Secure your browsing in a non trusted (wifi) network

Posted on Fri 03 February 2012 in Linux

As I wrote in an older post there is a simple solution using ssh to tunnel your webbrowser traffic through an ssh connection to a secure and trusted endpoint. This is a very simple solution to secure your access to the web while you are in a public wifi network or old fashioned cable network.

Because I got quite a lot of response to the article I decided to write this for the people who want to secure all of there traffic not only the web traffic.

The easiest way to do this is to use a VPN connection which will allow you to tunnel all your traffic no matter from which application to a secure endpoint. As I like open source for all of the security stuff I am using OpenVPN to do this job. It's one of the most popular VPN solutions and based on SSL.

What do we need:

  • VPN Server somewhere in the internet
  • OpenVPN Client on our machine (Tunnelblick for Mac or OpenVPN Gui for Windows are both free and open source)
  • Some time to configure it

In my case the VPN Server is a Linux box but it can be every operating system which can run the OpenVPN server software.

In this tutorial I will not repeat every single step because the documentation of OpenVPN is very good and clear. Just follow the setup process descripted here to get openvpn installed and all necessary certificates created. After you have openvpn starting with the example configuration and your certificates you only need to modify some lines in your server.conf file to route all the traffic trough the openvpn server. If you are running an linux box with iptables (what you should) you need to add some rules to allow the traffic be routed.


On CentOS install it via yum:

yum install -y openvpn

the example configuration files and the easy-rsa directory are located here: /usr/share/docs/openvpn-2.2.0/

Copy the easy-rsa directory to /etc/openvpn and make the shell scripts executeable:

cp -a /usr/share/docs/openvpn-2.2.0/easy-rsa /etc/openvpn
chmod +x /etc/openvpn/easy-rsa/2.0/build* /etc/openvpn/easy-rsa/2.0/pkitool \
/etc/openvpn/easy-rsa/2.0/vars /etc/openvpn/easy-rsa/2.0/clean-all \
/etc/openvpn/easy-rsa/2.0/revoke-full /etc/openvpn/easy-rsa/2.0/sign-req \

Now follow the instructions here:

If you have OpenVPN up and running but you cant establish a connection from your client please check if the configured port is open on your server. If you have a custom iptables script you need to open the port you are using for openvpn for example the default udp port 1194.