Hi Dane, I have some initial questions in relation to your original post about VPN's for the Mac. Be aware, I might go technical on you since I used to support IPSec tunnels in my forma job.
1. Is the first 2 options a point to point VPN or uses a middle server? That is: A point to point VPN goes from PC a directly to PC B. The other method is PC a goes to server then PC B. 2. The third option is this a dedicated router with VPN support. So you can use a VPN client to connect to externally from your home? 3. Have you looked at clients which establish a point to point connection? The remaining part of the email is to go into more depth about VPN's for those people who want to know more. Now for the common technologies of VPN's that are available. All of these are Point to POint which are the most secure. If you do not control the whole VPN configuration. Then you could have security issues present. That is, if you have to use a middle server to establish the VPN. The traffic gets encrypted on your PC. Decrypted on the server and then encrypted again to be sent to the end remote pc. Since all the VPN technology I know of is point to point based. if this is incorrect, please direct me to documentation such as RFC's, etc explaining how they achieve this. Point to Point (PPP) is a VPN that establishes a tunnel between 2 devices without having any third device in between. Regard a tunnel like a box within a box. The outer box is the VPN tunnel. The postal system sees the address where it goes and sends it on. But it isn't aware of the content within. The person who receives the outer box opens it to gain access to the internal box. Some common Point to POint protocols are: 1. SSH. SSH stands for secure shell protocol which is based upon TCP 22. You can configure your Mac to use this protocol to send data across to another machine. All data within the SSH connection is encrypted. The biggest problem with SSH is it can be tricky for new users to configure. Basically you are using a Proxy to redirect the traffic into the tunnel. I haven't configured it on the MAC. But have done it on Linux many years ago. 2. SSL based VPNs. These VPN's come in a variety of packages. OpenVPN was the last client I used. It use's TCP port 433 which is the same port for HTTPS traffic. In fact, it is the same technology. Once again, you can connect this directly between 2 pc's. 3. IPSec which is a part of the Mac. This is regarded to be the best VPN technology but can be the most complex to configure depending on your OS. Mac uses Cisco code to support IPSec. I use it for work and it is within the options of your system preferences. IPSec can either go into a concentrator which groups many IPSec tunnels together or between 2 devices. The Cisco IPSec on the IOS os platform is accessible as well. No cost, but some knowledge. 4. L2tp - stands for layer 2 tunnel protocol. I am not fully up to speed on this technology. But it allows you to have other VPN protocols within to give you more flexibility. The key thing you have to understand with VPN's is that you can use a password or certificates. Certificates are regarded as the most secure method. I shall not go into any more depth on this since there is many different type. The certificate is used to validate the connection of the tunnel plus is involved with the encryption. So I would be interested in the technologies you mention Dane if they use passwords or certificates. The other point I have to raise is UDP tunnels such as IPSec are regarded a better transport mechanism then TCP based. UDP basically means best effort. TcP means that you are garrentee for your data to arrive. The reason why UDP is regarded a better method is for security. If the packet is lost, you don't want it to be sent again in case of hackers trying to break the tunnel. It is the responsibility of the internal traffic to handle error correction if being used. Majority of domestic routers that I have used support VPN. Most of them use IPSec over the other technologies I have mention. For those who are thinking of using VPN's. I would firstly suggest you find some docs on what is natively available on the MAc before using any third party product. This will save you money and you have a better understanding on how it is all setup. Also the other suggestion is that point to point is the best method. Might be more complex, but is far better then using other methods. My 2 cents worth. Sean On 05/03/2012, at 5:41 AM, Lyn & her faithful furry friends wrote: > Hi Dane, > > Thanks very much for this very interesting email. I am indeed thinking of > using VPN but was not sure which way to go. I am keeping your email for > reference. Again, thanks for these very detailed explanations. > > Lyn, Canelle & Epi > > On Mar 4, 2012, at 6:52 PM, Dane Trethowan wrote: > >> Hi everyone! >> >> I've now been using VPN with a variety of operating systems for 4 months now >> including Mac and IOS, I have some observations and comments I think worth >> sharing for reference just in case anyone wants to get into this game. >> >> Firstly a short description as to what VPN actually is, in short a "Virtual >> Private Network" is a direct secure tunnel over the Internet between point A >> - yourself - and point B - say your office -. >> >> Many forms of VPN exist from the very simple form which can be accessed >> without charge to what would seem to me to be the absurdly and ridiculously >> complex that even the best tech heads would have trouble getting there heads >> around. >> >> I offer 3 solutions which - in my experience with 2 of these - offer the >> best flexibility for most needs, the third solution detailed here is >> probably the best all round solution and the most practical if you want to >> do your VPN properly. >> >> The first and easiest VPN solution I found is "Hotspot Shield", works >> extremely well on the Mac through your browser though it would seem that >> changing country is a problem so if anyone has any feedback on that then I'd >> be most interested. >> >> "Hotspot Shield" Is as simple as installing the client and that's all there >> is to it. >> >> I recommend the paid version of "Hotspot Shield" which cuts out advertising >> and gives you unlimited VPN acces, you can set up the shield so it starts >> with your Mac and connects to the VPN automatically if you prefer and you >> can quit the Shield by running the "Hotspot Shield" and selecting >> "Disconnect" in the Safari Window. >> >> So now to IOS and here we can easily take VPN to a whole and amazing new >> level and yet everything is still straight forward. >> >> For IOS I found the best VPN offering to be Witopia at >> <http://www.witopia.net> which offer a yearly plan with everything you need >> including unlimited band width for $65.00 American dollars. >> >> If I had my way I'd use Witopia for all my operating systems however their >> SSL installation clients - whilst logical - aren't accessible it seems and >> they're more of a pain in the bum than anything else. Installing Witopia on >> an IOS device however is a piece of cake, just select VPN from "Settings", >> select "Ad New Configuration", type in details such as server, User Name and >> Password and you're away. >> >> Witopia has servers in many countries so you may wish to take advantage of >> this with your IOS device and create multiple VPN configuration profiles >> thus allowing you to choose which server is more appropriate for your needs >> at the time, for example you'd want to choose a server in the U.S. when >> listening to radio or watching TV from the states. >> >> And so to the third and final option which is the most practical and that is >> the Cloakbox from Witopia. >> >> This is in fact a wireless router with all your VPN settings configured for >> you so all you have to do is install, select traffic to go through your >> Cloakbox and relax, you can change server at will easily. >> >> So why can't I get this option? Simply because Witopia won't ship to >> Australia though given time I'm sure I can find a way around that. >> >> This email has been very general in the descriptions I've given and I've not >> attempted to give the topic of VPN a full wrap as I'd be here all night >> <smile>. >> >> >> <--- Mac Access At Mac Access Dot Net ---> >> >> To reply to this post, please address your message to >> [email protected] >> >> You can find an archive of all messages posted to the Mac-Access forum at >> either the list's own dedicated web archive: >> <http://mail.tft-bbs.co.uk/pipermail/mac-access/index.html> >> or at the public Mail Archive: >> <http://www.mail-archive.com/[email protected]/>. >> Subscribe to the list's RSS feed from: >> <http://www.mail-archive.com/[email protected]/maillist.xml> >> >> The Mac-Access mailing list is guaranteed malware, spyware, Trojan, virus >> and worm-free! >> >> Please remember to update your membership options periodically by visiting >> the list website at: >> <http://mail.tft-bbs.co.uk/mailman/listinfo/mac-access/options/> > > ********** > You can contact me in the following ways: > email: > [email protected] > msn: > [email protected] > skype: > micky-mac2010 > facebook: > www.facebook.com/lyn.bordeaux33 > Please say who you are if asking to share details, thank you. > > <--- Mac Access At Mac Access Dot Net ---> > > To reply to this post, please address your message to > [email protected] > > You can find an archive of all messages posted to the Mac-Access forum at > either the list's own dedicated web archive: > <http://mail.tft-bbs.co.uk/pipermail/mac-access/index.html> > or at the public Mail Archive: > <http://www.mail-archive.com/[email protected]/>. > Subscribe to the list's RSS feed from: > <http://www.mail-archive.com/[email protected]/maillist.xml> > > The Mac-Access mailing list is guaranteed malware, spyware, Trojan, virus and > worm-free! > > Please remember to update your membership options periodically by visiting > the list website at: > <http://mail.tft-bbs.co.uk/mailman/listinfo/mac-access/options/> <--- Mac Access At Mac Access Dot Net ---> To reply to this post, please address your message to [email protected] You can find an archive of all messages posted to the Mac-Access forum at either the list's own dedicated web archive: <http://mail.tft-bbs.co.uk/pipermail/mac-access/index.html> or at the public Mail Archive: <http://www.mail-archive.com/[email protected]/>. Subscribe to the list's RSS feed from: <http://www.mail-archive.com/[email protected]/maillist.xml> The Mac-Access mailing list is guaranteed malware, spyware, Trojan, virus and worm-free! Please remember to update your membership options periodically by visiting the list website at: <http://mail.tft-bbs.co.uk/mailman/listinfo/mac-access/options/>
