Re: [PLUG] VPN

Rich Freeman on 28 May 2011 13:04:12 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] VPN

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] VPN
Date: Sat, 28 May 2011 16:04:06 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=Et9Gmt9heEsvP2VIj4IrtVunScwRoGeXm7sNKcaEjDg=; b=HDDejCjL2fX+/5QYZ/UNJZx1TAGvEWsEqq5z0Q/2F2TGqumPWlysGYRrdYaqiYScCz peItuZ1/DEMmoOITUJLOwcHpOt+5vQYrJr0sMcd/LnWsvmLV/2mBScsbtpfrFrejaUqR hGKETYUGzXGpLlORw3VcqACoT1evC2Kw2DZ/k=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Sat, May 28, 2011 at 3:49 PM, Stephen Slaughter
<steve2slaughter@gmail.com> wrote:
> I'm in a Linux Noob and interested in securing my internet traffic with a
> VPN.

I'm concerned that you might not understand how a VPN actually helps
to secure traffic.

VPNs securely get data from point A to point B without risk of
interception or modification.

> Is there any way to configure one machine as both server and client?

So, you want to securely get data from machine A to machine A without
anybody in-between intercepting it.  What exactly is your threat
model?  Nobody can intercept it without having local access (likely
root), and somebody with local root can just read anything you have
right out of RAM.

>
> Is it possible to host a virtual machine as the OpenVPN server with Virtual
> box while running the client software on the same physical machine?
>

Sure.  That would let you securely send network data between the host
and the virtual server without interception on the wire, although in
this case it doesn't actually go over a wire where it could be
intercepted anyway.

> Do any of you know of an alternative VPN solution I can use which does not
> require hosting a server?
>

None that are sane.  Of course anything can be a server - including
many linksys routers with the right firmware.

I think you might have the wrong idea concerning VPN.  Data that goes
over a VPN isn't magically "more secure" - it is only secure from
interception while it is in transit over the VPN.  If the VPN server
then passes it onto the regular internet in the clear then it is as
vulnerable as it would otherwise be.  VPN is a point-to-point
communication protocol.  If your two points are the same, it just is
added complexity.

The typical use case for VPN is that you want to let somebody in a
hotel connect to your corporate network as if they were plugged right
into it, and thus be able to get into local server resources that you
don't expose to the internet at large.

You could use it to set up a tunnel between your network and a
friend's so that they appear to be a single network and you can print
or play games or whatever as if you were on the same LAN, but without
much risk of hackers exploiting your local machines.

Another big use case is to set up your wireless to go into a network
with nothing on it but a VPN server, and then send your traffic over
VPN from your laptop to the VPN server, thus securing it from the next
big WiFi attack method.  In that case the client would be on your
laptop, and the server would be a PC on your network.

Hope that helps a little.  Note, I am by no means an expert on VPN.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] VPN
  - From: Stephen Slaughter <steve2slaughter@gmail.com>

Prev by Date: [PLUG] VPN
Next by Date: Re: [PLUG] VPN
Previous by thread: [PLUG] VPN
Next by thread: Re: [PLUG] VPN
Index(es):
- Date
- Thread