RE: Home VPN - Hamachi

["Mark Harrison (Groups)" <mph@xxxxxxxxxxxxxxx>]

On Sat, 2005-12-17 at 14:15 +0100, UKHA wrote:
>
>
> I'm not saying that the communications isn't encrypted, I'm saying
> that you're trusting a 3rd party
> not to listen in etc. Since there's no mechanism for you to test that
> your data isn't being sent to
> their servers - you only have their word... an AFaIK they have no
> track record to base any decisions
> on. Of course since they are encrypting data to their servers you have
> no way to know what data they
> are actually sending. Sure they have had Steve Gibson look at it - Is
> he going to validate every version?
> Is he just validating the encryption etc?
>
> Most (guess) people on the list are probably using IPcop/smoothwall
> etc, Personally If I were doing that I'd go the extra
> step and install openvpn on that and use the linux/windows clients to
> connect. Ok, so it's not zero configuration
> but it's a lot more secure that trusting someone you don't know...
>
>
> Andy
>

Andy,

I agree. Anything where you CAN install the client software on the
client machine, go that route.

I use OpenVPN to connect to the home network from my own laptop out on
the road. Patrick Lidstone put me on to it in this very group a few
years ago, and I've found it solid ever since.

However, I do find a need for a "zero-config" service from time
to time.

I don't use the Hamachi service, but I do use the logmein.com remote
control service to access my PC, which from my perspective accomplishes
a similar end result, albeit in a completely different way, but also
relies on the security of an external, relatively unknown, third party.

The reason I do this is at some client sites, I can't access the
Internet from my own laptop, nor can I load any software that requires
installation onto theirs. However, it is useful to have a tool that
allows remote access from a web browser. (Logmein has an ActiveX / Java
client set.)

I realise that, in principle, I could develop and set up a zero-config
service hosted off my own ADSL line, but that feels like a LOT of hard
work :-)

I have to say, private VPNs are not as secure in some parts of the world
as they are here. In one of the countries where one of my client
operates, secure performance is VERY slow - because all
"official" ISPs
into the country pass through a government-controlled interconnect, that
includes SSL-decryption hardware allowing them to listen in. Obviously,
real hackers can probably find a way round it, so the current set up
only serves to regulate the law-abiding in any case, but heh, I don't
make government policy :-)


Regards,

Mark