How to set up simple VPN for secure Internet connections over unencrypted Wi-Fi?
I recently moved into an apartment where the complex provides free unencrypted Wi-Fi. The speed is good for my purposes, but I'm not 100% comfortable with all my traffic being sent in the clear, given that I'll be living here for a while.
I'd like to set up a VPN so that I can surf on the Internet and keep all my traffic confidential from any potential eavesdroppers in the neighborhood, or even the network administrators. My main concern is confidentiality of the content I send and receive, but if it's not too big a hassle I'd like to keep metadata (like IP addresses and domains that I'm connecting to and what protocols/ports I'm using) confidential as well.
A friend of mine will let me set up a computer over at his house and letting me be the DMZ on his router. I have a spare laptop I don't use anymore; it's currently running Ubuntu, but I can install pretty much any OS on it. I'm running Ubuntu 9.04 64-bit on my main computer (the client).
What do I need to install and configure on my spare computer at the friend's house? What would I need to install and configure on my main computer that I'll be using on an unsecure network? I was looking at OpenVPN, but the documentation seemed a bit confusing to me.
Solution 1:
I had the same dilemma and I ended up just learning how to set up OpenVPN. It's actually quite simple once you dig in. You're right, the documentation can be a bit obtuse. Below is the howto I referred to when I set it up for the first time. Afterwards, I was able to set it up by hand without a howto on a CentOS server.
This one is for Debian, but it's pretty similar: http://howto.landure.fr/gnu-linux/debian-4-0-etch-en/install-and-setup-openvpn-on-debian-4-0-etch
Solution 2:
The setup you're describing seems to me as being over-complex and prone to problems.
Why don't you look at free VPN solutions such as Hotspot Shield or HTTP-Tunnel Client.
Here is some text from the later:
HTTP-Tunnel acts as a socks server, allowing you to use your Internet applications safely despite restrictive firewalls and/or you not be monitored at work, school, goverment and gives you a extra layer of protection against hackers, spyware, ID theft's with our encryption.
Help and guides for HTTP-Tunnel Client are here.
I also note that higher-speed connections are also available, but for monthly fee.
Solution 3:
SSH port forwarding might be suitable. The software setup is simpler, works through both Windows and Linux clients, and such. However, you'll need to forward each port you use.
Solution 4:
Dynamic SSH port forwarding will be suitable. For Windows there is a free SSH server called FreeSSHd. It can be configured tunnel only. And on the client side, you can connect to the server with dynamic port forwarding options. There is foxy-proxy add-on for Firefox which is extremely configurable, and WireCap for making everything on the system to use the SOCKS proxy.