Re: Encrypted VPN software?
- From: "nemo_outis" <abc@xxxxxxx>
- Date: 02 Jan 2006 03:06:51 GMT
"[Anonymous] Persona" <anonymous@xxxxxxxxxxxxxxxxxxxx> wrote in
news:1136166132_99@xxxxxxxxxxxxxxx:
> -----BEGIN TYPE III ANONYMOUS MESSAGE-----
> Message-type: plaintext
>
> In <Xns973E873ECF228abcxyzcom@xxxxxxxxxxxxxxx> "nemo_outis"
> <abc@xxxxxxx> wrote:
>>"[Anonymous] Persona" <anonymous@xxxxxxxxxxxxxxxxxxxx> wrote in
>>news:1136141973_98@xxxxxxxxxxxxxxx:
>>
>>> -----BEGIN TYPE III ANONYMOUS MESSAGE-----
>>> Message-type: plaintext
>>>
>>> There is a site offering free software without pop ups or
>>> tracking that purportedly allows encrypted and anonymous
>>> Peer-to-Peer connections and web connections.
>>>
>>> If I understand correctly, it uses VPN technology.
>>>
>>> http://www.hamachi.cc/
>>>
>>> Can anyone enlighten me regarding the benefits, drawbacks and
>>> risks of this type of software? Is one's IP address revealed
>>> or discernable to the person or web site on the other end of
>>> the connection?
>>>
>>> Persona
>>>
>>> -----END TYPE III ANONYMOUS MESSAGE-----
>>>
>>
>>
>>
>>Hamachi is a very good system. The Hamachi servers are only used to
>>establish the original connection; thereafter the two ends of the VPN
>>talk directly to each other with no Hamachi involvement. Security is
>>very strong and your private key is NOT disclosed to the Hamachi
>>servers which brokers the connection.
>>
>>The reason for the brokered connection is that this goes a long way
>>towards defeating corporate firewalls/filters when setting up the VPN.
>>A "meet in the middle" approach for setup followed by point-to-point
>>thereafter.
>>
>>With that said, however, I am a big (no, make that gigantic!) fan of
>>OpenVPN. It is a bombproof open-source multi-platform SSL/TLS VPN
>>(not just a makeshift alternative but actually much better than the
>>standard IPSEC, PPTP (spit!), or L2TP). Those are complicated , have
>>interoperability problems, but worst of all, have real problems
>>tunnelling through corporate firewalls and routers (or even just a
>>hotel router if you are using your laptop out on the road and want to
>>connect back to the ranch).
>>
>>There has been a great series of discussions of VPN issues by Steve
>>Gibson of grc (including Hamachi, OpenVPN, and others) at:
>>
>>http://www.grc.com/SecurityNow.htm#20
>>
>>See particularly episodes 15, 17, 18 & 19 for VPN (Lots of other good
>>info on other topics on this site as well)
>>
>>For OpenVPN wander on over to: http://openvpn.net/
>>
>>Regards,
>>
> I'm impressed. Very impressed. Unfortunately, I think I know so
> little about what I'm impressed about that I must ask more questions
> even after reading the information on the openvpn.net site and the
> hamachi site. After reading the www.grc.com papers I get the
> impression that it's like SSL - each knows who's connecting, but
> no one in between will know what's going on. Is that right?
The most fundamental thing about VPN is that's exactly what it is: a
virtual private network.
Many other encryption protocols can let this application or that
application, this protocol or that protocol, connect to a distant
computer system but they must be set up individually at the application
level. VPN allows a distant computer to connect to another computer on a
faraway LAN as if it was just another local computer on that LAN. From
there you work out what programs it can run, what data it can access on
the "local" LAN. It's done at the network level once and for all, not
once at a time for each application.
The "as if it was connected locally" is the VPN part. The connection is
not just another physical wire to an ethernet hub on the local LAN but an
encrypted connection over the internet - a virtual connection. How to do
that encrypted internet connection so you appear as part of the local LAN
(and it appears to you) is where the various VPN technologies differ.
(Note that there are some "almost VPN" technologies as well, just to
muddy the water :-)
The various VPN methods differ in complexity, in whether they are open,
proprietary or in-between, whether they are all software, all-hardware or
a mix, whether they interoperate between different hardware and software
vendors, and how easy they penetrate firewalls and routers (important,
for instance, when you are out on the road and trying to connect to the
company VPN back home).
> I'm familiar with mixminion, types I and II remailers, TOR, SSH
> tunnels, and proxies. Can you briefly explain what VPN does to
> make connections "secure"?
>
> In particular:
>
> 1. Do the parties connecting to one another see each other's IP
> addresses - or can someone configure a connection to ferret out
> the connecting party's IP address?
> 2. Are all packets encrypted from the source computer to the
> destination computer (a la TOR or SSH tunnel)?
There's no attempt to hide the end-points of a VPN - who's connecting to
whom (at least at the IP level) is not hidden. However, what the VPN
does offer is once-and-for-all encryption and authentication with no need
to set it up multiple times for different programs, etc. All programs
would use one common encrypted VPN tunnel. So for spies on the internet,
"they" can know who you're connected to but not what you're doing.
> IOW, is this a form of anonymous connection with encryption, or is
> it more like P2P with encryption (where each can see the other's
> IP address - or it can be determined with dedicated software
> for that purpose)? If I connect with the Pentagon, will they
> know who I am? or is it more like Freenet?
A VPN is just an extension of a local LAN (even if that LAN consists of
just one computer) so that the LAN can be extended to faraway places, not
over a hard wire, but over an encrypted internet connection. You must be
known to and have privileges on that LAN VPN server before you can
connect to it and do anything - it's just like signing on to your LAN
from your desktop computer at a company each morning, except that you can
do it from a thousand miles away.
> Also, on another note, I see that hamachi seems to allow web browsers
> but openvpn doesn't. How does that affect communication, security
> and file transfer?
Hamachi is a "near-VPN" and not a true VPN. A true VPN is not tied to
any particular protocol or application (e.g., a browser). Hamachi's
claim to fame is its ability to almost always be able to burrow through
corporate (& university, etc) firewalls, etc. to establish an encrypted
link with the outside - it's very good at that. Moreover, it's much
easier to set up than other VPNs since it uses the familiar browser
interface (no VPN is truly easy to set up, but some crappy ones, like
Microsoft's PPTP, do have some fairly slick interface "wrappers" that,
say, open-source OpenVPN cannot match.)
Regards,
.
- Follow-Ups:
- Re: Encrypted VPN software?
- From: [Anonymous] Persona
- Re: Encrypted VPN software?
- References:
- Re: Encrypted VPN software?
- From: nemo_outis
- Re: Encrypted VPN software?
- From: [Anonymous] Persona
- Re: Encrypted VPN software?
- Prev by Date: Re: Encrypted VPN software?
- Next by Date: Re: Happy New Year!
- Previous by thread: Re: Encrypted VPN software?
- Next by thread: Re: Encrypted VPN software?
- Index(es):
Relevant Pages
|
