https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/ You can use the PI as a wireless access point and combine that with a VPN to make it so it works in between you and your provider. I do it all the time. See the above link for a how-to. Let me know if you have any questions. Thanks, Aaron On Tue, Jun 11, 2019 at 10:54 PM Stephen Elliott wrote: > Aaron, please explain this in more detail for the non-pros here. Thanks. > > Stephen > > On 6/10/19, 12:00 PM, "PLUG-discuss on behalf of > plug-discuss-request@lists.phxlinux.org" < > plug-discuss-bounces@lists.phxlinux.org on behalf of > plug-discuss-request@lists.phxlinux.org> wrote: > > Send PLUG-discuss mailing list submissions to > plug-discuss@lists.phxlinux.org > > To subscribe or unsubscribe via the World Wide Web, visit > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0 > or, via email, send a message with subject or body 'help' to > plug-discuss-request@lists.phxlinux.org > > You can reach the person managing the list at > plug-discuss-owner@lists.phxlinux.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of PLUG-discuss digest..." > > > Today's Topics: > > 1. Privacy on Public WiFi (trent shipley) > 2. Re: Privacy on Public WiFi (Aaron Jones) > 3. Re: Privacy on Public WiFi (Stephen Partington) > 4. Re: Privacy on Public WiFi (Michael Butash) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 9 Jun 2019 21:13:09 -0700 > From: trent shipley > To: Main PLUG discussion list > Subject: Privacy on Public WiFi > Message-ID: > < > CAEFLybLM7VYYy8LrD0gVBc1_e14hCqX0VZnKJyAb_ixHUotz+w@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > A while ago I was at the downtown Scottsdale public library with my > computer. They had open, public WiFi--which I was NOT going to use. I > tried to use my mobile phone data, but the reception inside the > building > was Terrible! > > It seems like the problem of insecure public WiFi should be > surmountable. > > How hard would it be do develop technology that puts a key on a $1 or > $2 > USB, that you buy (put a deposit on) at the reception desk (or from a > machine). You also get an FOSS app. The app takes the key on the > cheap > USB and securely logs you into the library's (or Starbucks) public > WiFi. > The library determines how long the key(s) on the USB is (are) good > for. > > When you're done. You turn the little USB in for your deposit. The > library wipes the usb clean, puts another key on the usb, and vends it > again. > > 1) Does this exist at "trivial" cost to the WiFi user? > 2) If not, how feasible is it? > 3) If it does not exist, and is feasible, who would be interested in > this > as a project with a goal of a demo install at a local library, > non-profit > coffee house, etc. and RFC? > > Trent > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190609%2F43223bb7%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=HN%2F%2F%2B1bvhtIb4n3NovAae6N2x2FwyYDmMc7NAsy0GVM%3D&reserved=0 > > > > ------------------------------ > > Message: 2 > Date: Mon, 10 Jun 2019 04:05:47 -0700 > From: Aaron Jones > To: Main PLUG discussion list > Subject: Re: Privacy on Public WiFi > Message-ID: <547F0823-BFD0-41AD-86CB-E9F80AF44896@gmail.com> > Content-Type: text/plain; charset=utf-8 > > Use a Raspberry Pi as a middle man and a reliable VPN. No cost for the > library and 20x safer for you. > > Don’t plug stuff into your ports. > > > On Jun 9, 2019, at 9:13 PM, trent shipley > wrote: > > > > A while ago I was at the downtown Scottsdale public library with my > computer. They had open, public WiFi--which I was NOT going to use. I > tried to use my mobile phone data, but the reception inside the building > was Terrible! > > > > It seems like the problem of insecure public WiFi should be > surmountable. > > > > How hard would it be do develop technology that puts a key on a $1 > or $2 USB, that you buy (put a deposit on) at the reception desk (or from a > machine). You also get an FOSS app. The app takes the key on the cheap > USB and securely logs you into the library's (or Starbucks) public WiFi. > The library determines how long the key(s) on the USB is (are) good for. > > > > When you're done. You turn the little USB in for your deposit. The > library wipes the usb clean, puts another key on the usb, and vends it > again. > > > > 1) Does this exist at "trivial" cost to the WiFi user? > > 2) If not, how feasible is it? > > 3) If it does not exist, and is feasible, who would be interested in > this as a project with a goal of a demo install at a local library, > non-profit coffee house, etc. and RFC? > > > > Trent > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > > To subscribe, unsubscribe, or to change your mail settings: > > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0 > > > ------------------------------ > > Message: 3 > Date: Mon, 10 Jun 2019 07:54:53 -0700 > From: Stephen Partington > To: Main PLUG discussion list > Subject: Re: Privacy on Public WiFi > Message-ID: > < > CACS_G9wC4XnfBWMxO5WrudPvu8snzOx7wgpz0XPwvGjVuvWGUg@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > This is exactly what VPN is designed for. > > The reason public wifi is insecure is that it is shared among > everyone. Now > if you could build your router to prevent anyone from talking to each > other > and just the outside world that would have your desired effect. Or > maybe a > partnership with a VPN provider. > > On Sun, Jun 9, 2019 at 9:13 PM trent shipley > wrote: > > > A while ago I was at the downtown Scottsdale public library with my > > computer. They had open, public WiFi--which I was NOT going to > use. I > > tried to use my mobile phone data, but the reception inside the > building > > was Terrible! > > > > It seems like the problem of insecure public WiFi should be > surmountable. > > > > How hard would it be do develop technology that puts a key on a $1 > or $2 > > USB, that you buy (put a deposit on) at the reception desk (or from a > > machine). You also get an FOSS app. The app takes the key on the > cheap > > USB and securely logs you into the library's (or Starbucks) public > WiFi. > > The library determines how long the key(s) on the USB is (are) good > for. > > > > When you're done. You turn the little USB in for your deposit. The > > library wipes the usb clean, puts another key on the usb, and vends > it > > again. > > > > 1) Does this exist at "trivial" cost to the WiFi user? > > 2) If not, how feasible is it? > > 3) If it does not exist, and is feasible, who would be interested in > this > > as a project with a goal of a demo install at a local library, > non-profit > > coffee house, etc. and RFC? > > > > Trent > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > > To subscribe, unsubscribe, or to change your mail settings: > > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0 > > > > -- > A mouse trap, placed on top of your alarm clock, will prevent you from > rolling over and going back to sleep after you hit the snooze button. > > Stephen > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2F680cacac%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=ksjjZFJScFOAEU%2FBHezjykpGPat6X6eUWBcZxV2j5EE%3D&reserved=0 > > > > ------------------------------ > > Message: 4 > Date: Mon, 10 Jun 2019 10:02:06 -0700 > From: Michael Butash > To: Main PLUG discussion list > Subject: Re: Privacy on Public WiFi > Message-ID: > p6Q@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I don't see much of an issue with using public wifi so long as you know > whatever you're doing that is important/sensitive is encrypted. I > don't > use any public wifi any more than absolutely required, but otherwise > almost > every *responsible* website or service uses tls for https traffic today > anyways, or as stated - you use a vpn to ensure no one locally at > least is > sniffing your wifi session. If your websites or services aren't using > https, you shouldn't use them, as even a vpn has to egress to regularly > internet somewhere that has a government (or other) black box sniffing > it > too. > > I agree, it would be nice if there were a better method of getting > public > users encrypted, but without some unique key exchange per user, or at > very > least a white-list method (remember the wps buttons that generated a > weak > numerical pin?) to make strong, or at least random, it'll remain weak > at > best, and probably eventually exploitable. > > A hardware solution is a non-starter though. Where does a phone or > tablet > have a usb slot to get on? Certainly whoever made it wouldn't support > linux, or a foss solution as it doesn't incentivise anyone to produce > said > hardware. Hand out yubikeys, but client software and use is still > problematic even with u2f per os for something like wifi use. > > If you did hardware, I'd imagine nfc-based for mobiles, make them come > up > and swipe a token to get the pass of the day to get on, and it changes > every day. PC's you just rotate a common key to give to customers > every > day and print/display for users inside the establishment every day. > Even > just use a one-time token generator with a numeric key held by > *someone(s)*. I've seen medical offices handling guest wifi by > changing > keys daily for at least any guest ssid and just printing the daily > guest > wifi inside reception, which keeps persistent users from access > outside the > establishment doing probably nothing good. > > This can be done with any enterprise-ish wifi solution that supports > Private-PSK functions, or many-to-one passwords for the same ssid. > Aerohive, Cisco, Juniper/Mist, Aruba, etc all tend to do this, > leverage otp > generation via Duo, Google Authenticator, or other "app". > > Even once encrypted, do you still trust the internet source though, > that > their router isn't infected from running a 10yr old firmware? You > shouldn't, again vpn, or at least ensuring who you're accessing is > using > tls, and you trust their cert. > > Interestingly enough being in Santa Monica CA on business. their public > library gets swarmed daily with homeless that really love their free > public > wifi there (seems even homeless all have cell phones these days), that > I > can only imagine the cesspool of devices there that could be > hijacked/man-in-the-middle'd easily on non-encrypted wifi. Even just > build > a fake public access ap to mitm, then infect... Being that I'm there > doing > work *for* the city, it's something I have mentioned to folks as a > problem. > > -mb > > > > On Sun, Jun 9, 2019 at 9:13 PM trent shipley > wrote: > > > A while ago I was at the downtown Scottsdale public library with my > > computer. They had open, public WiFi--which I was NOT going to > use. I > > tried to use my mobile phone data, but the reception inside the > building > > was Terrible! > > > > It seems like the problem of insecure public WiFi should be > surmountable. > > > > How hard would it be do develop technology that puts a key on a $1 > or $2 > > USB, that you buy (put a deposit on) at the reception desk (or from a > > machine). You also get an FOSS app. The app takes the key on the > cheap > > USB and securely logs you into the library's (or Starbucks) public > WiFi. > > The library determines how long the key(s) on the USB is (are) good > for. > > > > When you're done. You turn the little USB in for your deposit. The > > library wipes the usb clean, puts another key on the usb, and vends > it > > again. > > > > 1) Does this exist at "trivial" cost to the WiFi user? > > 2) If not, how feasible is it? > > 3) If it does not exist, and is feasible, who would be interested in > this > > as a project with a goal of a demo install at a local library, > non-profit > > coffee house, etc. and RFC? > > > > Trent > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > > To subscribe, unsubscribe, or to change your mail settings: > > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2Fae831f2c%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=zessCihj8YyH8ohLnXQ8OZy0x1iTannv2nWgRXCnaEE%3D&reserved=0 > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0 > > > ------------------------------ > > End of PLUG-discuss Digest, Vol 168, Issue 5 > ******************************************** > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss