topic Re: How to build a VPN from scratch in four easy steps without spending one penny in ISC2 Security Congress

How to build a VPN from scratch in four easy steps without spending one penny

gregscott — Mon, 09 Oct 2023 09:30:04 GMT

In the wake of the COVID-19 crisis and everyone setting up emergency work-from-home infrastructures, here is a detailed cookbook for setting up a VPN from scratch without spending any money. It even has video demos. Enjoy.

https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/

- Greg Scott

Re: How to build a VPN from scratch in four easy steps without spending one penny

JKWiniger — Sun, 19 Apr 2020 03:48:24 GMT

The problem is that if you have a single purpose for a VPN, such as connecting to you work, that's great! The real problem is that if you are using a VPN to protect your privacy and defend again possible hacks it becomes a really problem! Far too may silly companies base their security on IP address, so when I have my VPN turned on I either get extra checks or I am not allowed to connect at all. While I do understand the thought that bad actors might be hiding behind these VPNs it completely ignores the more progressive user who simply does not want his ISP recording and selling his traffic. So for those who work in companies who block based on IP, please rethink this Policy!

John-

Re: How to build a VPN from scratch in four easy steps without spending one penny

gregscott — Sun, 19 Apr 2020 13:28:27 GMT

Well... yeah. The solution I documented is supposed to be for the single purpose of connecting remote workers to work. It's split-tunnel anyway, so **by design** it does nothing to protect against the other attack scenarios you mentioned. But even if it weren't split-tunnel, everything coming from that VPN would be from the same IP Address anyway, and so it would be a lousy solution for evading hostile governments. But it was never meant for that - it's only meant to connect remote workers to work.

The attack scenarios you brought up are real and they need a solution - but there are lots of VPN services designed to help solve them, and people have been connecting to them for years.

But - as I think this through - one huge weakness with VPNs in general is, as you pointed out - hostile ISPs can record traffic and analyze it later, and it's easy to spot VPN traffic. But now with COVID-19, if organizations everywhere adopt VPN technology, and now it's easy with my documentation, hostile ISPs can no longer make assumptions about VPN traffic. And so, maybe my documentation has some indirect benefit with the hostile government problem. But I don't think I'll pitch it that way.