VPN - OpenSSH? OpenVPN? which...etc.
#1
Original Poster
Join Date: Oct 2002
Location: Chicago, USA
Programs: UA 1MM Gold AA Gold NW Silver Marriott Plat. SPG Plat. Hilton Gold Hertz 5 Star
Posts: 3,218
VPN - OpenSSH? OpenVPN? which...etc.
World of Warcraft is @$@%$%
I'd like to play even if the network that I am attached to doesn't cooperate (insert here...yes I understand the admin/company policy).
So which VPN is better or please suggest some others.
I have control over my local notebook and also my home network where I can setup another laptop to be dedicated as VPN server.
Primary intended uses are:
1) WOW
2) VNC / remote desktop
3) Video Chat
4) unfettered websurfing
THANKS!
I'd like to play even if the network that I am attached to doesn't cooperate (insert here...yes I understand the admin/company policy).
So which VPN is better or please suggest some others.
I have control over my local notebook and also my home network where I can setup another laptop to be dedicated as VPN server.
Primary intended uses are:
1) WOW
2) VNC / remote desktop
3) Video Chat
4) unfettered websurfing
THANKS!
#2
Join Date: Jan 2005
Posts: 221
World of Warcraft is @$@%$%
I'd like to play even if the network that I am attached to doesn't cooperate (insert here...yes I understand the admin/company policy).
So which VPN is better or please suggest some others.
I have control over my local notebook and also my home network where I can setup another laptop to be dedicated as VPN server.
Primary intended uses are:
1) WOW
2) VNC / remote desktop
3) Video Chat
4) unfettered websurfing
THANKS!
I'd like to play even if the network that I am attached to doesn't cooperate (insert here...yes I understand the admin/company policy).
So which VPN is better or please suggest some others.
I have control over my local notebook and also my home network where I can setup another laptop to be dedicated as VPN server.
Primary intended uses are:
1) WOW
2) VNC / remote desktop
3) Video Chat
4) unfettered websurfing
THANKS!
From work, just SSH (with a tunnel) to it on a port not blocked. Then point Firefox to localhost and that port and you're golden
It took me some online reading to set it up how I wanted, but now I can SSH in securely when I'm away from home or on a public Wi-Fi. All traffic is encrypted.
I can find some write-up's if you're still interested. I don't use remote desktop too much so I can't help there.
#3
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
both SSH and OpenVPN have their pros and cons.
SSH is fairly adept at working around firewalls...you can set your remote host to listen on port 80 or 443 which are both almost always allowed.
That said, its a pain to setup tunneling, even with a gui like Putty.exe... all the ports, etc ... then you have to change the clients (thats assuming WOW can even support that).
OpenVPN is very powerful and robust, but setting it up can be quite complex.
Still, if you are up for the challenge, it is probably the best bet.
You might want to have the server listen on a common port, such as 443. Also, make sure you set the clients up to send all traffic over the VPN.
OpenVPN comes with the added benefit (if setup to send all traffic) of giving you a secure way to surf in hotels and public hotspots too...always a good idea to use a VPN when away from home.
SSH is fairly adept at working around firewalls...you can set your remote host to listen on port 80 or 443 which are both almost always allowed.
That said, its a pain to setup tunneling, even with a gui like Putty.exe... all the ports, etc ... then you have to change the clients (thats assuming WOW can even support that).
OpenVPN is very powerful and robust, but setting it up can be quite complex.
Still, if you are up for the challenge, it is probably the best bet.
You might want to have the server listen on a common port, such as 443. Also, make sure you set the clients up to send all traffic over the VPN.
OpenVPN comes with the added benefit (if setup to send all traffic) of giving you a secure way to surf in hotels and public hotspots too...always a good idea to use a VPN when away from home.
#4
Join Date: Aug 2002
Location: SJC
Programs: AA EXP
Posts: 3,686
If you don't feel like the OpenVPN challenge you may want to just consider purchasing something like a Netgear SSL VPN-capable router for your home network. It should just pop into place of the router you have now, but then comes with an SSL/HTTPS based VPN server that takes very little expertise to set up.
Steve
Steve
#5
Join Date: Jul 2000
Location: Commuting around the mid-atlantic and rust-belt on any number of RJs
Programs: TSA Random Selectee Platinum, * Gold, SPG/HH/MR mid-tier, and a tiny bag of pretzels.
Posts: 9,255
I have a VPN and use it an awful lot for just about everything (notably because I do some work that expects me to be originating from a known IP, and it's the easiest way). However, I really don't feel like I'm practicing bad risk mitigation by checking (logged out) FT from a hotel Wi-Fi access point without tunneling thru the VPN first.....
#6
Join Date: Feb 2006
Location: 99654
Programs: Many
Posts: 6,450
I need this logic explained to me at some point, because I've heard it a bunch in various places and don't entirely agree. If I'm not sending a cookie or login data in cleartext, does it really matter that I'm surfing CNN without protection from my hotel room? If it's an encrypted website, does it really matter?
"man in the middle" attack. But if you are careful with what SSL keys you
accept etc.. chances are low.
Also if the data is sent via "GET" method (within the URL) its
open for anybody along the way.
I generally use SSH (OpenSSH) to tunnel most of my sessions.
#7
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
I need this logic explained to me at some point, because I've heard it a bunch in various places and don't entirely agree. If it's an encrypted website, does it really matter?
I have a VPN and use it an awful lot for just about everything (notably because I do some work that expects me to be originating from a known IP, and it's the easiest way). However, I really don't feel like I'm practicing bad risk mitigation by checking (logged out) FT from a hotel Wi-Fi access point without tunneling thru the VPN first.....
I have a VPN and use it an awful lot for just about everything (notably because I do some work that expects me to be originating from a known IP, and it's the easiest way). However, I really don't feel like I'm practicing bad risk mitigation by checking (logged out) FT from a hotel Wi-Fi access point without tunneling thru the VPN first.....
Theres some detail there about why it can be risky.
One of the most compelling reasons is that a (properly configured) VPN virtually removes you from the LAN you are on, keeping you safe from incoming attacks, as well as encrypting your outbound traffic.
Ultimately its up to you to decide what is acceptable risk, just make sure you feel like you are making an informed decision.
#8
Join Date: Aug 2002
Location: SJC
Programs: AA EXP
Posts: 3,686
The only proper way to protect a machine on the local network is to be running a software firewall or be otherwise configured to not accept any externally-initiated connections. With Windows XP, you should have "no exceptions" checked in your advanced settings for firewall configuration.
Steve
#9
Join Date: Dec 2007
Location: NYC
Programs: UA 1K!, NWA PE
Posts: 243
Actually only a couple of incorrectly designed VPN clients do that; it's deeply non-RFC compliant. Most properly compliant VPN clients will not and should not do this.
The only proper way to protect a machine on the local network is to be running a software firewall or be otherwise configured to not accept any externally-initiated connections. With Windows XP, you should have "no exceptions" checked in your advanced settings for firewall configuration.
Steve
The only proper way to protect a machine on the local network is to be running a software firewall or be otherwise configured to not accept any externally-initiated connections. With Windows XP, you should have "no exceptions" checked in your advanced settings for firewall configuration.
Steve
#10
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
There are very well documented man in the middle attacks for RDP, its fairly broken. In fact, its trivial for someone with a popular free program to sit on a hotel network in their own room and grab your RDP password right out of the air.
#11
FlyerTalk Evangelist
Join Date: May 2000
Location: أمريكا
Posts: 26,765
#12
Join Date: Jan 2005
Programs: Dirt
Posts: 949
Try the howto on the website. It has worked well for me.
I have progressed from OpenSSH to OpenVPN. The main difference between the two are you can choose the applications that use OpenSSH tunnel, and OpenVPN can redirect all the traffic to the VPN tunnel. I prefer the latter.
I have progressed from OpenSSH to OpenVPN. The main difference between the two are you can choose the applications that use OpenSSH tunnel, and OpenVPN can redirect all the traffic to the VPN tunnel. I prefer the latter.
#13
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,315
#14
Join Date: Jan 2005
Posts: 221
#15
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
Try the howto on the website. It has worked well for me.
I have progressed from OpenSSH to OpenVPN. The main difference between the two are you can choose the applications that use OpenSSH tunnel, and OpenVPN can redirect all the traffic to the VPN tunnel. I prefer the latter.
I have progressed from OpenSSH to OpenVPN. The main difference between the two are you can choose the applications that use OpenSSH tunnel, and OpenVPN can redirect all the traffic to the VPN tunnel. I prefer the latter.