The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.
If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
There are several ways to do this, but the way that seems easiest to me involves a router that’s capable of running DD-WRT. Many are, and they’ve become very inexpensive, so many people will be able to swing that. If you don’t want to install DD-WRT yourself, look at used Linksys WRT54G routers on Amazon; often you can find one already upgraded to DD-WRT. There are instructions here showing your options for how to set up your router to send WOL packets to whatever computer on your network hosts your VPN. The easiest of these options, to my way of thinking, is to use SSH.
You’re going to have SSH exposed to the world on your router, so be sure to use a strong password. By this I mean at least 16 characters, mixed case, with at least one number and one symbol. I can’t overemphasize this enough. Once someone manages to get into your router, it’s only a matter of time before they take control of the rest of the computers in your network. Consider yourself warned.
As long as you have a strong password, you shouldn’t have to worry, but if you want the best possible security, you can disable SSH on your router except for the times you plan to be traveling. That way, you minimize your exposure.
Once you have a router running DD-WRT, you’re going to need to register a dynamic hostname unless you happen to have a static IP address. Check with your Internet provider to see if you have a static IP, but chances are you would know if you had one. DynDNS.org is one of the more popular providers, and it’s one I can recommend because I’ve been using them since 2000.
Note the MAC address of the computer that’s hosting your VPN, and document it in a text file stored on your laptop. The easiest way I know to get the MAC address is to open a command prompt and issue the command ipconfig /all. Scroll to the the section labeled Ethernet Adapter Local Area Connection, and look at the line labeled Physical Address.
The last ingredient is an SSH client running on your laptop. I use and recomment PuTTY. SSH is by nature encrypted, so it’s safe to use on a public network.
When you want to wake up your VPN host, just use PuTTY to SSH over to your DynDNS host. Log in, and you’ll be sitting at a command prompt. Enter the command /usr/sbin/wol -i 192.168.1.255 -p PP AA:BB:CC:DD:EE:FF (substitute the actual MAC address for AA:BB:CC:DD:EE:FF, and your actual broadcast address for 192.168.1.255). You’ll know the computer is booted when its indicator light in the Hamachi client lights up. Then you can fire up your proxy-enabled web browser, log in to Hottproxy, and use public wireless in safety.
If you don’t like the option of using DD-WRT, here’s a site with some other options for setting up wake-on-LAN: http://www.wolcenter.com/faq.
Very cool, I have to try this out. Very very neat.