The good thing during the last years is that net access is almost everywhere, and is pretty cheap or even free. A lot of bars, hotels, restaurants offer a free wifi connection, but most of the times that connection is not secured. The biggest security risk with unencrypted connections is the man-in-the-middle type of attack. You are sitting on a bar, checking email, browsing and all your traffic is not encrypted. That means that an attacker can tap into your connection and “listen”, intercept everything you are typing. Like that the attacker can get sensitive data (accounts, passwords, credit card numbers etc.)
Since you don’t have any control over the connection, what one can do to protect himself is to use a VPN. With a VPN, you are creating a secure (encrypted) point-to-point connection between your PC and the VPN server. Translated, that means that all the Internet traffic you are doing, is going through that secure channel, which can’t be hacked that easily.
Here us how to setup a vpn server using openVPN
1. Install openvpn and openssl
sudo apt-get install openvpn libssl-dev openssl
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
3. Create server certificates
./pkitool --server server
openvpn --genkey --secret ta.key
cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
4. Create client certificates
For each new client that connects to the VPN you’ll need to create new client certificates using step 4
5. Create server configuration file:
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d /etc/openvpn/server.conf.gz
After editing your file should look like this:
server 10.10.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 220.127.116.11"
push "dhcp-option DNS 18.104.22.168"
6. Enable routing and MASQUERADE for your VPN by placing the following in your /etc/rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE
7. Start the server
1. Ubuntu (all modern linux?)
I’m using an Ubuntu machine as a client. To use openvpn in Ubuntu just install the openvpn plugin for NetworkManager:
sudo apt-get install network-manager-openvpn
A reboot is recommended.
You can now go and add your connection in Network Manager
2. Windows – to come
3. Mac OS X – to come