Tuesday, August 11, 2015

iOS Security Tools - OpenVPN Connect

OpenVPN Connect - Normally $2.99 but free at time of this article

Developer: OpenVPN Technologies

Whether you're connecting to the internet over WiFi at a hotel, airport, coffee shop etc. unless your app provides native encryption or you're browsing websites over HTTPS (HyperText Transfer Protocol Secure) then your data is wide open for someone on that same network to see. If you're googling for fuzzy kitten pictures, then it probably doesn't matter, but if you're transferring work files or logging into a website without encryption then you run the risk of a bad guy intercepting that data. You might even think that only highly skilled hackers can do this, but nothing is further from the truth. It could be the soccer mom sitting four tables away from you running Wireshark on her laptop just passively collecting packets until her filter for the text "password" flags and then she's got you.

But for a moment, let's get away from the hacker scenario. Who else could be monitoring your traffic? The provider of the wireless access point you're connected to? The ISP (Internet Service Provider) connecting you to the internet? The coffee shop? If you answered yes to all of these, then you are correct. It might be relatively benign, most likely they're monitoring which websites you go to and injecting ads they believe are relevant. Or they're just building on your profile of browsing habits because they can monetize that.

That's where a VPN (Virtual Private Network) comes in. Basically a VPN creates an encrypted tunnel between your device and a server out on the internet. This tunnel encrypts all your data making it unreadable to anyone except the server on the other end who decrypts the tunnel and passes your requests on to wherever you were trying to go. Let's say you are connected to your local cafe's free wireless on your iPad using a VPN and you launch the Chrome web browser to go to this blog at http://blog.saltedbrain.org. Your iPad is connected to a VPN server on the internet over an encrypted tunnel. The hacker soccer mom can see your packet data, but it's all securely encrypted and unreadable to her. Same for the cafe owner's wireless access point, the ISP and the interconnecting hops all the way to your VPN server. The VPN server decrypts the traffic and passes your web browser request for this blog to my server on your behalf. My blog server responds and sends everything back to the VPN server who then encrypts everything again over the VPN tunnel and sends it back to your iPad.

Now, the more tech savvy among you might have realized that if everything is decrypted at the VPN server, then they could potentially capture all that data right there. You are correct. That's why it's very important to do your research in finding a reputable VPN provider. Or, you can place your trust in me and my research and follow along below to get set up. But bear with me for another minute here so I can explain what you're looking for in a good reputable VPN provider.

  • They should support the latest encryption methods such as AES 256
  • They should state in very plain text and loudly that they do not store or read your internet traffic. You still have to take that on a leap of faith I suppose.
  • They should make mention of their speeds. In a world where you usually get what you pay for, free or cheap VPN providers typically have slow connections. The one I will be telling you about is an exception.
  • Look for bandwidth limits. Will they give you fast connectivity until you hit 1GB and then rate limit your connection (slow you down)? Will they cut you off after you hit 1GB of traffic?
  • Do they limit what sort of sites you can visit? Most will block P2P (torrents), but will they block gaming sites?

I've found a VPN provider who gives you unlimited bandwidth, doesn't block anything but P2P, doesn't store your internet traffic aside from your IP address and what time you connected (which they only keep for a week), support strong cryptography and they're FREE. You can find them at http://www.vpnbook.com.

Let's get into how to get set up.

  • Download the OpenVPN Connect app from the Apple App Store.
  • Download the Zip Viewer app from the Apple App Store. We need this to download and extract the OpenVPN profile from VPNBook. If you have another app that will let you download ZIP files, such as iDownloader already, then use that.
  • Go to http://www.vpnbook.com/freevpn in Safari and tap the link for US1 OpenVPN Certificate Bundle as shown in the screenshot. Take note of the username and password just below the various bundles. You'll need this later.
  • Choose Open In and scroll over till you find Open In Zip Viewer
  • When Zip Viewer opens, tap on VPNBook.com-OpenVPN-US1 on the left to open the ZIP file and then tap on vpnbook-us1-tcp80.ovpn on the right.
  • Next tap on the Send To icon at top right and choose Open in OpenVPN

  • When OpenVPN launches you'll see under the New Profiles Are Available section. Tap on the green plus sign and it will open that profile below like the screenshot (I had already added this when I took the screenshot.)
  • The username and password are listed on the VPNBook page where you downloaded the OpenVPN Certificate Bundle. At the time of writing this article, it was vpnbook:y6gaTRuv. Tap the save switch so you don't have to enter them again later. Now tap the Connection switch.

    And that's it. You can switch to another app and start browsing. You should see a VPN box next to your carrier and WiFi info at the very top. This lets you know you are using a VPN connection. When you're all done, just launch OpenVPN again and tap the Connection switch to turn it off. You can even run OpenVPN over your cell data connection. It's not limited to just WiFi.