Secure that hotel wi-fi with a low-tier, no-cost home VPN

If you spend any time at all using unencrypted wi-fi networks at hotels and coffee shops, you need a VPN. Those connections are fine for reading news headlines and checking sports scores, but cannot be considered safe for e-mail, online banking, making purchases, or anything that involves a username and a password. A VPN, which encrypts that traffic from prying eyes, is the only way to make them safe. Otherwise, you run the risk of the mousy-looking guy in the corner–not to mention an airplane flying overhead–being able to see it.

Here’s how to set up a VPN that’s good enough for personal use. All you need is a home Internet connection, a computer at home, and the laptop you take on the road.

Of course corporations can set up VPNs that are much faster and much more robust, but this is something you can set up in a couple of hours on a weekend afternoon without spending anything.

I do make a couple of assumptions. I assume you’re not a professional network engineer conversant in all things Cisco. But I also assume you’re capable of downloading files, verifying their integrity, and stepping through program installations. I’m not going to give you a step-by-step with every detail, since details can change.

And this VPN certainly has room for improvement. This is a good stepping-off point. You can build this, use it to protect yourself, and if you’re ambitious, build it into something better. My goal with this was to design something that an entry level IT worker or power user with two computers and an Internet connection would be able to set up and use.

With the caveats out of the way, let’s talk implementation.

First, download and install Hamachi on your desktop.

One Hamachi is up and running, hit the power button. Create a client name when asked. Make it something that makes sense, like “Home PC,” or “HP desktop.” Click Create a new network, and record (securely) the network name and password.

At some point, Windows may prompt you and ask what kind of network this new network is. Tell it it’s a home network.

The process on your laptop is very similar. Download or copy the installation file for Hamachi to your laptop, and install Hamachi again.

One Hamachi is up and running on the laptop, hit the power button. Create a client name when asked. Make it something that makes sense, like “laptop PC,” or “HP laptop,” Click Join an existing network, and use the same network name and password you set up on your desktop PC.

Once again, Windows may prompt you and ask what kind of network this new network is. Tell it it’s a home network.

You now have a secure, encrypted connection between your desktop and laptop that will work wherever you go.

Now to make that connection useful, you need a proxy server. Install Hottproxy on your desktop. Be sure to get the compiled executable.

Run the hottproxy-admin.exe. When Windows’ firewall asks for permission for this program to run, allow it. Point your web browser on your desktop PC to localhost:8085, where you can create a username and password. Now run hottproxy.exe.

To make your VPN more robust, follow the instructions in Hottproxy’s documentation for creating a pseudo service. That way if your home computer reboots for some reason while you’re away, the proxy will continue to work. If your power flickers every time you hear thunder like mine does, you need this. (Along with UPS, but that’s a separate issue.)

Now, on your laptop, configure your browser to use your desktop computer’s Hamachi VPN address as a proxy server, using port 9201.

Now try to go somewhere with your web browser. It will ask for a username and password. Enter those, and then it should work.

Finally, take your laptop to a coffee shop and try it out to make sure everything still works.

You’ll probably want at least two web browsers on your laptop computer, one configured to use the proxy and one configured normally. Then you can use the one configured normally to accept the hotel or coffee shop’s terms of service, then use the proxy-configured browser to securely use the Internet.

Once you take these steps, you can read e-mail, blog, or whatever else you need to do without fear that someone will intercept you and use what they learn to steal your e-mail account or blog.

Like I said before, there’s room for improvement here. Hamachi steals the 5.x network, which was recently allocated for use. So certain web sites won’t work if you’re running Hamachi. And Hottproxy isn’t especially robust or fast, but it’s free, relatively easy to install and configure, and it runs on Windows. There aren’t a lot of proxy servers that meet those last three criteria.

Once you get this up and running, if you start wanting something better, two things to look at would be OpenVPN and Squid. And if you have (or can set up) a PC running Linux, you’ll have a lot more options.

siliconunderground

About SiliconUnderground

Dave, aka siliconunderground, is a computer professional and an obscure computer book author who achieved his greatest popularity in Canada and Trinidad. He has been blogging since 1999. You can visit his blog at http://dfarq.homeip.net.
This entry was posted in Security. Bookmark the permalink.

3 Responses to Secure that hotel wi-fi with a low-tier, no-cost home VPN

  1. Tron1978 says:

    Kick ass thanks for the easy to set up toy 😀

  2. Lem says:

    First off, when I log into my bank or brokerage, the login page is an https (128 bit encrypted) page. They’re not unsecured pages and user/password data should never be visible over an unencrypted connection. Regarding VPN, OpenVPN works great. It’s 256 bit encrypted and any stream will fail if the signed into VPN proxy server drops offline. Much better than Microsoft’s built in L2TP and PPTP. An unlimited VPN subscription averages about $15/month. The Mac OpenVPN version is faster and the software is called “Tunnelblick.”

    • That’s great that your bank is on the ball. But would you know if someone had hijacked its SSL connection and put himself in between you and your bank? Some people would know, some wouldn’t. VPN that traffic, and you eliminate the possibility. So I’ll stand by my comment that you don’t want to do anything involving a username and password on a public network. Sometimes when you think you’re perfectly safe, it turns out you aren’t.

      As for OpenVPN-based solutions, yes, that will be better than what I describe here, and for those who can afford it, or can get their company to pay for it, great. For those who can’t justify $15 a month because they don’t travel enough, or just flat out can’t afford it, or just would rather build something than buy it, here’s a way to get the protection you need without spending any money.