
retry which is set to `infinite` by default:

--resolv-retry

That will prevent the program to never terminate when it fails to resolve
server name.
Andy Burnelli
2023-03-31 16:29:31 UTC
Permalink
Post by JJ
Post by Andy Burnelli
If it works - you control-C (or more gracefully, F4) out when you want.
If it fails - you control-C (or more gracefully, F4) out of that failure.
If all you can do is hitting CTRL+C or F4 even when it fails, it would mean
that, the VPN profile/setting is configured to retry connection error
indefinitely (either by software default, or set manually).
You are astute because I had not mentioned the VPN command window output
constantly changes when it's disconnected in that it retries every 5
seconds forever (until it's killed with a control-C or with the F4 key).
Post by JJ
In order to differentiate between success result and failed result, the VPN
profile/setting should be configured not to retry indefinitely. So that, if
it fails (after a number of limited retries), it'll terminates itself. And
the next line in the batch file will only be executed when the connection
has failed. If it succeeds on making connection, then it'll never terminates
and the next line in the batch file will never be executed (without user
intervention).
Wow. That is an interesting idea. It sounds doable. It's logical. Sensible.
I like it!
Post by JJ
There's one connection settings command line switch which involve connection
--resolv-retry
Thank you for that suggested potential workaround of disabling retries.
--resolv-retry n
If hostname resolve fails for --remote, retry resolve for n seconds
before failing. Set n to "infinite" to retry indefinitely.
By default, --resolv-retry infinite is enabled.
You can disable by setting n=0.
<https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/>

I just now went to the <http://vpngate.net> free VPN to pick a text
configuration file that others can also see which is the first one in their
list (I generally stay away from the ones saying "for educational use only"
so use this only as a sample VPN configuration file that all can see).

On the 7th column of the first line is the free VPN configuration file
for the free VPN server "public-vpn-231.opengw.net 219.100.37.170" named
"vpngate_public-vpn-231.opengw.net_tcp_443.ovpn"
is a template of what _every_ one of the thousands of config files will be.

Every text configuration file will have the same lines in the same location
which for that particular file shows that it's line 97 for resolv-retry.
line 96
line 97 resolv-retry infinite
line 98 nobind
line 99 persist-key
line 100 persist-tun
line 101 client
line 102 verb 3
line 103 #auth-user-pass
line 104

All I need to do now is set that "resolve-retry" to 0 in the thousands of
downloaded vpn configuration text files in the directory (or change it).
Post by JJ
That will prevent the program to never terminate when it fails to resolve
server name.
Along those lines of getting access to the batch file when the VPN tunnel
isn't connected, I noticed just now other potential commands to modify.
*How to stop OpenVPN tunnel if server doesn't respond?*
<https://serverfault.com/questions/780124/how-to-stop-openvpn-tunnel-if-server-doesnt-response>
That mentions this command (which is line 100 of the vpngate config files)
line 100 persist-tun
And it mentions these commands (which are not in the vpngate config files).
keep-alive
ping 10
ping-restart 40
connect-retry 5 30
connect-retry-max 7

Your suggestion seems logical that I need to access the next step of
the sequence when the tunnel has either not connected or has dropped.

The whole VPN config file is in the sig to save others time.
--
###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
#
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
#
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
#
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the
file
# to determine the necessity to modify to suitable for your real
environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
#
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use
this
# config file. Please refer the below descriptions carefully.


###############################################################################
# Specify the type of the layer of the VPN connection.
#
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
# specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site
VPN",
# specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun


###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
#
# Specify either 'proto tcp' or 'proto udp'.

proto tcp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
#
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
#
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
#
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
#
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

remote public-vpn-231.opengw.net 443


###############################################################################
# The HTTP/HTTPS proxy setting.
#
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry
;http-proxy [proxy server] [proxy port]


###############################################################################
# The encryption and authentication algorithm.
#
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
#
# The supported algorithms are as follows:
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
# RC2-40-CBC RC2-64-CBC RC2-CBC
# auth: SHA SHA1 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1


###############################################################################
# Other parameters necessary to connect to the VPN Server.
#
# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass


###############################################################################
# The certificate file of the destination VPN Server.
#
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have
to
# specify the signer's root certificate (CA) here.

<ca>
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----

</ca>


###############################################################################
# The client certificate file (dummy).
#
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.

<cert>
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
+mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
-----END RSA PRIVATE KEY-----

</key>
Mr. Man-wai Chang
2023-03-30 14:23:42 UTC
Permalink
Post by Andy Burnelli
*How can we programmatically distinguish between a failed VPN*
*connection attempt versus a successful VPN connection?*
This is a general purpose solution _everyone_ can use instantly.
For free. To connect to any one of _thousands_ of free VPN servers.
Around the world. Perfectly legally. Maintained by a university in Japan.
Define your "successful VPN connection"!! Ping test? Lantency value?
Bandwidth test?
Andy Burnelli
2023-03-30 15:25:06 UTC
Permalink
Post by Mr. Man-wai Chang
Post by Andy Burnelli
This is a general purpose solution _everyone_ can use instantly.
For free. To connect to any one of _thousands_ of free VPN servers.
Around the world. Perfectly legally. Maintained by a university in Japan.
Define your "successful VPN connection"!! Ping test? Lantency value?
Bandwidth test?
Good question.
The answer to that question is super simple.
It either connects or it doesn't connect.
That's all that matters for a "success" or "failure" of the connection.

But that's not the problem (AFAIK).
The problem is _how_ to insert that test into the existing batch command.

As I said prior, an "curl.exe icanhazip.com" comparison might work.
Likewise, your ping test should work.

All the icanhazip has to return is an IP address that's not yours.
All the ping has to return is a successful connection that's not yours.

But the "curl icanhazip.com" has to be _outside_ the batch file (AFAIK).
The ping also has to be _outside_ the batch file that connects to the VPN.

Doesn't it?

Maybe I don't understand batch coding (well, clearly I don't).
Otherwise I wouldn't be asking such a question of this newsgroup after all.

The problem, as I see it, is you can't run _anything_ in the batch that
starts the VPN because the _last_ thing it does is connect to the VPN.

All you can do is kill it.
If I add the ping, where do I put it in the batch file?

set vpncmd=C:\the\path\to\openvpn\bin\openvpn.exe
set configdir=C:\the\path\to\the\config-files\config\
cd %configdir%
set vpnserver=219.100.37.1.ovpn
set vpnserver=219.100.37.2.ovpn
set vpnserver=219.100.37.3.ovpn
"%vpncmd% %configdir%%vpnserver%

The _only_ thing you can do at that point is kill the connection.

If the connection works, the last few lines look like this:
(and this, by the way, is my actual connection for this post!)
2023-03-30 11:21:02 IPv4 MTU set to 1500 on interface 17 using SetIpInterfaceEntry()
2023-03-30 11:21:07 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
2023-03-30 11:21:07 C:\Windows\system32\route.exe ADD 180.145.28.25 MASK 255.255.255.255 192.168.1.1
2023-03-30 11:21:07 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
2023-03-30 11:21:07 Route addition via IPAPI succeeded [adaptive]
2023-03-30 11:21:07 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.54
2023-03-30 11:21:07 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
2023-03-30 11:21:07 Route addition via IPAPI succeeded [adaptive]
2023-03-30 11:21:07 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.54
2023-03-30 11:21:07 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
2023-03-30 11:21:07 Route addition via IPAPI succeeded [adaptive]
2023-03-30 11:21:07 Initialization Sequence Completed

If the connection fails, it fails in _many_ ways... here's one:
2023-03-30 11:19:09 TCP/UDP: Preserving recently used remote address: [AF_INET]58.143.149.135:1195
2023-03-30 11:19:09 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-03-30 11:19:09 UDP link local: (not bound)
2023-03-30 11:19:09 UDP link remote: [AF_INET]58.143.149.135:1195

But in _all_ cases, the _only_ thing you can do inside that batch
command window is a control-C (or an F4 to kill it more gracefully).

There's nothing else you _can_ do inside that batch window (AFAIK).
Hence, the problem (for me) is _where_ to put the ping test?

In summary, when you have a batch file that connects to a VPN server
(see above batch file), there's _nothing_ that I know of that you
can do after the connection in the command window that pops up.

It's not hard to manually determine success in a _different_
window because a ping or curl icanhazip needs to simply report
back a different IP address than what you happen to know is yours.

But where do you put the test for a successful VPN connection
if you want it to happen as part of the original batch command?
Mr. Man-wai Chang
2023-03-31 16:36:31 UTC
Permalink
Post by Andy Burnelli
In summary, when you have a batch file that connects to a VPN server
(see above batch file), there's _nothing_ that I know of that you
can do after the connection in the command window that pops up.
It's not hard to manually determine success in a _different_
window because a ping or curl icanhazip needs to simply report
back a different IP address than what you happen to know is yours.
But where do you put the test for a successful VPN connection
if you want it to happen as part of the original batch command?
I have never used VPN myself, so my suggestion could be wrong:

tracert might help?? So just settle with a simple ping test?
Windows has connectivity detection, not sure how it works.

Google keywords:

how to detect vpn connection - Google Search
https://www.google.com/search?q=how+to+detect+vpn+connection
Jim S
2023-03-31 17:04:53 UTC
Permalink
With the information in this thread I was able to use vpn for the fierst
time because all I needed was the right free client & free connect file.

The free client I installed was the openvpn described in this thread.
https://swupdate.openvpn.org/community/releases/OpenVPN-2.6.2-I001-amd64.msi

The free configuration files I picked up from that site (vpngate.net).
Not all of them worked but most of them worked the first time I tried them.

A couple of things I had to do that were not listed in this thread was to
right click on openvpn.exe & set to "Run as administrator" so that when I
ran the batch as administrator, it didn't fall back to a normal user.

The other thing I did was change the commented out auth-user-pass line
to add the username & password as "auth-user-pass vpn vpn" instead of
typing the username and password each time a configuration file connects.

It was nice to be "on vpn" in only about five minutes because all it needed
was the free Windows openvpn client & those free text configuration files.

I didn't know it was so easy.
--
Jim S
Paul
2023-03-31 19:29:30 UTC
Permalink
Post by Jim S
I didn't know it was so easy.
It's no good if it leaks.

Very few people know how to properly write TAP and TUN software.
The companies that make virtual machine hosting, they know how
to do it. That's why their network stacks are always so complicated.

If the software was written properly, "services" are segregated
to the system side and they run with the SYSTEM account. User space
applications run as a user, and the networking "appears ordinary"
to the applications that the user may use. You don't want stuff
running from a shell to be elevated, in case it aids some exploit
to get into the machine.

Sure, getting stuff to run on a computer is easy.

Figuring out the implications, is hard. Am I safe ?
Did I do a bad thing to my security ? These are questions
you have to constantly ask when using a computer.

Paul
Jim S
2023-03-31 22:10:21 UTC
Permalink
Post by Paul
Post by Jim S
I didn't know it was so easy.
It's no good if it leaks.
It doesn't really matter if all I'm doing is changing my IP address
for applications that don't normally deal directly with such things.
Post by Paul
Very few people know how to properly write TAP and TUN software.
I'm not running from the law. I just want a new IP address.
Post by Paul
The companies that make virtual machine hosting, they know how
to do it. That's why their network stacks are always so complicated.
Are you saying that open source free openvpn client is not safe to use?
Post by Paul
If the software was written properly, "services" are segregated
to the system side and they run with the SYSTEM account.
All it needs to do for me is give me a different IP address.
Post by Paul
User space
applications run as a user, and the networking "appears ordinary"
to the applications that the user may use. You don't want stuff
running from a shell to be elevated, in case it aids some exploit
to get into the machine.
Sure, getting stuff to run on a computer is easy.
It was easy. All I needed was the openvpn.exe client & a config file.
Post by Paul
Figuring out the implications, is hard. Am I safe ?
Why do I care if I'm safe when all I want is a different IP address?
Post by Paul
Did I do a bad thing to my security ? These are questions
you have to constantly ask when using a computer.
I'm not sure why all that matters when all I wanted was a new IP address.

Do you know of another free way to get instantly any number of IP addresses
for whatever it is I want to do (not all of which are using web browsers)?
--
Jim S
Paul
2023-03-31 22:52:43 UTC
Permalink
Post by Jim S
I'm not sure why all that matters when all I wanted was a new IP address.
There is a commercial subscription service, that lists all the VPN exit addresses,
for commercial purposes. While one of the free USENET server operators may not
have the money to subscribe to such a service, "anything that matters" has the
money for that subscription.

And the people who are incompetent while hiding behind a VPN, they "burn"
the address they're using, and ruin it for the next user.

Paul
Jim S
2023-03-31 23:45:15 UTC
Permalink
Post by Paul
Post by Jim S
I'm not sure why all that matters when all I wanted was a new IP address.
There is a commercial subscription service, that lists all the VPN exit addresses,
for commercial purposes. While one of the free USENET server operators may not
have the money to subscribe to such a service, "anything that matters" has the
money for that subscription.
And the people who are incompetent while hiding behind a VPN, they "burn"
the address they're using, and ruin it for the next user.
I've seen this happen before when people think they're telling us something
when they are actually saying we should only hide under a rock and only
come out at night "if we want to be safe" from whatever it is _they_ are
afraid of.

In every case, those saying it's "not safe" have no data at all.
They just made it all up.
Out of nothing.

It stems from their own fears of everything that moves in the night.
Shadows all.

It's never rational.
It's always irrational.

And, when you ask for details, they never are forthcoming.
Because they made it all up.

Out of nothing but their own fears of their own shadows.

You can't tell me not to use this simple solution without providing a
solution that solves the problem you are claiming wrecks this solution.

I'm going to pose my question bluntly, not because I expect an answer, but
because I'm trying to explain that people who say what you said have no
answer.

They have only their own irrational trumped up imaginary fears.
But no solutions.

What other free vpn service do you propose that you feel is much safer?
--
Jim S
Char Jackson
2023-04-01 02:31:38 UTC
Permalink
Post by Jim S
What other free vpn service do you propose that you feel is much safer?
I have no dog in the hunt but my question would be that when it comes to
a free VPN server/service, what do we know about the folks who operate
the server, since they get to see all of the traffic that flows through
there? With a commercial service, there's presumably a reputation that
needs to be upheld so that a steady stream of customers will continue to
use the service, but there probably isn't much reputational pressure
being felt by the operators of a free service. As a result, if I were to
use a VPN service, it probably wouldn't be one of the free offerings.
nospam
2023-04-01 02:37:53 UTC
Permalink
Post by Char Jackson
I have no dog in the hunt but my question would be that when it comes to
a free VPN server/service, what do we know about the folks who operate
the server, since they get to see all of the traffic that flows through
there?
very little, regardless of free or paid.

they can claim all sorts of things, such as not logging anything, but
how do you know if any of them are actually true?
Post by Char Jackson
With a commercial service, there's presumably a reputation that
needs to be upheld so that a steady stream of customers will continue to
use the service, but there probably isn't much reputational pressure
being felt by the operators of a free service. As a result, if I were to
use a VPN service, it probably wouldn't be one of the free offerings.
wise choice.
Jim S
2023-04-01 02:47:21 UTC
Permalink
Post by Char Jackson
Post by Jim S
What other free vpn service do you propose that you feel is much safer?
I have no dog in the hunt but my question would be that when it comes to
a free VPN server/service, what do we know about the folks who operate
the server, since they get to see all of the traffic that flows through
there? With a commercial service, there's presumably a reputation that
needs to be upheld so that a steady stream of customers will continue to
use the service, but there probably isn't much reputational pressure
being felt by the operators of a free service. As a result, if I were to
use a VPN service, it probably wouldn't be one of the free offerings.
I'm going to use strong words because all the fools are coming out now.

And worse, none of these fools ever has an answer to a simple question.
What other free vpn service do you propose that you feel is much safer?

This happens every time the fools feel the need to say something, even
though none of these fools ever says anything that isn't already known.

I'm well acquainted with the observation that every fool has an objection
that everyone already knows so the fool is just proving to be a fool.

Every time vpn is mentioned, particularly a free vpn, every fool begins
warning everyone of what that fool believes everyone doesn't already know.

My point of view is clear that only a fool warns you of what everyone
knows, and then, the fool proves to be a fool by not providing a solution.

For the next set of fools who want to warn everyone what they already know
What other free vpn service do you propose that you feel is much safer?
--
Jim S
Char Jackson
2023-04-01 04:00:37 UTC
Permalink
Post by Jim S
Post by Char Jackson
Post by Jim S
What other free vpn service do you propose that you feel is much safer?
I have no dog in the hunt but my question would be that when it comes to
a free VPN server/service, what do we know about the folks who operate
the server, since they get to see all of the traffic that flows through
there? With a commercial service, there's presumably a reputation that
needs to be upheld so that a steady stream of customers will continue to
use the service, but there probably isn't much reputational pressure
being felt by the operators of a free service. As a result, if I were to
use a VPN service, it probably wouldn't be one of the free offerings.
I'm going to use strong words because all the fools are coming out now.
And worse, none of these fools ever has an answer to a simple question.
What other free vpn service do you propose that you feel is much safer?
I'll dumb it down for you. Why do you think any free VPN service would
be safe? Why do you think its free in the first place?

Best of luck to you.
Jim S
2023-04-01 05:56:35 UTC
Permalink
Post by Char Jackson
I'll dumb it down for you. Why do you think any free VPN service would
be safe? Why do you think its free in the first place?
I will dumb it down for you. The instant someone mentions VPN, there is
*always* a fool who starts screaming how much they fear VPN, and it's even
sooner than in an instant if you put the word "free" in front of VPN.

There should be a "VPN Law" which says something like that, where that fool
*never* adds a single thing that everyone doesn't already long ago know.

It's even worse than that fool never adding anything that everyone doesn't
already know in that the fool *never* provides a solution to their problem.

If you don't realize how foolish these people are, then allow me to try to
provide an example, although you should have gotten the point by now.

USER: I think I'll go out for a stroll.
FOOL: You can't do that! It's too dangerous.

USER: Why?
FOOL: There are bad things out there, that's why. Very bad I say.

USER: Like what?
FOOL: Everything. Everything is bad out there. Don't do it. Baad!

USER: But can't you name something that I don't already know?
FOOL: Oh yeah! Cars. Dogs. Mosquitoes. Lightning bolts too! Baaad!

USER: Cars? Dogs? Bugs? Lightning? But everyone knows all that?
FOOL: Yes. But I feel the need to scare you with all that. Baaaad!

USER: But can't you tell me something that I don't already know?
FOOL: Of course not. I'm a fool after all. I say Baaaaaaaaaaaaad!

USER: OK. Well then, after all that, what's your solution?
FOOL: I never thought about it, so, no. I have no solution.

USER: No solution?
FOOL: Yup. Nothing. I have nothing but Baaaaaaaaaaaaaaaaaaaaaaaaaaad!

USER: OK. But why did you bother to warn me of what I always knew?
FOOL: I'll dumb it down for you. VPN Baaaaaaaaaaaaaaaaaaaaaaaaaaaaad!

It never changes.
It happens every single time someone mentions VPN, & especially free VPN.
FOOL: VPN Baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad!
FOOL: Free VPN Baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad!
--
Jim S
Ken Blake
2023-04-01 15:22:04 UTC
Permalink
Post by Jim S
Post by Char Jackson
I'll dumb it down for you. Why do you think any free VPN service would
be safe? Why do you think its free in the first place?
I will dumb it down for you. The instant someone mentions VPN, there is
*always* a fool who starts screaming how much they fear VPN, and it's even
sooner than in an instant if you put the word "free" in front of VPN.
There should be a "VPN Law" which says something like that, where that fool
*never* adds a single thing that everyone doesn't already long ago know.
It's even worse than that fool never adding anything that everyone doesn't
already know in that the fool *never* provides a solution to their problem.
If you don't realize how foolish these people are, then allow me to try to
provide an example, although you should have gotten the point by now.
USER: I think I'll go out for a stroll.
FOOL: You can't do that! It's too dangerous.
USER: Why?
FOOL: There are bad things out there, that's why. Very bad I say.
USER: Like what?
FOOL: Everything. Everything is bad out there. Don't do it. Baad!
USER: But can't you name something that I don't already know?
FOOL: Oh yeah! Cars. Dogs. Mosquitoes. Lightning bolts too! Baaad!
USER: Cars? Dogs? Bugs? Lightning? But everyone knows all that?
FOOL: Yes. But I feel the need to scare you with all that. Baaaad!
USER: But can't you tell me something that I don't already know?
FOOL: Of course not. I'm a fool after all. I say Baaaaaaaaaaaaad!
USER: OK. Well then, after all that, what's your solution?
FOOL: I never thought about it, so, no. I have no solution.
USER: No solution?
FOOL: Yup. Nothing. I have nothing but Baaaaaaaaaaaaaaaaaaaaaaaaaaad!
USER: OK. But why did you bother to warn me of what I always knew?
FOOL: I'll dumb it down for you. VPN Baaaaaaaaaaaaaaaaaaaaaaaaaaaaad!
It never changes.
It happens every single time someone mentions VPN, & especially free VPN.
FOOL: VPN Baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad!
FOOL: Free VPN Baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad!
Now you've done it! You mentioned VPN, & especially free VPN.
Jim S
2023-04-01 16:10:58 UTC
Permalink
Post by Ken Blake
Post by Jim S
FOOL: Free VPN Baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad!
Now you've done it! You mentioned VPN, & especially free VPN.
Free VPN baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad!

:-->
--
Jim S
Loading...