Open post
Chit Chat Across the Pond Lite logo

CCATP #483 – David Peck from Cloak Talks VPNs

Vpn affiliates get rich nowWith the recent legislation on privacy rules for ISPs in the United States, a lot of people are considering using VPNs to protect their Internet traffic from home. I thought this would be a great time to get Dave Peck on the show, co-founder of Cloak, my VPN of choice. This isn’t a show about Cloak but rather about VPNs in general. We talked about whether we should consider one for our home use, we talk about what kind of information your VPN provider may be collecting on you, we talk about the importance of understanding privacy policies.

Dave is very frank and honest about things like how Cloak handles things like logging of user data. Dave also answers some listener questions. There are some real surprises in this episode, in particular what you should know about those “top five VPN” lists you may have seen recently. I thought I knew where the discussion was going to go, and I was very surprised.

In preparation for this discussion, Dave wrote up his thoughts at davepeck.org/…

itunes
mp3 download

Open post
NosillaCast Logo

NC #611 Willow, Whistle, VPN for Secure Messaging, CrazyBaby, Cobra Backup Cam, Security Bits

It’s an action-packed show this week. I recommend listening to the latest SMR Podcast, not just because I’m on but because it’s a fantastic episode. We’ve got interviews with Willow about their wearable breast pump, Whistle’s pet tracker and activity monitor, CrazyBaby’s levitating speaker called Mars, Cobra’s wireless backup camera on a license plate frame, and we’ve got a Dumb Question Corner from Uncle Bob about VPNs and secure messaging services. Bart brings us up to date with another segment of Security Bits.


itunes
mp3 download

Continue reading “NC #611 Willow, Whistle, VPN for Secure Messaging, CrazyBaby, Cobra Backup Cam, Security Bits”

Dumb Question Corner: VPNs vs End-to-End Encrypted Messaging Services

Vpn diagramIn Dumb Question Corner, Steve’s Uncle Bob asked a really good question. It’s been a while since we did a dumb question so let’s review the rules. A Dumb Question qualifies for such a title if it’s something you feel like you should know the answer to, and figure everyone else must understand something you don’t. The questions are absolutely not dumb but it helps to call them that so you’ll feel ok asking them.

The second rule of Dumb Question is that ideally Allison will be able to answer them. I’ve been known to do a bit of research from time to time to figure out the answer, but in general it’s swell if it’s actually in my field of expertise. That brings us to our third rule, and it’s that you can’t ask me anything about iTunes. With that stage sent, here’s Bob’s question:

My question revolves around whether end-to-end encrypted chat programs like WhatsApp, Signal, and others are necessary if both parties already employ VPN’s? My understanding of VPN’s is that they encrypt all data between servers and mask the original IP address. That being the case, it would seem WhatsApp and other end-to-end encryption tools would be redundant. Another question stemming from this is whether both parties have to have VPN’s on their respective ends, or will it also work if just one party uses a VPN? Just something enquiring minds need to ponder to avoid Alzheimer’s.

I like this question because I knew that all of the information to answer the question was somewhere stashed away in my brain, but retrieving the right bits and assembling them properly was going to be the tricky part. Continue reading “Dumb Question Corner: VPNs vs End-to-End Encrypted Messaging Services”

CCATP #427 Barry Fulk on Mobile Device Management

Mobile iron logoIn this episode of Chit Chat Across the Pond, we’re joined by Barry Fulk. Barry is known as the nicest guy in the world who specializes in stalking Mac podcasters. He also directs mobile device management at a large, highly regulated company. He joins us to explain what MDM, or Mobile Device Management is, and how it allows two people in his company to manage thousands of iPhones and iPads. His specific expertise is in the MDM tool called Mobile Iron. We wanted to talk about this to help explain what the County of San Bernadino could have, and should have been able to do with Mobile Iron, which they actually had in house but didn’t configure properly. Barry and I talk about encryption and tunneling and data security. It’s a good geek time! You can find Barry on Twitter at @fulkb.


itunes
mp3 download

How to Update OpenVPN for Heartbleed OpenSSL Vulnerability

After the Heartbleed OpenSSL vulnerability was exposed, Donald Burr of otakunopodcast wrote up instructions on how to verify the version of OpenSSL we’re running, and how to update it. Here are his instructions:

If you run the command:

port deps openvpn

it will show you what other MacPorts ports that openvpn depends on. If openssl is *not* in that list, then that means MacPorts used the Apple-included version of openssl when building openvpn, and so you’re fine.

If, however, openssl *is* in that list, we now need to check what version of openssl was used. Run the command:

port installed openssl

This command will list out what version of openssl is installed.

If it is version 0.9.8, or version 1.0.0, then you are fine. If, on the other hand, it is version 1.0.1a through 1.0.1f, then you are using the vulnerable version of openssl and you must upgrade. This vulnerability was fixed in openssl version 1.0.1g, so if that version (or a later version) installed then you are also fine.

If you need to upgrade openssl, then follow these steps. First thing you need to do is update the MacPorts ports tree by running the command:

sudo port selfupdate

You may see an error about MacPorts base, you can ignore that. After this is done, we need to check what port upgrades are available. Run this command:

port outdated

and look for a line similar to this:

openssl 1.0.1f < 1.0.1g

This indicates that an upgrade to openssl is available. (In fact I understand that the MacPorts team have released an upgrade to the non-vulnerable version of openssl.)

Finally, to upgrade the openssl port itself, run:

sudo port upgrade openssl

Now you can rerun the command:

port installed openssl

And you should see the new version of openssl with the word (active) next to it, and the old version as well. You should uninstall the old version via the command below (assuming your old version is @1.0.1e_1).

sudo port uninstall openssl @1.0.1e_1

At this point you will probably want to re-generate all of your VPN certificates and keys. Just follow Allison’s clearly written ScreenSteps tutorial 🙂

https://www.podfeet.com/blog/tutorials-5/how-to-set-up-a-vpn-server-using-a-mac-2/

Start at the step “SECTION 6 – Donald’s Nifty Scripts of Doom”

How to Uninstall VPN Server on Mac

If you’ve installed a VPN server on your Mac using Donald Burr’s most awesome instructions but for some reason want to uninstall the server, here’s an uninstall script along with text-based instructions from Donald:

Download the script here:
https://dl.dropboxusercontent.com/u/169813/uninstall-openvpn

Find the place where you downloaded the script (probably in your Downloads folder), keep a finder window open and off to the side. Open a Terminal window, and type:

chmod [space] +x [space]

DO NOT press return yet. In the Finder window, drag the script into the Terminal window, it should insert its path in the command line you are currently typing. Then press return.

Finally type this:

bash [space]

Again DO NOT press return, but drag+drop the script from Finder into the terminal, then press return. The script should run now. When it’s finished reboot your machine.

How To Set Up a VPN Server Using a Mac

These instructions may seem arcane and complex but they’re really easy if you just follow along step by step. Donald Burr of Otaku No Podcast (otakunopodcast.com) created all of these instructions in text form, Allison just created the ScreenSteps tutorial!

I’ll be focusing on using a Mac on your home network using an Airport Extreme Router (of course any router will work but the screenshots will be for the Airport). If you have a router capable of installing the Tomato Router Firmware, you should look at Donald’s full instructions because you may not need to use a Mac at all for this, your router can do it all. See Donald’s notes for other options.

Read Donald’s instructions ===> here.

If you’d rather download this manual for easy off line reference, click here.

If you’ve installed the VPN Server but would like to UNinstall it, click here for instructions.
If you can connect to your VPN server but can’t get outside your network, click here.

Let’s get started already!

SECTION 1 – Setting Up a Static IP for the Server on the LAN Side

These instructions should be completed on the machine that will become the VPN server.

Open Network Preferences

wpid4031-media_1365280662765.png

Select Advanced

wpid4032-media_1365280675209.png

Copy the Mac Address

wpid4033-media_1365280721095.png

Open AirPort Utility

wpid4028-media_1365280516371.png

Click on your router, in my case it’s called White Dart.

Select Enter Router Password

wpid4029-media_1365280554220.png

Enter your password when prompted and click OK.

Select Edit

wpid4030-media_1365280584891.png

Select the Network Tab and Click the + Button

wpid4034-media_1365280882600.png

Paste in the Mac Address You Copied Earlier

wpid4035-media_1365280918919.png

Select Update

wpid4036-media_1365280952190.png

Select Continue

wpid4037-media_1365280961141.png

Quit Airport Utility when this operation completes.

SECTION 2 – Creating Account at No-IP.com

wpid4038-media_1365281321183.png

Navigate to http://www.noip.com and select Sign Up.

Create a Username and Password

wpid4039-media_1365281419227.png

Enter your Email address. Note the host name shown which is free, but if you want to pay you can get more options. Scroll down to the bottom of the page.

Select Sign Up

wpid4040-media_1365281428527.png

Email Confirmation Will be Sent

wpid4041-media_1365281518624.png

Click the Link in the Email

wpid4042-media_1365281542237.png

Download the Update Client

wpid4043-media_1365281570364.png

This client will run in the background and check to see if your IP address has changed, and if it has, will send it to no-ip.com

Download and Install the Client

wpid4044-media_1365282117739.png

Enter Your No-iP.com Account Info You Just Created

wpid4045-media_1365282485030.png

This menu should pop up automatically.

Click OK

wpid4046-media_1365282491538.png

Click on Hosts and Check the Box Next to the Host Name You Chose

wpid4047-media_1365282517357.png

It may take a few moments for the host name you selected at no-ip.com to show up. Make sure you note this name, you’ll need it later.

Select Update Now

wpid4048-media_1365282533083.png

Turn on the Daemon

wpid4049-media_1365282588526.png

I chose this rather than running the application in the background all the time.

SECTION 3 – Installing Xcode and Running Command Line Tools

Find Xcode in the Mac App Store

Install Xcode

wpid4050-media_1365282711107.png

Install Java

wpid4051-media_1365284749241.png

Xcode only installs the standalone Java, and it does NOT include the Java Web plugin that has been the subject of so many security vulnerabilities lately.

Select Install Next to Command Line Tools

wpid4052-media_1365285864062.png

Wait till the installation finishes and quit X-Code

Type xcodebuild -license to Open the License Agreement

wpid4053-media_1365287350119.png

Start Hitting the Space Bar to Scroll Through the EULA – A LOT of Times

wpid4054-media_1365287366580.png

Type Agree

wpid4055-media_1365287392448.png

Type agree

Joy of Agreement

wpid4056-media_1365287403891.png

SECTION 4 – Installing MacPorts

wpid4057-media_1365287788717.png

Navigate to https://distfiles.macports.org/MacPorts/ and scroll to the bottom to download the installer file for your OS.

Install MacPorts

wpid4058-media_1365288008992.png

Enter These Commands in the Terminal

wpid4059-media_1365288274692.png

To run the self update to Macports enter:

  source ~/.profile
then
  sudo port -v selfupdate

and enter your administrator password

Success

wpid4060-media_1365288401688.png

Open the VPN Software

wpid4061-media_1365288464077.png

Enter

  sudo port -v install openvpn2

and watch a lot of glop go by…

SECTION 5 – Installing Tuntap Drivers

wpid4062-media_1365288693615.png

Open the Package File (in the folder after tuntap expands)

wpid4063-media_1365288872704.png

Gatekeeper won’t let you just double click on the installer package (it will complain that it is from an unknown source), you have to right click on the installer package and choose “open”.

SECTION 6 – Donald’s Nifty Scripts of Doom

Download Donald’s scripts from: https://dl.dropbox.com/u/169813/openvpn-mac.tar.bz2

Type These Commands to Unarchive the Scripts

wpid4064-media_1365289258876.png

cd ~/Downloads
tar xvjf openvpn-mac.tar.bz2

Setting Up OpenVPN Server

wpid4065-media_1365290046566.png

We’re now going to run Donald’s scripts. Enter this command:

  cd openvpn-mac && sudo bash setup-openvpn-server

Name your Server (I’ve entered kyles-mac-vpn)
Enter the dynamic dns host name you noted back on no-ip.com (you DID note it, right?)

Keep Answering Questions

wpid4066-media_1365290326768.png

The first time through you need to answer these. These steps will be duplicated MANY times, but after this the answers will be there and you can simply hit Enter for each questions.

Hit Enter for All These Questions for an RSA Key

wpid4068-media_1365290494060.png

And Again for Some Reason

wpid4067-media_1365290461185.png

Keep Answering…

wpid4069-media_1365290595513.png

And Again

wpid4070-media_1365290809777.png

And Again…

wpid4071-media_1365290886144.png

Whew!

wpid4072-media_1365290948754.png

Enter passphrase and password as many times as they ask for it!

Finder Window Opens Showing config-files

wpid4073-media_1365291120916.png

Copy this file to Dropbox. It will be the first connection file you test. It would be good to name it something associated with the device on which you’ll use it (you’ll be creating one of these for each of your devices).

Create a New VPN Connection Document for Each Device You Have

In Terminal, enter:

  sudo setup-openvpn-client connection-name

where connection-name means something to you for each different device you’ll want to connect to the VPN server. Move each of these files to Dropbox to be picked up on your devices.

SECTION 7 – Opening up UDP Port 1194

wpid4074-media_1365291286486.png

Open Airport Utility again, select your Airport again, Select Edit again. Select the Network tab, and select the + under Port Settings

Enter Information As Shown

wpid4075-media_1365291365335.png

Select Update

wpid4076-media_1365291371431.png

Wait until your Airport updates.

SECTION 8 – Install VPN Software on iOS

wpid4021-IMG_5127.png

Download OpenVPN Connect from the iTunes App Store.

Open Dropbox

wpid4022-IMG_5128.png

Find the file you created and moved into Dropbox and tap on it.

Select the Open In Button in the Bottom Right

wpid4023-IMG_5129.png

Select Open in OpenVPN

wpid4024-IMG_5130.png

Click the Green Plus Button to Import the File

wpid4025-IMG_5131.png

Enter the Password

wpid4026-IMG_5133.png

Enter the Password you created in the creation of the file, and tap the Save switch to turn it on. Finally tap the Off Switch to Connect to the VPN.

Connected!

wpid4027-IMG_5134.png

SECTION 9 – Install VPN Software on OSX

wpid4077-media_1365292563757.png

Two options for a VPN application on the Mac. Donald recommended Viscosity from http://www.sparklabs.com/viscosity/download/ which is $9 per Mac.

After the show Dr. Matt suggested the free TunnelBlick from http://code.google.com/p/tunnelblick. I installed both and they both work well. This tutorial will be for Viscosity, but if you try Tunnelblick you have to do one thing to make it work. In the Settings, Configuration tab, select Advanced and then uncheck the box to use TunnelBlick’s tun/tap drivers.

Let’s keep going with Viscosity as our example.

Install Viscosity

wpid4078-media_1365292763152.png

Click on the icon for Viscosity in the menubar and choose Preferences.

In the Connection Tab Click on the Plus Button at the Bottom

wpid4079-media_1365292787379.png

Select Import Connection From File…

wpid4080-media_1365292806653.png

Navigate to the File You Created for This Device

wpid4081-media_1365292836675.png

In my case I called it alsmac so I could tell which one to open

Connection Imported

wpid4082-media_1365292845976.png

Connect Using Menu Bar App

wpid4083-media_1365293050152.png

Enter the Password You Created

wpid4084-media_1365293071771.png

No clue which one of the 198 I entered, luckily I typed the same one over and over again.

Fleeting Notification of Connection

wpid4086-media_1365293260928.png

To test mine at home I used a Mifi so I was on a different network.

Use the Menubar Icon to Disconnect When You’re Through

wpid4085-media_1365293105700.png

If you want to prove to yourself that you’re on VPN – go to http://ipchicken.com before and after you VPN and you’ll find that your IP changes to your home IP. Congratulations!

Scroll to top