Raspberry Pi middle-man?

Aaron Jones retro64xyz at gmail.com
Wed Jun 12 19:06:08 MST 2019


https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/

You can use the PI as a wireless access point and combine that with a VPN
to make it so it works in between you and your provider. I do it all the
time. See the above link for a how-to.

Let me know if you have any questions.

Thanks,
Aaron

On Tue, Jun 11, 2019 at 10:54 PM Stephen Elliott <tnflyfisher at live.com>
wrote:

> Aaron, please explain this in more detail for the non-pros here. Thanks.
>
> Stephen
>
> On 6/10/19, 12:00 PM, "PLUG-discuss on behalf of
> plug-discuss-request at lists.phxlinux.org" <
> plug-discuss-bounces at lists.phxlinux.org on behalf of
> plug-discuss-request at lists.phxlinux.org> wrote:
>
>     Send PLUG-discuss mailing list submissions to
>         plug-discuss at lists.phxlinux.org
>
>     To subscribe or unsubscribe via the World Wide Web, visit
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0
>     or, via email, send a message with subject or body 'help' to
>         plug-discuss-request at lists.phxlinux.org
>
>     You can reach the person managing the list at
>         plug-discuss-owner at lists.phxlinux.org
>
>     When replying, please edit your Subject line so it is more specific
>     than "Re: Contents of PLUG-discuss digest..."
>
>
>     Today's Topics:
>
>        1. Privacy on Public WiFi (trent shipley)
>        2. Re: Privacy on Public WiFi (Aaron Jones)
>        3. Re: Privacy on Public WiFi (Stephen Partington)
>        4. Re: Privacy on Public WiFi (Michael Butash)
>
>
>     ----------------------------------------------------------------------
>
>     Message: 1
>     Date: Sun, 9 Jun 2019 21:13:09 -0700
>     From: trent shipley <trent.shipley at gmail.com>
>     To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>     Subject: Privacy on Public WiFi
>     Message-ID:
>         <
> CAEFLybLM7VYYy8LrD0gVBc1_e14hCqX0VZnKJyAb_ixHUotz+w at mail.gmail.com>
>     Content-Type: text/plain; charset="utf-8"
>
>     A while ago I was at the downtown Scottsdale public library with my
>     computer.  They had open, public WiFi--which I was NOT going to use.  I
>     tried to use my mobile phone data, but the reception inside the
> building
>     was Terrible!
>
>     It seems like the problem of insecure public WiFi should be
> surmountable.
>
>     How hard would it be do develop technology that puts a key on a $1 or
> $2
>     USB, that you buy (put a deposit on) at the reception desk (or from a
>     machine).  You also get an FOSS app.  The app takes the key on the
> cheap
>     USB and securely logs you into the library's (or Starbucks) public
> WiFi.
>     The library determines how long the key(s) on the USB is (are) good
> for.
>
>     When you're done.  You turn the little USB in for your deposit.  The
>     library wipes the usb clean, puts another key on the usb, and vends it
>     again.
>
>     1) Does this exist at "trivial" cost to the WiFi user?
>     2) If not, how feasible is it?
>     3) If it does not exist, and is feasible, who would be interested in
> this
>     as a project with a goal of a demo install at a local library,
> non-profit
>     coffee house, etc. and RFC?
>
>     Trent
>     -------------- next part --------------
>     An HTML attachment was scrubbed...
>     URL: <
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190609%2F43223bb7%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=HN%2F%2F%2B1bvhtIb4n3NovAae6N2x2FwyYDmMc7NAsy0GVM%3D&reserved=0
> >
>
>     ------------------------------
>
>     Message: 2
>     Date: Mon, 10 Jun 2019 04:05:47 -0700
>     From: Aaron Jones <retro64xyz at gmail.com>
>     To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>     Subject: Re: Privacy on Public WiFi
>     Message-ID: <547F0823-BFD0-41AD-86CB-E9F80AF44896 at gmail.com>
>     Content-Type: text/plain;   charset=utf-8
>
>     Use a Raspberry Pi as a middle man and a reliable VPN. No cost for the
> library and 20x safer for you.
>
>     Don’t plug stuff into your ports.
>
>     > On Jun 9, 2019, at 9:13 PM, trent shipley <trent.shipley at gmail.com>
> wrote:
>     >
>     > A while ago I was at the downtown Scottsdale public library with my
> computer.  They had open, public WiFi--which I was NOT going to use.  I
> tried to use my mobile phone data, but the reception inside the building
> was Terrible!
>     >
>     > It seems like the problem of insecure public WiFi should be
> surmountable.
>     >
>     > How hard would it be do develop technology that puts a key on a $1
> or $2 USB, that you buy (put a deposit on) at the reception desk (or from a
> machine).  You also get an FOSS app.  The app takes the key on the cheap
> USB and securely logs you into the library's (or Starbucks) public WiFi.
> The library determines how long the key(s) on the USB is (are) good for.
>     >
>     > When you're done.  You turn the little USB in for your deposit.  The
> library wipes the usb clean, puts another key on the usb, and vends it
> again.
>     >
>     > 1) Does this exist at "trivial" cost to the WiFi user?
>     > 2) If not, how feasible is it?
>     > 3) If it does not exist, and is feasible, who would be interested in
> this as a project with a goal of a demo install at a local library,
> non-profit coffee house, etc. and RFC?
>     >
>     > Trent
>     > ---------------------------------------------------
>     > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>     > To subscribe, unsubscribe, or to change your mail settings:
>     >
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0
>
>
>     ------------------------------
>
>     Message: 3
>     Date: Mon, 10 Jun 2019 07:54:53 -0700
>     From: Stephen Partington <cryptworks at gmail.com>
>     To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>     Subject: Re: Privacy on Public WiFi
>     Message-ID:
>         <
> CACS_G9wC4XnfBWMxO5WrudPvu8snzOx7wgpz0XPwvGjVuvWGUg at mail.gmail.com>
>     Content-Type: text/plain; charset="utf-8"
>
>     This is exactly what VPN is designed for.
>
>     The reason public wifi is insecure is that it is shared among
> everyone. Now
>     if you could build your router to prevent anyone from talking to each
> other
>     and just the outside world that would have your desired effect. Or
> maybe a
>     partnership with a VPN provider.
>
>     On Sun, Jun 9, 2019 at 9:13 PM trent shipley <trent.shipley at gmail.com>
>     wrote:
>
>     > A while ago I was at the downtown Scottsdale public library with my
>     > computer.  They had open, public WiFi--which I was NOT going to
> use.  I
>     > tried to use my mobile phone data, but the reception inside the
> building
>     > was Terrible!
>     >
>     > It seems like the problem of insecure public WiFi should be
> surmountable.
>     >
>     > How hard would it be do develop technology that puts a key on a $1
> or $2
>     > USB, that you buy (put a deposit on) at the reception desk (or from a
>     > machine).  You also get an FOSS app.  The app takes the key on the
> cheap
>     > USB and securely logs you into the library's (or Starbucks) public
> WiFi.
>     > The library determines how long the key(s) on the USB is (are) good
> for.
>     >
>     > When you're done.  You turn the little USB in for your deposit.  The
>     > library wipes the usb clean, puts another key on the usb, and vends
> it
>     > again.
>     >
>     > 1) Does this exist at "trivial" cost to the WiFi user?
>     > 2) If not, how feasible is it?
>     > 3) If it does not exist, and is feasible, who would be interested in
> this
>     > as a project with a goal of a demo install at a local library,
> non-profit
>     > coffee house, etc. and RFC?
>     >
>     > Trent
>     > ---------------------------------------------------
>     > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>     > To subscribe, unsubscribe, or to change your mail settings:
>     >
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
>
>
>
>     --
>     A mouse trap, placed on top of your alarm clock, will prevent you from
>     rolling over and going back to sleep after you hit the snooze button.
>
>     Stephen
>     -------------- next part --------------
>     An HTML attachment was scrubbed...
>     URL: <
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2F680cacac%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=ksjjZFJScFOAEU%2FBHezjykpGPat6X6eUWBcZxV2j5EE%3D&reserved=0
> >
>
>     ------------------------------
>
>     Message: 4
>     Date: Mon, 10 Jun 2019 10:02:06 -0700
>     From: Michael Butash <michael at butash.net>
>     To: Main PLUG discussion list <plug-discuss at lists.phxlinux.org>
>     Subject: Re: Privacy on Public WiFi
>     Message-ID:
>         <CADWnDst7FzSqH89gWx_bUHvVcZpYnfvDR0_Dhf86ERSb3=-
> p6Q at mail.gmail.com>
>     Content-Type: text/plain; charset="utf-8"
>
>     I don't see much of an issue with using public wifi so long as you know
>     whatever you're doing that is important/sensitive is encrypted.  I
> don't
>     use any public wifi any more than absolutely required, but otherwise
> almost
>     every *responsible* website or service uses tls for https traffic today
>     anyways, or as stated - you use a vpn to ensure no one locally at
> least is
>     sniffing your wifi session.  If your websites or services aren't using
>     https, you shouldn't use them, as even a vpn has to egress to regularly
>     internet somewhere that has a government (or other) black box sniffing
> it
>     too.
>
>     I agree, it would be nice if there were a better method of getting
> public
>     users encrypted, but without some unique key exchange per user, or at
> very
>     least a white-list method (remember the wps buttons that generated a
> weak
>     numerical pin?) to make strong, or at least random, it'll remain weak
> at
>     best, and probably eventually exploitable.
>
>     A hardware solution is a non-starter though.  Where does a phone or
> tablet
>     have a usb slot to get on?  Certainly whoever made it wouldn't support
>     linux, or a foss solution as it doesn't incentivise anyone to produce
> said
>     hardware.  Hand out yubikeys, but client software and use is still
>     problematic even with u2f per os for something like wifi use.
>
>     If you did hardware, I'd imagine nfc-based for mobiles, make them come
> up
>     and swipe a token to get the pass of the day to get on, and it changes
>     every day.  PC's you just rotate a common key to give to customers
> every
>     day and print/display for users inside the establishment every day.
> Even
>     just use a one-time token generator with a numeric key held by
>     *someone(s)*.  I've seen medical offices handling guest wifi by
> changing
>     keys daily for at least any guest ssid and just printing the daily
> guest
>     wifi inside reception, which keeps persistent users from access
> outside the
>     establishment doing probably nothing good.
>
>     This can be done with any enterprise-ish wifi solution that supports
>     Private-PSK functions, or many-to-one passwords for the same ssid.
>     Aerohive, Cisco, Juniper/Mist, Aruba, etc all tend to do this,
> leverage otp
>     generation via Duo, Google Authenticator, or other "app".
>
>     Even once encrypted, do you still trust the internet source though,
> that
>     their router isn't infected from running a 10yr old firmware?  You
>     shouldn't, again vpn, or at least ensuring who you're accessing is
> using
>     tls, and you trust their cert.
>
>     Interestingly enough being in Santa Monica CA on business. their public
>     library gets swarmed daily with homeless that really love their free
> public
>     wifi there (seems even homeless all have cell phones these days), that
> I
>     can only imagine the cesspool of devices there that could be
>     hijacked/man-in-the-middle'd easily on non-encrypted wifi.  Even just
> build
>     a fake public access ap to mitm, then infect...  Being that I'm there
> doing
>     work *for* the city, it's something I have mentioned to folks as a
> problem.
>
>     -mb
>
>
>
>     On Sun, Jun 9, 2019 at 9:13 PM trent shipley <trent.shipley at gmail.com>
>     wrote:
>
>     > A while ago I was at the downtown Scottsdale public library with my
>     > computer.  They had open, public WiFi--which I was NOT going to
> use.  I
>     > tried to use my mobile phone data, but the reception inside the
> building
>     > was Terrible!
>     >
>     > It seems like the problem of insecure public WiFi should be
> surmountable.
>     >
>     > How hard would it be do develop technology that puts a key on a $1
> or $2
>     > USB, that you buy (put a deposit on) at the reception desk (or from a
>     > machine).  You also get an FOSS app.  The app takes the key on the
> cheap
>     > USB and securely logs you into the library's (or Starbucks) public
> WiFi.
>     > The library determines how long the key(s) on the USB is (are) good
> for.
>     >
>     > When you're done.  You turn the little USB in for your deposit.  The
>     > library wipes the usb clean, puts another key on the usb, and vends
> it
>     > again.
>     >
>     > 1) Does this exist at "trivial" cost to the WiFi user?
>     > 2) If not, how feasible is it?
>     > 3) If it does not exist, and is feasible, who would be interested in
> this
>     > as a project with a goal of a demo install at a local library,
> non-profit
>     > coffee house, etc. and RFC?
>     >
>     > Trent
>     > ---------------------------------------------------
>     > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>     > To subscribe, unsubscribe, or to change your mail settings:
>     >
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
>     -------------- next part --------------
>     An HTML attachment was scrubbed...
>     URL: <
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2Fae831f2c%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=zessCihj8YyH8ohLnXQ8OZy0x1iTannv2nWgRXCnaEE%3D&reserved=0
> >
>
>     ------------------------------
>
>     Subject: Digest Footer
>
>     _______________________________________________
>     PLUG-discuss mailing list  -  PLUG-discuss at lists.phxlinux.org
>     To subscribe, unsubscribe, or to change your mail settings:
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
>
>
>     ------------------------------
>
>     End of PLUG-discuss Digest, Vol 168, Issue 5
>     ********************************************
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20190612/84de7cad/attachment.html>


More information about the PLUG-discuss mailing list