Wi-Fi Hotspot Security: Using VPNs

By Eric Geier

November 29, 2006

Virtual Private Network tunnels supplied via your office, a paid service, or even DIY pave the way to secure connections.

As discussed in earlier tutorials, there are numerous security issues regarding the use of public wireless networks — all of which can be overcome. One of the solutions for users, as brought up in Wi-Fi Hotspot Security: Solutions for Users, is to use Virtual Private Networks (VPNs) to secure the real-time traffic of Wi-Fi hotspot users. This tutorial expands on the options you (the hotspot user) have regarding using VPNs.

Use Company Provided VPN

Many businesses provide their employees with VPN access. Although this access is typically put in place for employees to have remote access to the corporate network in order to access files and documents while away from the office, it may also be used to encrypt your communications while on an un-trusted network such as a Wi-Fi hotspot.

Check with a network administrator at your company for more information on using their VPN service. Specifically inquiry about polices for usage while on public wireless networks and public workstations.

Create your Own VPN Server

If you don’t have access to any VPN servers, create your own. Being able to remotely access files and documents from PCs where your VPN server is located is one of the advantages over using hosted VPN services. You can also access other devices on your network, such as Wi-Fi video cams to keep an eye on things while away.

First you need to figure out what VPN server you want to setup and use. Purchasing a special router with a built-in VPN server or setting up a server with Windows XP Professional are two common approaches.

When using the software-based VPN server features in Windows XP Pro, the PC running the server has to be powered-on for you to access your home network from a Wi-Fi hotspot. However, this isn’t the case if you use a hardware VPN server. VPN routers run as low as $70 to $130, with popular models including the Linksys WRV200 and WRV54G.

There are also other tools, such as the freeware or paid version of iPIG, that allow you to setup a software-based VPN server fairly quickly.

Using Windows XP VPN Server

To setup the VPN server on Windows XP Professional use the Create a New Connection wizard:

  1. Open your Control Panel.
  2. Open the Network and Internet Connections category.

If in Classic view, click Network Connections

  1. Click the Network Connections icon.

If in Classic view, skip to step 4.

  1. Click Create a New Connection, under the Network Tasks area on the left.

When running the wizard keep in mind that you want to setup an advanced connection that accepts incoming connections and allows virtual private connections.

If the PC running the Windows XP VPN server is behind a router - for example if it’s connected to a wireless or wired network rather than directly to your cable or DSL broadband modem — you will need to configure some settings. You need to forward data received from the Internet on the standard VPN ports (1723 for PPTP and 500, 50-51 for IPSec), to the IP address of the PC running the Windows XP VPN server. You should also ensure that VPN pass-through feature is enabled on your router, which is typically accessible from your router's web-based administration screen. Make sure any software firewall you’re running on the PC in question allows the incoming traffic as well.

Working with Dynamic IP Addresses

When you connect to a VPN server, such as a hardware or software one at home, you’ll need to know the Internet IP address where the server is running, which causes a small problem for those using dynamic, or frequently changing, IP addresses. Therefore, you should probably setup Dynamic Domain Name System (DDNS) which allows you to access your network (or VPN server) over the Internet using domain names instead of IP addresses.

You just sign up with a service to create a domain name (such as yourname.homeip.net) and input some information into the web-based administration screen of your router. Then you can begin to use your domain name, instead of your Internet IP address, which the DDNS system always points to your real IP address.

Check your web-based administration screen of your router for the DDNS systems it supports. Two commonly supported DDNS services which are offered free of change based upon certain conditions are Dynamic DNS and No-IP Free DNS.

Use Hosted VPN Services

If you aren’t a do-it-yourself type when it comes to computing and networking, then using hosted VPN services is likely the best bet to securing your Wi-Fi hotspot connections. In addition, the performance of hosted VPN services may be a bit better than using your own server setup at home.

These services are also typically developed specifically for securing user connections on un-trusted networks, rather than for remote access, so the client configuration, if any, consists of inputting a username and password. There’s not setup of VPN parameters over the heads of many consumers.

Here are several different hosted VPN services you can check into:

Eric Geier is the founder and president of Sky-Nets, Ltd., which operates a Wi-Fi hotspot network serving the general aviation community. He has also been a computing and wireless networking author and consultant for several years.  Eric’s latest book is Wi-Fi Hotspots: Setting up Public Wireless Internet Access, published by Cisco Press.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.