chichow

World of Warcraft is @$@%$%

I'd like to play even if the network that I am attached to doesn't cooperate (insert here...yes I understand the admin/company policy).

So which VPN is better or please suggest some others.
I have control over my local notebook and also my home network where I can setup another laptop to be dedicated as VPN server.

Primary intended uses are:

1) WOW
2) VNC / remote desktop
3) Video Chat
4) unfettered websurfing

THANKS!

Rogi

#4 isn't too difficult. If you can get your hands on a cheap 400 Mhz machine with a network card, load Ubuntu Server on it (with SSH). Lock it down to one user and using keys instead of passwords. If you have a router, you'll need port forward to it, of course.

From work, just SSH (with a tunnel) to it on a port not blocked. Then point Firefox to localhost and that port and you're golden

It took me some online reading to set it up how I wanted, but now I can SSH in securely when I'm away from home or on a public Wi-Fi. All traffic is encrypted.

I can find some write-up's if you're still interested. I don't use remote desktop too much so I can't help there.

SpaceBass

both SSH and OpenVPN have their pros and cons.

SSH is fairly adept at working around firewalls...you can set your remote host to listen on port 80 or 443 which are both almost always allowed.
That said, its a pain to setup tunneling, even with a gui like Putty.exe... all the ports, etc ... then you have to change the clients (thats assuming WOW can even support that).

OpenVPN is very powerful and robust, but setting it up can be quite complex.
Still, if you are up for the challenge, it is probably the best bet.
You might want to have the server listen on a common port, such as 443. Also, make sure you set the clients up to send all traffic over the VPN.

OpenVPN comes with the added benefit (if setup to send all traffic) of giving you a secure way to surf in hotels and public hotspots too...always a good idea to use a VPN when away from home.

sllevin

If you don't feel like the OpenVPN challenge you may want to just consider purchasing something like a Netgear SSL VPN-capable router for your home network. It should just pop into place of the router you have now, but then comes with an SSL/HTTPS based VPN server that takes very little expertise to set up.

Steve

ClueByFour

I need this logic explained to me at some point, because I've heard it a bunch in various places and don't entirely agree. If I'm not sending a cookie or login data in cleartext, does it really matter that I'm surfing CNN without protection from my hotel room? If it's an encrypted website, does it really matter?

I have a VPN and use it an awful lot for just about everything (notably because I do some work that expects me to be originating from a known IP, and it's the easiest way). However, I really don't feel like I'm practicing bad risk mitigation by checking (logged out) FT from a hotel Wi-Fi access point without tunneling thru the VPN first.....

cpx

You may think its encrypted, but there is always a possibility of
"man in the middle" attack. But if you are careful with what SSL keys you
accept etc.. chances are low.

Also if the data is sent via "GET" method (within the URL) its
open for anybody along the way.


I generally use SSH (OpenSSH) to tunnel most of my sessions.

SpaceBass

check this post
Theres some detail there about why it can be risky.

One of the most compelling reasons is that a (properly configured) VPN virtually removes you from the LAN you are on, keeping you safe from incoming attacks, as well as encrypting your outbound traffic.

Ultimately its up to you to decide what is acceptable risk, just make sure you feel like you are making an informed decision.

sllevin

Actually only a couple of incorrectly designed VPN clients do that; it's deeply non-RFC compliant. Most properly compliant VPN clients will not and should not do this.

The only proper way to protect a machine on the local network is to be running a software firewall or be otherwise configured to not accept any externally-initiated connections. With Windows XP, you should have "no exceptions" checked in your advanced settings for firewall configuration.

Steve

mjo768

So is RDP really that insecure? I use it all the time at work or at client sites?

SpaceBass

There are very well documented man in the middle attacks for RDP, its fairly broken. In fact, its trivial for someone with a popular free program to sit on a hotel network in their own room and grab your RDP password right out of the air.

Doppy

Any suggestions on how to get started on this? (e.g. links to instructions)

msb0b

Try the howto on the website. It has worked well for me.

I have progressed from OpenSSH to OpenVPN. The main difference between the two are you can choose the applications that use OpenSSH tunnel, and OpenVPN can redirect all the traffic to the VPN tunnel. I prefer the latter.

LIH Prem

What's difficult about setting up ssh tunneling?

It's just a bunch of localforward statements in your .ssh/config file, one for each local port number you want to tunnel over ssh to the remote machine.

-David

Rogi

Or Putty....

SpaceBass

I second that, their HOWTO is actually decent. I'm not sure the casual computer user could follow it, but it doesnt take an alpha geek either.