Skip to main content
Topic: Personal VPN service (Read 1079 times) previous topic - next topic

Personal VPN service

Last week we started a month's stay at a RV campground near Fort Myers FL.  The park has free wifi and I got my router setup with internet access with no issues or so I thought.  It seems like I could access any website on the whole web except Foreforums!  That was a real bummer and I was not a happy camper.  I may not post alot but I pretty much read everything so I was having some withdrawal issues.

Steve came to my rescue as I had an old email I used to contact him.  To make a long story short, Steve worked with me quite a bit to narrow down what the problem was.  For some strange reason, which was never explained by Comcast (the park wifi/internet provider) the Foreforum server IP was blocked.  Comcast determined that the Foreforum website was not evil or illegal or whatever and finally unblocked it.  So, here is another shoutout to Steve and Michelle for the great website that they so capably and professionally and tirelessly support!  ^.^d

Now to the point of this post.  Prior to the issue described above I was thinking about getting a personal VPN service for security purposes.  Specifically this one from Providers of personal VPN services for online privacy, data security, and using OpenVPN (SSL). And now it occurred to me that a VPN service like Witopia would also prevent any local access problems on park wifi systems like the one I just muddled thru.  It seems like cheap security for $70/yr.

So,  does anyone out there have a VPN service and would like to share their experiences? 
The selected media item is not currently available.

Mark & Mary Benko
Former coach: 2005 U295 3823
Jeep Cherokee, Honda Fit

Re: Personal VPN service

Reply #1
Quote from: Mark Benko –
So,  does anyone out there have a VPN service and would like to share their experiences?

I could write a book about VPN problems... mostly revolving around stupid/ignorant/incompetent systems administrators running Internet Service Providers (ISPs). And it's by no means limited to the smaller ISPs either.

OpenVPN is, in my own professional opinion, the best choice. It's by far the most stable VPN system we have used although it can be somewhat puzzling to configure. OpenVPN offers several configurations, however, including a simple shared-password setup. So if they're offering that, then it's a big plus.

The downside to a VPN is that systems administrators can block them pretty easily. One provider, which blankets much of the PNW in rural communities, has an administrator who insists that he can put servers up with IP addresses like 192.168.1.1 on our WAN because it's *his* LAN. This required us to re-configure the LAN in the headquarters of a client that had VPNs to 5 locations spread over 200 miles.

We have also discovered that administrators block port 500 which is used for VPNs; mostly out of ignorance that their customers may be using that port for legitimate business purposes. Or they could block any other port they consider "suspicious".

Then, of course, you could find that some admin type might simply decide that the VPN provider you connect to is suspect and block any access to that.

The use of a VPN can keep your network connections private and stop some "man in the middle" from snooping your passwords; but SSL does that too and any web site with the prefix "https" is using that. This would include your bank, credit union, and usually shopping sites where you'd use a credit card.

The biggest downside to using a "personal" VPN is that, at some point, your packets have to go out on the Internet in a normal fashion; in this case, from the provider of the personal VPN service. So you only have a VPN between your computer and this provider; everything from there on is either "in the clear" or over an encrypted connection you could do at your own computer just as easily.

But a VPN between your laptop and your office or home network would be a good idea, in my opinion. You could be using your own server - set up at your home or office location - as a VPN server and then connect to your file server with confidence that no one is snooping. This would be a good way to do business email, strategy planning, etc. But it would only be useful for internal use. It would be your own "cloud". Linux is especially good for such purposes. But any connection to outside sites like Amazon or your bank would still go outside the LAN and therefore be out on the Internet with everything that implies.

Craig
1993 U225 36' Unihome GV with PACBRAKE exhaust retarder, Banks Stinger and Solar Panels.
Toad: 1999 Jeep Wrangler 2-door soft-top.

"No one has ever had to evacuate a city because the solar panels broke."

Re: Personal VPN service

Reply #2
Quote from: Mark Benko –

 And now it occurred to me that a VPN service like Witopia would also prevent any local access problems on park wifi systems like the one I just muddled thru.  It seems like cheap security for $70/yr.


Disclaimer:  I am talking about WIFI, not connections via cellular systems.

I have a device from Ubiquiti(an Customer Premise Equipment manufacture), their Bullet2HP 
Ubiquiti Networks, Inc.
that can be configured as a router or bridge, station or access point.
Power over ethernet, 1000 mw with an 8db omnidirectional antenna.

Phew, techie stuff almost over with!!

I configured the Bullet as a 'station' which connects to the park's access point and uses DHCP to get its external (the parks) external  IP address. 
I have also configured the device as a 'router' so I can assign my own IP address to the inside network. The ethernet cable from the Bullet is then connected as the WAN connection to a Linksys home router for the coach.

Then when I drive up to a park, I tap the Bullet on the shoulder using my computer (because it and the computer are connected to MY wireless router) and ask it to scan for access points. I'll ask the Bullet to connect to the camp's wireless network and away I go.

Implications of this arrangement:
1) I don't have to change any IP addresses on the coach. All my devices continue to talk to my router.
2) I don't have any of my devices on IP subnets controlled by the campground. They are behind two NAT boxes and aren't addressable from the outside.
3) The range of the device is better than a mile (does need line of sight).

VPN: I do use one through Texas A&M most of the time (kinda belt and suspenders).

Cost: I got the Bullet because I wanted to play with omnidirectional.
  Bullet          $79
  Power over ethernet injector $9
  Antenna    $40

Ubiquiti makes another device, LocoNano2, that has a built-in 60 degree antenna and the same software for $49 that is easy to use if you are sited such that you can point it toward the Access Point. I used one all over while we were on the boat.

More than you wanted to know I'm sure.

hth

Elliott & Mary Bray
ex. 1996 36' U295 - Build 4879
ex. 2018 Coachmen Leprechaun 319MB
 

Re: Personal VPN service

Reply #3
Craig - thanks for all the info.  I did contact Witopia to see how they would handle a sys admin who blocked the usual ports for VPN.  They said that their software allows for creating custom configs via dropdowns/point/click and that their 24x7 support would work with me if I encountered that situation.  I'm not sure how often that problem would occur or if the extra work would be worth it for a short stay.  I'd just limit my internet activity to surfing for news and foreforums of course.

I'm really just interested in the security at the park/hotspot wifi end.  I'm no expert but I'm not too worried about my data as it leaves the VPN provider's data center and out over an actual internet backbone link. I think that it would take some serious professional sniffing to mine data on those links.  But thank you for the real world experience - I was thinking that a VPN would be complete solution for security at the park end but it looks like it has its limitations as well.

Elliott - I am just starting to build my wifi system so I appreciate the info on your setup.  I have a wifiRanger for a router and am now looking for a bullet like device or Rogue Wave that Brett has along with a good antenna.  Just trying to figure out the best way to do this.
The selected media item is not currently available.

Mark & Mary Benko
Former coach: 2005 U295 3823
Jeep Cherokee, Honda Fit

Re: Personal VPN service

Reply #4
I've found the Engenius antenna/amp to be superb and durable.  It comes with a plate antenna inside its weatherproof housing though you can connect a variety of external antennas to it.  The standard antenna has outperformed external antennas for us.  Doing a site survey in town, when this thing lights up we typically see dozens of hotspots compared to a couple with just an antenna.  I'll probably mount one on the batwing mast. 
"Not so  long ago we were a nation of risk takers, riding five million pounds of  thrust straight into space."  Joe Gresh
Chuck Pearson
1996 U295
2018 Can Am X3 TurboRS