[ale] VPN connections at Emory

[JD]

On 01/22/2013 01:38 PM, Ron Frazier (ALE) wrote:
> The TOS at most institutions forbid guest access to wired ports.  But, we
> won't mention that.  I don't know about this specific institution.

Perhaps it would be easier to just bring a wifi router to plug into the podium
port from now on?  I have a tiny travel wifi router that I use at other meetings
which is perfect for this.

> Un natted connections sound a bit disturbing.  I would think the whole
> institution would be running on a giant nat.  Even so, I think a Windows
> machine should be OK as long as the OS firewall was running.

NAT is not a method of security.  It is the firewall and LACK of NAT forwarding
to specific ports that matters.

If you run iptables on your Linux machines (who has just 1?) with logging
enabled, you can see all the traffic that "NAT routers" allow in that you would
never expect to see. Seriously - enable logging on iptables and watch all the
attempts from behind a NAT router. These are inbound packets, not responses.

MS-Windows is not safe on any network, IMHO.  It is simply too much of a target.
Linux without good firewall settings is scary too.

> Re VPN, I was running hotspotvpn on Windows the other night at the meeting on
> the wireless.  I was using HTTP protocol as far as what the menu says.  I
> assume it was using SSL on 443.  I think it runs OpenVPN under the covers.
> It was working fine.  When I ran speedtest.net to test it, it showed my data
> exiting the tunnel in California.  Not the most efficient, perhaps, but it
> worked.  They have a linux option, but I haven't gotten that working yet.

I was using an NX remote desktop (ssh tunnel over port 443) while on Emory's
Guest wifi network too. That worked.  I tried to use an ssh tunnel over a port
in the 48K-55K range and it was blocked.  There didn't seem to be any dropped
connection the entire time.