Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN–and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.

* Assuming your config doesn’t leak DNS; see improvements section

Update 2017-08-25: Added “kill switch” firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN’s vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the ‘home’ wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP–giving a false sense of privacy).

Why

In April 2017, Trump signed Bill S.J.Res.34, which repeals the Broadband Consumer Privacy Proposal from October 2016. This enormous step backwards permits anyone’s ISP to sell their Internet activity. The EFF put it best:

companies
. . . → Read More: Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

UCF Wifi in Ubuntu

This month (September 2011), UCF officially killed the “UCF” SSID to be replaced by “UCF_WPA” and “UCF_WPA2.” Configuring Ubuntu Linux to connect to the UCF WPA2 network is neither trivial nor documented by UCF.

To aid other UCF Ubuntu users, I created a Wireless article on the unofficial UCF wiki. This includes links to the official UCF certificates and instructions on how to connect to the UCF_WPA2 network in Ubuntu.

UCF Wifi Rant

While I frustratingly waited to connect to the UCF Wifi after a recent change to their system, I typed up the following email complaint to the UCF DoIT Manager. If *you* have also had issues with unstable/dropped connections, slow bandwidth, latency, or the inability to connect to the UCF Wifi, I urge you to also contact the UCF Department of Information Technology via:

cst@ucf.edu = General bob.yanckello@ucf.edu = Bob Yanckello (UCF Chief Technology Officer) lou.garcia@ucf.edu = Lou Garcia (UCF Network Manager [responsible for wireless services]) chrisv@mail.ucf.edu = Chris Vakhordjian (Information Security Office) tim.larson@ucf.edu = Tim Larson (ERP Consultant) jim.ennis@ucf.edu = Jim Ennis (Enterprise Systems & Operations) andy.hulsey@ucf.edu = Andy Hulsey (Telecommunications [includes Network Services]) aaron.streimish@ucf.edu = Aaron Streimish (Project Performance & Management Office)

Email below

While I understand the benefit of encrypted wireless communications, UCF’s decision to require all student wireless clients to use WPA without preparing to sufficiently upgrade the wireless infrastructure has rendered the UCF Wifi *unusable*.

Allow me to provide a brief log of my Internet Experience this afternoon (2011-09-15).

12:02 – attempt to connect to WiFi – fail for 9 minutes 12:11 – connected 12:11 – google ’email ucf department of information technology’ 12:12 – disconnected
. . . → Read More: UCF Wifi Rant

Iterative MITM Packet Sniffer

So, I got into a discussion with a friend of mine in my Computer Security class at UCF about this script. I’m posting this for historical and educational purposes only. As always, I never condone the implementation of any of my content for malicious intent. Moreover, this script has flaws that * would make it useless in such a scenario. Don’t do it!

Here’s a script I hacked up last semester when I was playing with MITM attacks and packet eavesdropping with ettercap:. This scripts will automatically:

fake its MAC Address get a new IP Address collect a list of hosts on the same subnet as itself iterate through and ARP poison: each of these hosts one at a time for 5 minutes each save all data collected in host-specific files in a timestamped directory repeat until the hard drive is full
. . . → Read More: Iterative MITM Packet Sniffer

eHome — are you home?

Alright, this is bullshit.

I bought an eHome wireless NIC a while ago for really cheap. Haven’t heard of eHome? Neither had I, but it didn’t take me long to realize that it was actually part of D-Link Corporation when I sent my rebates to a DLink corporate address, and when I read the message: “Copyright © D-Link Corporation/D-Link Systems, Inc. All rights reserved. eHome Networking and the eHome Networking logo are registered trademarks of D-Link Corporation or its subsidiaries in the United States and other countries…”

So, I figured: D-Link is a popular company, they’re not going anywhere, they sell tons of devices, so my chipset is probably well supported in Linux, right? Wrong.


. . . → Read More: eHome — are you home?

The test of three antennas

I just got the wireless working on my new laptop in ubuntu (thank god for forums), and I was disgusted to find that from my room I got ~20% signal quality. I knew the problem could be with the laptop or the wireless router, but since I can’t do anything about the laptop I did some tests with my router by using three different antennas.


. . . → Read More: The test of three antennas