[lug] wireless security back home when in foreign countries
Sean Reifschneider
jafo at tummy.com
Sat Nov 28 22:26:58 MST 2009
On 11/28/2009 03:01 PM, karl horlen wrote:
> use non std ssh port anyway so i think i'm good to go. i could always
> tunnel port 80 as a fallback.
Maybe. They don't usually block a specific port when they block a port,
instead they tend to block everything EXCEPT a few ports, like port 80 or
22. So, you may be better off having it be a standard SSH port. But, it's
been rare lately that they do such blocking.
I have been using OpenVPN with it's "default gateway" option to pass all
traffic except that going to the VPN server to go over the VPN.
I've used this mechanism at Defcon, for cats sake. If you think you'll be
traveling in hostile environments, it's nothing compared to that. I had
locked down the firewall so that the only thing it would send or receive
on the wireless interface was DHCP and OpenVPN.
> 2) any recommendations on a no brainer open source vpn compatible with
> centos 5. by no brainer i mean one that has been tested, just works,
> is easy to configure without having to search all over the internet
> for an implementation and secure? ;-)
I think OpenVPN works just great, and has "getting started" documentation
which I think it quite easy to get started with using a VPN.
> 3) anybody use / configure one time passwords? easy to configure? what
> did you use? i've got my own server so this might be a way to leave
> the netbook home and just login from untrusted cafes when i want to
> access a basic server account to winscp for example.
Obviously, you don't want to do anything that would be a problem if a
keylogger saved. I just travel with my netbook which has the VPN and
encryption on it.
Sean
--
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20091128/2b29aca7/attachment.pgp>
More information about the LUG
mailing list