[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT a bit] -- OpenVPN and mobile safety

On Tue, 28 Nov 2017 21:28:55 +0900
Mark Fletcher <mark27q1@gmail.com> wrote:

> On Sun, Nov 26, 2017 at 04:18:12PM +0000, Joe wrote:

> > 
> > Note that most (maybe all) free wifi systems will want you to
> > provide some authentication before you are connected to the Net,
> > generally through a web page. In some systems, you may have a need
> > to access the web page after the VPN is up, so it is probably
> > advisable to allow web access to the wifi network as well as DHCP
> > and OpenVPN. 
> That would defeat some of the purpose -- allowing the tablet 
> (specifically bloatware) to access the local network would (continue
> to) expose me to gawd alone knows what on unknown and untrusted
> networks. Obviously the network outside my home LAN is no more
> trusted than a hotel / coffee shop / airport WiFi is, but bad actors
> are known to loiter on such public networks waiting for idiots like
> me to come along, and I'm interested in seeing to what extent I can
> dodge them.

But in a network of that kind, you have no choice: you *must* connect
to the authentication web server, in order to be granted access to the
rest of the Net. If you try to connect to anything else, you will be
redirected to that server. If that server has been hacked and malware
installed, tough, there's no way to avoid it, it's one of the risks of
using free wifi.

Allowing web access *out* through the wifi interface is not optional
before the VPN is up, and will only allow the tablet to initiate a
connection to a web server in that local network after the VPN is up. It
will not allow anything there to initiate inbound connections at any
time, nor outbound web connections to anywhere else, they will get
routed through the VPN. If you have something installed which can make a
connection to another web server in that local network without action
on your part, you've already been hacked, and there's nothing left to
worry about...


Reply to: