
Show HN: Autovpn – easily connect to a VPN in a country of your choice - adtac
https://github.com/adtac/autovpn
======
stevekemp
Even by typical standards this is grossly insecure.

The client downloads the contents of :

[http://www.vpngate.net/api/iphone/](http://www.vpngate.net/api/iphone/)

Then it looks for entries which match the selected countries, runs base64
decode on them, and writes out that decoded data to /tmp/openvpn.

The last step is to run "sudo openvpn /tmp/openvpn".

So pretty much, if the remote host wanted to, they could run arbitrary
commands on your host, as root.

Personal bugbear: Assuming sudo is installed, and enabled. If you need root
permissions make that clear and fail with an error.

------
adtac
You know, when you need a VPN for a few seconds to pretend like you're in
another country :)

Goes without saying - please don't use this for anything data sensitive.

