Differences

This shows you the differences between two versions of the page.

--- virtual_private_networks [2019/08/10 18:34] – neil
+++ virtual_private_networks [2021/07/06 09:26] (current) – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
 A virtual private network or "VPN" is a (usually secure) means of routing your traffic from your computer or phone to another computer.
+Bear in mind that, like anything, VPNs are not unhackable. (e.g. [[https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf|"Infiltrating Corporate Intranet Like NSA"]].)
 ====Key points: ====
@@ Line 43: / Line 45: @@
 If, for example, the network you are using blocks access to websites which you need to visit, connecting to an endpoint which does not block access would circumvent the block.
+Some networks block (or attempt to block) VPN traffic. If you are using a public Wi-Fi hotspot that blocks VPN traffic, find another hotspot — if they do not want you to be sure online, you might reasonably wonder why.
 ===To avoid restrictions imposed by the site/service you are trying to visit===
@@ Line 69: / Line 73: @@
 If you do not want to [[#Third party VPN providers: someone else to trust|trust a third party VPN service]], you will need to run your own.
-Some routers — such as the [[https://www.firebrick.co.uk/fb2900/|FireBrick 2900]] — come with an integrated VPN server.
+Some routers come with an integrated VPN server. For example, the fully-loaded version of the [[https://www.firebrick.co.uk/fb2900/|FireBrick 2900]] has an integrated IPSec VPN service, which works well with the inbuilt macOS and iOS VPN clients. Other routers may offer integrated VPN servers too, often using OpenVPN.
-Alternatively, you could run your own server, and install a VPN service using [[https://github.com/trailofbits/algo|Algo]].
+An advantage of using an "all-in-one" solution is that it means you do not need to run and maintain a separate server. By the same token, you need a powerful enough router to cope with the additional load.
+Alternatively, you can run your own server, and install a VPN service using [[https://github.com/trailofbits/algo|Algo]].
+If you do run your own VPN server, you will need to ensure that you have it correctly configured, to prevent unauthorised use or network access, and that you are [[securing_your_devices#install_software_updates_promptly|running up to date software]], to mitigate newly-discovered bugs and security vulnerabilities. Using a VPN server which no longer receives security patches, or gets them only very slowly, is a very bad idea.
 ====Test your VPN before you rely on it====
 As with any major configuration change, test it before you rely on it.
+Ideally, you would test that the traffic going across the VPN connection is encrypted. However, unless you are knowledgeable enough to use WireShark, or have someone to hand who can do so, that's going to be difficult.
+If nothing else, visit an IP address checker before you connect to the VPN, and then again afterwards: you should see a different IP address.
+If you do not have a preferred IP address checker, you can use [[https://ipv4.neilzone.co.uk|ipv4.neilzone.co.uk]].
+If you know you have an [[https://en.wikipedia.org/wiki/IPv6|IPv6 address]], either on the local network or else because of your VPN, or you want to see if you do, you can use [[https://ipv6.neilzone.co.uk|ipv6.neilzone.co.uk]] to check it. If this page does not load, it means you do not have an IPv6 address.
+(Neither of these sites log connection requests.)
@@ Line 95: / Line 113: @@
 It's very easy to set up a VPN service, and it's very easy to make fake promises on a website, so do your due diligence correctly, if you are concerned about the third party VPN operator seeing, logging, or interfering with, your traffic.
+There is what appears to be a substantial review of third party VPN services on [[https://thewirecutter.com/reviews/best-vpn-service/|The Wirecutter]].