How secure is a VPN connection over WiFi?
I travel a lot and connect to public wifi hotspots all the time. What information will be given out if I use VPN within public wifi hotspots? Will the owners or intruders in the hotspot be able to detect the websites I go to (DNS lookups, Traffic sniffing)?
In other words, will using a VPN totally keep my browsing private and secure my traffic from being detected? Are there any gotchas I need to keep an eye out for?
Solution 1:
A decent VPN - you tagged "openVPN" which is one - very safe - assuming you tunnel all traffic (including DNS) over it!
Solution 2:
It depends on the VPN client. At the very minimum they will know you are making a VPN connection and the server you are connecting to.
If you ignore the possibility of bugs in the VPN or new discoveries in cracking the crypto used. Then a proper configuration of a VPN should be able to completely hide your activities.
To completely hide your tracks you need to make sure your default gateway is over the VPN, and you are using DNS servers that are only accessible via your VPN.
Solution 3:
Well. First of all VPN can only protect you when you're using it (so you route the traffic through it, have NAT etc.).
Secondly VPN should encrypt securely the traffic. While it seems trivial in many home-grown solutions it was done in wrong way (problems with initialization etc.) [VPN should be protected from playback and injection, usually support out-of-order delivery etc.]
The secure one includes:
- OpenVPN
- Various based on IPSec (like L2TP/IPSec)/IPSec tunnel mode.
- SSH
To insecure belongs
- Crude L2TP
- IPv4-in-IPv4