Secure that public wi-fi with a low-tier, no-cost home VPN

If you spend any time at all using unencrypted wi-fi networks at hotels and coffee shops, you need a VPN. Public connections are fine for reading news headlines and checking sports scores, but cannot be considered safe for e-mail, online banking, making purchases, or anything that involves a username and a password. A VPN, which encrypts that traffic from prying eyes, is the only way to make them safe.

Here’s how to set up a VPN that’s good enough for personal use. All you need is a home Internet connection, a computer at home, and the laptop you take on the road.

Of course corporations can set up VPNs that are much faster and much more robust, but this is something you can set up in a couple of hours on a weekend afternoon without spending anything.


I’m going to work off a couple of assumptions here. I assume you’re not a professional network engineer conversant in all things Cisco. But I also assume you’re capable of downloading files, verifying their integrity, and stepping through program installations. I’m not going to give you a step-by-step with every detail, since details can change.  You won’t have to figure it all out for yourself, but I’m not going to hold your hand through its entirety. In the past when I’ve tried to do that, someone yelled at me for the little detail that changed when something went from version 2.73 to version 2.8. This isn’t a Dummies book.

And this VPN certainly has room for improvement. This is a good stepping-off point. You can build this, use it to protect yourself, and if you’re ambitious, build it into something better. And hopefully you’ll learn something along the way.

So, here’s the procedure.

First, download and install Hamachi on your desktop.

Once Hamachi is up and running, hit the power button. Create a client name when asked. Make it something that makes sense, like “Home PC,” or “HP desktop.” Click Create a new network, and record (securely) the network name and password.

At some point, Windows may prompt you and ask what kind of network this new network is. Tell it it’s a home network.

The process on your laptop is very similar. Download or copy the installation file for Hamachi to your laptop, and install Hamachi again.

One Hamachi is up and running on the laptop, hit the power button. Create a client name when asked. Make it something that makes sense, like “laptop PC,” or “HP laptop,” Click Join an existing network, and use the same network name and password you set up on your desktop PC.

Once again, Windows may prompt you and ask what kind of network this new network is. Tell it it’s a home network.

You now have a secure, encrypted connection between your desktop and laptop that will work wherever you go.

Now to make that connection useful, you need a proxy server. Install Hottproxy on your desktop. Be sure to get the compiled executable.

Run the hottproxy-admin.exe. When Windows’ firewall asks for permission for this program to run, allow it. Point your web browser on your desktop PC to localhost:8085, where you can create a username and password. Now run hottproxy.exe.

To make your VPN more robust, follow the instructions in Hottproxy’s documentation for creating a pseudo service. That way if your home computer reboots for some reason while you’re away, the proxy will continue to work. If your power flickers every time you hear thunder like mine does, you need this. (Along with UPS, but that’s a separate issue.)

Now, on your laptop, configure your browser to use your desktop computer’s Hamachi VPN address as a proxy server, using port 9201.

Now try to go somewhere with your web browser. It will ask for a username and password. Enter those, and then it should work.

And finally, take your laptop to a coffee shop and try it to see if it’s working.

You’ll probably want at least two web browsers on your laptop computer, one configured to use the proxy and one configured normally. Then you can use the one configured normally to accept the hotel or coffee shop’s terms of service, then use the proxy-configured browser to securely use the Internet.

Once you take these steps, you can read e-mail, blog, or whatever else you need to do without fear that someone will intercept you and use what they learn to steal your e-mail account or blog.

Like I said before, there’s room for improvement here. This setup is “good enough,” and a lot of things qualify as “good enough.” Dirt Cheap’s house-brand beer. Windows 98. But the upside to “good enough” is that if it’s the Saturday before you’re going on the road and you realize you need a VPN to protect yourself, you can set up a VPN in about the same amount of time as it takes for you to pack, and without buying a bunch of stuff.

That said, let’s talk downsides. Hamachi steals the 5.x network, which was recently allocated for use. So certain web sites won’t work if you’re running Hamachi. And Hottproxy isn’t especially robust or fast, but it’s free, relatively easy to install and configure, and it runs on Windows. There aren’t a lot of proxy servers that meet those last three criteria.

Once you get this up and running, if you start wanting something better, two things to look at would be OpenVPN and Squid. And if you have (or can set up) a PC running Linux, you’ll have a lot more options.

5 thoughts on “Secure that public wi-fi with a low-tier, no-cost home VPN

  • July 31, 2011 at 9:25 pm
    Permalink

    Interesting – very interesting. This would also require a PC at home to remain on all the time. You have given me much to think of – as well as something for an older box to do. I think that when my wife’s year-long subscription to Witopia’s VPN services expire, we will do something different. Something more under our control . . .

    Thanks.

  • August 1, 2011 at 7:20 am
    Permalink

    The PC would at least have to be on while you’re away. It may be possible to send a wake-on-LAN call to it remotely, if you don’t want to power it on all the time. That would be something worth looking into.

  • Pingback: SheopleHerder » Blog Archive » Your Phone is not secure.

  • August 12, 2011 at 1:06 pm
    Permalink

    At work a few years back we used the Netgear FVS318, a small < 100$ firewall device that allows you to login using some simple client software that worked well on XP. Not sure how this compares, but honestly, can't seem to figure out a simple solution.

    • August 13, 2011 at 2:14 pm
      Permalink

      As far as cheap simplicity goes, this is the best combination of both I’ve been able to find. There are lots of ways to go about it, and presumably when you spend some money it should be simpler. One would hope. But for those who say security costs too much… Here you go.

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux