Feeds

VPN security - if you want it, come and get it

Attention WiFi hotspotters: You want it

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Housekeeping, subnets, and domain names for dynamic IPs

You'll need a trusted server with an always-on connection to the net. We can't stress enough the the server needs to be free of malware and be connected to a network you trust. We used a home machine with broadband, so these instructions are tailored to that arrangement.

Step 1: Housekeeping

Before installing and configuring OpenVPN, you'll need to take care of several housekeeping items necessary to make the program work smoothly. First, if your client is running on a local area network, make sure its subnet isn't one of the more common IP numbers in use. A bevy of home routers use 192.168.1.x by default, and this will almost certainly pose a problem. If you go to a Wi-Fi hotspot that uses the same subnet as the one used by your server, there will be conflicts and you will be unable to connect.

To prevent this problem, renumber the subnet connected to your server machine to one of the more obscure numbers. We picked 192.168.199.1, but as this list makes clear, there's no shortage of available of private IPv4 addresses to choose from. This is how the configuration page of our Linksys router looked after the change.

Linksys router with settings

Change the subnet to 192.168.199.1

While you're still in your LAN settings, identify a chunk of addresses in your subnet that won't be used by any other machines connecting to the network. We picked 11 addresses starting at 192.168.199.151. Jot this information down. You'll need it later.

Step 2: For Servers with Dynamic IP Addresses

If the IP address of your server machine isn't fixed and you don't already have one, you'll need a domain name mapped to the IP address of your server machine. (If the server has an IP address that never changes, you can skip this section and proceed to step 3.) DynDNS allows you to do this for free using their Dynamic DNS service.

You'll need to create an account that includes a username and password. Be sure to pick a strong combination and keep it handy, because you'll need it in a moment or two. Now, log in to the account you just created and choose the Add Host Services link. This will allow you to create your very own domain name that will automatically map to your server machine. To do that, type in a domain name, select the "Offline Hostname" option, and click on the "create host" button at the bottom of the page.

Add Host Name section of DynDNS site

Choose a domain name to map to your server

We chose the domain name openvpndemo.dyndns.org. You can pick whatever you want, as long as no one has beat you to it. Just be sure to remember what the domain name is, because you'll need it later in the configuration process.

Now, download the DynDNS Updater software from this link and install it on the server machine. Choose the default setup options. When it opens for the first time, you'll be prompted for a username and password. Enter the username and password you just established when you created your DynDNS account.

Login screen for DynDNS Updater program

Enter the username and password for the account you just created

Once you enter the username and password, DynDNS Updater will display the domain name you just created in the "Dynamic DNS Hosts" section. Check the box and click the "apply" button.

DynDNS Updater configuration page

DynDNS configuration page

Presto, you have now set up a domain name for your server machine. Each time its IP number changes (assuming its a dynamic setup) DynDNS will update the domain name accordingly. The DynDNS icon should now show in your system tray.

(If you're having problems with this step, DynDNS offers their own instructions here.)

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.