In untrusted environments like open WiFi Hotspots you want to tunnel your traffic through an encrypted channel to the internet. Last year Firesheep has proven successfully how dangerous surfing in a public, non encrypted hotspot can be. A Virtual Private Network (VPN) can also be used to access internet services with IP Address restictions (e.g. Video or Music streaming services like Netflix, Hulu or Spotify). In this post I’ll show you a VPN solution which can be easily set up and used. The tutorial will work with the Windows and Mac OSX.
What’s the best VPN solution?
Many roads lead to Rom. Probably, the most common VPN solutions are, SSH-Tunnel, PPTP and OpenVPN. I personally think that OpenVPN is the best option, it’s robust and secure. However it’s a bit more difficult to setup. On the other hand, PPTP is easy to setup and if encryption is enabled, it should do the job just as well, at least in non critical infrastructures. Finally the Secure Shell (SSH) can also be used to create an encrypted tunnel between two computers. It uses on-board means, is properly integrated in the Operating System and provides state of the art security.
In order to establish a VPN connection you need to connect from your local computer to another endpoint, which usually is a server. in another post I’ve described how easy it is today to setup a server in the Amazon EC2 cloud. Another solution could be your home router, in case it’s using a Mini Linux Kernel (like DD-WRT or Tomato).
SSH tunnel on Mac OSX
With the help of SSH, a SOCKS proxy can be created with just one command.
ssh -i "your private SSH key file" -D "port" "username"@"server"
ssh -i mykey.pem -D 8887 email@example.com
That’s it. Now you just need to route your traffic through the local SOCKS proxy you’ve just created. Therefore open in Mac OSX:
System Preferences > Network > Advanced > Proxies
and enter the data as shown in the picture below (localhost & port).
SSH tunnel on Windows
On Windows, I suggest to use an SSH client called Putty. Putty comes with a nice Graphical User Interface so you actually don’t have to use the command line at all. I found a nice tutorial. Instead of copying it, I rather link it. It explains how to use putty to create an SSH tunnel.
Don’t forget to register your SSH key within Putty. Otherwise the server might not accept your connection!
Advanced: DNS through SSH
In case you are worried about sending your DNS lookups over the local WiFi, you might want to tunnel them as well through the SSH tunnel. It’s not that easy, because SSH is based on TCP and DNS lookups are UDP. Since this is an advanced topic, I would like to refer to another website which explains in detail how to tunnel UDP packets through a TCP connection. If you are really concerned about the DNS lookups, I think it might be the right time to think about a true VPN tunnel with PPTP or OpenVPN, both solve this problem.
- In case the tunnel doesn’t work, try to establish a normal SSH connection
- The standard port for SSH is 22
- Make sure you have the private key on your client
- Check the firewall on the server (Port 22 TCP needs to be open)
- Check the Security rules on Amazon EC2 (Port 22 TCP needs to be open)