I do quite a bit of wifi surfing both on my MacBook Pro and iPhone on public hotspots. I always run WPA2 encryption on my home router, but I'm not there much with my devices. I've been looking into purchasing a VPN service, but wanted some opinions before I committed to actually doing it.

Are they worth it? Are there ones I should stay away from (I am looking the most heavily at www.strongvpn.com). Am I overly paranoid?

I'm a total VPN newb, but I know that I could use it both with my iPhone and MBP so that it'd be secure even on an open network -- which makes me feel all fuzzy inside.

What do you think? Anyone actually use these things?

I've never deployed my own VPN, but a quick Google search found a free, open source solution called OpenVPN (http://openvpn.net/) that's available for Mac OS X. You might want to consider that too.

I believe I started a thread about this about a year or two ago. While I had (have?) concerns about using public WiFi, etc., I still haven't used a VPN service. Maybe I'm just being happily naive, but as long as my email and other passwords are encrypted, I feel relatively secure.

(That said, I'll be taking a look at the OpenVPN solution mentioned by 'Brad'.)

I use a VPN because my home server has PPTP VPN built into it. I love it for the fact that all my traffic can pass through it encrypted rather than open like at most hotels and coffee shops.

Other than having you implement a server at your house I don't know of another way for your to do this.

I was looking at the advanced settings for VPN connections in system preferences (Leopard) and there is an option in there for sending all traffic over the VPN connection. I'm curious about this option.

If you leave that unchecked, what kind of traffic isn't sent over the VPN? And if it isn't sent over the VPN connection, doesn't that make it kind of useless for having the VPN connection in the first place? It makes sense to me that the VPN would probably be slower if you have this box checked but wouldn't it be completely counterproductive to turn this option off?

This is for allowing you to use a VPN but still access local resources (like network shares and printers) in your current physical network. So if you don't need that, you can check that option. This is a security risk if you're very paranoid, but for most uses (where you're mostly concerned with your traffic being eavesdropped on along the way) it's a non-issue.

Interesting. I am confused though. I purchased a month membership for StrongVPN based on some recommendations from friends (I looked into Brad's suggestion, but it seemed way over my head) and I'm pretty sure that when I've got this option unchecked, my data (at least in Safari) wasn't being sent over the VPN. When it was unchecked, my external IP address (from whatismyip.com) was my real IP (from my ISP). But when I checked the box, my IP had change to that of the VPN server.

The other thing is that with this option checked, the internet is very slow. I went from downloading something via Safari at 2.0 MB/sec (not sending all data over VPN) to 135 KB/sec with sending all the data over the VPN (same file, same source).

I would love to keep this option unchecked (because it is way faster) but it worries me that Safari (and I'm not sure what else) seem not to be using the "tunnel".

Am I interpreting all this correctly?

Well they do say to check that box at the end of their intro video. So I guess that means their service sucks ;) - I would ask support if there's anything they can do to make it faster. But that reminds me of another commercial VPN service I used once that was incredibly slow and unreliable (don't remember the name though).

Are you a student or faculty at a university by any chance? My university offers a VPN service that is fast and hasn't let me down so far. And I don't need to check any boxes to have everything go across the VPN. It does require a third-party (Cisco) client, but thanks to a neat little tool called Shimo, I do all my connecting and disconnecting through a small system menu item. So if you have the chance, check out what your university offers.

Unfortunately, I graduated last year. Hmm, so this isn't a good service?

I would talk to them first, perhaps they're just having issues at the moment.

BTW, OpenVPN is a software not a service, so that won't be of much use - unless you want to set up the VPN endpoint on your home server or some other computer you have access to.

Ok, yeah that's what it sounded like when I read it...but I wasn't sure.

I've posted on their forums, we'll see what they say. Thanks for all your help.

Why exactly do you want a VPN? do you regularly need to get lots of different stuff from your home computer while your on the go?

Secondly, assuming your home internet connection is some sort of ADSL service (a much lower upstream than downstream connection) then that is why your internet goes slow over the VPN stuff is routed via your home connection when you are connected to the VPN.

What exactly are you trying to achieve?

Because I regularly use my iPhone and MacBook Pro on unprotected wifi hotspots throughout the city, and wanted an encrypted tunnel. I'm not using my home computer as the server, the company StrongVPN is the VPN server my iPhone/MBP tunnel through.

My internet at home is 15 down/2 up. So with any VPN service this will happen?

If you set up a VPN server at your house you can surf fine while out and about because of your home's connection speed.

I have 5/2 speeds from my ISP and I never have a connection issue speed wise because there's rarely a time when my home connection is slower than the connection I'm on.

Short of adding a server though, I don't know how to run a VPN. All the home VPN appliances seem to want some extra software in order to connect to the VPN. :\

I'm confused on who is the bottleneck here. Is it my 15/2 internet connection? Is it the measly 2 mbps upstream that's doing it? Or is it the VPN server that i'm connected to?

They're talking about setting up your own VPN server at your home as opposed to using a commercial service though. Unless you do that, your home connection speed is of no relevance for connections you make from somewhere else.

And as said via PM, there must be VPN services that provide decent bandwidth. There is certainly no technical or other general reasons why VPNs should be slow.

Your current VPN server.

When I connect to my home from something like a Panera Bread I'm limited by the connection speed of the shop. I still get my home's IP address when I do an IP check and I also get the max connection (within about 100k) as I would if I speed test without the VPN connection.

I don't know if this (http://macapper.com/2007/05/22/advanced-os-x-secure-tunneling-via-ssh/) would provide an alternative solution. Just a thought. :):|

OpenVPN bridging can be a pain to set up, PPTP is easier but insecure and SSH tunneling is pretty easy to set up and use, but it's limited.

You don't need to buy another machine for a server. If you have a router like a WRT54G-series router that can run DD-WRT, you can use it for both SSH tunneling and as a VPN server (and just about anything else).

FWIW, I work almost entirely out of cafes and use a combination of OpenVPN, SSH and SSL. If you aren't sending sensitive info then you don't really need to worry about not using SSH or VPN. For most surfing I don't use anything. Hotspots tend to go down a lot, so relying on a VPN connection just adds another layer of annoyance when you are on an unreliable network that drops out periodically.

StrongVPN is PPTP, why is this insecure?

... so relying on a VPN connection just adds another layer of annoyance when you are on an unreliable network that drops out periodically.

That's what I wondered. Another thing about VPN is it increases the latency since you have to tunnel everything through the server before you go to the web.

Wouldn't proxy hosting such as JAP or anonymous surfing with Tor be a better solution for this kind of situation?

Added latency is only an issue if your VPN provider sucks. For any decent connection, it's really a non-issue (unless you want to play a realtime 3D shooter).

And tor? That is really slow and annoying. And a proxy won't do anything to protect your passwords, which is what this whole thread is about.

I recommend http://www.witopia.net Their personal VPN service is only 40 dollars a year and they use openvpn as the primary vpn service and throw in a pptp vpn service for your iPhone. low latency, been very reliable uptime wise. no complaints.I forget it is even on! only email support but very responsive.

This is a new-b question but can I assume that a VPN an/or a PPTP service is only for wireless security and therefore would not also secure my home surfing with a hard-wired Mac connected to a DSL modem?

If you set your VPN connection to encrypt all data, then all traffic from your Mac at home that goes out of your local network will be encrypted. Not sure if it would also work for your local network traffic, that might depend on your setup, but local traffic (if it's not wireless) on a home network is very secure. (since in theory you're the only user on the network)

Makes sense - told you it was a new-b question. :)

I do, however, have 2 laptops wirelessly connected to my home base-station so setting up a VPN would make sense with regard to neighbors and such and obviously when I'm on my laptop at Starbucks.

I was just curious about VPNs and 'wired' home connections as well.
Thanks for the clarification alcimedes.