Residential OpenVPN Services - |
When you think of traditional OpenVPN, most folks already know that it works on their laptops, desktops, androids, iOS, and tablets. And most folks are aware of its ease of use and compatibility with nearly every network and platform type created by man.
But did you know several additional things can be added to traditional OpenVPN infrastructures to improve data compression, data transport, and security? A single client-to-server setup doesn't provide much in actual security. Any government can watch both your computer and the vpn server you're connected to and watch your data flow from one end to the other. This is not true security in the eyes of IAPS and its administrators.
When we think about our online security, we want to make it as hard as possible for any man-in-the-middle trying to spy on our data as hard as humanly possible. So, how can we accomplish this with OpenVPN networks? Sure, we can put up a simple first-level server which acts as a single gateway from point a to point b. It gives us the remote ip address we need, but it severely lacks any real security. Again, any agency interested in your activities can watch both your computer and the exit point of the remote vpn server and have a pretty good guess as to what you are up to.
So, how do we securely get around all of that? A simple 1:1 (client to direct openvpn server) lacks the necessary security. How about we put up an intermediate vpn server, have our clients connect to that intermediate server, who in turn then simultaneously passes our vpn connection to another vpn server that no one knows about, including our isp and anyone in the middle watching our connection because all they see is our initial connection to the first hop vpn server? No one except the client himself/herself would even know there is a completely different exit point than the initial server we came in on. Sounds like real security to us.
Lets take a moment here to visualize what this would look like:
Client Computer----->Intermediate Server----->Hidden Exit Node
Now, from a security standpoint, that is starting to look better. But we're not finished yet. How do we disguise vpn traffic from the intermediate server to our real vpn server? This is very simply done: we send the traffic along our standard secure ssl port 443 so it blends in naturally with any standard browser traffic and doesn't even raise an eyebrow from any network operators point of view because it doesn't look like vpn traffic at all.