VPN: Slow down connection?

[Blue Dragon]

Hi, I want to buy a laptop soon and I'd like to surf when I'm not at home. Now I already have a server here running 24/7 that I'd like to setup for a VPN. Setting up this isn't really a problem...

I was just wondering how this would slow down my connection speed when I surf with my laptop for example in schhol or sth. As far as I understand VPNs, the data is first send to my home computer and then to the net. (1) So when I only have an upload of 50 kb/s at home, that's as fast as I get when surfing with my laptop, right?

I'd really like to use encryption with a VPN because I wouldn't like my passwords and other sensitive data flying around unprotected.

(2) Are there any other way I can encrypt my http-traffic before sending it when I'm on a public network? (3) Maybe tunneling through ssh?

(4) I've heard that there are sites that offer VPN-services. Are they any good and how fast are they?

Hope you can help me! Thx.

[Chris Gerling]

I use my wrt54g at home with dd-wrt, and VPN through that.

Just remember with a VPN that only the traffic inbetween the endpoints is encrypted.  Each endpoint itself is still vulnerable so if either your machine or the endpoint machine is compromised the VPN is useless.

[VaKo]

You are indeed correct, if your VPN endpoint has a maximum upload of 100kbs then it will limit you to that speed no matter what speed connection you are physically using to connect to the world. Its the same with any form of proxying, SSH included.

[Blue Dragon]

Ok. Thx so far for your answers.

Would it be somehow possible that I send all my upstream-data (like passwords I transmit to a server) to my VPN but get all the downstream directly through my regular connection? Sounds kinda wierd, but maybe this would be possible somehow.

And why are so few sites using https? As far as I understand it, when you for example run a forum and let users log in over https, the passwords can't be sniffed like they normaly can using a man in the middle attack. I think you need to get a http certificate or sth. like that. But this isn't all that expensive, is it?

Greetings from germany and thx for the help!

[VaKo]

It might be possible, if windows allows you to set connection metrics for TX and RX independantly, but this isn't something I know much about tbh. It would be easier to use a cheap VPS somewhere and set that up as a VPN end point.

As for https on the forums, I have thought about that but its never been a priority. A self signed cert would be easy enough to procure I suppose, and it would be intresting to see how IPB reacts to concurrent install bases.

[Blue Dragon]

It might be possible, if windows allows you to set connection metrics for TX and RX independantly

Well, actually I was planing to buy one of these cool asus eee pcs and run Xubuntu on it. Do you (or any1 else) know if xubuntu supports setting this connection stuff independantly?

If not, well then I might just go without the encryption and change my password regually and hope noone is sniffing :-? :-)

[Sparda]

Ok. Thx so far for your answers.

Would it be somehow possible that I send all my upstream-data (like passwords I transmit to a server) to my VPN but get all the downstream directly through my regular connection? Sounds kinda wierd, but maybe this would be possible somehow.

Not possible if your laptop is behind a NAT/firewall. Otherwise it can be done.

And why are so few sites using https? As far as I understand it, when you for example run a forum and let users log in over https, the passwords can't be sniffed like they normaly can using a man in the middle attack. I think you need to get a http certificate or sth. like that. But this isn't all that expensive, is it?

Greetings from germany and thx for the help!

Getting a real SSL certificate is expensive. How annoyed would every one be if every time they went to a site there browser said "certificate vendor not verified". At the same time there would be minimal security benifite unless you are sure the certificate you got was the one from the server.