Jump to content

Hola VPN


sud0nick
 Share

Recommended Posts

I just came across this article via reddit.com/r/technology (http://www.dailydot.com/technology/hola-vpn-security/) about a free VPN called Hola that apparently uses every one of it's users' systems as an exit node for their service. The problem is you can't opt out of it and even worse the VPN application apparently runs as SYSTEM on your machine!

And on some systems, it gets worse; Hola will happily run whatever you feed it as the 'SYSTEM' user. What this means in simple terms, is that somebody can completely compromise your system, beyond any repair. It allows for installing things like a rootkit, for example.

For starters I wouldn't want anyone using my home network as an egress point for obvious reasons. I find it to be even worse that arbitrary programs can be run as the SYSTEM user because of this software. This is even more proof that nothing is truly free.

Link to comment
Share on other sites

Worse yet, people expect a VPN to be free...

this times infinity! I barely trust my paid VPN. Sure they can tell me that they don't keep record of any traffic and IP addresses are shared but I don't get to monitor their servers and network devices so how would I truly know?

Link to comment
Share on other sites

  • 1 month later...

Adding to @sud0nick. Is there some device you can attach to your router so that no matter what computer/ device is using ur wifi it will go thru VPN rather than connecting each device?

If you use ddwrt or openwrt you can set it up to connect to an openVPN as a client.

Link to comment
Share on other sites

Kinda wondering what you're trying to achieve by that... It just seems wasteful to me. The only gain I can see is that someone were to DDOS your VPN box you can shut down the VPN connection and continue using the internet in some way until the attack ceases, on the assumption that what you do doesn't identify you to the attacker in a way that makes him/her/them move their attack target to your actual IP.

Link to comment
Share on other sites

Kinda wondering what you're trying to achieve by that... It just seems wasteful to me. The only gain I can see is that someone were to DDOS your VPN box you can shut down the VPN connection and continue using the internet in some way until the attack ceases, on the assumption that what you do doesn't identify you to the attacker in a way that makes him/her/them move their attack target to your actual IP.

I understand the latter half of your statement but how is it wasteful?

Link to comment
Share on other sites

You're spending money to have a second egress point, every packet going out has been delayed by at least 1 hop, your throughput is limited by what the egress point can manage (typically not a problem, but still), your bandwidth is reduced due to the VPN overhead and your hardware is spending cycles encrypting the data transmitted between you and your VPN.

It might be worth it to you, but I see a lot of expenses and very little value in return.

Link to comment
Share on other sites

I have OpenVPN capabilities built into my ASUS router by default. I can add an ovpn config file to the router for which all traffic will flow through the VPN for the home. However, compared the desktop equivalent(same ovpn config file) the traffic is a fraction of the speed on the router, as it is natively on my desktop.

Routers are meant for what they do, routing traffic. Encrypting data on the fly for everyone on the network, is probably not the best thing you can do to your off the shelf router and in my experience, made things hella slow, as where on the desktop, speeds were actually faster for some things. A desktop machine dedicated with multiple nics as a firewall with VPN access, would probably work better than a small home rotuer for VPN access though, but this also might just be the implementation on my router that is slower than from my desktop alone.

Link to comment
Share on other sites

  • 1 month later...

I'd disagree with that, it depends on your environment. If you are in a hostile environment and there is guaranteed network monitoring then using a free VPN that may be monitoring is probably a better option if you have to get online.

Link to comment
Share on other sites

  • 2 weeks later...

I personally plan to get https://www.privateinternetaccess.com/

I am wondering if that price seems right. They seems to have a rather large server list and my ASUS router can connect to it without modification. I can also set the router so that if there is no connection to the VPN It wont connect to the internet at all. This is only my intended plan until I can get a mini board to put a wifi card or 2 in to make my own router running VMs with pfSense to run antiviruse and the VPN for all computers connected to the network.

Does this sound right?

Link to comment
Share on other sites

Sounds like the wrong place to have antivirus running. If you use some secure webmail which you access directly from your machine within your LAN your router (and, thus, antivirus) can't inspect that data since it's encrypted. So you're going to have to run antivirus on your machine anyways. Given that, why bother with it on the router?

Link to comment
Share on other sites

For VPN on the go I have a Raspberry PI 2 running l2tp/ipsec running. I like this as it means I can use always on VPN on my Andriod devices. Given that for Always On you have to use an IP for the server and give an IP for DNS it doesn't even leak DNS look up for the host.

The tutorial I followed was http://linux.tips/tutorials/how-to-setup-l2tp-vpn-server-on-raspberry-pi

The only down side is can't use captive portal WiFi as you have to turn the VPN off to see the login page and you can leak a lot info given how many apps still do stuff over HTTP or un CA checked HTTPS.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...