How to set up simple VPN for secure Internet connections over unencrypted Wi-Fi?

I recently moved into an apartment where the complex provides free unencrypted Wi-Fi. The speed is good for my purposes, but I'm not 100% comfortable with all my traffic being sent in the clear, given that I'll be living here for a while.

I'd like to set up a VPN so that I can surf on the Internet and keep all my traffic confidential from any potential eavesdroppers in the neighborhood, or even the network administrators. My main concern is confidentiality of the content I send and receive, but if it's not too big a hassle I'd like to keep metadata (like IP addresses and domains that I'm connecting to and what protocols/ports I'm using) confidential as well.

A friend of mine will let me set up a computer over at his house and letting me be the DMZ on his router. I have a spare laptop I don't use anymore; it's currently running Ubuntu, but I can install pretty much any OS on it. I'm running Ubuntu 9.04 64-bit on my main computer (the client).

What do I need to install and configure on my spare computer at the friend's house? What would I need to install and configure on my main computer that I'll be using on an unsecure network? I was looking at OpenVPN, but the documentation seemed a bit confusing to me.

Shane

Posted 2009-09-30T04:51:44.883

Reputation: 957

5While my situation is somewhat uncommon, I'd imagine the concept could be extended to anyone who frequents coffee shops and the like. – Shane – 2009-09-30T05:04:13.577

i think you're overthinking this. while it's true the WiFi connection is unencrypted, any encrypted traffic over it is secure (https, ssh, etc). consider if you had a wired connection, would you still be as concerned? i think being DMZ on your friend's router is more concerning, from a security standpoint. just MHO. – quack quixote – 2009-10-06T00:29:28.637

2Sure - my encrypted stuff is secure, like banking and email. But I don't know if I'm 100% comfortable with my unencrypted traffic (web searches, IM, sites visited, and pretty much all facebook/forums/superuser traffic) being viewable by my neighbors who know where I live. With wired traffic I can at least rest assured that eavesdropping requires a little more setup than turning on wifi monitor mode and Wireshark or something. – Shane – 2009-10-06T17:27:30.757

And there's always this: https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf -- VPN is definitely the way to go

– emgee – 2009-10-08T04:50:09.890

I want to do the same thing, so I can set up my phone to access open Wi-Fi nodes automatically wherever I go. – endolith – 2009-11-02T15:11:24.160

Answers

I had the same dilemma and I ended up just learning how to set up OpenVPN. It's actually quite simple once you dig in. You're right, the documentation can be a bit obtuse. Below is the howto I referred to when I set it up for the first time. Afterwards, I was able to set it up by hand without a howto on a CentOS server.

This one is for Debian, but it's pretty similar: http://howto.landure.fr/gnu-linux/debian-4-0-etch-en/install-and-setup-openvpn-on-debian-4-0-etch

emgee

Posted 2009-09-30T04:51:44.883

Reputation: 4 487

I found this to be the most helpful for my situation. Thanks. – Shane – 2009-10-08T03:59:10.133

The setup you're describing seems to me as being over-complex and prone to problems.
Why don't you look at free VPN solutions such as Hotspot Shield or HTTP-Tunnel Client.

Here is some text from the later:

HTTP-Tunnel acts as a socks server, allowing you to use your Internet applications safely despite restrictive firewalls and/or you not be monitored at work, school, goverment and gives you a extra layer of protection against hackers, spyware, ID theft's with our encryption.

Help and guides for HTTP-Tunnel Client are here.
I also note that higher-speed connections are also available, but for monthly fee.

harrymc

Posted 2009-09-30T04:51:44.883

Reputation: 306 093

I fiend the "Client" part in the second option a bit confusion, but you're right, according to the website: Low Bandwidth Service Features: Free option for moderate users / Sufficient for Instant Messaging programs (Trillian, ICQ, etc.) / Good for users who only need to access blocked web sites / No spam, pop-ups, or banners – Arjan – 2009-09-30T09:08:29.793

1I appreciate it. It's not going to work for me, since my client is a Linux computer, but it may be helpful for other people looking for something similar.

I may just buckle down and figure out how to use OpenVPN. – Shane – 2009-10-01T02:57:26.410

Funny, indeed both services seem to require you to install client software. Why? Still, a cheap VPN provider might work for you, especially as it does not use double bandwidth from your friend's internet connection. – Arjan – 2009-10-06T08:29:04.543

SSH port forwarding might be suitable. The software setup is simpler, works through both Windows and Linux clients, and such. However, you'll need to forward each port you use.

Journeyman Geek

Posted 2009-09-30T04:51:44.883

Reputation: 119 122

Dynamic SSH port forwarding will be suitable. For Windows there is a free SSH server called FreeSSHd. It can be configured tunnel only. And on the client side, you can connect to the server with dynamic port forwarding options. There is foxy-proxy add-on for Firefox which is extremely configurable, and WireCap for making everything on the system to use the SOCKS proxy.

sanilunlu

Posted 2009-09-30T04:51:44.883

Reputation: 171

Setup VPN Connection on Wifi is not very easy, nor it very difficult. Its doable, if you follow the procedure that I am about to explain below. Following are things that you will need to make a VPN WiFi Combo

A Laptop with Windows 7
An Internet Connection
And a lil bit of mind

Now in order to share your VPN connection on WiFi, you first need to make your laptop like WiFi Router that shares VPN. Lets learn that step by step.

Click on your computers start button and in the search box type “cmd” and wait for it to appear on the menu.
After it appears, right click on it and select “Run As Administrator”.
When the Black Command Prompt Opens up, type the following command and press enter
netsh wlan show drivers
You will see something like the following image. If the Hosted Network Supported (in the red square. say Yes, it means the driver is installed and if it says No, download the drivers from 32Bit or 64Bit.
Once it is made sure that you have the required driver, it`s time to set it up.
Type netsh wlan set hostednetwork mode=allow ssid=test key=password. Following Screen would appear. (Devices will detect network SSID as “test” change it to anything you want. Moreover, key is your password which in this case is password, change it to whatever you want, I would suggest you to not to use numbers in password.
Then type, netsh wlan start hostednetwork. You will see the messages illustrated in the snap shot.
If you see the message that the hosted network couldnt be started`, then your WiFi driver is outdated, the best way to update the WiFi driver is Run you Windows Update or download the latest version from its official website.
Now that we have setup hosted network, we will make sure that it is shared on public Wi-Fi.
To do this, click on your Wi-Fi signal buttons on the bottom right hand corner of your screen.
Click on Open Network and Sharing Center.
Then click on Change adapter settings.
Click on the Connection that has description of Your Created VPN Connection and right click on the Icon to go to its properties.
In Properties, go to Sharing tab and check on Allow Other Network User to connect through this computer…
From the drop down menu of Home Networking Connection, Select the connection which had a description of Microsoft Virtual WiFi Miniport Adapter/Virtula AP or it can be Wireless Network Connection 2 as in my case.
Check on the Allow other network users to control or disable…. Option as well.
Click ok and you are all set to go now.
Connect your VPN and ask your Friends or Colleague to discover your VPN enabled WiFi Connection.
Now, whenever you will restart your computer, your Shared WiFi connection will be disabled. You will have to reenter only the following command in the command prompt to enable it again. netsh wlan start hostednetwork (or create a custom batch file for this, if you want to avoid reentering the command every time.

user116088

Posted 2009-09-30T04:51:44.883

Reputation: 1

1Unless I have misread, isn't this create a virtual/Ad-Hoc wireless network, not a VPN connection? – William Hilsum – 2012-01-31T11:03:22.227

I assume "I can install pretty much any OS on it" does not include Mac OS X. But for those who want to use their Mac as the VPN server:

Since Tiger (and maybe earlier), OS X has a VPN server built-in. But only the OS X Server editions provide the GUIs to manage that. See an article on PPTP/L2TP VPN Server on Mac OS X Leopard Client on how to manage this using (an old, free version 2.4b of) iVPN, including a note on how to have Windows XP clients connect to it if you're behind a NAT. It's very limited though: only a single username, and no certificate support for L2TP. Perfect for private use while you're at a Starbucks with another computer.

The old (free) 2.4b version might no longer work with Snow Leopard, so you may need to spend the £14.99 to get the most recent version, or do things manually (another guide). (iVPN 4.2 is said to have added support for Snow Leopard.)

Arjan

Posted 2009-09-30T04:51:44.883

Reputation: 29 084