Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: VPN to WIFI link  (Read 9027 times)

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
VPN to WIFI link
« on: November 04, 2009, 12:23:09 AM »

I'm trying to do some research into using a VPN connection to use on a unprotected free wifi link eg at an internet cafe or uni, other locations.

As I do not have a laptop we are getting our daughter one for xmas and the more info I can find out about the problem of people getting into your laptop in the same location via the wifi signal and reading your emails and doing damage to your system.

Any information how to set it up etc. will be helpful.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: VPN to WIFI link
« Reply #1 on: November 11, 2009, 09:46:27 PM »

Well from the lack of response I must think that none of you use this  :'(.

It all came about when I was looking at 'BBC Watchdog' After I posted question. I found .... http://forum.kitz.co.uk/index.php/topic,6003.0.html

As I use Linux I found it's very easy to add a VPN link, What I did was :-
1.Go to 'configure your computer' > Password >network & internet > 'configure VPN connection to secure network access'
2.choose VPN type >open VPN>next
3. give it a name, say "VPN to wifi " >next
4. put in details of the gateway ie.  (IP address of your router say 192.168.0.1 or what ever)
5. start connection.

Once you have done this  you have to add it to your wifi connection.

A.Go to 'configure your computer' > Password >network & internet > network center.
B. choose your wifi connection >configure > scroll down the settings until you see 'VPN connection'
C. look for the name you have just called it above ie 'VPN to wif' click it > click ok.
D. Log out / reboot
 You should now have a secure VPN link to your wifi router .

If you are connecting on to a unsecured wifi 'Hotspot' make sure that you add your VPN as in A to D above.

For windows users see   http://openvpn.net/index.php/open-source.html for a free download of the VPN software then you would have to install similar to above.

You could use this 'VPN to Wifi' link to make any home or office or hotspot more secure from hackers.

Don't forget a hacker or 'war driver' does not have to be in the same room as you, they could be out side in a van /car or or good way off, I have used to a legal wifi connection over 1 kilometer ! with the right aerials. ;)



Edit .. For windows and other OS users try doing a 'Google' search about setting up a VPN connection for more help.
« Last Edit: November 11, 2009, 09:54:38 PM by tickmike »
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: VPN to WIFI link
« Reply #2 on: November 11, 2009, 10:28:29 PM »


 You should now have a secure VPN link to your wifi router .
Which router did you have in mind?
What VPN service is it running?
How did you configure it?
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: VPN to WIFI link
« Reply #3 on: November 11, 2009, 11:03:07 PM »


 You should now have a secure VPN link to your wifi router .
Which router did you have in mind?
What VPN service is it running?
How did you configure it?

re .."Which router did you have in mind"? The one that sends out the wifi signal or in my case an 'access point'
"What VPN service is it running"?  It encrypts the signal between the wifi device and your laptop or desktop with a wifi dongle.
"How did you configure it"? above is for my distro PCLInuxOS, but for other distro's or macs or windows you would have to Google for some help on that.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: VPN to WIFI link
« Reply #4 on: November 11, 2009, 11:12:55 PM »

Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: VPN to WIFI link
« Reply #5 on: November 12, 2009, 08:47:52 PM »

I didnt answer at first because I wasnt sure if setting up a VPN would be the right way to go ahead with things.. and the sort of VPN that watchdog meant is mostly used for businesses and to me it seemed to be a bit overkill for what the watchdog programme was on about.

What they failed to actually mention was that the lack of security in that particular instance related to the webmail client - gmail + hotmail.
Instead they decided to scare monger people telling them they need to connect via a VPN... but telling the viewers nothing about what a VPN was or what it does.. nevermind how to set one up which is very likely beyond the scope of most people.

Basically you would have to set up a secure connection using VPN software at your home  so that everytime you connected in a wifi hotspot cafe, then your connection would say be tunnelled to your home and on to your LAN.  Traffic between your home and the internet cafe is then encrypted, and you can then say pick up mail via your home network, just as if you were at home.

This sort of thing wouldnt work for your daughter at uni, because to access certain things at uni (say some course lectures), then you may not be able to get access from an external source (which is what you would in effect be doing) and she needs to connect via the uni LAN... so theres no point tunnelling that sort of traffic.

Its not actually about protecting your own wireless network.
IMHO that watchdog program will have misled so many people..  basically what they should have said is make sure if you are collecting your mail... or anything else which has sensitive data..  make sure you use https/SSL.  
When you login to your bank account, then by default all bank sites use https, as do most reputable sites where money transactions occur.

The problem in this particular case is that by default, both gmail & hotmail have https off, and use plain old http when viewing mail....  but both of them do allow you to switch it on in your user settings.  
If the users who got caught out on that program had been using https when viewing their mail, then the hacker wouldnt have been able to do what he did.  Far easier.. damn simple infact...  but then again makes less interesting journalism.  :-X

I think the only time Id consider setting up a VPN is if I was often away from home and I wanted to securely transfer data between my laptop at the remote location... and my home.

We used to use VPN at work a lot... for example if I had just sold someone a large investment from a customers home, then I would then take my laptop and connect via VPN to head office from anywhere to upload details of the customer transaction without having to go back into work.
  
It also allowed things such as customer details to be sent to and from my laptop at home to Head Office.  The VPN connection only allowed me to remotely connect to the Head Office Intranet and I couldnt get out on to the actual internet via it.


The VPN is basically a secure tunnel through/over an internet connection between point A (home) and point B (where you happen to be).
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: VPN to WIFI link
« Reply #6 on: November 13, 2009, 09:56:58 AM »

Kitz, I'm glad I didn't actually see that program then; I would still have steam coming out of my ears now!  >:D

Tickmike has indeed been misled. VPN's are generally for providing a secure link (tunnel) from one point you own/trust to another that you own/trust via an inherently insecure medium (Internet, WiFi etc.).

(I was responsible for one of the then biggest international VPN's in existence over 10 years ago, then connecting around 100 nodes all over the world)
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: VPN to WIFI link
« Reply #7 on: November 13, 2009, 06:26:15 PM »

I think it had a couple of us in the other thread started scratching our heads to understand how the 'hacker' had actually got into the accounts. 
7LM started it by saying something about surely that couldnt happen on https? 
It made me think too.. and it was only when I watched skipped to the vid again, that I realised he appeared to be targetting people logging into gmail. 

So after a quick google.. it was then that I found out that g-mail doesnt use https by default when collecting/viewing mail.. and so thats when it clicked how the 'hacker' had been able to sniff the packets.
 
BeCause the hacket was on the same LAN, he would have then been able to quite easily pretend to be the user using the same session... which is why he wouldnt need to  Gmail wouldnt know any difference because it would be the same external IP and thing all was ok.
Once in to gmail... then if theres any emails in the box, he would easily be able to read them... and also now start to have access to change passy or other settings etc

This could oh so easily be avoided by using SSL/https when using gmail or hotmail.

The cynic in me also wondered about the hype & claim "oooh look an email from Bank of Amerca"... lol whats the betting that was spam, or a phishing mail, rather than a genuine email to the user... cause I bet that not many UK residents actually use the Bank of America.

As mentioned in the other thread, I wasnt too impressed at the way Watchdog had presented the program.

I'm all for security, but this was a bit OTT.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: VPN to WIFI link
« Reply #8 on: November 13, 2009, 09:37:05 PM »

I know very little about VPNs, so forgive me if I'm confusing things.  But...

...The thing is, I'm forced to use VPN to connect to the corporate LAN when I work from home.  When I do so, it seems to allow the office based IT dept to make connections towards my PC for maintenance purposes.  If they were so inclined (they're not, of course) that would presumably allow them to browse all my home network shares, and cause absolute havoc, despite the router's firewall blocking all inward connections.   

So I don't really see that VPN as a great contribution to (my) security, I'm afraid.... :(
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: VPN to WIFI link
« Reply #9 on: November 13, 2009, 09:38:43 PM »

What I seem to be able to do on this PCLinuxOS  distro is use a VPN link to the Wifi router/access point !..
I do know what a normal VPN link is used for and it's not what I'm trying to do.! .

Is Eric about ? maybe he can look on his PCLinux os and look what I have been doing and tell me/you, if I have got my nickers in a twist or not  :-[

I agree what you are saying 'Kitz' and what is being sniffed.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: VPN to WIFI link
« Reply #10 on: November 14, 2009, 11:17:59 AM »

I am about, but unfortunately I no longer have a PCLinuxOS installation to check with. And I don't know anything about VPN, but I'm having a look through some other Linux forums to see if the subject comes up.
Logged
  Eric

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: VPN to WIFI link
« Reply #11 on: November 14, 2009, 12:56:01 PM »

I may be wrong, as I dont know the linux os, but I suspect you have set up an encrypted tunnel between your linux box and the router as a client.  The 1st stage certainly looks like you have set up client side only.

Windows has something similar within it which makes it very easy to set up the client side.

VPN also needs a server, so a certain machine on your network needs to have VPN server software installed, as this will be the machine that you would "virtually" connect to from the remote location when outside of your network.

Are any of your machines running server side VPN software, (such as the openvpn one).
What you then need to do, with VPN is connect over a different (internet) connection via the tunnel, so you'd need to put your external IP in when you make the connection.

Im not aware of any home routers being able to be the designated server, although they would be responsible for forwarding on traffic to the correct machine which is running the VPN server software.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: VPN to WIFI link
« Reply #12 on: November 16, 2009, 12:33:23 AM »

I think I will look into this a bit more. :blush:
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: VPN to WIFI link
« Reply #13 on: November 16, 2009, 10:28:51 AM »

Im not aware of any home routers being able to be the designated server,
Nor me, business class devices only in my experience.

Here's a simple description courtesy of Netgear for anyone who wants to know more: http://kb.netgear.com/app/answers/detail/a_id/1128
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: VPN to WIFI link
« Reply #14 on: November 16, 2009, 11:43:25 PM »

Thanks for the link  :)
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.