i wanted to do uh something on vpns since i've heard a lot of everybody ask questions about them and some people know about them some people don't so i figured this would be a good kind of high overview of vpns and then at the end of it uh we're gonna have a demo to show some easy ones to set up and something that we can kind of hope everybody can uh get the hang of so if you don't know what a vpn is a vpn is a virtual private network it is uh it can be just something you have at your house or it can be something that uh your work sets up but it creates a private network for you to access the internet through so there it essentially creates a tunnel between wherever you're at and the internet to help you protect from hackers or anybody else on the network can't really see what you're looking at so that goes into why it's important so it increases online safety like we said uh with protecting against hackers without a vpn you're vulnerable to attacks of those types and uh it also hides your internet traffic and uh your data is also encrypted whenever you're on it so it goes through that tunnel so a lot of the vpns that we're talking about are remote access vpns if you're at a public hotspot or you're at starbucks and you connect to a vpn you can using a remote access vpn that connects to some location where you have your vpn set up that's what is the most common that's what everybody's really familiar with these side to side vpns are primarily whenever you have companies that have multiple sites so you have multiple locations for your business but so side to side vpns are primarily for corporate side you're not really going to set anything like that like that up for yourself with the remote access vpns we have three different types that we're kind of going to talk about you have your self-hosted vpn uh services so self-hosted are in your house or on your on your router or at somebody else's house or something like that something that you have set up and you are managing yourself and it connects you to the network at that location cloud hosted we can talk about um aws or azure where you're hosting the vpn service there and then there's also paid vpn services like nordvpn or purevpn your most popular ones there so we listed a few of them here and you can go check them out the prices can vary but a lot of them offer a lot more functionality than if you were to set one up yourself unless you want to put in the extra work so one of the demos we're going to get into is openvpn or algo so um this is actually this particular slide is just showing that you can set up an open vpn server on say a spare windows pc uh the demo that we're actually going to be doing is setting it up on a significantly smaller device being a little raspberry pi but the benefits of openvpn on your own equipment is free server installation free client installation unless you go with their enterprise editions it's not very hard to set up and they've got you know guides to set it all up for you so openvpn is mainly used for you know the remote type vpn where you're going to be setting it up to access your networks at your home or something like that algo is more of a it's more of one of those sort of paid vpn solutions although it's set up on its like you're setting up the paid solution you're not actually paying someone to do it so if you have a digitalocean account amazon azure google cloud engine anything like that but you say have a developer account on you can push algo to one of these one of these cloud hosting environments and then have your own you know kind of quote unquote paid system that are a lot more left they're a lot less worrisome than some of your other paid paid subscriptions because they can harvest your data depending on which paid subscriber you go with they can harvest your data they can do they can trace where you're going they can sell your data there's a lot that goes into it as far as like you paying for something you don't know exactly what they're doing depending on which you know end point you're connecting to so this get algo gives you a single endpoint you manage it you deal with it and you can set it up to be exactly what you want to do but for our representation of this you know our demo we're just going to be installing it on a raspberry pi very quick very easy i have a windows system set up um just a windows vm setup just for kind of showing how this works on a windows system um that connection i have terminal open to my raspberry pi that's sitting here on my desk i'm going to be running ubuntu server on it it's recommended that you use something like raspbian or diet pie something that is specifically made for the pie this is just my choice of os um and then i've got a finder window so that i can pull out the uh the data set or the openvpn file throw it on my computer and show you how some of the other options for the mac work what i'm going to do is i'm just going to go ahead and ssh into my machine it's already set up as i said this is ubuntu server i'm running on the raspberry pi i'm just going to go ahead and do a little bit of a missing things all the time and i'm going to be using pivpn dot dev and basically this is an install script that does almost everything for you including the instantiation so if i run this on my machine basically it's going to walk me through a process saying this is if you were to put it on a regular trusted system for a raspberry pi then you wouldn't see this but yeah i'm going to continue it's going to pull some packages in for doing automated updates to the system so you don't have to worry about it to allow tables to be run through or sorry ip tables be run through properly a bunch of different other things so it needs a static ip address or we'll pull the dhcp out of your router which is exactly what we're going to do if you you can use this to install it on multiple different kind of hosting platforms and it'll automatically pull in the the static ip address of the machine and also the external ip address of the machine which is kind of nice so i got to choose a user that will host my configuration i just made one called core this is asking if i want those unattended upgrades so if you don't necessarily want to manage this 100 all you have to do is for your security patches and whatnot is go ahead and apply this um and yes we want to apply security patches and it's going to restart the service that was installed and it should continue on all right so we're going to use you uh udp connection because udp and tcp there are two different sort of connection states depending on which routes you're actually running through tcp offers a little bit of a difference if you go through with your ssl connections udp uses tls connections instead of ssl so we're just going to use udp since it's just as stable and it's actually a lot quicker we connect to the default port you can put your own port in here if you don't like the default open vpn port if you're on something that doesn't allow open vpn then you can use something higher in the 30 40 50 000 range and yeah i'm gonna go with that so this allows you to select your encryption level if you're absolutely insane you can choose paranoid level which is 521-bit certificate 384 or 256. depending on what size certificates that you actually go with it will limit the speed of your data transfer because it does have to encrypt every single packet that's going through with this certificate so i just use 256 as its base select my public ip you can use a dns if you have a public dns something like no ip or duck dns or if you have your own site from name cheap or godaddy or something like that you can do a dd client to pull in any uh ip changes so that works pretty well so we'll just use my public ip since that's what we're using now we select our dns provider google is fine it's 8.8.8.8 and 8.8.4.4 which mainly the entire internet runs on and no custom search domain and then we're good so now everything is 100 complete with the installation and now all we need to do is add our profiles and it's going to ask me to reboot so i'm just going to go ahead and say no because i don't want to do that right now but we'll do pi vpn and it will give you a bunch of different options you can do this in one string set or you can do it in a option basis so i'm just going to go ahead and say justin windows for my client name i want my studio to last for a long time enter my password and again and then it pulls out all of the key certificates um and the tls private key to create your vpn so we can actually see that it created this particular one if i wanted to add another user say i want to add just mac same duration i now have two separate ones that i can pull you don't have to have you don't have to have one for each machine you can use one for your phone your mac your windows pc your site to site vpn it doesn't necessarily matter so i'm gonna go ahead and swap over to my mac and i'm going to say okay i have this mac openvpn and i want to go ahead and install this to tunnelback and basically what tunnelvic is is a this is the openvpn client for macs in general so i'm just going to say all users and i'll type in my password my mac and i've got a connection point right here just being my mac now i haven't opened this up to the entire world next up is the windows environment if i just hop over to my raspberry pi which is running at my iphone 43. uh this is just a really basic subnet that i brought up uh just for this demo i'm going to forward open vpns i can grab this particular vpn just windows and i can import this into openvpn connect and then i have openvpn connect running whenever i start the machine and then i can just go ahead and connect to it if it was open to the public but that's a that's to get from your hotspot sorry from anywhere you're working i like to go and work at starbucks for instance whenever i don't have a ton of meetings that allows me to go to starbucks log into my vpn at home if i need to access one of the shares on my computers at home to pull up a document that i forgot i can do that if i need to make sure all of my information isn't being sniffed out you know from the clients that i'm working on so usernames and passwords or anything like that are all fair game whenever you're out in public connected to some sort of public network this basically eliminates all of that because you're using a tunnel system uh you're tunneling all your traffic from your machine to your whatever machine is sitting at your house the same thing works for say like nordvpn or private internet access or pia but it goes through a different methodology of they supply the endpoints and you connect to the endpoints so you're anonymous but that's all you get is the anonymity and well the anonymity and the tunnel but you don't get access to anything that's like say at your home or at your uh in your own network at your house now this demo we did was for setting up a raspberry pi at your own location at your home network you may not have a raspberry pi so this can be done on other machines so if you have like an old windows computer old linux computer or just something that's maybe just sitting around that you want to install linux on this would be pretty easy to get it up and running and get a just a vpn setup at your home network so you saw the open vpn connect and the tunnel blick but this is also shows the other vpn clients that they have for like nordvpn just kind of some images there but your vpn clients are what you'll have on your machine that's actually connecting to the vpn so this is what you'll go through for connecting to the vpn that you set up and most paid solutions will have their own type of uh client and you're just talking about different hardware um you have different routers that you can set up vpns on i know asus routers you can install openvpn on those or you can do different vpns built-in vpns that they have ubiquity any of those routers have them and then you also have your router software that you can put in there that will have these vpns built into them as well the asus routers offer an openvpn solution or a pvtp type vpn there are several different types of vpn but there are some of them are easy to use in others tp-link routers are openvpn or pptp as well and then ubiquity uses l2 cp which is a higher connection level um the same thing that the micro routers use as well then the software is actually things that you can install as say a virtual machine or if you have if you're into technology and you have a network stack and you want to have more visibility over your your network as a whole you can use something like pfsense and it has vpns built into it clear os my truck os or xero shell all of these are very easy well they're relatively easy to use prosumer type operating systems that are built for routers so those have a lot more functionality as far as your your routing for your vpns if you want to route to specific vlans or whatnot they'll allow you to do that easier these aren't something that you're going to set up on your windows computer at home without some additional setup steps so this isn't as easy as the uh the vpn demo that we did earlier our main purpose in doing this is to let you use your computers in public locations a little bit safer than you may have been before i mean i know not everybody has set up vpns and knows about vpns and you may have been in public locations and using just wide open networks so hopefully this will keep everybody a little bit safer in the future all right and that's it for uh for our share the wealth [Music] you