In this section, you’ll learn how to setup a VPN proxy to secure browsing activity when using public Internet access and insecure WiFi hotspots.
What is a VPN Proxy?
When most people think of a VPN proxy, they usually think of 3rd party services like PureVPN.com, IPVanish.com, and HideMyAss.com. These types of VPN’s are designed for anonymity. They manage hundreds, sometimes thousands of servers all over the world. The moment you connect to one of their servers, a VPN proxy is established and your browsing activities will appear to originate from the server you are connected to, instead of your real public IP address. So, not only is the connection secure, but you can also browse the internet –anonymously.
If you are not comfortable paying fees and you’re willing to forfeit anonymity, you also can use your Tomato router as a VPN proxy. In this case, when you are connected to a public WiFi hotspot, your Internet browsing activity will be re-routed through the VPN tunnel and your public IP address will be that of your home router, NOT the public WiFi you are connect to. To the Internet world, it will look like you’re browsing from home, when actually you are sitting at Starbucks enjoying a latte’.
When you connect to the Internet from a public location, don’t think of it as “Internet access”. Think of it as “access to your VPN”. Why? Because your VPN server (Tomato router) has access to the Internet. And when you connect to your VPN, the connection is secure. To illustrate this, let’s talk more about the “push” command that we discussed in the OpenVPN Static Key tutorial.
push "redirect-gateway def1"
Without this command, your VPN tunnel still connects your laptop to your home network but your Internet browsing activity still passes through a public Access Point! This means that the public Wi-Fi hotspot will act as your gateway to the Internet. The challenge with using public Internet access is that the wireless link may be “unsecured”. And even when it is secure, you don’t know who else is connected to that network –and that’s not good. Study the illustration below and pay attention to the padlocks between each client.
While your VPN network is secure, the wireless link between your laptop and the public hotspot has NO encryption. Any hacker worth their salt can see what you’re doing online! The “push” command forces the clients’ internet traffic to the VPN Server through an encrypted tunnel. The public hotspot is merely providing your laptop with access to your VPN. Using the “push” command, it looks more like this:
The benefit is security. The drawback is speed. Upload speed from the VPN proxy plays an important role in the overall performance. SpeedTest.net says our upload speed is just over 11 Mbps when we are physically connected to our LAN using a wired connection.
The download speed of the VPN client, can only be as fast as the upload speed of the VPN server. Two things will affect speed at this point: (1) the quality of your VPN server (your router), and (2) the upload speed of the internet connection provided by your ISP.
We can confirm our speed and IP address by checking the status of the network adapter in charge of our VPN. On your client computer, be sure you are connected to your VPN; then click the ‘Start’ button and type ‘view network connections’ in the search bar.
Now, we can see all of the network interface controllers for our computer. Some control wireless connections, and some control wired connections, but the TAP adapter controls our VPN connection.
Click ‘View Network Connections’.
Locate the TAP-Windows Adapter. Right-click and choose ‘Status’.
When we connected to the VPN, the router issued our computer a private IP address just as if we were physically connected to the LAN from inside of the building. Click ‘Details’ to view the network connection details of the TAP adapter.
As you can see, my VPN client has been issued a private IP address of 192.168.88.129. Remember, there are Public IPs, and Private IP’s. When you initiate the VPN connection from a client, the VPN server issues the client a private IP address. (In my case, 192.168.88.129). This can also be seen from the device list in the Tomato GUI.
View Clients Connected To Your VPN Server (Tomato Router)
Login to the router and navigate to: Status > Device List
Enjoy secure browsing with your VPN proxy
If you connect to your VPN, your public IP address will appear as if you are physically at home (providing of course, that you are using the “push” command). If you are not using the “push” command, you can still connect to the VPN but your public IP address will be that of the access point you’re connected to (coffee shop, hotel, etc).
Make note of the following public IP’s. One is my home network. The other is a public place.
- My Home Public IP: 68.52.xxx.xxx
- Coffee Shop Public IP: 76.114.xxx.xxx
Go to Google and type “what is my ip” to display your public IP address.
As you can see, even though I’m connected to a public Wi-Fi network, my Public IP address is seen as that of my home (in this case, 68.52.xxx.xxx). This confirms that my internet traffic is now traveling encrypted through the VPN tunnel.
When I disconnect from the VPN, my public IP changes to that of the coffee shop where I’m connecting from (in this case, 76.114.xxx.xxx). This is not secure! So, whenever possible, connect to your VPN when using public Internet access.