VPN Solutions

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 46
Joined: Sun Mar 27, 2011 9:59 pm

VPN Solutions

#1 Postby cgriffin » Thu May 03, 2012 10:37 am

HI All,

Has anyone here any experience with VPN solutions for a dedicated server as well as for home use?
OpenVPN looks like a great tool, but I'm afraid of trying to configure it. Hamachi looks nice but it's not open source.

Is there anything in the repos for this?
Thanks in advance for any pointers

Chris
--
Chris Griffin

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: VPN Solutions

#2 Postby GoManutd » Thu May 03, 2012 6:12 pm

what exactly are your remote access needs? there may be easier solutions

User avatar
Adrian
Forum Veteran
Forum Veteran
Posts: 6246
Age: 41
Joined: Wed Jul 12, 2006 1:42 am

Re: VPN Solutions

#3 Postby Adrian » Thu May 03, 2012 11:53 pm

It depends on your needs, if you just need an encrypted connection you could run ssh server on your home machine and tunnel all the connections through it, it should be very easy to set up. Dynamic Port Forwarding

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 46
Joined: Sun Mar 27, 2011 9:59 pm

Re: VPN Solutions

#4 Postby cgriffin » Fri May 04, 2012 11:06 am

Adrian wrote:It depends on your needs, if you just need an encrypted connection you could run ssh server on your home machine and tunnel all the connections through it, it should be very easy to set up. Dynamic Port Forwarding


Thanks for your replies.

My needs are a bit nebulous because I'm in learning mode and it's almost more hobby than serious need.

On the surface, I would like to be able to connect to home while I'm away (either at work or travelling) and do the following:

* Use my home network as an http and email proxy
* Take control of my home mepis desktop via something like VNC and just do my work that way.

I know that lots of people have good luck with Hamachi, but I don't want to use a corporate solution, plus they have a server that serves as a middle-man in the connection process and I don't like that for philosophical reasons.

I might be able to do everything with the SSH port forwarding. I've tried setting that up on my router but I'm having some trouble with it. I haven't spent serious time trying to fix it yet.

I have heard that Hamachi will do the NAT traversal for you, so you don't need to open a port. I'm not too concerned about opening a port though, although I might opt for something that's not 22!

I have heard that VPN's are more secure than an SSH connection, and that I could actually open a VPN connection and still use SSH, which would provide a double-layer of security. This is where the hobby aspect of this comes in because it'd probably be a bandwidth hit and I don't have great bandwidth at home anyways.

Nevertheless, I want to know about all of my options, and what has worked well for others, and I strongly prefer FLOSS solutions to a propietary tool.

Thanks!
Chris
--
Chris Griffin

User avatar
Adrian
Forum Veteran
Forum Veteran
Posts: 6246
Age: 41
Joined: Wed Jul 12, 2006 1:42 am

Re: VPN Solutions

#5 Postby Adrian » Fri May 04, 2012 2:25 pm

Don't know much about it, but I doubt VPN can be more secure than SSH, it actually probably uses SSH as a back end. I know there's a way to do VPN with SSH (better solution than just forwarding the ports) but I've never tried that. http://bodhizazen.net/Tutorials/VPN-Over-SSH

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 46
Joined: Sun Mar 27, 2011 9:59 pm

Re: VPN Solutions

#6 Postby cgriffin » Fri May 04, 2012 3:18 pm

Adrian wrote:Don't know much about it, but I doubt VPN can be more secure than SSH, it actually probably uses SSH as a back end. I know there's a way to do VPN with SSH (better solution than just forwarding the ports) but I've never tried that. http://bodhizazen.net/Tutorials/VPN-Over-SSH


I don't know enough about it yet, but VPN solutions (such as OpenVPN) do a Diffe-Hellman key exchange, in which both client and server have a public/private key pair, and through the use of the public key methodology, they are able to agree upon a symmetric session key that no outside party can glean.

I'm concerned that SSH is basically just taking your password or your SSH key and transferring it in the clear. That's not secure at all. Sure, once the connection is established it would be secure, but anyone sniffing your traffic could just record it all and read your key. SSH over a VPN connection would have two layers of security but probably not as good bandwidth.

I'm hoping to run into folks who know more about this than I do ;-)
Chris
--
Chris Griffin

User avatar
iridesce
Forum Regular
Forum Regular
Posts: 606
Age: 58
Joined: Wed Aug 30, 2006 1:44 am

Re: VPN Solutions

#7 Postby iridesce » Fri May 04, 2012 3:20 pm

A little OT and whenever people bring up VPNs, I feel the need to share this

Never Trust A VPN Provider That Doesn't Accept Bitcoin
As the VPN provider HideMyAss.com happily identified a person at the request of law enforcement, it was a jaw-drop moment for many of us. This was the exact thing that was supposed to not happen. It was supposed to be physically impossible; the log files were not supposed to exist. Many rightly criticize the company for advertising a service they didn’t deliver, and from their defense of righteousness and entitlement in a “we did nothing wrong” statement, it is obvious that they are completely oblivious to the concept of lawful evil:

http://falkvinge.net/2011/09/27/never-t ... t-bitcoin/
...Ostara.................................... minni
Image Image
...Mepis 11_64...........................Mepis 11_32

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 46
Joined: Sun Mar 27, 2011 9:59 pm

Re: VPN Solutions

#8 Postby cgriffin » Fri May 04, 2012 3:23 pm

iridesce wrote:A little OT and whenever people bring up VPNs, I feel the need to share this

Never Trust A VPN Provider That Doesn't Accept Bitcoin
As the VPN provider HideMyAss.com happily identified a person at the request of law enforcement, it was a jaw-drop moment for many of us. This was the exact thing that was supposed to not happen. It was supposed to be physically impossible; the log files were not supposed to exist. Many rightly criticize the company for advertising a service they didn’t deliver, and from their defense of righteousness and entitlement in a “we did nothing wrong” statement, it is obvious that they are completely oblivious to the concept of lawful evil:

http://falkvinge.net/2011/09/27/never-t ... t-bitcoin/


The obvious difference between hidemyass and OpenVPN is that you'd be running OpenVPN on your own server/router, and you have full control over all log files.
--
Chris Griffin

User avatar
cgriffin
Forum Regular
Forum Regular
Posts: 221
Age: 46
Joined: Sun Mar 27, 2011 9:59 pm

Re: VPN Solutions

#9 Postby cgriffin » Fri May 04, 2012 3:26 pm

cgriffin wrote:I'm concerned that SSH is basically just taking your password or your SSH key and transferring it in the clear. That's not secure at all.
Chris


Maybe I'm wrong about this:
http://eprint.iacr.org/2011/276.pdf
http://serverfault.com/questions/203613 ... entication

But this still isn't totally clear to me.
--
Chris Griffin

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: VPN Solutions

#10 Postby GoManutd » Fri May 04, 2012 8:30 pm

the WHOLE purpose behind SSH is that it uses private/public keys for encrypting communication. so long as you properly protect the private keys on the system (which never get transmitted) someone can steal the public key and still have no effect, since decrypting the public key takes a tremendous amount of computing effort - read, resources that the average bear doesn't have.

from the sounds of it, SSH will fit the bill. why use a nuke to kill a mosquito, when a flyswatter does the job?


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest