Using Linode as a Secure VPN for Access on unsecured Wi-Fi

Hello all,

I hope this is in the right forum area.

I was wondering whether it would be possible to use my linode server (Ubuntu 12.04, NGINX, PHP 5.3) to set up a secure VPN tunnel from my laptop so that I can securely use public, unsecured WI-FI connections without having to worry about security issues?

My situation: I'm a travel writer and often have to use WI-FI in hostels and public areas to log into sites (often unsecured sites, ie. not https://) and access private information.

Currently I'm using a service called Comodo Trust Connect ~~[http://www.comodo.com/home/internet-security/wifi-security.php" target="_blank">](http://www.comodo.com/home/internet-sec … curity.php">http://www.comodo.com/home/internet-security/wifi-security.php]( to encrypt all data sent from my computer to a secure server in the UK where it is then passed onto the site in question.

My main concern is that without this service, people can listen in on my communications over WI-FI where I'm using it.

Whilst TrustConnect is a good service, it comes at a price of $9/month and though not a lot, I figure as I'm already paying for my Linode I may as well use my server to act in the same way… if at all possible?

So my question, is this possible to do? And if so, what is the best way to go about doing it?

You'll have to excuse my lack of knowledge on this subject, I've never really had to dive into security related matters or VPN's too much.

Thanks in advance to anyone who is willing to help,

Regards,

Paul :-)

11 Replies

It's completely possible to do, and I'd personally recommend OpenVPN to do it. It doesn't look like the Linode library currently has a guide for setting it up on 12.04, but you can perhaps try using one of the other guides at http://library.linode.com/search?query=openvpn . Just remember to set the encryption type you want to use in the configuration files after you're done setting up the basics outlined in the guide.

Also, if you're using it on Windows – don't use the link to the openvpn.se page for the GUI installation, because it's outdated and it's going to make Windows complain about an outdated adapter and not work. Instead, use http://openvpn.net/release/openvpn-2.1_rc22-install.exe .

Thanks for the info Nightmare,

Do you know if it's possible to put a request into Linode to draw up a guide? And if so what the correct channel is to do so?

Thanks,

Paul

Probably the easiest way to get an 'official' response on it would be to open a ticket and ask about it.

The Ubuntu server guide is always a good place to start if you have Ubuntu and the Linode guide doesn't exist.

https://help.ubuntu.com/12.04/serverguide/openvpn.html

You can also install squid proxy for all your web traffic

Squid is very easy to misconfigure, though, making it an open proxy that gets abused.

If you want to try the OpenVPN route, the free version of their commercial product, OpenVPN Access Server, supports two simultaneous connections, and automates most of the configuration for you. It's much easier to set up, and doesn't require any config file editing (it has a web interface):

http://openvpn.net/index.php/access-ser … rview.html">http://openvpn.net/index.php/access-server/overview.html

It will handle all the network routing stuff for you.

I have had good experience with ~~[https://raymii.org/s/tutorials/IPSECL2TPvpnwithUbuntu12.04.html" target="blank">](https://raymii.org/s/tutorials/IPSEC_L2 … 12.04.html">https://raymii.org/s/tutorials/IPSECL2TPvpnwithUbuntu_12.04.html](. Also works well on IOS devices.

@Guspaz:

Squid is very easy to misconfigure, though, making it an open proxy that gets abused.

If you want to try the OpenVPN route, the free version of their commercial product, OpenVPN Access Server, supports two simultaneous connections, and automates most of the configuration for you. It's much easier to set up, and doesn't require any config file editing (it has a web interface):

http://openvpn.net/index.php/access-ser … rview.html">http://openvpn.net/index.php/access-server/overview.html

It will handle all the network routing stuff for you.

Whoa thanks!

Yes, your Linode can definitely be used for this. I also use it for better security in public areas, as well as being able to access US-only content when abroad.

If you're mostly concerned about web browser traffic or programs for which it's easy to configure to use a SOCKS5 proxy, I found it very easy to set up SSH Dynamic Port Forwarding and setting up a browser shortcut to use that port. I configured a special session for Putty instead of following the instructions on Linode's page:

Configure SOCKS5 (SSH/VPN)

For Putty: hostname of VPS & SSH, (whatever port you use for SSH)

Connection → data → fill in auto-login username

(if you use SSH key instead of just a password login:

Connection → SSH → Auth → fill in private key for authentication)

Connection → SSH → Tunnels → dynamic, fill in source port (choose one), click add

Save settings

In browser, for network connection, choose SOCKS5, localhost, port 2222

@yaz:

Yes, your Linode can definitely be used for this. I also use it for better security in public areas, as well as being able to access US-only content when abroad.

If you're mostly concerned about web browser traffic or programs for which it's easy to configure to use a SOCKS5 proxy, I found it very easy to set up SSH Dynamic Port Forwarding and setting up a browser shortcut to use that port. I configured a special session for Putty instead of following the instructions on Linode's page:

Configure SOCKS5 (SSH/VPN)

For Putty: hostname of VPS & SSH, (whatever port you use for SSH)

Connection → data → fill in auto-login username

(if you use SSH key instead of just a password login:

Connection → SSH → Auth → fill in private key for authentication)

Connection → SSH → Tunnels → dynamic, fill in source port (choose one), click add

Save settings

In browser, for network connection, choose SOCKS5, localhost, port 2222

Also, for Firefox you might want to set DNS lookups to use the SOCKS tunnel, in about:config, set this to true:

network.proxy.socksremotedns

I'm not sure you can configure Chrome that way or what behavior it has for DNS lookups.

@Guspaz:

Squid is very easy to misconfigure, though, making it an open proxy that gets abused.

If you want to try the OpenVPN route, the free version of their commercial product, OpenVPN Access Server, supports two simultaneous connections, and automates most of the configuration for you. It's much easier to set up, and doesn't require any config file editing (it has a web interface):

http://openvpn.net/index.php/access-ser … rview.html">http://openvpn.net/index.php/access-server/overview.html

It will handle all the network routing stuff for you.

Access server is definitely the way to go for a personal openvpn installation, esp. if your time is limited. Be sure to enable lzo compression in openvpn, it helps a lot in slower connections.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct