PDA

View Full Version : Looking for a VPN guru



Tony Zona
04-01-2017, 8:19 PM
Do any of you have a VPN to recommend? Friends and I were talking about it over coffee today.

One asked a question I cannot answer: Is the first leg of your trip through your ISP to a VPN secure, in light of allowing ISPs toy with your browsing habits?

How can a VPN be secure if you have to use the internet to get VPN keys? And when your packets pop out the other end at your destination, are they in the open again?

How much do VPNs slow your browsing, and movies?

Any gurus here?

Mike Henderson
04-01-2017, 9:06 PM
I'm not a guru but I know a small amount about VPNs. You sign up with a VPN provider. When you connect to that VPN provider, you and the VPN provider negotiate an encryption key using public key technology. This is the same thing that happens when you go to a secure web site, such as your bank (see https (https://en.wikipedia.org/wiki/HTTPS), also see here (https://en.wikipedia.org/wiki/Transport_Layer_Security)). Google now defaults to a secure connection.

Using that public key exchange, you receive an encryption key for a standard symmetric encryption technology, such as AES-25 (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)6. From then on, all of your packets are sent to the VPN provider and they are encrypted with that symmetric key. The VPN provider decrypts the packets you sent (inside the packet you sent to the VPN provider) and those packets are sent to the final destination.

The return is essentially the same. Data from a web site that you connected to is sent to the VPN provider (it actually looks like the VPN provider is the entity connecting to the web site) and those packets are encrypted and sent to your computer.

The problem with this whole system is the security of the VPN provider. The encryption is essentially unbreakable. But if the VPN provider is hacked, the hacker can see your data.

Truth is that most of us don't have data that's important enough for someone to hack, and a VPN allows you to surf from public networks a lot safer than not using a VPN.

If you are using a VPN, all your ISP can see is that you're connected to the VPN provider - they can't see what's inside the packets.

Mike

[So what's the difference between using https and a VPN? Since google uses https, your ISP can see that you are going to Google because of the IP address but they can't see what the subject matter of your search is. With a VPN, your ISP can't even see that you're doing a google search.]

Curt Harms
04-02-2017, 9:25 AM
I spend quite a bit of time on open public internet so looked into VPNs and ended up with Private Internet Access (https://www.privateinternetaccess.com/). I'm happy with it. One of my criteria was that the VPN provider had to work with Linux O.S.s. I haven't noticed any significant slowdown while watching youtube type videos and that sort of thing. The price is very good, around $40 per year and there's no monthly data limit. The most common complaint about Private Internet Access seems to be a basic user interface. An all-singing all-dancing user interface has more lines of code and more opportunities for coding oopsies. Simple but well designed works for me. Some users prefer VPN and cloud providers based in European countries with strong data privacy laws. PIA is based in the U.S. if that matters to you.

It is possible to install a router using 3rd party firmware (DD-WRT is one I'm familiar with) where you can set up your own VPN server and have full control over your network. The cost there is the skill/knowledge for set up and configuration.

John McClanahan
04-02-2017, 10:04 AM
Thanks, Mike, I have a better understanding of VPN now.


John

Tony Zona
04-02-2017, 10:07 AM
Thanks, guys. You're giving me a bunch of stuff to look into and very good background. I really appreciate this.

Mike Henderson
04-02-2017, 11:07 AM
There are people who provide free VPN. But, of course, they have to pay for the equipment they use to provide you the VPN service. How do they do that? They monitor your browsing habits and sell the data (since they decrypt your data, they have a good view of it). There's no free lunch.

Mike

lee cox
04-02-2017, 6:17 PM
VPN is encrypted point to point. Generally it is used for Corporation's traffic. It is also used out of Country. There is a lot of baggage which goes with using it. It is best used if you can get chip support for the encryption otherwise it can be slow.

Mike Henderson
04-02-2017, 7:11 PM
VPN is encrypted point to point. Generally it is used for Corporation's traffic. It is also used out of Country. There is a lot of baggage which goes with using it. It is best used if you can get chip support for the encryption otherwise it can be slow.

Encrypting data traffic is not much of a load on a modern computer. When you go to secure website (https) all of the data is encrypted through software and I'll bet you never noticed slower response on your Google searches.

Mike

lee cox
04-02-2017, 11:28 PM
I agree one web page is not much load. It depends on how much data traffic and the encryption level. The higher the level of encryption the more load.

Mike Henderson
04-06-2017, 10:13 PM
Here's (https://www.nytimes.com/2017/04/05/technology/personaltech/vpn-internet-security.html?em_pos=large&emc=edit_ct_20170406&nl=technology&nlid=33169574&ref=headline&te=1)a good article on VPNs.

Mike

Tony Zona
04-06-2017, 10:33 PM
I agree, Mike. Thanks.

Adam Cruea
04-23-2017, 12:02 AM
If you're still looking for a VPN provider, let me know.

I've got an 80M/80M internet connect and am running pfSense as a firewall. I have VPN tunnels set up for IPSec mobile clients (think iPhone/Android, but valid for anything really) and could easily set up OpenVPN, or if you have an IPSec client I can set up another group that'll allow you to browse the web.

You're in the US, though. There's not really much you're going to get out of a VPN necessarily unless you're just looking to avoid your specific IP because they've nibbed into your traffic too much.

With that said, there are government agencies not far down the road from me with the horsepower available that a VPN would be a mere annoyance for them to break.