HOME

Wednesday, March 20, 2013

How (and why) to set up a VPN today


Marissa Mayer made Yahoo's VPN famous by using it to check on the work habits of her employees. Lost amid today's VPN conversation, however, is the fact that virtual private networks are much more than just pipelines for connecting remote employees to central work servers.
And that's a damn shame, because VPNs can be helpful tools for protecting online privacy, and you need not be an office drone to enjoy their benefits.
A VPN, as its name suggests, is just a virtual version of a secure, physical network—a web of computers linked together to share files and other resources. But VPNs connect to the outside world over the Internet, and they can serve to secure general Internet traffic in addition to corporate assets. In fact, the lion's share of modern VPNs are encrypted, so computers, devices, and other networks that connect to them do so via encrypted tunnels.

Why you want a VPN

You have at least four great reasons to start using a VPN. First, you can use it to connect securely to a remote network via the Internet. Most companies maintain VPNs so that employees can access files, applications, printers, and other resources on the office network without compromising security, but you can also set up your own VPN to safely access your secure home network while you're on the road.
Second, VPNs are particularly useful for connecting multiple networks together securely. For this reason, most businesses big and small rely on a VPN to share servers and other networked resources among multiple offices or stores across the globe. Even if you don't have a chain of offices to worry about, you can use the same trick to connect multiple home networks or other networks for personal use.
This diagram illustrates the difference between using an unencrypted connection and using a VPN-secured Internet connection at your average coffee shop.
Third, if you're concerned about your online privacy, connecting to an encrypted VPN while you're on a public or untrusted network—such as a Wi-Fi hotspot in a hotel or coffee shop—is a smart, simple security practice. Because the VPN encrypts your Internet traffic, it helps to stymie other people who may be trying to snoop on your browsing via Wi-Fi to capture your passwords.
Fourth and finally, one of the best reasons to use a VPN is to circumvent regional restrictions—known as geoblocking—on certain websites. Journalists and political dissidents use VPNs to get around state-sponsored censorship all the time, but you can also use a VPN for recreational purposes, such as connecting to a British VPN to watch theBBC iPlayer outside the UK. Because your Internet traffic routes through the VPN, it looks as if you're just another British visitor.

Pick your protocol

When choosing a networking protocol for your VPN, you need worry only about the four most popular ones. Here's a quick rundown, including the strengths and weaknesses of each.
Point-to-Point Tunneling Protocol (PPTP) is the least secure VPN method, but it’s a great starting point for your first VPN because almost every operating system supports it, including Windows, Mac OS, and even mobile OSs.
Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPsec) are more secure than PPTP and are almost as widely supported, but they are also more complicated to set up and are susceptible to the same connection issues as PPTP is.
Secure Sockets Layer (SSL) VPN systems provide the same level of security that you trust when you log on to banking sites and other sensitive domains. Most SSL VPNs are referred to as "clientless," since you don't need to be running a dedicated VPN client to connect to one of them. They're my favorite kind of VPN because the connection happens via a Web browser and thus is easier and more reliable to use than PPTP, L2TP, or IPsec.
An SSL VPN server is designed to be accessed via Web browser and creates encrypted channels so that you can safely access the server from anywhere.
OpenVPN is exactly what it sounds like: an open-source VPN system that's based on SSL code. It's free and secure, and it doesn't suffer from connection issues, but using OpenVPN does require you to install a client since Windows, Mac OS X, and mobile devices don't natively support it.
In short: When in doubt, try to use SSL or OpenVPN. Keep in mind that some of the services highlighted in the next section don’t use these protocols. Instead, they use their own proprietary VPN technology.
Now, let's talk about how to create and connect to your own VPN. If you want simple remote access to a single computer, consider using the VPN software built into Windows. If you’d like to network multiple computers together quickly through a VPN, consider installing stand-alone VPN server software.
If you need a more reliable and robust arrangement (one that also supports site-to-site connections), consider using a dedicated VPN router. And if you just want to use a VPN to secure your Internet traffic while you're on public Wi-Fi hotspots and other untrusted networks—or to access regionally restricted sites—consider subscribing to a third-party hosted VPN provider.

Set up a simple VPN with Windows

Windows comes loaded with a VPN client that supports the PPTP and L2TP/IPsec protocols. The setup process is simple: If you're using Windows 8, just bring up the Search charm, type VPN, and then launch the VPN wizard by clicking Set up a virtual private network (VPN) connection.
You can use this client to connect securely to other Windows computers or to other VPN servers that support the PPTP and L2TP/IPsec protocols—you just need to provide the IP address or domain name of the VPN server to which you want to connect. If you're connecting to a corporate or commercial VPN, you can contact the administrator to learn the proper IP address. If you're running your own VPN server via Windows, you can figure out the server's IP address by typing CMD in the Search charm, launching the Command Prompt, and typing ipconfig. This simple trick comes in handy when you're setting up your Windows PC as a VPN server, and then connecting to it so that you can securely, remotely access your files from anywhere.
Windows has a built-in VPN client, but you'll need to provide the connection information (namely, the IP address) for the VPN server you want to use.
Quick note: When setting up incoming PPTP VPN connections in Windows, youmust configure your network router to forward VPN traffic to the Windows computer you want to access remotely. You can do this by logging in to the router’s control panel—consult the manufacturer's instructions on how to do this—and configuring the port-forwarding or virtual-server settings to forward port 1723 to the IP address of the computer you wish to access. In addition, PPTP or VPN pass-through options need to be enabled in the firewall settings, but usually they're switched on by default.

Use third-party software to create a VPN server

If you’d like to create a VPN between multiple computers to share files and network resources without having to configure your router or to dedicate a PC to act as the VPN server, consider using third-party VPN software. Comodo UniteGbridge, and TeamViewerare all decent, reliable, and (most important) free.
LogMeIn Hamachi is a simple, elegant, and secure VPN client that's free for up to five users.
You can also use LogMeIn Hamachi for free with five or fewer users, but it's good enough that if you have more than five PCs you want to link up securely—say, as part of your small-but-growing business—you should consider paying for the full service.

Go whole hog with your own VPN router

If you want to get your hands dirty while providing robust remote access to an entire network, or if you wish to create site-to-site connections, try setting up a router on your network with a VPN server and client. If you’re working on a budget, the cheapest way to set up your own dedicated VPN router is to upload aftermarket firmware that enables VPN functionality, such as DD-WRT or Tomato, to an inexpensive consumer-level router.
The ZyXel USG20W VPN router is a smart investment if you want to set up your own dedicated VPN at home or in the office.
You can also purchase a specially designed router (commonly called a VPN router) with a VPN server built in, such as the ZyXel ZyWall 802.11n Wireless Internet Security Gigabit Firewall (USG20W)Cisco Wireless Network Security Firewall Router (RV220W), orNetgear ProSecure UTM Firewall with Wireless N (UTM9S).
When you're choosing a VPN router and third-party router firmware, make sure they support the VPN networking protocol you need for your devices. In addition, check the VPN router to verify how many simultaneous VPN users it supports.

Let a third-party VPN provider worry about it

If you merely want VPN access to cloak your Internet traffic while you're using public Wi-Fi or another untrusted network, or to access regionally restricted sites, the simplest solution is to use a hosted VPN provider. Hotspot Shield is my favorite, as it offers both free and paid VPN services for Windows, Mac, iOS, and Android. HotSpotVPNStrongVPN, andWiTopia are other paid services we’ve reviewed in the past.
EFF
The Onion Router is an excellent, free utility that anonymizes your Internet activity through a series of servers scattered around the world.
If you want to keep your browsing activity anonymous but can't spare the cash for a paid VPN, check out the Onion Router, a network of servers that can anonymize your Internet traffic for free. Visit the TOR website and download the latest browser bundle, and then start browsing with the TOR extensions enabled. The software will encrypt your connection to the TOR server before routing your Internet traffic through a randomized series of servers across the globe, slowing your browsing speed but cloaking your online activity from prying eyes.
No matter how you choose to go about it, start using a VPN today. It takes a bit of work up front, but spending the time to get on a VPN is one of the smartest, simplest steps you can take toward making your online activities more secure.

No comments: