[ale] OT have some questions about vpn security

[jdp at algoloma.com (JD)]

On 07/13/2013 04:59 PM, Ron Frazier (ALE) wrote:
>  I'm using port 443 via udp on the vpn.  I notice that it disconnects and reconnects every few minutes. 

Without talking to the network designer or deployment engineer, I don't think
you'll ever get a specific answer for your question.  I find it likely that they
have a connection timeout for all traffic - udp and tcp, just to keep the
firewall state table from becoming too large.

It is good to know that udp is allowed. I wouldn't have expected that at all. I
would expect only TCP on well-known ports to be allowed and a transparent proxy
to provide all DNS ... so that udp need only be allowed from that single
machine, not all clients.  There are lots of different security architectures.
Finding an open internet access point outside a home environment is getting
harder and harder in my experience.

I suppose that you really trust the HotSpotVPN-2 guys, since you let all your
non-SSL traffic exits from their systems.  I send all my traffic to my home
network, since I'm basically forced to trust the ISP. Brian Krebs had an
interesting article a few days ago about being secure online ... or was it Bruce
Schneier's blog?  One of those 2 - with lots of suggestions from "experts" on
how to accomplish it.  I think a journalist asked the question.