If you spend any time at all using unencrypted wi-fi networks at hotels and coffee shops, you need a VPN. Those connections are fine for reading news headlines and checking sports scores, but cannot be considered safe for e-mail, online banking, making purchases, or anything that involves a username and a password. A VPN, which encrypts that traffic from prying eyes, is the only way to make them safe. Otherwise, you run the risk of the mousy-looking guy in the corner–not to mention an airplane flying overhead–being able to see it.
Here’s how to set up a VPN that’s good enough for personal use. All you need is a home Internet connection, a computer at home, and the laptop you take on the road.
Of course corporations can set up VPNs that are much faster and much more robust, but this is something you can set up in a couple of hours on a weekend afternoon without spending anything.
I do make a couple of assumptions. I assume you’re not a professional network engineer conversant in all things Cisco. But I also assume you’re capable of downloading files, verifying their integrity, and stepping through program installations. I’m not going to give you a step-by-step with every detail, since details can change.
And this VPN certainly has room for improvement. This is a good stepping-off point. You can build this, use it to protect yourself, and if you’re ambitious, build it into something better. My goal with this was to design something that an entry level IT worker or power user with two computers and an Internet connection would be able to set up and use.
With the caveats out of the way, let’s talk implementation.
First, download and install Hamachi on your desktop.
One Hamachi is up and running, hit the power button. Create a client name when asked. Make it something that makes sense, like “Home PC,” or “HP desktop.” Click Create a new network, and record (securely) the network name and password.
At some point, Windows may prompt you and ask what kind of network this new network is. Tell it it’s a home network.
The process on your laptop is very similar. Download or copy the installation file for Hamachi to your laptop, and install Hamachi again.
One Hamachi is up and running on the laptop, hit the power button. Create a client name when asked. Make it something that makes sense, like “laptop PC,” or “HP laptop,” Click Join an existing network, and use the same network name and password you set up on your desktop PC.
Once again, Windows may prompt you and ask what kind of network this new network is. Tell it it’s a home network.
You now have a secure, encrypted connection between your desktop and laptop that will work wherever you go.
Now to make that connection useful, you need a proxy server. Install Hottproxy on your desktop. Be sure to get the compiled executable.
Run the hottproxy-admin.exe. When Windows’ firewall asks for permission for this program to run, allow it. Point your web browser on your desktop PC to localhost:8085, where you can create a username and password. Now run hottproxy.exe.
To make your VPN more robust, follow the instructions in Hottproxy’s documentation for creating a pseudo service. That way if your home computer reboots for some reason while you’re away, the proxy will continue to work. If your power flickers every time you hear thunder like mine does, you need this. (Along with UPS, but that’s a separate issue.)
Now, on your laptop, configure your browser to use your desktop computer’s Hamachi VPN address as a proxy server, using port 9201.
Now try to go somewhere with your web browser. It will ask for a username and password. Enter those, and then it should work.
Finally, take your laptop to a coffee shop and try it out to make sure everything still works.
You’ll probably want at least two web browsers on your laptop computer, one configured to use the proxy and one configured normally. Then you can use the one configured normally to accept the hotel or coffee shop’s terms of service, then use the proxy-configured browser to securely use the Internet.
Once you take these steps, you can read e-mail, blog, or whatever else you need to do without fear that someone will intercept you and use what they learn to steal your e-mail account or blog.
Like I said before, there’s room for improvement here. Hamachi steals the 5.x network, which was recently allocated for use. So certain web sites won’t work if you’re running Hamachi. And Hottproxy isn’t especially robust or fast, but it’s free, relatively easy to install and configure, and it runs on Windows. There aren’t a lot of proxy servers that meet those last three criteria.
Once you get this up and running, if you start wanting something better, two things to look at would be OpenVPN and Squid. And if you have (or can set up) a PC running Linux, you’ll have a lot more options.