Is OPEN VPN right for me?

[furface00]

Hi All,

I am new to VPN. Recently I was reading an article on how to better secure a WiFi connection in a public area and the author made this comment:
"If you have access to a business or corporate VPN, you should make use of it. A Virtual Private Network (VPN) offers you a secure way to communicate with your home or work’s network. This will add another layer of encryption your network traffic and make it, in all practicality, impossible for anyone to see the network traffic that you are sending over the air. You can also use services such as OpenVPN and HotSpot VPN if you don’t have a VPN available at work. These will safely encrypt your wireless network traffic."
I am planning on traveling in my RV next year. I have a new laptop running windows 7 home premium. Almost every RV park has WiFi available and it is wide open to the public. To make my use of banking, email, and business correspondence, is there a way to use OPEN VPN and make my connection secure.

I do not have a home network, however I do have a wireless VPN router for communication with one of my business accounts.

Thanks for your help.

David

[krzee]

It can definitely be used for that. But to do so you need an openvpn server out there on the internet (or pay for a vpn service)

[simon]

Openvpn gives you, essentially, a secure SSL point to point network, so you can securely communicate with your home/work PC's from a public remote location. In your specific situation I do not think using a VPN is the solution as you're talking about general web browsing etc. When using public hotspots you should ensure that all of your sensitive data is encrypted, i.e. your email connection is over ssl/tls so your username/password is not sent in clear text over the radio waves. Also ensure that all your internet banking etc is done over https so it is encrypted. In this situation using WPA does not give you much more security as you still do not know who is listening in on your internet traffic.

A public wifi area is by definition unsecure and you should treat it as if there is someone listening to your every conversation and make sure that all your private communications are encrypted using SSL (either through a VPN, or HTTPS connection), TLS, SSH or somesuch.

Does this answer your question ?

[furface00]

Hi,

Thanks for your replies.

What is required to have an openVPN server, and how would this work in my situation? When on a public WiFi, would I simply go to my openVPN server and than do my banking, email and business data exchange?

David

[somms]

Hi,

Thanks for your replies.

What is required to have an openVPN server, and how would this work in my situation? When on a public WiFi, would I simply go to my openVPN server and than do my banking, email and business data exchange?

David

It can be run on something as simple as a wireless router running custom OpenVPN ready firmware like I do: viewtopic.php?f=13&t=7049

Or you can use a dedicated PC...your choice! Either way your wireless data will be encrytped w/OpenVPN all the way back to the server running OpenVPN...

[krzee]

furface00,
note, somms is talking about having a router or server setup at a pre-designated spot, it is not something that travels with you. Basically your VPN is a secure, virtual network cable from your insecure wireless to your server... then (with this type of setup) your connection can leave as normal from the server, instead of from the insecure wireless you are using.

somms,
nice post in bragging rights

[Douglas]

openvpn is right for everybody!

it can certainly do as you want

[furface00]

If I am understanding this correctly, I wold have the Open VPN Server on my home computer, and Open VPN on my laptop. I am going to bridge from my wireless laptop to my home computer and than out to the internet in a relative secure environment.
Now this may seem like a dumb question but does this require that my home computer must always be powered up?

Thanks

David

[k28v74@k2x&x1#kn2&a3]

openvpn is right for everybody!

it can certainly do as you want

Wrong. That is so wrong it's ridiculous.

It's wishful thinking because OpenVPN is NOT for everybody.

OpenVPN is only available to those with intermediate to advanced tech ability.

And that is because the developers assume that a large or certain amount of the computer using populace has the intermediate to advanced computer know-how that it takes to install, set-up and run OpenVPN successfully. I've seen computer program developers make that mistake all the time. It's as if they live in a tunnel (or in Cyberspace) with blinders on their eyes to prevent them from seeing what's going on in the real world. It's like they're blind or oblivious to an obvious, blatant need for a quality, OpenVPN for Dummies type video. They'll do whatever it takes to churn out a software program. But when it comes to creating a much needed basic, how-to tutorial (text or video tutorial) that is the type of t task that is is not a priority. And that is a lose-lose situation for the average computer user.

For those of us in the know, we know that sometime today many people around the globe booted up a computer for the very first time. That's something that happens 24/7/365. When you do the research we know that the developers of OpenVPN have failed to provide a good basic, easy to follow video and/or text tutorial on how an AVERAGE non-I.T. professional can configure OpenVPN.

I know a war vet whose been back from Afgahnistan for several months now (she has a college degree). Believe me she's no dummy. And she couldn't figure out how to use OpenVPN. Obviously with millions upon millions of computer users out there it would be reasonable to conclude that she's not the only one out there who does not have access to a user-friendly beginners video tutorial.

It would not be hard for a smart person to make a good, quality tutorial video that grandma, grandpa and n00bs everywhere around the world could understand. Unfortunately it appears the developers of OpenVPN overlooked that type of user or it's possible they don't know how to make a beginners tutorial.

The developers should contact someone who can construct a good beginners tutorial because there is a dire need for it, and obviously, they don't know how. Until they do many people will look at OpenVPN with great interest only to abort once they find out how complicated it is to configure, install and use.

As it stands right now OpenVPN is not for everyone. It is available only to those with intermediate to advanced computer ability . Time after time developers fail to understand (or they forget) that the type of user with advanced computer ability is greatly outnumbered and is in the minority compared to the average computer user. All you have to do is get outside in the real world and talk to people at coffee shops, Home Depot, etc about things like web browsers and Internet connections, etc, etc and you'll quickly realize that most people really are avearge in their ability to use a computer.

The lack of quality start up tutorials is a shame because while many average computer users are quick to ascertain that 1) wifi is terribly insecure and 2) OpenVPN is a great product with promise they become frustrated due to the lack of good, quality tutorials that a beginner won't find on Youtube because they simply do not exist.

If you're an average person (DMV worker, ER nurse, sanitation truck driver, cop, plumber, soldier, etc) and like many you find OpenVPN appealing yet too complicated then the only thing I can suggest (keeping in mind I'm not Bill Gates) is that you forget all about OpenVPN and instead use a web page with HTTPS. Or simply purchase a VPN router. A VPN router might be 1000x easier to configure than OpenVPN. Also, with a new VPN router the manufacturer of said device might have a tech support call center you can call to get help when you hit a wall and you don't have the luxury of being married or related to an I.T. professional. There are not a lot of VPN routers out on the market but there are a few. PM me if you want a link to one of them and I'll be glad to help you get started on your home VPN project.

[furface00]

Well said k28v74@k2x&x1#kn2&a3 and exactly the position I find myself. I have tried very unsuccessfully to get Open VPN configured correctly. Being that I do not enjoy being frustrated I have given up on my attempts to make Open VPN work. I am looking for something else to use and until Open VPN does create a more simple approach to setting up this software, it will sit on the shelf unused.

David

[marriott79]

k28v74@k2x&x1#kn2&a3 is correct in saying that developers often create less-than-user-friendly software because they're not thinking in terms of the average user. I've had firsthand experience in this area because I've worked as both a programmer and a project manager. I also agree that white papers are often dry and painful to read.

However, I think your criticism towards the developers of OpenVPN is absurd. And why stop there? Why not complain about the complexity of SSL/TLS certificates? While OpenVPN is certainly intended to be used by the average user; the average user should ***NOT*** be installing and configuring a VPN! Certainly not grandma and grandpa, as you're suggesting.

If you don't have a solid understanding of TCP/IP or the OSI layers, then you shouldn't even think of setting up a VPN. At best you'll create something that's unstable and insecure... if you're even able to get that far.

Secondly, the average home user has a dynamic IP address, which means they'll likely need to setup DDNS and then enable port forwarding on their router. They'll also have to configure their firewall(s) to allow the UDP or TCP traffic through. None of which should be attempted by inexperienced users.

In the case of OpenVPN, the developers are right to assume a certain level of competence with network technology. This product would absolutely do what furface00 is requesting. However, his mistake was giving up on it because he couldn't install it himself. If the task was important enough, he could easily have contacted a local computer shop, and they could have done the installation for him for a reasonable fee.

Once the VPN server and client was properly configured, furface00 (or anyone else for that matter) would have no problem getting the connection up and running. All he'd have to do is click the .ovpn file, which the technician could place on his desktop for ease of access.

If the developers dumbed-down the product, then you would lose either speed, security or versatility. There are simpler products our there, but they're not as fast or secure, and they can't do nearly as much as OpenVPN. They're also easier for ISPs to block.

Sorry, but suggesting EVERY piece of software should be targeted to Grandma Milly and Uncle Joe is just silly. This is a serious networking application, and misconfiguration can result in a breach of security -- the complete opposite of what furface00 is trying to accomplish.

[furface00]

marriott79, the condition that k28v74@k2x&x1#kn2&a3 describes is known widely as 'silo effect'. I disagree with your assertions. The primary responsibility of any lead in project management, is to ensure that their efforts are effective. It matters not if one is working with computer software, the creation of a new government program or the redesigning of a new business model, the goal is to provide a completed workable solution to an identified issue. This cannot be accomplished in a silo. You have to identify the need, quantify your parameters and tailor your work to satisfy that need and effect change. Otherwise, in my humble opinion, the work would be considered a failure.
If Open VPN is for the more experienced user, that's fine. Let them say so! I can decide if I wish to devote the time and energy to learn how to use an advanced system.

Don't portray the software as something it is not. If you purport the application as something "for anyone", than the developers are falling short of the mark when "Grandma Milly and Uncle Joe" can not use it.

This is what is frustrating in using inappropriately describe software and what I find somewhat irresponsible on the developers side. It's all to easy to try to pin the tail of blame on the user. The user has zip to do with the fact that in the earlier stages of development, someone forgot to talk to their target audience and find out what they really wanted to do. Just because one can "make it" doesn't mean it will be acceptable.

[janjust]

I cannot resist:

If Open VPN is for the more experienced user, that's fine. Let them say so! I can decide if I wish to devote the time and energy to learn how to use an advanced system.

OpenVPN is for the more experienced user.

There, I said it. OpenVPN is NOT a fully plug&pray package for setting up VPNs . I have never seen a fully plug&pray VPN setup, at least not one that works in all circumstances. If you cannot live with this , or if you must have commercial 24x7 support, then the community version of OpenVPN is not for you.

[furface00]

Well said janjust!

[marriott79]

furface00,

I don't wish to belabor the issue, but you're making a lot of unfounded assumptions. By your own adminissions, you're new to VPN, yet you're making strong statements about the design of a particular VPN product. If you want a no-brainer VPN that's easy to configure, it's called Hamachi. It doesn't require any network knowledge, and you can set it up in minutes. It's free for non-commercial use, and very inexpensive for commercial use. There are numerous reasons why it's not suitable for many real-world environments, but I won't get into them here because (with all due respect) you'd have to understand network technology, and if you understood network technology, we wouldn't be having this debate.

I have no stake in OpenVPN, so I would be happy to criticize the develpers if I felt it were warranted. Nowhere do they claim this product to be "easy for the average user to configure", and just because something requires technical expertise to install doesn't mean it's a failed design. By that definition, every piece of software on the Unix/Linux platform, including the operating system itself, is a failure. (Heck, for that matter you could also throw in Windows Server, SQL Server, IIS, etc.)

I'm well aware of the problems of the software industry -- in fact I've had many heated arguments with programmers who wanted to cut corners or ignore customer requirements. I'm also aware of the goals of project management; I have a degree in Information Systems, and much of my training was spent in project management, software engineering, and product design classes. Not to mention I've been working in the industry for a decade and a half, and believe me, I've accumulated long list of complaints of my own.

But I can assure you that the developers of OpenVPN haven't failed in their effort to create a modular and versatile VPN. To the experienced technician (the intended audience for performing the installation), the design is a vast improvement over the industry standards PPTP and IPSEC, which was their goal, and they achieved it. I recommend reading the product history page explaining why OpenVPN was created in the first place. As for me, I only started working with this a month ago, and I'm already doing things that are difficult or impossible to do with competing VPN technologies. Yes, I had to read a book and my network training was necessary to understand the context for configuring and troubleshooting the connection. Is that a failure on the part of the developers? I think it's reasonable given the benefits I receive in return for my effort.

Most people can't swap the engine out of their car and replace it with another one; they go to a mechanic to have that done. Yet, the average person uses an engine every day to get to work. The same could be said for the motherboard in a computer. You can buy one at any computer shop for under $100, but most people wouldn't even attempt to replace a motherboard themselves. So are these products failures? Did the manufacturers mislead the consumers? OpenVPN is no different; it's a network application that requires an understanding of network architecture to properly configure. However, once it's configured by a qualified technician, any user can use it without having to know how it works.

That includes "Grandma Milly" and "Uncle Joe". So yes, any user can use OpenVPN. Like an e-commerce website: anyone can use it; not everyone can set one up. There's a very important distinction to be made between the two concepts, and that's why we're disagreeing.

Granted most open source websites look pretty dry and intimidating. PHP.net is a typical example. There are no pretty pictures, just a million links and references to various releases with two dots in the version numbers instead of one. Most people probably take one look at this and run screaming in the other direction. OpenVPN is a bit unique in that has a more clean, polished and friendly website (Is that a failure on the part of the developers?), but I see no false claims anywhere.

My point in writing all of this really isn't to flame you. I understand your frustration in not being able to set this up, but so far the only thing the developers are guilty of is creating a more asthetically-pleasing website than most server-based open source technologies have traditionally done.

Browsing through the forums here, you'll find almost everyone doing something unique with OpenVPN. To have access to such a versatile product -- for free -- is a truly extraordinary thing! Expensive commercial products rarely offer this much versatility or stability and rarely come in a small, modular form. But I guess you either appreciate it or you don't.

Based on your feelings, my recommendation is to look into Hamachi. You're not going to find a simpler VPN than that. I don't know if you'll be able to route your web traffic through it, though.