classfolkphile Posted June 24, 2018 Share Posted June 24, 2018 I apologize in advance for the probable simplicity of my questions as I am not computer savvy. TIA to all who reply. So, I've finally subscribed to NordVPN but am unsure which protocol to use, OpenVPN or IKEv2. (Nord just said both will work well.) The former is apparently the most secure, the latter a bit faster. There are only two of us in the house, so although we have three TVs, a single point Sonos system, three computers and two cell phones, we are unlikely to be using more than three of these at a time. Will OpenVPN be problematic speed wise under these conditions (streaming music/video on two devices, surfing on another)? Given that we have more than six devices, would one or another protocol provide more security for our network as a whole? I.E. could we configure the router to shield the multiple TVs/computers? Can we use one protocol on some devices, another on the others? 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
classfolkphile Posted June 24, 2018 Author Share Posted June 24, 2018 Ok, so after finding the Tutorial and Chat pages, I've found that I can't configure my AT&T supplied router for VPN. And that I can use different protocols for different devices, which is what I think I'll end up doing. 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
plissken Posted June 25, 2018 Share Posted June 25, 2018 NORD VPN (and other like it) use a software client that emulates an NDIS adapter that has configuration settings for establishing a VPN tunnel. Either VPN client should work and you won't be touching anything on the ATT equipment. VPN's will slow down what you normally get because you are at the mercy of the speed on the far end of the tunnel. What problem are you looking to solve? Link to comment
classfolkphile Posted June 27, 2018 Author Share Posted June 27, 2018 I'm looking for an increase in general privacy and to avoid malware and hacking. I'm just going to load the software into our computers and cell phones and see how it works. 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
plissken Posted June 27, 2018 Share Posted June 27, 2018 29 minutes ago, classfolkphile said: I'm looking for an increase in general privacy and to avoid malware and hacking. I'm just going to load the software into our computers and cell phones and see how it works. VPN's generally allow you to establish a connection that looks like it's originating from another geographic location. Most websites are HTTPS so that's privacy protection right there. What you really may want is a managed DNS service. I use Open DNS. It's basically a service that keeps a list of know malicious sites and won't allow name resolution to IP Address lookup. VPN's are NOT going to protect you from malware and hacking. Link to comment
mansr Posted June 27, 2018 Share Posted June 27, 2018 17 minutes ago, plissken said: Most websites are HTTPS so that's privacy protection right there. HTTPS protects against interception of communications by third parties. The server still knows who you are (IP address), and any router in between also knows that you are communicating with the server. A VPN hides your identity from both. Link to comment
firedog Posted June 27, 2018 Share Posted June 27, 2018 A good VPN protects privacy because it prevents anyone, including your ISP, from seeing your online activity. On public networks it also prevents you from being hacked. Main listening (small home office): Main setup: Surge protectors +>Isol-8 Mini sub Axis Power Strip/Protection>QuietPC Low Noise Server>Roon (Audiolense DRC)>Stack Audio Link II>Kii Control>Kii Three BXT (on their own electric circuit) >GIK Room Treatments. Secondary Path: Server with Audiolense RC>RPi4 or analog>Cayin iDAC6 MKII (tube mode) (XLR)>Kii Three BXT Bedroom: SBTouch to Cambridge Soundworks Desktop Setup. Living Room/Kitchen: Ropieee (RPi3b+ with touchscreen) + Schiit Modi3E to a pair of Morel Hogtalare. All absolute statements about audio are false Link to comment
Jud Posted June 27, 2018 Share Posted June 27, 2018 I use OpenDNS also. It's now owned by Cisco if I remember correctly. Google DNS is the other big public DNS server offering. They might provide slightly faster Web access than going through your ISP's DNS servers. OpenDNS is on average a little quicker in the US, Google in the rest of the world. And OpenDNS does maintain a blacklist of bad sites. For malware and hacking a nice AV suite is good. I currently use ESET. For privacy a VPN will do better than a public DNS or AV suite, though it will slow down web access a bit due to going through the VPN's servers. One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
Popular Post duxservit Posted June 27, 2018 Popular Post Share Posted June 27, 2018 This is an apple vs orange comparison of two VPN technologies at different layers of the IP stack. IKE is the cryptographic key establishment protocol (RFC2409) used for IP/IPsec layer (at layer 3, or better “layer 3.5”). OpenVPN is an SSL-layer VPN established above the TCP layer. (RFC5246 for TLS1.2). For home use (short TCP bursts, tear-up, tear-down VPN), I suggest using OpenVPN. If if you want a long-term VPN (e.g. home to office) that’s up 24x7, then you would use an IKE/IPSec VPN. plissken and Jud 1 1 Let every eye ear negotiate for itself and trust no agent. (Shakespeare) The things that we love tell us what we are. (Aquinas) Link to comment
plissken Posted June 28, 2018 Share Posted June 28, 2018 3 hours ago, mansr said: HTTPS protects against interception of communications by third parties. The server still knows who you are (IP address), and any router in between also knows that you are communicating with the server. A VPN hides your identity from both. You are still going to traverse the open internet from the VPN. It's basically called a remote gateway at that point and it does at least provide a 3rd party end point being presented. Protecting your DNS queries is more important IMO. Link to comment
classfolkphile Posted June 28, 2018 Author Share Posted June 28, 2018 9 hours ago, firedog said: A good VPN protects privacy because it prevents anyone, including your ISP, from seeing your online activity. On public networks it also prevents you from being hacked. This is primarily what I was referring to: protection/privacy while on a public network. Can I use OpenDNS while also using a VPN? 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
Jud Posted June 28, 2018 Share Posted June 28, 2018 4 hours ago, classfolkphile said: This is primarily what I was referring to: protection/privacy while on a public network. Can I use OpenDNS while also using a VPN? I see no reason why not. OpenDNS and Google DNS are free, so just find a free VPN or one with a free trial and try it. One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
plissken Posted June 28, 2018 Share Posted June 28, 2018 5 hours ago, classfolkphile said: This is primarily what I was referring to: protection/privacy while on a public network. Can I use OpenDNS while also using a VPN? This technically doesn't change much. Now the VPN service can see everything instead of your local ISP. You are potentially changing deck chairs on the Titanic. Link to comment
mansr Posted June 28, 2018 Share Posted June 28, 2018 If you really want to hide, you'll need to use something like Tor, and even that is far from perfect. Link to comment
plissken Posted June 28, 2018 Share Posted June 28, 2018 1 hour ago, mansr said: If you really want to hide, you'll need to use something like Tor, and even that is far from perfect. Honestly the only way to 'hide' is to go entirely off grid. Then again maybe not: https://www.marketwatch.com/Story/a-new-data-breach-may-have-exposed-personal-information-of-almost-every-american-adult-2018-06-27?&siteid=yhoof2&yptr=yahoo Link to comment
mansr Posted June 28, 2018 Share Posted June 28, 2018 2 minutes ago, plissken said: Honestly the only way to 'hide' is to go entirely off grid. In some unexplored jungle. Probably still need an underground bunker to avoid detection by spy satellites. plissken 1 Link to comment
classfolkphile Posted June 28, 2018 Author Share Posted June 28, 2018 2 hours ago, plissken said: This technically doesn't change much. Now the VPN service can see everything instead of your local ISP. You are potentially changing deck chairs on the Titanic. I gather there is some skepticism about VPN's claims of not recording usage logs? But doesn't using a VPN help protect against hackers in your proximity while on a public network? 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
plissken Posted June 28, 2018 Share Posted June 28, 2018 2 minutes ago, classfolkphile said: I gather there is some skepticism about VPN's claims of not recording usage logs? But doesn't using a VPN help protect against hackers in your proximity while on a public network? VPN's, as you are wanting to use them, don't reduce your footprint of hacker attack. You are still exiting into a public internet at some point. Now when I setup box to box VPN's or client to box for private companies to give them a back haul link for protected traffic then I am protecting them from attempts at gaining access. Link to comment
classfolkphile Posted June 28, 2018 Author Share Posted June 28, 2018 2 hours ago, mansr said: If you really want to hide, you'll need to use something like Tor, and even that is far from perfect. I'm just looking for a reasonable amount of privacy: not the absolute. Again, the concern is mostly when using a public network. 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
plissken Posted June 28, 2018 Share Posted June 28, 2018 1 minute ago, classfolkphile said: I'm just looking for a reasonable amount of privacy: not the absolute. Again, the concern is mostly when using a public network. You're defining an oxymoron. If you are on the Internet, you are by defacto usage, PUBLIC. The BEST a VPN is going to do is hide your traffic from your ISP. It doesn't mean the VPN service isn't going to log that traffic. IMO there is zero 'reasonable amount of privacy' if you are using the Internet. That ship has done sailed. Link to comment
classfolkphile Posted June 28, 2018 Author Share Posted June 28, 2018 So, a VPN won't even protect from a hacker in physical proximity to you on a public network? 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
plissken Posted June 28, 2018 Share Posted June 28, 2018 1 minute ago, classfolkphile said: So, a VPN won't even protect from a hacker in physical proximity to you on a public network? Define physical proximity to you on a public network? Link to comment
classfolkphile Posted June 28, 2018 Author Share Posted June 28, 2018 Both using a public network in a cafe or bookstore. 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
plissken Posted June 28, 2018 Share Posted June 28, 2018 Not really and here is why: The standard now for websites is https. That protects your WEB (http) traffic. Other protocols such as FTP aren't protected (telnet etc...). So in those cases a VPN will protect you on public hot spots with protocols that aren't secure by nature. But most likely you are web browsing. I've found most commercial VPN's just slow down the traffic too much. I tried to stick with Nord for awhile but gave up on it. Now I spun up my own Linux VPN concentrator at Digital Ocean for $5 a month and using their Amsterdam hosting center. Here's my approach: 1. Use managed, secured, DNS. It should ideally not allow you to go to questionable sites. 2. Use only web sites that use HTTPS 3. Use only other inherently secure protocols. I use SSH for all my Linux boxes and soon Windows (thank you MS for finally defaulting to SSH) 4. Use user accounts of least privileges to get the job done 5. Keep a firewall in place and properly configured 6. Use an ad-blocker (sorry Chris ? ) 7. Keep an up to date AV/Malware package (I use MS's Windows Defender for my clients works just fine) 8. Get a phone with Hot Spot capability and avoid public hot spots Link to comment
classfolkphile Posted June 28, 2018 Author Share Posted June 28, 2018 Excellent. Thank you for all of the info. 2010 Mac Mini > Singxer SU-1 > Lampizator Amber II > Rogue Cronus Magnum (modded & NOS signal tubes with 6P3S-e power tubes) > Aural Acoustic Model B speakers. Furutech outlets, PI Audio USB Cable, PAD Aqueous Aureus Praesto Digital IC, Audio Envy ICs & SCs, TWL PCs, and PI Audio Buss-Stop power conditioner. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now