VPN, FiOS And Moving
- 4
- Add a Comment
As of today, I am officially a home owner - my wife and I just closed on our new house today. And with that, comes FiOS installation along with all of the fun that comes with a new move. Good stuff. Yet due to other recent events, I have found myself using a hotspot compatible VPN option as I had what you might consider to be a rather abrupt data intrusion that came about from my data being unencrypted during my time using a public hotspot. Needless to say, I have begun taking steps to correct this. And this brings me to an important question - when connecting to a VPN service targeting the wifi hotspot audience, connecting over PPTP (Windows VPN), is there any damage done to my privacy by using OpenDNS for my DNS servers?
As it turns out, one can indeed apparently connect to a VPN and use OpenDNS servers. However I have only done so in testing as I need to be 100% that I am not comprimising the point of the VPN tunnel by using these DNS servers over that of what my VPN provider might be providing otherwise.
So let’s have it VPN/security experts out there, help me to set this straight once and for all. Comment to this thread so that I can be sure that using OpenDNS servers for DNS is not simply defeating the purpose of using the VPN tunnel in the first place. Thanks everyone!
4 Comments
Mark Hill
September 11th, 2008
at 7:17am
RE:: “defeating the purpose of using the VPN tunnel”
I have to start by asking, what _is_ your purpose in using the VPN? You are encrypting the communication between your laptop and the other end of the tunnel, so if the VPN server is your home or office, that traffic is secure. Now for all your other communication–DNS queries, http browsing, unencrypted mail traffic, etc.–you have a choice. (Wizards, please check me on this–a little experiment with Wireshark would do the trick). If you use the VPN for your default gateway, then the traffic goes through the tunnel encrypted. If you don’t (say, for the sake of speed) all of that goes through your plain network connection. Which DNS you’re using makes no difference.
Shawn Jackson
September 12th, 2008
at 5:56pm
As Mark stated knowing the purpose of your VPN would help. I have not used PPTP in a production environment in at least 5 years. IPSEC VPN can be more secure.
Generally you want your DNS requests to go unencrypted directly to the internet. If you are dealing with an internal network that has DNS servers then you want to point to them to allow resolution on your network. A good example of this would be a connection to a work VPN that is running active directory.
The traffic that will pass can be solely traffic destined to the connected network, or all traffic. The administrator creating the VPN will determine this.
I don’t see openDNS as a security problem.
Matt Hartley
September 12th, 2008
at 6:01pm
Purpose would be to connect from my point to another point (server) that then provide access me to the ‘Net. It’s still point to point, but for wifi hotspots. This company here has a good work up of what I need it for.
http://hotspotvpn.com/whatisavpn.asp?mm=2
Eric Fisher
September 15th, 2008
at 7:46pm
If you feel comfortable with OpenDNS as a vendor, but pass your traffic to and from them in the clear, then yes, your queries could be quite public and your privacy eroded. Of course your account at OpenDNS is also a vector for your privacy to leak!
If you tunnel everything to the corp office where you have all your services provided, you lose some speed (vpn overhead), but should be quite private on any medium.
Best of both worlds—-have the corp DNS server point at OpenDNS for its cache and tunnel to corp.
Eric