JDPFu.com 2025

Assume your network connection is hijacked

There are many, many attacks when you join public, hotel, coffee shop networks. Only the use of a VPN makes all these attacks completely worthless to the attacker. They may still have all your traffic, even SSL traffic, but it is worthless to them. There is almost no way to know if your connection has been hijacked in these networks. I assume it has.

Just Because You Can Doesn’t Mean You Should

There are lots of times that we CAN do things. That doesn’t mean that we SHOULD do them. For example, anytime you use a network, you are completely trusting that network provider to secure your traffic. I can see trusting your DSL or other broadband ISP. There isn’t any choice and 15 yrs has built a track record of trust. When you drop into a coffee shop that offers free wifi – how much trust do they really deserve for your traffic? Seriously. The guy probably has a $80/month DSL connection and runs an open wifi using a $20 router just like you do at home. Trivial to hack, especially from the inside. If it is trivial to hack, then someone will and they will capture all interesting packets – login/password, for example. With network traffic scanning, you can’t really tell they are doing it anymore than than most of us can tell when our credit card information is stolen at a restaurant or fueling station.

Steps To Running Your Own VPN

1. Install and configure the VPN on a PC
2. Exchange Private 1024-2048-bit Keys between the server and your client
3. Setup DNS resolution for your HOME Computer
4. Open the specific single port to your home VPN server
   Happy VPN’ing.

VPN Choices

There are lots of VPNs that can be run. You want the choose the simplest one that works with all your client machines. If you have Windows on a laptop, almost any VPN you select will just work. If you have a smart phone, your choices will be fewer, but still possible.

Popular, secure, Free VPN choices are:

• OpenVPN – can be complex to setup, but many medium sized businesses use this.
• Microsoft PPTP – less secure and should never be used for a business, but fine for home use
• Adito – I use this. Requires Java on the client.
• eBox, pfSense, and other all-in-one distributions
• ssh – the fast, dirty, secure way with minimal setup; I use this too
• many, many others based on Linux

DNS Setup

There is nothing special about the DNS setup for VPN. It is the same as for web, email, and other internet sites. You can get a free subdomain from many DNS services – I have a dyndns.org free domain that I’ve been using since 1998. It works with DHCP internet addresses too. Basically, DNS is how you find YOUR home network from anywhere on the internet. It is the phone-book for internet servers and converts names like google.com into IP addresses like … 74.125.67.106. That is a real address for google.com based on my location.

Open the Single VPN Port

After you setup everything else and have exchanged keys between your client and server. It is time to test the connection internally, not using DNS. If that doesn’t work, fix whatever is broken. When everything does work, open the specific port that you selected AND configured on your router to the machine running the VPN server. Now, access the VPN using the DNS name. Working? You aren’t done yet, you haven’t tested it completely yet. You still need to got outside your network and test it. Visit a local coffee shop or McDonalds or some other friendly location, like a neighbor’s home. I suspect your work network will be locked down so VPNs do not work, but you can try that too.

There you are – a running VPN that you can access from almost anywhere in the world with internet access.

Why Almost Any Network?

Well, when you run a network, you can limit the traffic on it. That means you can prevent some ports that you have no use for OR that you specifically do not want. Allowing VPN traffic inside a company network isn’t usually a good idea since network guests could use this to steal proprietary company data and the firewall, proxy, and other network monitoring tools wouldn’t be able to see it. It is also a way to bring into the network dangerous data and software. Blocking external VPN traffic is normal for a business LAN

If you are at a hotel or public internet hotspot, your VPN should work perfectly. If it doesn’t, do not access the network from that location. Blocking VPN traffic is not a standard setup and it means that location specifically wants to see all your traffic. You, specifically, do not want them to have access to your traffic. Don’t use those networks, period.

Good luck and be careful out there.