Tunneling WiFi Traffic
 

I found another thread from 2003 that somewhat described what I am wanting to accomplish. I would like to do the following: While at coffee shops, be able to have encrypted traffic (with SSH and VNC??) back to Smoothwall box (via the static IP address supplied by DynDNS service), then turn around and have the traffic re-routed, still encrypted, out to the requested Internet sites. I guess this scenario would be similar to the GoToMyPC concept, except it would be on my hardware and Internet connection.
I'm just getting too paranoid about surfing in the open at coffeeshops (never any shopping or banking-type transactions!) and want to nail things down.

Here's my particular configuration:

Home using Smoothwall firewall system (running on an old Pentium I w/128 MB RAM and 10 GB HD):
o Cable Internet into ethernet NIC (unfriendly/Internet-facing "RED" NIC) - gets dynamic IP address via DHCP from cable provider.
o Second ethernet NIC out to switch (trusted/home network on "GREEN" NIC) - Smoothwall's own DHCP server doles out IP addresses to home PCs.
o Smoothwall offers the option to use DynDNS service to get a static IP address that the Smoothwall box can be referred to from the Internet.
o My Smoothwall box has Squid turned on, mostly for caching web content to help speed things up. Also has the Smoothwall firewall and Intrusion Detection System (Snort).
o Our current cable connection provides top end of 7-9 Mb throughput on a very consistent basis. I would sure like to use this.

SuSE 10.0-based Dell laptop with (wired &) wireless for unsecure coffee house Internet access. I also do WPA secure wireless access at home sometimes.

Are there any good, understandable how-to on this? Any suggestions and links would be greatly appreciated!

-*-Bill

I don't know about doing exactly what you describe, but if you are just concerned about your unencrypted wi-fi traffic, I have a couple of simpler suggestions you might want to consider.

One would be to use Tor. This is anonimyzing software that bounces traffic between several Tor servers. All the traffic is encrypted until it gets to the "exit router". From the exit router to the website it is unencrypted unless you are using SSL/TLS. But from your computer, to the wi-fi access point and beyond it is encrypted. If you are using SSL/TLS, you will also have end-to-end encryption as normal. The down sides are that Tor can be somewhat slow and it is possible your access point will block this.

The other thing you can do (if not blocked by the access point) is to set up a ssh tunnel using the -D switch and then set up your browser to use a SOCKS proxy. Set the proxy to localhost and the port you specified to ssh. Again, this will give you encryption over the wi-fi connection to wherever your sshd is listening, but unencrypted beyond (with the usual SSL/TLS exception).

well if it's security not anonymity you're after then that'll be a vpn, simple as that really. ssh tunneling would be a simple approach, but just running something like OpenVPN would give you much more generic access to more network services. if you're not using a trusted client pc, with your own software, you could use somethign like sslexplorer to have a clientless vpn.

VPN, Tor, and ssh all encrypt the traffic to and from the mobile computer, which I thought was the OP's main concern. I can't speak to the relative quality of encryption. Of these, VPN would certainly provide the most exhaustive solution, Tor would add the benefit of anonymity but it is sometimes slow, while ssh is probably the simplest.

re: Tunneling WiFi Traffic
 

Acid_kewpie,
Thanks so much for the response.
Obviously, since I am asking about this stuff, I haven't played with any of these options, with the exception of using SSH between hosts. Here's what I've done so far:
I've gone to DYNDNS.COM and set up a connection to the current dynamic IP address I get from the cable Internet provider and now have a DNS entry that will be a way for me to talk to my home firewall box for now. I've turned on the VPN option in the installed Smoothwall box. I'll have to see if I can talk to it from the Internet.

I'm going to have to do some googling to see if I can get up to speed on this. I'd really like to find a decent solution I can use with my SuSE-based laptop and also for my wife when she uses her IBM Thinkpad running Windows 2000 out and about. The VPN option should work for our systems. I've heard of Tor but haven't really tried it out. One option I've seen is to run it from a thumbdrive from any PC. Again, thanks for the response and the info you shared.

-*-Bill

re: Tunneling WiFi Traffic
 

Blackhole54,
Thanks for responding and following this thread.

My response to Acid_kewpie touches on what you are writing about: sounds like a VPN might be the best solution - I'll have to dig into it and see what I'll need to do. I've seen Tor but haven't really used it yet.

I hope to keep posting to this thread with more info as I move along this path. Maybe set this up as a how-to here on LinuxQuestions. Thanks again for your responses!

-*-Bill

Maybe create an entry for the LQ wiki? Just a thought ...

yeah it's not great to use a forum as your own private notepad...

re: Tunneling WiFi Traffic
 

That's a great idea. I visited the Smoothwall.org community forums and posted this question there too. (Made sense - this would be something Smoothwall users would do quite often.) I got a response back that I've tentatively tried out at home and will investigate further in the next day or so. Here's the link to the forum responses:
http://community.smoothwall.org/foru...=167567#167567

Thanks again for your suggestions.

-*-Bill