• Android: Protecting your network data from local snooping

    There's been a lot of news of late about the likes of NSA and GCHQ passively listening to Internet traffic. The steps in this post won't protect you from such a well resourced attacker, but will prevent others on open wifi networks and your mobile data provider from looking at the content of your phone's network traffic.

    A good example of the data that can easily be collected can be seen in this recent Ars Technica post.

    In this post, we'll be configuring an Android phone to conditionally connect to an OpenVPN server, dependant on whether it's associated with a specific WLAN

  • OpenVPN on CentOS 6 (Updated) - With HMAC

    I've previously documented how to install and configure OpenVPN on CentOS 6, but the steps appear to be outdated.

    In this documentation, we'll (very quickly) detail how to configure OpenVPN on CentOS 6. We're also going to enable TLS Authentication so that OpenVPN won't even respond unless the connecting client provides the right pre-shared key.

    You'll need the EPEL repos installed and enabled.

  • OpenVPN on Debian

    Setting up OpenVPN on Debian is as straight forward as on CentOS, though some of the file locations differ slightly.

    This documentation details how to install and configure OpenVPN on a Debian server.

  • Usurping the BTHomeHub with a Raspberry Pi: Part 5 - Inbound OpenVPN

    In Part 4 we configured our Raspberry Pi router to maintain a number of OpenVPN tunnels and to route through them selectively. Now we'll look at the steps needed to allow connection to our LAN via OpenVPN. Although helpful, as the HomeHub doesn't provide VPN connectivity, this stage doesn't really count as Usurping the BTHomeHub.

    The steps are almost completely identical to those performed when Installing Open VPN on Debian. We're going to have to NAT connections though, as the HomeHub is a little stupid and we can't add static routes to it (so if we're connected to the VPN and accessing the Internet, it won't know where to route the response packets).

    What we'll do, though, is only NAT if the connection isn't to something on the LAN.