Jump to content


Securely internet access on an online network options

open network security network internet hotel

  • Please log in to reply
18 replies to this topic

#16 +goretsky


    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 26 February 2013 - 09:23


As a slight modification of the suggestion to use a 3G/4G USB dongle, I would suggest a 3G/4G "Mi-Fi" personal hotspot. These are little (about the size of a couple of business card case holders stacked together) battery-powered routers which bridge an 802.11b/g/n connection to a 3G/4G radio. Advantage of using a hotspot over a USB dongle is that multiple devices (typically up to five) can connection at once (tablet, smartphone, laptop) which is useful if you are traveling with with co-workers, a spouse and so forth. There are a few pay-as-you-go ones, as well as with services from the normal carriers. I have used devices from Novatel Wireless and Samsung on AT&T and Verizon and found that on 4G they typically outperform hotel and coffeeshop wireless connections. Disadvantage is, of course, that it requires the purchase of additional hardware plus a monthly recurring cost for billing, but as a business expense you would at least be able to deduct it.


Aryeh Goretsky

#17 +BudMan


    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 26 February 2013 - 13:05

I don't really see the reason to bring your own connection to the party? Sure if the OP has issues with getting a connection than that is one option, and would be more secure than open wifi from the standpoint of other users of the wifi sniffing his traffic for stuff in the clear.

So to clarify the issue - is other open wifi users sniffing traffic and gleaning information from stuff sent in the clear. Be it a misconfigured website that does not https the login (sad to say like neowin). Or snagging the cookies and highjacking a logged in session, etc.

So to mitigate this specific problem, then yes a vpn to a location off the wifi network would be simple easy solution. This could be as simple as ssh session to a location outside the hotel and tunneling your browser traffic through that session. This takes 2 seconds to setup with putty and any ssh connection you might have. School, webhost serverver, vps, home, etc.

Or you could run actual vpn. Be it your home router supports it or you run a server on your network for it, etc. Now my router is pfsense - which has multiple vpn solutions built in. So I run openvpn on 443 tcp and the standard 1194 udp port.. You never know where you might not get udp ports outbound, this is why I like the 443 option. If you have internet access, its pretty good shot that 443 is open. The suggested ipsec vpn to a pix while that is a great solution - not all locations are going to allow a ipsec vpn which requires protocols 50 and 51 and some ports outbound that are not really standard - quite often you need static source port nat on the udp 500 port for passthrough, etc. I have been to some hotels where you have to ask for a special connection to be able to use that sort of vpn.

Where as a ssl based vpn normally can bounce off a proxy even.. So it a more robust option in my opinion.

If you don't have a location you can run your own vpn connection - then sure you could sign up for a service. Not a real fan, because now your routing all your traffic through a 3rd party that may or may not be reputable. Then is also Tor as an option - it is free, and would protect you from local wifi sniffing, etc.

If you can not run the vpn/ssh connection at home - or if you want a safety net for if your home connection is down. I would suggest you find a lowend sever for such duty. I have one that cost only $15 year - now it only allows for 500GB of traffic a month. But hey my home comcast is suppose to have a 250GB cap, so doesn't seem like an issue. Works out great as a vpn/ssh endpoint - I mostly use it for testing and you just can not beat the price.


BTW for those tablet users - openvpn has released official client for ios

There have been options for openvpn for android for quite some time, but it was nice to see finally offer something for ios that did not require jailbreak/root access. And here is the official android openvpn client https://play.google....openvpn.openvpn

Openvpn server can be as simple to setup as launching a VM for your fav vm host, be it virtualbox, vmware, hyper-v, etc. If you router does not support it.

#18 trek


    7 / X

  • Joined: 11-August 02
  • Location: Vancouver, Canada

Posted 26 February 2013 - 17:14

Now Budman has me wanting to upgrade my PIX to an ASA for the Cisco AnyConnect SSL VPN :p

#19 +goretsky


    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 27 February 2013 - 08:51


I still use a VPN connection to get into work (actually several, but that's another story), but I was thinking in terms of getting off of the hotel's network (wireless or wired) in its entirety. It really depends on what your needs are and, of course, your budget. One nice thing about providing your own hotspot is the ability to use it in places where you have cellular coverage, but no or poor network connectivity.


Aryeh Goretsky