This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN–and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.
* Assuming your config doesn’t leak DNS; see improvements section
Update 2017-08-25: Added “kill switch” firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN’s vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the ‘home’ wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP–giving a false sense of privacy).
This month (September 2011), UCF officially killed the “UCF” SSID to be replaced by “UCF_WPA” and “UCF_WPA2.” Configuring Ubuntu Linux to connect to the UCF WPA2 network is neither trivial nor documented by UCF.
To aid other UCF Ubuntu users, I created a Wireless article on the unofficial UCF wiki. This includes links to the official UCF certificates and instructions on how to connect to the UCF_WPA2 network in Ubuntu.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
While I frustratingly waited to connect to the UCF Wifi after a recent change to their system, I typed up the following email complaint to the UCF DoIT Manager. If *you* have also had issues with unstable/dropped connections, slow bandwidth, latency, or the inability to connect to the UCF Wifi, I urge you to also contact the UCF Department of Information Technology via:
cst@ucf.edu = General bob.yanckello@ucf.edu = Bob Yanckello (UCF Chief Technology Officer) lou.garcia@ucf.edu = Lou Garcia (UCF Network Manager [responsible for wireless services]) chrisv@mail.ucf.edu = Chris Vakhordjian (Information Security Office) tim.larson@ucf.edu = Tim Larson (ERP Consultant) jim.ennis@ucf.edu = Jim Ennis (Enterprise Systems & Operations) andy.hulsey@ucf.edu = Andy Hulsey (Telecommunications [includes Network Services]) aaron.streimish@ucf.edu = Aaron Streimish (Project Performance & Management Office)
Email below
While I understand the benefit of encrypted wireless communications, UCF’s decision to require all student wireless clients to use WPA without preparing to sufficiently upgrade the wireless infrastructure has rendered the UCF Wifi *unusable*.
Allow me to provide a brief log of my Internet Experience this afternoon (2011-09-15).
12:02 – attempt to connect to WiFi – fail for 9 minutes 12:11 – connected 12:11 – google ’email ucf department of information technology’ 12:12 – disconnected . . . → Read More: UCF Wifi Rant
So, I got into a discussion with a friend of mine in my Computer Security class at UCF about this script. I’m posting this for historical and educational purposes only. As always, I never condone the implementation of any of my content for malicious intent. Moreover, this script has flaws that * would make it useless in such a scenario. Don’t do it!
Here’s a script I hacked up last semester when I was playing with MITM attacks and packet eavesdropping with ettercap:. This scripts will automatically:
fake its MAC Address get a new IP Address collect a list of hosts on the same subnet as itself iterate through and ARP poison: each of these hosts one at a time for 5 minutes each save all data collected in host-specific files in a timestamped directory repeat until the hard drive is full Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
So, I figured: D-Link is a popular company, they’re not going anywhere, they sell tons of devices, so my chipset is probably well supported in Linux, right? Wrong.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
I just got the wireless working on my new laptop in ubuntu (thank god for forums), and I was disgusted to find that from my room I got ~20% signal quality. I knew the problem could be with the laptop or the wireless router, but since I can’t do anything about the laptop I did some tests with my router by using three different antennas.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
