[buug] VPN hosting and access?

johan beisser jb at caustic.org
Fri Aug 29 14:35:59 PDT 2008


On Aug 29, 2008, at 1:59 PM, Aaron Porter wrote:
> 	If that's your concern, then TOR is in fact a good bet. If you
> don't trust that enough (for your non-encrypted, going over the  
> public net
> anyway traffic), it's always good to remember that just about *any*  
> host
> you can SSH to can be turned into a quick and dirty web proxy (ssh - 
> D +
> Foxyproxy).

Yeah, I've used ssh.. rather heavily. Even the -D option, and with the  
tunnel interface options.

Tor isn't so much a VPN or security system, as much as a way to  
disguise your location, preventing the site or next hop from knowing  
where you are. The assumption I make is that the exit node is going to  
be monitoring and viewing your network traffic anyway. Net result is  
that you're slowing down your network access and increasing packetloss  
for a false sense of security. You really shouldn't use it without  
also encrypting the traffic that's going through the tor gateway. The  
idea is that your attacker can't backtrace the route from the exit  
node back to where you are (N+1 routers back).

That said, I run OpenVPN, and use the first hop router through the  
tunneled link as my default gateway (technically, "route add 0/1  
<gateway ip>"). IMs, non-local/broadcast traffic, etc, goes out  
through that tunnel. Local traffic stays local, everyone benefits, and  
my ssh sessions generally won't drop for a good long while since  
they're relayed through a remote router that I control.

There's multiple benefits to doing the VPN method, basically.  
Naturally, getting a remote system you trust is the first part of it.





More information about the buug mailing list