|
|||
Using OpenBSD as a second router
I live in a college dormitory, and I don't particularly trust all the users on the school's network.
I'm wondering if I can set up an OpenBSD computer with pf and whatever else is necessary for security between my own PCs and the school's router to protect myself like in this wonderful piece of art I drew up. I guess there is really no way to encrypt incoming internet traffic that comes in from the school's router to OpenBSD then my computers, since anyone can sit there on the router's connection and peek at everything that comes rolling in, but I'd like to at least encrypt all of my outbound traffic by sending it to the OpenBSD computer first, then having OpenBSD ship out all the traffic encrypted so nobody can sniff the information (I'm not sure what's stopping them from decrypting all of it, but hopefully the encryption method available in OpenBSD will take a user lots of processing power and lots of time to crack). If there's a better solution for this, please let me know. Also I hope that it is a given that if anyone tries to target my connection through the router, they'll just hit the OpenBSD firewall and not be able to bypass it into my personal computers. If this isn't true, please notify me of this as well. As my knowledge on networking is less than par, I'm hoping the people on this OpenBSD forum might be able to be of assistance. Thanks in advance. |
|
|||
OpenBSD could be used to setup a private network in your residence, but the OpenBSD system itself would still associate with the college router the same way as other students do, i.e: encrypted wireless via WEP or WPA?
We don't know enough about your setup, but establishing a secure tunnel with that college router is probably not an option... It would be possible to securely tunnel connections to somewhere outside of the college.. a friends house? Anyway, hope that helps. |
|
|||
There's no wireless encryption on the router, so anyone who is outside can connect to them (but the router administration itself is passworded).
I used to have internet at home, but cancelled the service because: 1) I am at school 10/12 months 2) I need to save money #2 leads to the reason why I don't set up my own internet in my dorm room. So tunnelling is out of the question as I don't know anyone I can trust with the personal information I need to be transmitting online (logging into bank account, e-mail, etc.) Do you have any other suggestions? |
|
|||
Quote:
Note however, that OpenBSD does not have a monopoly over these technologies. Other operating systems offer them as well to varying degrees. |
|
|||
In general, on-line banking should be done over wired connections unless you have full control of the wireless configuration.
|
|
|||
Quote:
|
|
|||
Unfortunately what you want likely isn't possible.. there is no special way that OpenBSD can encrypt traffic going to the router without the cooperation of the colleges network administrators.
|
|
|||
Yes, encryption can thwart the reprobates, but the problem is that the encrypted packets eventually have to be decrypted at the intended destination. Unless you have a tunnel or configure a secured IPSec connection, the intended recipient(s) will simply see garbage. This is why control (at least coordinated...) at both ends is necessary.
|
|
|||
So would you guys safely say that getting my own internet connection would be the best solution in my case?
|
|
|||
Quote:
As voiced before, my biggest concern over the situation you have described is doing online banking over a wireless connection. In most cases, we over-exaggerate the importance of email unless transactional information & passwords are being exchanged. This assumes you aren't involved in gray to clandestine activities. |
|
|||
Thanks. I usually prefer a wired connection anyway, especially because of the connection speed. If I get my own internet, I will of course use wired connections for everything.
|
|
|||
What would you suggest for general websurfing? Especially since not all websites enable https
|
|
||||
You're missing the point, which both ocicat and bsdfan666 made -- if you want to have any traffic encrypted, well, that takes two entities, one at each end: an encrypter, and a decrypter.
You have only one "end point". It takes two to tango. There are anonymizing services, of course. For one example, google for "tor" |
|
|||
I've actually used Tor before, but I stopped mainly because it was so slow. Like, sometimes it would connect to a server in Germany when I start it up, and it would take about 3-5 minutes to load Google. Then I have to click "Google in English" because the Google homepage is in German, and it takes another couple minutes to load the English version of the website. Not to mention websites with actual content that take really long to load (like video streaming sites like YouTube, for example).
|
|
|||
Quote:
As has been indicated countless times already, what you want requires some additional setup.. it also adds some protocol overhead, encryption isn't cheap. Do you work for the government? is what you do classified? probably not.. but we don't know you. |
|
||||
only 5.
Quote:
|
|
|||
I'm just concerned about my privacy
Like, anyone can look through my underwear drawer if they want, since I have nothing to hide, but still, it's something I'd like to keep private anyway. Just stuff like that. |
|
||||
Then obtain a server (or a friend with a server) outside of your school's network, and encrypt your communication through it. A commercial server (or virtual machine) may be cheaper then a private ISP connection.
But you still must trust the remote server, and its network(s). There's lots of choices of traffic encryption technologies. What to choose will depend on your network applications and your network topology. But, without a system external to your untrusted-network, its academic. Regarding topology, your network traffic rules may disallow any or all of these:
|
|
|||
Would you happen to have any good, secure, reliable VPS you can recommend?
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DSL Router | Zvrk | NetBSD General | 1 | 18th June 2009 01:21 PM |
Good router | terryd | General software and network | 10 | 9th February 2009 09:31 PM |
D-link (DI-524) router | c0mrade | General software and network | 3 | 26th January 2009 08:14 AM |
Router shopping | Yuka | General Hardware | 8 | 23rd July 2008 02:51 AM |
Router for external IP's | bichumo | General software and network | 11 | 22nd July 2008 03:07 AM |