Using Linode as a Secure VPN for Access on unsecured Wi-Fi
I hope this is in the right forum area.
I was wondering whether it would be possible to use my linode server (Ubuntu 12.04, NGINX, PHP 5.3) to set up a secure VPN tunnel from my laptop so that I can securely use public, unsecured WI-FI connections without having to worry about security issues?
My situation: I'm a travel writer and often have to use WI-FI in hostels and public areas to log into sites (often unsecured sites, ie. not https://) and access private information.
Currently I'm using a service called Comodo Trust Connect
My main concern is that without this service, people can listen in on my communications over WI-FI where I'm using it.
Whilst TrustConnect is a good service, it comes at a price of $9/month and though not a lot, I figure as I'm already paying for my Linode I may as well use my server to act in the same way… if at all possible?
So my question, is this possible to do? And if so, what is the best way to go about doing it?
You'll have to excuse my lack of knowledge on this subject, I've never really had to dive into security related matters or VPN's too much.
Thanks in advance to anyone who is willing to help,
Regards,
Paul
11 Replies
Also, if you're using it on Windows – don't use the link to the openvpn.se page for the GUI installation, because it's outdated and it's going to make Windows complain about an outdated adapter and not work. Instead, use
Do you know if it's possible to put a request into Linode to draw up a guide? And if so what the correct channel is to do so?
Thanks,
Paul
If you want to try the OpenVPN route, the free version of their commercial product, OpenVPN Access Server, supports two simultaneous connections, and automates most of the configuration for you. It's much easier to set up, and doesn't require any config file editing (it has a web interface):
It will handle all the network routing stuff for you.
@Guspaz:
Squid is very easy to misconfigure, though, making it an open proxy that gets abused.
If you want to try the OpenVPN route, the free version of their commercial product, OpenVPN Access Server, supports two simultaneous connections, and automates most of the configuration for you. It's much easier to set up, and doesn't require any config file editing (it has a web interface):
http://openvpn.net/index.php/access-ser … rview.html">http://openvpn.net/index.php/access-server/overview.html It will handle all the network routing stuff for you.
Whoa thanks!
If you're mostly concerned about web browser traffic or programs for which it's easy to configure to use a SOCKS5 proxy, I found it very easy to set up SSH Dynamic Port Forwarding
Configure SOCKS5 (SSH/VPN)
For Putty: hostname of VPS & SSH, (whatever port you use for SSH)
Connection → data → fill in auto-login username
(if you use SSH key instead of just a password login:
Connection → SSH → Auth → fill in private key for authentication)
Connection → SSH → Tunnels → dynamic, fill in source port (choose one), click add
Save settings
In browser, for network connection, choose SOCKS5, localhost, port 2222
@yaz:
Yes, your Linode can definitely be used for this. I also use it for better security in public areas, as well as being able to access US-only content when abroad.
If you're mostly concerned about web browser traffic or programs for which it's easy to configure to use a SOCKS5 proxy, I found it very easy to set up
and setting up a browser shortcut to use that port. I configured a special session for Putty instead of following the instructions on Linode's page: SSH Dynamic Port ForwardingConfigure SOCKS5 (SSH/VPN)
For Putty: hostname of VPS & SSH, (whatever port you use for SSH)
Connection → data → fill in auto-login username
(if you use SSH key instead of just a password login:
Connection → SSH → Auth → fill in private key for authentication)
Connection → SSH → Tunnels → dynamic, fill in source port (choose one), click add
Save settings
In browser, for network connection, choose SOCKS5, localhost, port 2222
Also, for Firefox you might want to set DNS lookups to use the SOCKS tunnel, in about:config, set this to true:
network.proxy.socksremotedns
I'm not sure you can configure Chrome that way or what behavior it has for DNS lookups.
@Guspaz:
Squid is very easy to misconfigure, though, making it an open proxy that gets abused.
If you want to try the OpenVPN route, the free version of their commercial product, OpenVPN Access Server, supports two simultaneous connections, and automates most of the configuration for you. It's much easier to set up, and doesn't require any config file editing (it has a web interface):
http://openvpn.net/index.php/access-ser … rview.html">http://openvpn.net/index.php/access-server/overview.html It will handle all the network routing stuff for you.
Access server is definitely the way to go for a personal openvpn installation, esp. if your time is limited. Be sure to enable lzo compression in openvpn, it helps a lot in slower connections.