what is simplest VPN type approach to use with home network when travelling?

Question

I'm going travelling and would like to be able to VPN from a internet cafe to home so I can do internet banking more securely.

Any advice re what would be the best VPN technology/approach to use here?

I have a linux based firewall/router distro that seems to support: IPsec VPN OpenVPN PPTP VPN

Highly subjective. The "best" is going to be whatever you are comfortable supporting and that works well for you. Depending on what your client computers are and what your skill-set you'll get different answers. — Evan Anderson, Nov 12 '10 at 04:13

score 3 · Accepted Answer · answered Nov 12 '10 at 04:55

3

Since your router is Linux, I assume it must also have an SSH server on it. So here's what I do when I need a quick-and-dirty (but secure) tunnel to browse the web with:

First, I log in to my VPS via SSH, like this:

ssh -N -D 1080 my-vps.example.com

Next, I fire up my FireFox web browser and configure it to use the SOCKS proxy server that my SSH connection has just created at localhost:1080. Also, in the FireFox about:config page, I double-check that network.proxy.socks_remote_dns is set to true, so that my DNS queries are sent over the tunnel as well. (Very important!)

Finally, as a sanity-check that my browser requests really are going out through my VPS, I browse to whatismyip.com, and verify that the IP address it reports matches the static IP address of my VPS.

When I'm done browsing, I close the tunnel by terminating the SSH connection. It works pretty well for occasional use, and it should be as secure as SSH.

answered Nov 12 '10 at 04:55

Steven Monday

13,019
4
35
45

I could do this - wondering however in this case whether there's still a security issue - like you are still running firefox itself on the internet cafe PC (as opposed to remoting down the screen/keyboard of your home PC which is itself really running firefox)? – GregH Nov 12 '10 at 10:13
I guess I should have clarified: I wouldn't do this on an internet cafe PC, only my own PC/laptop/netbook, because: (1) I have my VPS in my ~/.ssh/known_hosts file, and (2) I use a key file for login authentication to the VPS. Also, there could be surreptitious keylogging/packet-capturing/etc installed on a random cafe PC, which I would rather avoid. – Steven Monday Nov 12 '10 at 14:57
Steven - would their be a computer wide network setting way to ensure all traffic goes over the VPN (not just firefox)? Also you're just using your home connectivity right, and not actually logging onto home PC and remoting the keyboard/screen? So you're doing the same thing then as an OpenVPN based approach? – GregH Nov 15 '10 at 21:31
Just to be clear: the solution I described here is not a VPN. A secure point-to-point tunnel between the client PC and a remote server is created, and any client software that wants to use that tunnel must be configured to use it as a SOCKS proxy server. I am not aware of any computer-wide setting that enables this for all network traffic, but such a setting may exist (I don't know). – Steven Monday Nov 15 '10 at 21:41

score 2 · Answer 2 · answered Nov 12 '10 at 04:13

2

If you have a box at home, just use LogMeIn, or LogMeIn Hamachi. It really doesn't get any easier.

answered Nov 12 '10 at 04:13

SpacemanSpiff

8,733
1
23
35

really - better than using my linux firewall with it's OpenVPN capability do you think? – GregH Nov 12 '10 at 04:19
1

It's so ridiculously simple. Try it. – SpacemanSpiff Nov 12 '10 at 05:22
Big +1 for Hamachi and simplicity – Chris_K Nov 12 '10 at 05:46
It is easy but not as sexy as OpenVPN. OpenVPN can give you access to all the machines on your LAN :P – Antoine Benkemoun Nov 12 '10 at 07:36
what's the difference between LogMeIn-Free and LogMeInHamachi then on the web site? They seem to be both free VPN solutions? – GregH Nov 12 '10 at 10:11
Antoine: Hamachi most definitely can give you access to all the machines on your LAN. It's a mesh peer to peer VPN, and one box on your lan can act as a gateway. – SpacemanSpiff Nov 12 '10 at 17:54

score 2 · Answer 3 · answered Nov 12 '10 at 06:38

For a full blown VPN, i would use OpenVPN..

It supports simple windows/mac/linux clients..

Allows you to "transfer" your remote computer -> into your VPN server.. Your ip and network connectivity is like sitting at home..

Its Fantastic..

Furthermore, you can carry around a USB stick containing your configuration, and use it on any PC...

Overall fantastic IMHO..

score 1 · Answer 4 · answered Nov 12 '10 at 07:10

Looking for the easiest you would use an SSL/TLS solution, which has the added benefit of looking like only SSL traffic. This is an application layer level solution though.

Looking for the most secure, you'd go with IPsec style VPN. Network level solution, encrypts it all and that is that.

OpenVPN is an SSL/TLS based solution.

OpenSwan is an IPsec solution.

HTH

the duke nuke · Answer 5 · 2010-11-12T06:55:51.493

0

also teamviewer - http://www.teamviewer.com/download/index.aspx free for non commercial

Ive used it for a few months now in a portable version

though the IT tech backup people we hire, use LogMeIn, so it cant be too bad

edited Nov 12 '10 at 06:55

answered Nov 12 '10 at 05:39

the duke nuke

1
1

what is simplest VPN type approach to use with home network when travelling?

5 Answers5