Web lists-archives.com

Re: [OT a bit] -- OpenVPN and mobile safety




On Sun, Nov 26, 2017 at 04:18:12PM +0000, Joe wrote:
> On Mon, 27 Nov 2017 00:33:02 +0900
> Mark Fletcher <mark27q1@xxxxxxxxx> wrote:
> 
> > On Tue, Nov 21, 2017 at 05:46:23PM +0000, Joe wrote:

> 'Send everything through the VPN' means everything which would be sent
> to the default gateway, which does *not* include traffic destined for
> the local network. After all, the VPN packets still have to be sent out
> of the wifi interface...
> 
> Your link to the local wifi network has set up routing whereby anything
> sent explicitly to *that* *network* will pass directly through the wifi
> interface and not through the VPN. That will take care of any local
> DHCP issues.

Hmmm. That also makes sense, but then why did the section of the docos 
you pointed me at tell me to expect problems with DHCP when using this 
function?

Well, I guess there is one way to find out -- try it! ;)

In the meantime, I have discovered that Android indeed has iptables, so 
I just need an iptables binary which I am in the process of sourcing to 
communicate with the iptables in the kernel. The iptables executable 
program isn't installed by default, but the kernel support for iptables 
is.

> 
> Note that most (maybe all) free wifi systems will want you to provide
> some authentication before you are connected to the Net, generally
> through a web page. In some systems, you may have a need to access the
> web page after the VPN is up, so it is probably advisable to allow web
> access to the wifi network as well as DHCP and OpenVPN.
> 
That would defeat some of the purpose -- allowing the tablet 
(specifically bloatware) to access the local network would (continue to) 
expose me to gawd alone knows what on unknown and untrusted networks. 
Obviously the network outside my home LAN is no more trusted than a 
hotel / coffee shop / airport WiFi is, but bad actors are known to 
loiter on such public networks waiting for idiots like me to come along, 
and I'm interested in seeing to what extent I can dodge them.

Thanks a lot for your advice -- it is starting to feel like I have 
everything I need to achieve my goal here.

Mark