Zero Configuration VPN Clients for Mobile Users



Similar documents
ReadyNAS Remote White Paper. NETGEAR May 2010

Guideline for setting up a functional VPN

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

VPN. Date: 4/15/2004 By: Heena Patel

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Page 18. Using Software To Make More Money With Surveys. Visit us on the web at:

VPN Lesson 2: VPN Implementation. Summary

UIP1868P User Interface Guide

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

How To Configure L2TP VPN Connection for MAC OS X client

DCB Ethernet Tunnel Family Configuration Guide

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

Tunnels and Redirectors

Viking VPN Guide Linux/UNIX

Measure wireless network performance using testing tool iperf

SSL SSL VPN

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

How To Configure Apple ipad for Cyberoam L2TP

How to make a VPN connection to our servers from Windows 8

Asterisk SIP Trunk Settings - Vestalink

Parallels Plesk Panel

How to Setup an IMAP account in Outlook Express to Connect to Your Arrowmail Mailbox

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

9 Simple steps to secure your Wi-Fi Network.

Cisco Virtual Office Express

Wireless VPN White Paper. WIALAN Technologies, Inc.

To ensure you successfully install Timico VoIP for Business you must follow the steps in sequence:

M2M Series Routers. Port Forwarding / DMZ Setup

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

General Questions Requesting Access Client Support Downloading Issues Installation Issues Connectivity Issues...


Setting up VPN Access for Remote Diagnostics Support

Linksys E2000 Wireless-N Router Configuration Guide

VegaStream Information Note Considerations for a VoIP installation

Broadband Phone Gateway BPG510 Technical Users Guide

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

Introduction to Network Security Lab 1 - Wireshark

Network Management System (NMS) FAQ

Phone: Fax: Box: 230

Computer Networks. Secure Systems

Security. TestOut Modules

Source-Connect Network Configuration Last updated May 2009

Table of Contents. FleetSoft Installation Guide

Application Note. Onsight Connect Network Requirements v6.3

Final for ECE374 05/06/13 Solution!!

Configuring Routers and Their Settings

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Chapter 8 Router and Network Management

Cisco QuickVPN Installation Tips for Windows Operating Systems

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Next Generation Tech-Talk. Cloud Based Business Collaboration with Cisco Spark

Gigabit Multi-Homing VPN Security Router

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

FreeAgent DockStar Network Adapter User Guide

Monitoring Remote Access VPN Services

SGUL VPN Connection Guide for Windows 10

Industrial VPN Cloud Services. Paul A. Mercier Project Engineer PHOENIX CONTACT, USA

Frequently Asked Questions (FAQ s)

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

21.4 Network Address Translation (NAT) NAT concept

GoToMyPC and. pcanywhere. expertcity.com. Remote-Access Technologies: A Comparison of

RWC4YD3S723QRVHHHIZWJXPTQMO6GKEQR

Jenesis Software - Podcast Episode 2

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

Savvius Insight Initial Configuration

Steps for Basic Configuration

Table of Contents. P a g e 2

Quality of Service (QoS) Setup Guide (NB604n)

Remote extensions and remote offices

The VPNaaS Plugin for Fuel Documentation

Introduction To Computer Networking

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Chapter 4 Firewall Protection and Content Filtering

Access Control in Home Networking

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

ipad Installation and Setup

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

EKT 332/4 COMPUTER NETWORK

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

Lab assignment #2 IPSec and VPN Tunnels (Document version 1.1)

7.1. Remote Access Connection

(Refer Slide Time: 01:38 01:37)

Configuring a WatchGuard SOHO to SOHO IPSec Tunnel

Application Note. Onsight Connect Network Requirements V6.1

IPv6 Tunneling Over IPV4

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Hallpass Instructions for Connecting to Mac with a Mac

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Chapter 4 Firewall Protection and Content Filtering

Global Network. Whitepaper. September Page 1 of 9

Optimize Online Game Traffic Using Bigfoot Networks Killer Xeno Pro and NETGEAR Routers

Configuring the PIX Firewall with PDM

Connecting an Android to a FortiGate with SSL VPN

Virtual Private Networks

Transcription:

Zero Configuration VPN Clients for Mobile Users There are a lot of things that I love in life. In technology though, all the things that I love can be summed up into four main categories. Number one, I love free stuff. Now, that's a given with most people. There are a ton of free things on the net, but most of them lets be honest are useless. I'm sorry I want something a little more than a world clock. And I can hear the Linux people now, "but all of our stuff is free!" and while you are correct there's a reason why you only hold a 3% market share. Two, I love web based applications. In fact I love them so much I'm actually writing this article on one right now (http://www.writely.com)! There's another great site out there called 37 Signals (http://www37signals) with tons of free organizational type things. Check them out! Three, I love VPN's. There something so simplistic about it all. Being able to connection distant computers together and have them act as if they are on the same network. [3] Not only that but you can access things like computers, network storage, and email as if you were sitting right there in your office. And lastly, I love wireless. The idea that I can be almost anywhere and sit down with my laptop and access the internet without being tethered by a cable is well awesome. Now, what if I could tie all four things together well I can t but I m close with three. We're going to take a look at three VPN services that are designed to be used at wireless hotspot for either SOHO (small office/home office) or small business users. The first service we're to look at is Hamachi (http://www.hamachi.cc). Developed by Applied Networks Inc., an easy to use VPN software that is as close to zero configuration as you can get. Now, for those that are new or might not know what a VPN is or does it allows user to use the public internet while having a secure connection as if they were on a private network.[1] The first thing you'll

notice after you download and install Hamachi is that it gives you an address in the 5.0.0.0 range. Why do they use address in this range? According to IANA (Internet Assigned Numbers Authority) addresses in this range have not been assigned to anyone as of yet. Yes, there is the possibility that at some point and time someone could buy addresses in that range, but with IANA trying to conserve addresses as much as possible and with the boom of private IP addressing I doubt this will ever happen. Now, this IP address you're assigned will never change so you can go a head and write it down. Next, you will be asked to select a user name. This is the name that will be used to identify you on the networks. Once you ve chosen a name you're given the option of either joining a network or creating a new one. Since this is our first time using the program we're going to create a new network. During the configuration all you're asked to do is supply a name for your new network and a key that will be used for others to join your network. Remember the key is only as strong as you make it. For my own personal network I used a complicated 63 character key, which I promptly lost. At this point you should be asking yourself "so what?", and you d be justified in saying so but Hamachi has a ton of features that set it a part from your traditional VPN clients. The problem with most VPN's is that they can be blocked at the firewall. Depending on which protocol your VPN is using there are a number of ports that have to be opened on your

router in order for your connection to be made. The converse is also true. Depending on how tech savvy the wireless hotspot provider is they could easily block those ports but with Hamachi that shouldn t be a problem. Hamachi does not use the traditional ports most VPN use therefore blocking of well known ports shouldn t be a problem. If for some reason your network administrator blocks everything but ports 80 and 443 you can change which ports Hamachi listens on. Another smart feature of Hamachi is that it uses UDP instead of TCP. The standard VPN client wraps a TCP packet in a TCP packet. Your information becomes the payload of the second packet which is in turn encrypted. This works very well for encryption but it tends to slow down your connection. When you wrap a TCP packet in a UDP packet you don't run into that problem of network slow down. [1] Hamachi also uses what is called NAT traversal. If you deal with VOIP or teleconferencing then you know what I'm talking about. [2] For those not sure this is how it works. We all know that NAT routers block incoming connections unless they are a part of a previous conversation. This becomes a problem when you're at your wireless hotspot trying to access your computer behind a NAT router. What NAT traversal does is set up a "mediation server" outside of both networks. The mediation server gives the machines behind NAT routers a place to connect to first. Once the client computers connect to the mediation server the two client machines are connected to each other. [2] Don't worry, once the two clients computers are connected no information passes through the Hamachi servers.

The last interesting feature of Hamachi is it rewrites the protocol stack so packets never have to be segmented because they're too big. A standard packet can be 1500 bytes; when you wrap a TCP packet with UDP the packet size might exceed 1500 bytes causing the computer to fragment the larger packet in order for it to be sent. This can cause a flooding of fragmented packets on the network slowing down your connection even more. Hamachi purposefully makes packets small enough so once they are wrapped in the UDP packet they will not exceed 1500 bytes. If you want to get more into the nuts and bolts of how Hamachi works you can visit their security page (http://www.hamachi.cc/security) where they go into more than enough detail. It should also be noted that there is a paid version of Hamachi. The paid version has several advanced administrative features like the ability to run Hamachi as a service, have up to 256 members per network and turn off encryption if latency is a problem. A full list of features can be found at http://premium.hamachi.cc/compare.php. Also for those slightly more paranoid individuals you can purchase the Hamachi server software. This way you can be your own mediation server. The next service I want to talk about is ipig (iopus Private Internet Gateway) by iopus (http://www.iopus.com). Before you download ipig you should decide how you want your network set up. You have two options. The first option involves you downloading the software and using the iopus servers to connect to the internet. The downside to this is you are limited to only five gigabytes and once you've reached your limit your account is deactivated but there is nothing stopping you from creating a new account.

You also have the option of downloading the ipig server software and running your own server. There is a pro edition that allows you to have an unlimited amount of users where the free version limits you to five. If you're going to use the first option I wouldn't use it for more than checking email and other limited activities. Since I m going to be tunneling all of my traffic through my ipig connection will be installing the free server edition. According to the ipig website there are only eight steps to set up the client software and five steps to set up the server software. If you re not installing the server go ahead and set up an account before you download the ipig client software. When you have the software installed all you have to do is log in. The installation for the server is just as easy. When you have your server installed all you have to do is add users. There is no need for configuration on the client side. That being said by default ipig does use port 11888 for incoming connections. You can easily change the default port but you do have to change it on the server and the client. Also if you are behind a NAT router you will have to set up port forwarding. What I really like about ipig that Hamachi does not do is automatic tunneling of all traffic through the VPN connection. Be warned that the tunnel is not established until after you connect to the ipig server and your user name is sent in clear text, but the passwords are never exchanged. The password you enter is actually used to encrypt a "fixed

phrase" using 256-bit AES on the client side and the password is used on the server side to decrypt the fixed phrase. If the fixed phrases match then the client is authenticated. [5] The main draw back to ipig is the client starts to authenticate before a tunnel is established so things like client and server version numbers are sent in clear text along with your username. client version number server version number user name

The only other down side to ipig is it doesn t use UDP packets but there wasn't as much latency as I expected. I m sure once you start adding more users there will probably be a significant slow down for SOHO users. Another nice feature of ipig is it lets you limit the bandwidth on a per user bases. I will admit I have had some problems running the server. The set up was easy but it did crash on me several times. And once the server is open there is no on/connect button so there were many a times I wasn't sure if the server was working. Also there's no way to minimize it to the system tray. Despite that I still found it to be a very effective program and would recommend it to SOHO users. The last service I wanted to talk about is HotSpotVPN (http://www.hotspotvpn.com). Yes, I know it's not exactly free but with plans costing as little as $8.88 a month or $88.80 for a year it s as close to free as you can get. HotSpotVPN has two levels of service. The first one is HotSpotVPN2. With the HotSpotVPN2 plan you have access for two computers and you can choose your encryption type. Because many companies and according to the HotSpotVPN website several countries block traditional VPN connections HotSpotVPN2 uses a SSL based VPN solution. This way there is no software to download since you access the VPN through your web browser. As it was mentioned before, you can also choose the type of encryption that is used. The stronger the encryption the more per mouth you pay. For 128-bit Blowfish encryption you're looking at $10.88 per month, 192-bit AES is $11.88 a month, and 256-bit AES is $13.88 per month. If you wanted to go the less expensive route there is the HotSpotVPN1 package that uses standard PPTP for $8.88 a month. There is also a one, three, and seven day packages that will run you $3.88, $5.88, and $6.88 respectively. The nice thing about HotSpotVPN is that it works on a wide variety of platforms. ipig for example only works on Windows and Hamachi will only run

on Windows and Linux with a Mac version coming soon. HotSpotVPN on the other hand works on Windows, Mac, Linux, Pocket PC, Palms, Treos, FreeBSD, OpenBSD, and Solaris. I hope from this short introduction you can see there are a wide variety of options for a SOHO or small business user when it comes to VPN solutions. All of these services will provide an effortless VPN connection for most users. From my personal experience I can tell you either program will do the job but with its easy installation, sleek design, and use of NAT transversal Hamachi wins hands down. For the more advanced users who have a little money to burn I'd have to recommend HotSpotVPN because of its multiplatform support and various encryption standards. To be totally honest you cannot go wrong with any of the three products mentioned here today.

Work Cited [1] Qu, Wei, Srinivas Sampalli, IPSec-Based Secure Wireless Virtual Private Network, Proceedings of IEEE Military Communications Conference, October 2002, vol 2, p1107-1112 vol2. [2] Gaylani, N.; Erten, Y.M.; Handling NAT Traversal and Mobility for Multimedia Traffic, Consumer Communications and Networking Conference, 2006. CCNC 2006. 2006 3rd IEEE Volume 1, 8-10 Jan. 2006 Page(s):112-116 [3] Venkateswaran, R.;Virtual Private Networks Potentials, IEEE Volume 20, Issue 1, Feb-Mar 2001 Page(s):11-15 [4] http://www.hamachi.cc [5] http://www.iopus.com/ipig [6] http://www.hotspotvpn.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information