XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Sun Sep 18, 2016 5:32 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Private VPN & Internet?
PostPosted: Thu Apr 17, 2014 10:57 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 13819
Asking this for someone else, I think I know bit not positive...

Any advantage to using local Private VPN when using Internet?

https://discussions.apple.com/thread/6092720?tstart=0


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 1:45 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 8665
Location: Suburbia
It's slightly safer, in that all his traffic (assuming he's configured his client to send all traffic over the VPN) is encrypted. As a result whatever network he's on and any hop in-between can't (easily) sniff his traffic to determine what he's doing.

Keep in mind his home router likely needs to be updated to take care of the Heartbleed bug. Until its patched he could, theoretically, divulge his VPN username/password, private key, etc.

Also, there are plenty of areas (hospitals, airports, etc.) that don't allow clients to initiate VPN connections, so he may not be able to use VPN all the time.


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 1:58 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 13819
Great, thanks MB! :)


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 2:05 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 8665
Location: Suburbia
Oh, and I should be a little more explicit... normally a VPN client doesn't send all traffic over the VPN tunnel. He will have to configure his client to do this. Without that set he'll be able to access systems/resources on the other side of the VPN connection, but his normal internet browsing will still be performed through the local network.

Depending on his VPN client he may still "leak" some information about what he's doing through DNS lookups, which again are typically performed over the local (non-VPN) connection. This is a big deal with Tor users since they're doing it for privacy/security, and I forget what methods they use to avoid leaking DNS information...

There's one big downside to browsing the internet with all traffic sent over VPN, which is that the home network's "up" speed is the "down" speed of his client. Since most home connections have a lousy "up" speed, browsing the internet will require more patience.


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 2:30 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 13819
Fantastic source of info, thanks once again! :)


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 4:17 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9439
Location: North of the State of Jefferson
I often use a VPN tunnel to my router. This is convenient when I'm using my t-mobile portable hotspot since t-mobile apparently uses carrier grade NAT that leaves my data exiting their network to the Internet through any one of many very different public IPs. With the VPN it all enters the public Internet through my VPN concentrator so I don't get logged out of sites like this one that pay attention to which IP address you last connected from.

Doing this also nominally protects otherwise unencrypted data from prying eyes, especially on open wireless networks, etc., but some VPNs are susceptible to man-in-the middle attacks so depending on what you're using it might only add protection against casual passive snoopers.

And finally it lets me access my networks private resources wherever I'm at (assuming "wherever" doesn't block the connection). This way I can get on the file server, print, do screen sharing, etc., without trying to remember how in the Hell to configure the right SSH tunnel.

In short, it's a handy tool that works most but not all of the time. I never rely on it and if absolutely necessary can usually fall back to an SSH tunnel.

- Anonymous


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 4:29 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 13819
Great, thanks Anon! :)


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 9:21 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9439
Location: North of the State of Jefferson
What doesn't make sense is to do that inside the private network managed by the VPN concentrator you're connecting to. For one thing, it usually won't work*. For another, you're already probably safe enough from the things your VPN would protect you from if you're on your own network, and the access it gives to the VPN's network doesn't give you access to anything you didn't already have access to. On top of that, most security you might otherwise gain would be lost because having gone through the VPN the data would be decrypted and pass through your network unencrypted to reach their destination. Finally, it would be slower because VPNs rarely operate at any large fraction of your network's native speed.

When I am home I do not connect the VPN because it's at best pointless; none of the things I gain from using the VPN elsewhere would I gain from using on the same network it routes things to. Additionally, depending on the kind of VPN and how your network is set up it may not: a) connect, b) route traffic once connected, c) route traffic the way you expect d) in a way that is useful, e) improve security, nor f) deliver adequate speed.

- Anonymous

* For most commonly accepted definitions of work.


Top
 Profile  
 
PostPosted: Thu Apr 17, 2014 9:31 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 8665
Location: Suburbia
Oh god, please don't remind me. At my last employer I had to go round and round and round with executives and salespeople as to why their system ran so much more slowly when they were at work vs. home.

One guess as to why that was...


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group