I've been trying to set up a secure connection over which I can browse the internet, and it seems like there are two options, and SSH SOCKS proxy or OpenVPN (at least, those two are what I have found, but I'm certainly no expert.)
the SSH SOCKS proxy is really easy to setup - literally just ssh -D {port} -i {key} user@host
.
My question is -- what are the advantages of OpenVPN over a SSH SOCKs proxy? It seems like such a pain to set up compared to the SOCKS proxy. Is OpenVPN faster? Is it more secure? (I don't think so, at least according to this post)
Answer
The SOCKS tunnel provided by SSH allows forwarding outgoing TCP connections, and nothing else. On the other hand, OpenVPN is a true Layer 2/3 VPN, and as such can transport any kind of IP packets. This makes it useful for almost all kinds of networked applications, including those using UDP. It also means your computer has an actual IP address, which makes it possible for other hosts to connect to you. You are also not limited to applications with built-in SOCKS support.
Most of the benefits of a true VPN are however not needed for just web browsing; they are of more use when your goal is to e.g. have a permanent secure connection between two private network at different locations.
However, the last bit about not needing SOCKS support in applications is in fact important for web browsing too. While the browser itself will respect the SOCKS server settings, plugins (e.g. Flash) may not. This means that traffic done by plugins may go directly into the Internet.
There are ways to force applications through SOCKS seamlessly (including browser plugins). You can try my tun2socks software, though it does require some effort to set up. If successful, it will make everything go through SOCKS, and you should disable any existing SOCKS configuration in the applications themselves.
No comments:
Post a Comment