1.1 Benefits Of VPN
1.1.1 IP Address Is Hidden
1.1.2 Encrypted Data Traffic
1.1.6 Save Money Online
List of Figures
Figure 1: VPN Connection
Virtual private network (VPN) is a technology that creates private encrypted connections over a less secure network, such as the internet. VPN technology was developed to allow remote users and branch offices to securely access corporate applications and other resources. To ensure safety, data travels through secure (encrypted) tunnels and VPN users must use authentication methods including passwords, tokens and other identification methods to gain access to the VPN.
Due to its complexity, much has been written about VPN. SecureOffice attempts to simplify and make VPN (and all functionality) as "user friendly" as possible.
A typical VPN connection is shown below. What happens with your connection stays with your connection. Completely private. Snoops hate privacy and, if allowed, will outlaw VPN as they failed with encryption (for all but themselves).
Figure 1: VPN Connection
For SecureOffice client VPN, "Your Device" is SecureOffice which can be configured to provide a VPN connection via WiFi or a dedicated ethernet port for all connected clients.
For SecureOffice server VPN (remote access), "Your Device" is a remote cellphone, PC or other device connected to the internet with a VPN tunnel to the "VPN Server" which is SecureOffice. Clients have full remote access to SecureOffice and all resources, as if you were at home, connected locally.
SecureOffice can simultaneously be a VPN client (providing VPN connections via Wifi, dedicated ethernet ports) and VPN server (providing secure remote access).
Using a VPN has many advantages. A quick summary:
Because communications use the IP address of a VPN server, and therefore hides user's IP address, users becomes anonymous on the internet. This is because the IP address is a unique number which allows people to be identified on the internet. An IP address allows others to track our online behavior step-by-step. With the use of a new, incognito IP address, it is no longer possible for governments, hackers or the websites that we visit to link us to our personal identity (unless we login using our real identity). The observed IP address (the address of the VPN server), is no longer linked to us. To determine users IP addresses requires "legal" action.
A safe internet connection. VPN encrypts the data traffic. This prohibits hackers and other malicious parties from intercepting our data, including identity theft, login credentials and sites visited. This allows users to safely connect using otherwise insecure public WiFi hotspots (or, work network), which may, for nefarious purposes be collecting user data.
With a VPN it is possible to connect to a server in a different country and to therefore allow all the data traffic to pass through this other country and fool servers (such as NetFlix / Hulu) into believing you are a local client. This allows certain blocked websites, streaming services, VoIP services and social media to become accessible. To do so it is necessary to make a connection with a VPN server in a country or with a VPN service that has not been restricted. VPN providers and streaming service providers are in a continuous state of war, with streaming service providers identifying and blocking VPN providers and VPN providers finding ways to bypass this. In practice, this means that any VPN connection may need to be occasionally reconfigured to use the latest workarounds / servers to access streaming services in other jurisdictions.
Because the IP address is hidden and the connection encrypted, it is no longer possible to know what is being downloaded through the secured VPN-connection, and by whom. When sensitive or important files are being downloaded (say for work), nobody has an insight to this information. Privacy and anonymity are achieved.
Some countries, such as China have firewalled the entire internet to "protect" their subjects from being "influenced" by "unapproved" information (a futile attempt to keep people stupid and uninformed). A VPN connection allows these restrictions to be bypassed.
In countries where the government regulates the internet, most often not all websites are available. This is how totalitarian regimes make a habit of silencing critical media outlets by blocking them in a country. These restrictions can be bypassed like all other geographical restrictions using VPN. VPN is therefore a crucial tool in the war for information / press freedom.
Prices for shopping online often differ based on the country someone is shopping from. When visiting an internet vendor using a connection within England, prices can sometimes be drastically more expensive for the exact same product or service versus shopping from another country. A VPN connection allows the user to connect using VPN servers from around the world. This causes websites to consider users as visitors from the country where the VPN server is located, thus allowing the user to profit from the best international prices and rates.
In addition, vendors in most jurisdictions are legally obligated to collect sales taxes from local, but not external "subjects".
Be very careful when selecting a commercial VPN provider, some of which keep logs and identity information. Many VPN users have received copyright violation notices and some have been charged for inadvertently downloading material or stumbling on "unapproved" websites. For example, Canada has "modernized" their copyright act to "legally" obligate ISP's and VPN providers to log user activities discussed here, effectively killing the "honest" business case for VPN providers in Canada. If it is your intent to not take this risk, it is crucial that you select a commercial VPN provider with a "no log" policy in a jurisdiction that respects information freedom. Because of the chilling effect of these "laws", many VPN providers lie to their customers regarding their privacy policies. You have been warned.
Some VPN users, because of computer or VPN misconfiguration / bugs are subject to DNS leaks, where it is possible to determine the real IP address (and, therefore user identity) from a user computer. A brief explanation of DNS leaks and, how they originate is discussed here. As part of VPN provider research, it is suggested to subscribe to free (or refund if not satisfied) trials, which many providers offer and perform an internet based DNS leak test prior to committing to any VPN service contract. Note that VPN client devices (and not SecureOffice) may be the cause of the DNS leak. Tips for fixing this are available at the previous leak test link.
Using VPN to access personal services such as email and banking where real identity is known allows these service providers to link your VPN IP address to you, defeating the privacy purpose of VPN, especially if these service providers collect and provide (and may be "legally" bound to do so) information to "big brother / sister". It may be necessary for travellers to use VPN (with a connection to their home jurisdiction) to access their services when travelling, since personal service providers such as banks use the geographic location of clients as part of their defense from being hacked.
It is a SecureOffice requirement that the VPN provider support OpenVpn, as most do. Some also provide OpenVpn configuration files for OpenWrt routers such as SecureOffice.
Another requirement (if you want to avoid the minor expense of subscribing to the custom SecureOffice package / script repository) is that the chosen VPN provider support TAP devices (discussed below), to allow bridging to SecureOffice WiFi and ethernet ports to provide secure internet connections to clients.
SecureOffice recommends using OpenVpn for all VPN applications.
It is possible to configure SecureOffice to use older, less secure VPN protocols such as PPTP, L2TP / IPsec and SSTP, compared here. To configure SecureOffice to use alternate VPN protocols is beyond the scope of this document. Users wishing to do so will have to consult the OpenWrt Wiki, and / or, do some internet research.
A VPN connection is basically a virtual network adapter, which can be used (with some minor limitations) the same as any other network adapter. To create a VPN connection is a two-step process. First create the VPN network adapter connection. Second, configure network, DNS, routing and firewall to use the connection.
There are two types of OpenVPN adaptors TAP and TUN. Which one to use depends on the application and the nature of the data to be transported.
From the perspective of most VPN service providers, client requirements are best met using TUN devices. Providing connections using TAP adapters is considered a minor, niche market, not worthy of servicing. They are correct in this, although many, as they are harvesting new customers will incorrectly allege they support TAP (practical experience). It is the opinion of the SecureOffice team that attempting to find a VPN provider that correctly supports TAP is a waste of time. Best to use their mainstream (and far better supported) TUN offerings.
The only use of SecureOffice VPN for TAP from commercial VPN providers is to easily create bridged VPN connections over WiFi (or any network adapter), without using (paying for access to) the custom VPN scripts. There are no other, including performance advantages.
Given the difficulty of determining in advance whether a VPN service supports TAP adapters, the best approach is to "try it".
To do so:
If TAP is not supported, and you really need bridging functionality (dedicated VPN WiFi or ethernet port), several options exist:
TODO: Create list. None identified yet.
Most commercial VPN providers as well as SecureOffice / OpenWrt support these older, less secure VPN protocols. Instructions are provided for configuring SecureOffice as a PPTP client, providing faster, but less secure connections for users connected to the internet via SecureOffice.