OpenVPN is good. Clients for Windows, Linux, and MacOS exist. Configuration can be done via X.509 certs as well as username/password authentication (or hey, if you're paranoid, both).
It's more secure than Microsoft's PPTP, and it's faster than Tor. I do recommend you start here, it's the one I started off with. http://www.thebakershome.net/openvpn_tutorial Proto should be TCP... and heck, use TAP0 (Ethernet Bridging). It uses X.509 Certs, but if you look around there are configurations for Username/Password. --R > Here's what I'm thinking. I want a VPN box (likely Ubuntu and SSH based) > between my cable modem and my router. Any of my trusted machines run > over open wireless or cat5 to the router and are configured to connect > to the VPN. Then any connections over the open wireless or a tor exit > node get logged (both CYA and traffic snooping) and go out to the > internet. > > Goal is to explore the networking side of IT a little more, help my > paranoid bretheren with Tor, and learn how to build a system that can > safely function in a hostile environment. > > Depending on my mood I may also get a little grey-hat and see if > anything interesting is coming through the unsecured wireless and Tor. > > Some questions: > 1. Recommendations for a distro and VPN software for the VPN box? I'm > most comfortable with Ubuntu, but I'm open to other options. Obviously > the most common and easiest to configure VPN option wins. > 2. How can I prevent the open connections from the outside from getting > inside? I'm open to sharing my bandwidth, but I want to keep people from > peeing in my pool. > 3. How can I throttle (simple bandwidth cap) the unsecured traffic? The > day will come when I decide to find out how far I can push Comcast, it > will be the same day I decide to sign up for FiOS. > 4. How can I give secured traffic priority over unsecured traffic? I.E. > my ISO downloads come down BEFORE the tor node gets to myspace. > 5. How can I readily configure my own Linux boxes, my wifes Mac, and any > of my guests computers to connect to the VPN? Machines that regularly > use the network should autoconfgure. > 6. Any suggestions for dynamic DNS services? > 7. How can I sanely manage the logs for the open connections? Following > Bruce Scheiers idea of having an open wireless router is interesting, > but I would prefer a more reliable way of covering my ass. > > _______________________________________________ Fwlug mailing list [email protected] http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
