John Galea's Blog

My blog on Gadgets and the like

VPN

If you download movies, music, torrents or whatever, or just don’t like being tracked you may want to consider using a VPN. It stands for virtual private network. What it does is create an encrypted communication (called a tunnel) between your home and the VPN provider. The communication then comes out of the VPN provider instead of you creating a level of indirection. It makes it harder (although still not impossible) to track your movements on the net. This is a super basic but useful step.

There are lots of VPN providers out there, so how do you find one you like? Well first off is what are you willing to pay for what could amount to paranoia? Well just remember, your only paranoid if it turned out they weren’t watching you 🙂 I started by looking at one a friend (thanks Lance) recommended PureVPN. PureVPN provide a simple to use app that is supported on a lot of different platforms to make setting up a VPN as trouble free and easy as possible. But this isn’t what I wanted. So I asked them if they support Windows built in VPN connections (ie no need to install or trust an app) and they said yes. So I ventured into it. They have a guide for setting it up. While not massively difficult (for an IT guy like me) it does take some work. There are three options for the underlying technology of the tunnel, PPTP, L2TP and SSTP. I hadn’t heard of SSTP before so read into it. I like the sound of it so chose that. Be sure and review the settings for the tunnel. I made sure encryption was required (which wasn’t the default), and I tuned off file and print sharing and client for microsoft networks.

In the setup of your VPN you can choose a VPN server located anywhere in the world. I chose a place that has serious laws on privacy the Cayman Islands!! Remember that your data is flowing through the VPN provider so your going to want to make sure they have unlimited data (which PureVPN does).

Once setup the next thought is to find a way to make sure it’s always there. I have a VM that I do my torrents on so I can turn VPN on for all traffic from the VM. The tunnel will ignore local traffic so it has no effect on local file sharing rdp and the like. I also wanted to make sure the VPN is always on, and if disconnected it was obvious. So first up I found a way to automate the connection to the VPN. You can call rasdial with the name of the VPN connection from a batch file to setup the tunnel, so for example:
rasdial PureVPNUT

Next up to insure it is obvious if it is disconnected I took the extreme measure of deleting the default gateway from my TCPIP stack (I’m on fixed IP address within my home network). Then added a route just to VPN server using this command:
netsh interface ipv4 add route 45.74.25.129/32 wired 192.168.1.1 store=persistent (for example)

Now I can get only to the VPN server from this machine and then if VPN becomes disconnected it will be painfully obvious. It would be irksome if after paying for VPN I discovered that it wasn’t been used and I hadn’t noticed.

PureVPN allows up to 5 machine to be simultaneously connected so you can move on to setup other machines next.

Ok now comes the testing … First up I want to prove that the tunnel is working. By going to ipaddress.com you can see what your IP looks like, what country it thinks your in and who is your internet provider. By doing this with the tunnel on and off you can see that your IP is now hidden, making it less easy to track your movements.

Your probably going to want to test bandwidth of the connection with the tunnel on and off using a tool like DSL Reports. Personally unless it is dead slow, I’m not sure I care a lot.

Next up is the issue of the VPN connection dropping. Oddly Microsoft does not include an auto reconnect feature for VPNs. So I decided to create an automated script. This script logs the VPN connection/disconnection and retries to connect. Here’s the script. You would need to set the parameter for the name of the VPN connection you created.

With that the VPN is setup and working …

There is one point worth mentioning … creating a tunnel drills a hole right through the router’s firewall to your VPN provider. Anyone also using the same VPN provider has direct/wide open access to your machine. So be sure you have a firewall running on any host you do VPN out of … You would be wise to be suspicous of other’s doing VPN, it is not a safe place to be!

November 17, 2017 - Posted by | Uncategorized

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: