Running a VPN at home, so can connect to internet through it when using free wifi?

gameover · 19 Apr 2011 at 20:35

Hi
is there an easy & safe way to run a vpn network from my pc at home (connected to the internet), so when i use free wifi i can set my laptop to route all traffic through it?

pc runs windows but could i guess put linux on it if there is something much better on linux for it.

also, doing this would mean all data is encrypted between laptop -> free wifi -> my home pc, right?

PistolPete · 19 Apr 2011 at 20:38

I can answer your last question:

Yes - this is the main reason I run one. I don't trust public wifi, but I have no choice but to use it sometimes.

However I run PFSENSE on an old Watchguard X700 firewall as my router and it has a built in VPN server, so I can't help on your setup

encephalopathy · 19 Apr 2011 at 20:38

install openvpn on a windows pc

i followed the step by step instructions here
http://lockup.wordpress.com/configure-openvpn/
fiddled with my router settings to setup a static route and was amazed to find it actually does work

well it did connect ok, but i couldn't browse the net until i went into the newly created TAPv8 network settings, deleted the static 'use 192.168.1.1' etc TCPIP settings and enabled the 'get DHCP automatically' option instead, and all was well

it took a couple of hours to do, it felt pretty complicated but worthwhile

randal · 19 Apr 2011 at 20:39

You can do this with OpenSSH.

http://pctechtips.org/secure-browsing-with-ssh-tunnel/

pespro · 20 Apr 2011 at 10:11

these vpn solutions are the end points safe?
I never buy anything online or log into my emails unless im at home on the router i set up.

Have considered vpn but just not sure if i should risk it.

JonJ678 · 20 Apr 2011 at 17:25

I use (open)ssh for this, so putty is probably capable of it.

Specifically, I type: ssh -fCND localhost:10678 root@server -p 10678

Then go to firefox preferances, connection settings, manual proxy configuration
socks host: localhost
port: 10678

pespro · 20 Apr 2011 at 22:47

JonJ678 said:
I use (open)ssh for this, so putty is probably capable of it.

Specifically, I type: ssh -fCND localhost:10678 root@server -p 10678

Then go to firefox preferances, connection settings, manual proxy configuration
socks host: localhost
port: 10678

i pressume that is making firefox use SSH, would you be able to use that port for other applications?
Does the localhost mean only the first network adaptor is encypted?

JonJ678 · 21 Apr 2011 at 00:46

Yep, firefox sends all its data out on port 10678 which happens to be forwarded to a different computer by ssh. Localhost is shorthand for 127.0.0.1, it's the address of the local computer. I'm fairly certain it's independent of network adapter, since the same line works with wired and wireless. However it is only the traffic from firefox that is encrypted, and it may leak dns queries.

It's not quite a VPN, but lan services like mediatomb that are normally seen through the browser are visible as if I were local.

Port forwarding isn't limited to sending web traffic through a proxy. I'm sure it's possible to run samba over ssh, though I haven't done so.

MTA99 · 21 Apr 2011 at 17:31

I use Tomato firmware on my router with openVPN support. Always on, dynamic dns and secure

http://tomatovpn.keithmoyer.com/ or http://tomatousb.org/

pespro · 21 Apr 2011 at 20:47

JonJ678 said:
Yep, firefox sends all its data out on port 10678 which happens to be forwarded to a different computer by ssh. Localhost is shorthand for 127.0.0.1, it's the address of the local computer. I'm fairly certain it's independent of network adapter, since the same line works with wired and wireless. However it is only the traffic from firefox that is encrypted, and it may leak dns queries.

It's not quite a VPN, but lan services like mediatomb that are normally seen through the browser are visible as if I were local.

Port forwarding isn't limited to sending web traffic through a proxy. I'm sure it's possible to run samba over ssh, though I haven't done so.

So your firefox data is sent to another computer? is that an online VPN server?
In your router do you have port 10678 forwarded to an external IP then?

JonJ678 · 22 Apr 2011 at 00:47

Ah, I missed the hardware bit. I connect to a computer which sits behind a router at home, from a laptop which occasionally connects to untrusted wifi. I doubt this approach is particularly secure (mainly I haven't checked whether any data leaks past the proxy), but it's better than nothing.

At home, the external 10678 port on the router is forwarded to port 22 (ssh) on a home server. "server" in the root@server part is the ip of my home connection, the -p 10678 specifies the port number. The process would be cleaner if the server I connect to had an external IP.

The same idea would bounce firefox data off any server you have shell access (with port forwarding) to.