17
12
I recently moved into an apartment where the complex provides free unencrypted Wi-Fi. The speed is good for my purposes, but I'm not 100% comfortable with all my traffic being sent in the clear, given that I'll be living here for a while.
I'd like to set up a VPN so that I can surf on the Internet and keep all my traffic confidential from any potential eavesdroppers in the neighborhood, or even the network administrators. My main concern is confidentiality of the content I send and receive, but if it's not too big a hassle I'd like to keep metadata (like IP addresses and domains that I'm connecting to and what protocols/ports I'm using) confidential as well.
A friend of mine will let me set up a computer over at his house and letting me be the DMZ on his router. I have a spare laptop I don't use anymore; it's currently running Ubuntu, but I can install pretty much any OS on it. I'm running Ubuntu 9.04 64-bit on my main computer (the client).
What do I need to install and configure on my spare computer at the friend's house? What would I need to install and configure on my main computer that I'll be using on an unsecure network? I was looking at OpenVPN, but the documentation seemed a bit confusing to me.
5While my situation is somewhat uncommon, I'd imagine the concept could be extended to anyone who frequents coffee shops and the like. – Shane – 2009-09-30T05:04:13.577
i think you're overthinking this. while it's true the WiFi connection is unencrypted, any encrypted traffic over it is secure (https, ssh, etc). consider if you had a wired connection, would you still be as concerned? i think being DMZ on your friend's router is more concerning, from a security standpoint. just MHO. – quack quixote – 2009-10-06T00:29:28.637
2Sure - my encrypted stuff is secure, like banking and email. But I don't know if I'm 100% comfortable with my unencrypted traffic (web searches, IM, sites visited, and pretty much all facebook/forums/superuser traffic) being viewable by my neighbors who know where I live. With wired traffic I can at least rest assured that eavesdropping requires a little more setup than turning on wifi monitor mode and Wireshark or something. – Shane – 2009-10-06T17:27:30.757
2
And there's always this: https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf -- VPN is definitely the way to go
– emgee – 2009-10-08T04:50:09.890I want to do the same thing, so I can set up my phone to access open Wi-Fi nodes automatically wherever I go. – endolith – 2009-11-02T15:11:24.160