anotherbrian

I don't want to become an IT manager. At one time I was running a Linux server so I could host family photos, run a home automation system, and run a dynamic DNS update daemon. It ran for a few years before the ISP started blocking ports, and at that point I couldn't remember how to manage any of it, and turned the machine off.

The network was ultimately running on two hacked HP Digital Entertainment Centers (DE200C: http://www.robertwrose.com/dec/) which was fun to get going, but not so interesting to maintain.

I recently replaced an old router and access point with a combined Netgear VPN router/AP, thinking a VPN appliance would be a lot easier than setting up FreeS/WAN on a box. I didn't realize I had to buy the client software separately, and I've ignored it since.

alanh

Some places are really restrictive. The free WiFi at my car dealer blocks everything except outbound port 80 (http) and 443 (https). No SSH, no VPN, no nothing.

SpaceBass

If its not for you, then dont do it. But it is a solution to blocked ports...
I guess, either lived with blocked ports, or find a way around them

I can appericate the sentiment... I dont work in IT and when I'm at home, at times, I feel like a sysop which is a pain....other times its rewarding.
For instance, I've stopped hosting my web server...paying $50 a year is just easier... but running my own voip server is priceless...I just enjoy it (when it works).

The VPN thing works the same way...knock on wood...my windows 2003 domain controllers are very reliable and one is a VPN gateway...as is my BSD router....when they are running (like I said, knock on wood b/c they are like 99% up) they are great...but I can see how a netgear box would be a good idea too.

Have you looked into 3rd party IPsec clients? Most of those VPN routers use a standard that either MS IPsec services (seperate free download from MS) or any (IE OpenVPN or Cisco) client can connect to.

kgord

I'm not a VPN administrator. I'm a finance guy. I don't want to trust my ongoing access to my email, etc. to an amateur VPN administrator, even if the amateur is me.

Global_Hi_Flyer

I'm currently staying at a TownePlace Suites with Stayonline service.

VPN is blocked entirely (spent an hour on the phone with tech support that first told me that Zonealarm was the problem and that I should NEVER run a firewall on their system, and then told me that the problem was that the outbound pipe didn't have enough capacity and I needed to wait until someone else stopped using their computer).

Exchange webmail doesn't work from their network, either, it continually & repeatedly brings up the username/password box and finally says "access denied". They had no answer for that.

Both work fine from dialup, wireless hotspots, and every other hotel I've stayed in.

I see why it's free at this hotel - it's totally useless.

SpaceBass

If anyone who suggest that I not run a firewall on their network, I'd be tempted to laugh in their face. I'd have to buffer that with the understanding that its just a guy doing their job and probably reading a script...still...thats a really bad thing to say.

The only solution I've found for those situations is SSH. I have a box with SSH running at home that answers on port 443 (which is typically for secure web, https). Since its almost never blocked, it works...but its not an ideal solution at all.

I think your right, you get what you pay for

As for exchange, that doesnt make a lot of sense. Assuming your OWA server is using HTTPS then the entire thing either makes it or it doesnt.... if you are being prompted, it should work fine. Is there a chance your user is locked out from repeated attempts? That being said, I've seen firewalls do some strange things...

Global_Hi_Flyer

It should, but it continues to return the prompt. OVer and over until it finally gives the "permission" error. Sometimes I get as far as showing the folder list, but I can never see the items in the folders.

It's only happening on this one network, so either they're blocking something or they've got something configured wrong. (The conspiracy nut would say they only want to handle unencrypted traffic, but I don't think that's the case). The hotel is about to lose my future business.

I'll probably do SSH and set up a Linux/BSD box at home as a router. Assuming, of course, that SSH isn't blocked here, too.

kgord

A solution being offered by http://www.loapowertools.com overcomes the Port 25 problem for outbound email (and the related problem created when your ISP won't let you relay from outside their network) securely, without a VPN. A VPN is more complex than necessary just for email. The LoaPowertools solution is still in beta, but you can sign up for the beta.

SpaceBass

I just cannot stress the value of a VPN enough. I totally understand the reluctance about running a server, etc... but there are 3rd party VPNs out there. VPNs provide a lot more than a way to get around blocked ports. Most noteably, when configured correctly, they effectivly remove you from the hotel's LAN (which you share with every guest) and protect your traffic from prying eyes. I know its not always a popular stance, but personally I won't ever surf outside of my LAN without a VPN connection either back to my network or to my work network.

Loren Pechtel

Yeah--I've seen one guy run a laptop on a hotel wireless without a firewall and with outdated AV.

It had to be wiped and reinstalled.

Zarf4

I agree completely with SpaceBass about *always* using a VPN when traveling and how daunting it can be running your own server, but there might be a bit of middle ground for those with some computer knowledge.

Before I decided to run my own Linux servers I just was running a regular old XP desktop with a cable modem. I installed OpenVPN and configured it to run on port 443 to bypass hotel port blocking. Before traveling just start the application, open the port in the router and you have a pretty easy way to safely access the internet from the road. Upon return, just reboot the machine, block the port in the router and everything is back to normal.

No Linux or server knowledge required, just download the software w/GUI (http://openvpn.se), install on desktop & laptop, follow their install help to create certificates, keys, and config files, enable port on router/firewall, run dyndns (if necessary) and you're done. One caveat is whether your home ISP blocks incoming ports, some block 443, but you can usually find one that works...1194, 8080, etc.

I know there are always security risks making your machine visible, but they are pretty minimal compared to the risks of using an insecure hotel network.

SpaceBass

I think thats a great solution!

OpenVPN can be tricky but with the right guide it can be a snap. There are also some consumer or SoHo routers that will accept incoming VPN connections, although I understand they are tricky to configure and not all of them relay traffic back out though the remote gateway.

Global_Hi_Flyer

If you have a static IP, a Netgear FVS-114 will work as a VPN endpoint. Not hard to configure, but you'll need client software (try Greenbow). While I've had my share of trouble with other Netgear stuff, the 114 has worked well. If you shop for refurbs online, you can pick one up for $30-$35.

I solved my hotel issues by getting a Sprint broadband wireless card. As fast, if not faster, than the hotel connection, and flawless with the VPN and Exchange wbmail.