This article was provided to TechRadar by Linux User & Developer, a magazine which is dedicated to passing on the open source knowledge and expertise of grass-roots developers and hackers. Some of the software included may have been updated since the article was first published.
If you use your Linux machine to access the internet, whether it’s at home or particularly on the road, then it’s worth learning about the pros and cons of Virtual Private Networks or VPNs.
A VPN allows you to secure traffic between two locations – the first being your own machine, the other being either a commercial VPN provider or a VPN system that you have deployed yourself, either in the cloud or perhaps at another location of your own, such as in the office.
VPNs are available using a host of different protocols, but their essence is the same – traffic is encrypted at the host end and decrypted at the server end, ensuring that information cannot be snooped on by a middleman on the way to its destination.
When using a VPN, there are a number of different options related to routing. The typical scenario is to route all traffic over the VPN connection, but you can also use the concept of ‘split tunnelling’, where some traffic passes over the VPN connection and some passes over the regular internet connection, based on routing rules.
VPNs are often touted as an essential tool for those worried about persecution for their online activities, but the reality is that their benefits reach much wider, offering peace of mind for anyone who sends data over public networks.
Why go virtual?
So, let’s take a moment to more thoroughly explore the reasons why you might want to use a VPN. Although privacy and security concerns are the most common reasons for setting up private networks, they are not the only ones.
Whether you’re using a home broadband connection or roaming mobile data in a foreign country, there’s a good chance that you’ll be subject to traffic shaping. Traffic shaping is employed by service providers to limit the speed of certain types of traffic in order to prioritise content across their network.
For example, many of the UK’s service providers use shaping to throttle down music and video streaming services when out of the country, in order to discourage customers from using large amounts of data. Similarly some UK broadband providers will do the same with file downloads at peak hours.
A VPN can help avoid this happening, as it encrypts all traffic going across your internet connection, meaning that your provider won’t be able to see exactly what you are doing. One slight caveat with this is that some providers may detect and throttle VPN traffic itself, although given the wealth of different VPNs and protocols available, this can be avoided by using a less common service (typically, not OpenVPN).
The classic use case of a VPN is with public Wi-Fi hotspots. If you are out and about with your Linux laptop (or your phone, or any other connected device), then you might want to take advantage of some free connectivity provided by your favourite coffee shop.
The problem with this is that you don’t really know what is happening to your data as it travels between your device and the service you want to use. It could be intercepted by other actors on the network or by a compromised Wi-Fi system in the cafe. If you are looking to send any data you care about, be it your social network posts or your online banking, you should really think twice here. Using a VPN will ensure that all traffic going over the public network is safely encrypted.
A very common use of VPNs is to provide external connectivity to office networks. Using this method means that opening machines up to the world completely can be avoided; instead, only a VPN server is configured. When users connect to the VPN, they will be able to browse as if they were actually in the office. Using split tunnelling means that any internet access or local network access will still be possible, but addresses within the office IP range are routed over the VPN.
This concept can also be used in a similar way on your home network. By installing a VPN server at home (or using VPN functionality built into a number of popular routers), it is possible to connect when away from home and access machines on your home network as if you were actually there. This is particularly useful if you have content stored on a NAS, or perhaps want to remotely view IP security cameras without opening them up completely to the world.
Many businesses now choose to deploy their infrastructure in the cloud, using providers such as Amazon Web Services. A common concept in cloud hosting is VPC, or Virtual Private Cloud. This allows companies to have a number of servers located in the cloud, but have them not generally accessible to the internet, instead allowing them only to communicate with each other. A good option is to deploy VPN access inside the VPC, so that again a minimal number of ports are exposed to the outside world, helping to enhance overall security.
Location, location, location
One consideration when using VPNs is their location. If you are based in the UK, but connect to a VPN in another country – the US for example – then this will impact activities such as web browsing, as the destination server will see only your ‘exit IP’, that is the IP of the server from where you are ultimately routing traffic.
This can be a negative thing – if you are using Google and everything comes up in another language, or content is geo-blocked – or a positive thing, if you are out of the country, and you VPN back to the UK in order to access content that is similarly restricted (BBC iPlayer is a great example).
VPN versus VPS
So that’s the basics of VPN covered, but you may have also heard of a VPS, and wondered what on earth that is. A VPS is a ‘virtual private server’ – a virtual server box in the cloud. Let’s explore the main points of difference between the two.
What’s a VPN?
- It’s typically provided by specialist VPN companies
- Also possible for tech-savvy people to deploy
- Varies widely in price, but start from free
- Typically, you get what you pay for
- If the encryption key is shared amongst users, data could still potentially be compromised
- Often available with ‘POPs’ (points of presence) in a range of countries across the world
- Speeds will often vary based on user location
What’s a VPS?
- Provides a set amount of CPU, RAM, storage and traffic for a monthly fee
- Is generally deployed with a basic OS build the user can then customise
- More commonly available with Linux than any other platform
- Ideal for deploying your own VPN solution
Got all that? Good. On the next page, we’ll move on to consider the best VPN options themselves…