Part One: Introduction
It’s been a while since my last blog entry, and I’ve decided to catch you up on some of the projects that I’ve been working on in my home lab. This next series of posts is going to revolve around the do-it-yourself home VPN.What is a VPN, or virtual private network?
“A VPN is a communications environment in which access is controlled to permit peer connections only within a defined community of interest, and is constructed though some form of partitioning of a common underlying communications medium, where this underlying communications medium provides services to the network on a nonexclusive basis [1].”
In essence, a VPN is private and controlled network communication over a non-private medium - the Internet.
Please note: I am not an expert, nor am I offering professional advice. I am not recommending one method over another. These posts are purely for educational purposes, and should not be considered as a substitute for proper research and testing - especially when it involves security. I enjoy experimenting in my home lab, and these posts are part of an effort to share and give back to the community. These are my opinions and thoughts, and do not necessarily represent those of any business or organization that I am affiliated with.
Why do I need a VPN?
Well, I can’t say that I “need” a VPN, but I built one mainly for these reasons: 1) it is nice to have, and possibly one of those things that may come in handy when you least expect it, and 2) it’s a good way to learn and practice.
What did I hope to accomplish?
I wanted the ability to securely access any device on my home network from a remote location (i.e. hotel room, the office, my mobile, and so on) as if I was connected locally.
Where to begin?
There are many products, both free and commercial, as well as open and closed source, that enable varying degrees of remote access for the home user. The capabilities vary from simply being able to access your desktop remotely, to having complete and regulated access on your home network. Some solutions are intrusive, requiring that non-standard applications be installed on the devices you wish to access, or it could involve a separate device that is used to regulate access on your network.
While there are many good methods documented on the Internet - some of which I will refer to - I will be writing these articles from the perspective of a Mac OS X user, although the concepts span operating systems.
Why OpenVPN?
Initially, I experimented with a product that is free for non-commercial users. It was very easy to set-up and use. I had no challenge enabling remote access to my computer, and I didn’t need to make any special changes to my Internet router. It worked well. This type of solution may be perfectly viable for some users; however, I didn’t love the idea of installing non-standard proprietary software on my computer and then enabling remote access to it.
Next, I setup a VPN using PPTP on my older Linksys router running DD-WRT. This was also very easy to setup and use. However, I had some concerns about the strength of the security, and after doing some investigating [2][3] decided to pursue a method such as IPSec or OpenVPN instead.
I am a strong proponent of using open source when it makes business sense. I feel that this type of transparency can 1) allay some of the fear that a vendor (or a rogue programmer) has left open back doors in the code, 2) may eliminate vendor lock-in, and 3) breeds healthy competition and code review. Now, some might argue that this very transparency could be used to find and exploit weaknesses; however, in my opinion, when a community is reviewing and contributing to the code, it is more likely that bugs and exploits will be fixed, and all will benefit. At the same time, exploits become public, so as a side point this also highlights one importance of regular security patching.
Even though not as well supported by industry devices as IPSec, I chose OpenVPN as an open source alternative for my home lab.
the DIY home VPN experiment series:
As noted, this will be an evolving series of posts based on the do-it-yourself home VPN.
the DIY home VPN experiment series:
- Introduction.
- Generating a PKI (Public Key Infrastructure) for my OpenVPN.
- My Virtualized OpenVPN Server.
- Deploying OpenVPN using CentOS on a Raspberry Pi.
Be sure to follow me to receive updates when more posts in this series become available. If you like this article, please share it with others.
References
[1]P. Ferguson and Huston, Geoff, “What Is a VPN? - Part I - The Internet Protocol Journal - Volume 1, No. 1 - Cisco Systems.” [Online]. Available: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1–1/what_is_a_vpn.html. [Accessed: 30-Dec–2013].
[2]D. Walker-Morgan, “Microsoft says don’t use PPTP and MS-CHAP - The H Security: News and Features,” 22-Aug–2012. [Online]. Available: http://www.h-online.com/security/news/item/Microsoft-says-don-t-use-PPTP-and-MS-CHAP–1672257.html. [Accessed: 31-Dec–2013].
[3]Microsoft, “Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure,” Security TechCenter, 20-Aug–2012. [Online]. Available: http://technet.microsoft.com/en-us/security/advisory/2743314. [Accessed: 31-Dec–2013].
No comments:
Post a Comment