A Home VPN for Secure Use of Wi-Fi Hotspots

Wait a second, some of you might think now, why is a cellular guy like Martin writing about Wi-Fi hotspots? The answer is simple: Along train routes, cellular coverage is often patchy but some train operators (such as Thalys or German Railways) offer Internet access over Wi-Fi with a land- or satellite based backhaul. While that works quite well in practice, there are a number of quite real security risks with non-encrypted public Wi-Fi hotspots: One of them is that all packets transmitted over the air interface can easily be eavesdropped on by another hotspot user with software that is publicly available. While that's not much of a problem for HTTPS encrypted web pages it's those unencrypted web pages using cookies for user authentication that can be easily intercepted and stolen.

The only way to get around this issue is to use a VPN (Virtual Private Network) solution to encrypt all traffic.  Some hotspot providers offer a free client for the purpose. But if you have a computer at home and a fast DSL line with a good uplink, you can also use it as a VPN gateway. All traffic is then encrypted and sent to the PC at home and from there to the Internet. Sounds difficult but it's rather easy to set up. All you need is:

• A Windows XP, Vista or Windows 7 machine to act as the PPTP VPN server. You can find a description of how to set it up here. A Linux server can of course also do the job but I don't have installation instructions at hand.

• A DSL/cable router that can update a dynamic dns server such as dyndns.org. This way, your VPN server can always be found from the Internet no matter how often the IP address of your fixed line connection is changed.

• The router must be able to forward tcp port 1723 to the computer with the VPN server and handle incoming PPTP sessions. Most DSL/cable routers are capable of that these days.

And that's pretty much it to secure your access. Have fun experimenting if you try!