[buug] VPN hosting and access?
johan beisser
jb at caustic.org
Fri Aug 29 14:35:59 PDT 2008
On Aug 29, 2008, at 1:59 PM, Aaron Porter wrote:
> If that's your concern, then TOR is in fact a good bet. If you
> don't trust that enough (for your non-encrypted, going over the
> public net
> anyway traffic), it's always good to remember that just about *any*
> host
> you can SSH to can be turned into a quick and dirty web proxy (ssh -
> D +
> Foxyproxy).
Yeah, I've used ssh.. rather heavily. Even the -D option, and with the
tunnel interface options.
Tor isn't so much a VPN or security system, as much as a way to
disguise your location, preventing the site or next hop from knowing
where you are. The assumption I make is that the exit node is going to
be monitoring and viewing your network traffic anyway. Net result is
that you're slowing down your network access and increasing packetloss
for a false sense of security. You really shouldn't use it without
also encrypting the traffic that's going through the tor gateway. The
idea is that your attacker can't backtrace the route from the exit
node back to where you are (N+1 routers back).
That said, I run OpenVPN, and use the first hop router through the
tunneled link as my default gateway (technically, "route add 0/1
<gateway ip>"). IMs, non-local/broadcast traffic, etc, goes out
through that tunnel. Local traffic stays local, everyone benefits, and
my ssh sessions generally won't drop for a good long while since
they're relayed through a remote router that I control.
There's multiple benefits to doing the VPN method, basically.
Naturally, getting a remote system you trust is the first part of it.
More information about the buug
mailing list