I really need help trying to setup a L2TP/IPSec vpn tunnel but I'm not sure exactly how to do it with the desired traits I am looking for it seems like I'm picking things from a buffet so some may or may not go together.
If not please offer some suggestions.
I do have basic familiarity and understanding of ip addressing dhcp inside the router outside router etc.
The reason I looking to even do this is I'm a very big privacy fan - not because I have something to fear or am engaging in any illicit activities I just believe if I want you to know something I'll share it with you.
To this end I want my information to be under my privacy my control like (internet,email,ip address,ability of other unscrupulous people to disrupt my life with spam,etc.
I am currently connected to the internet via a Linksys BEFSR41 4 port router full-duplex 10/100 and DLS/Cable modem I do need the additional ports for my other pc's all running win xp. Ideally I want the other 3 pc’s to be able to tunnel at the same time. I do not need to remotely access them.
These are the traits I'm looking for the vpn tunnel to have and why:
1. 100% content encryption end to end. Anonymous surfing
a)(I read)Using the Transport mode, which is used to encrypt data inside a tunnel that is created by L2TP (the layer 2 tunneling protocol). Transport mode provides end-to-end security, all the way from the sending computer to the final destination.
2. AES 256 encryption
3. Stateful Packet Inspection (SPI) and Network Address Translation (NAT)I know some routers have the ability to use L2TP/IPSec.
4. Secure VPN
(I read)Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking intercept and thus packet sniffing), sender authentication (blocking identity spoofing), and message integrity blocking message alteration to achieve privacy
Cryptographic signing – Generating a security signature for a block of data such as the text of an e-mail message. The signature becomes invalid if the message is changed. it is extremely
difficult to pad a message to make a certificate valid. That is, it is difficult to fake the signature of a signed message.
5. I prefer not to use Microsoft client a proxy SSL or SSH.
a) (I read) The main difference between an SSL or SSH encrypted tunnel proxy and VPN
(Virtual Private Network) tunneling, is that VPN doesn't use a proxy and anonymizes and encrypts all activities
6. Currently I don’t have a vpn client or a vpn server (part of why I can't connect to create a tunnel I suppose) Can OpenVPN / Cisco AnyConnect provide these for me?
7. Because L2TP (I read) requires a Certificate Authority (CA) and certificate distribution. How does this impact what I want to do?
8. Because IPSec (I read) To use IPSec in Windows 2000/XP, you must define an IPSec policy that specifies the authentication method and IP filters to be used like Kerberos. How does this impact what I want to do?
9. If my data becomes encrypted after the tunnel has been established what will encrypt my data before tunnel is established and what is unencrypted?
10. I want to be able to use instant messengers like aim icq etc. Are any of the chat sessions encrypted and if not can I make them encrypted?
I know this is a rather lengthy post and I'm trying to provide the folks who read and respond as much information before hand so I don't waste their time and expertise.
I have been searching the internet for weeks trying to put all of this together and finally arrived at the conclusion I have to ask the experts.
A service like this should take care of the anonymity you desire. vpnaccounts.com
And software like this will encrypt data on your hard drive. http://www.pgp.com/
As a matter of fact, we use PGP to encrypt some of our emails/data and it works very well.
Just remember, your connection to the internet will always be controlled by someone else. So at some connection point, someone will be logging your traffic.
Thank you for the response however I'm not looking for a vpn "pay" for use client I am am looking for a free client that is reputable i.e. OpenVPN / Cisco AnyConnect something like these that have been around for awhile and seem to be good.
I am also not looking to looking to encrypt my hard drive but to create a
L2TP/IPSec vpn tunnel to encrypt data inside a tunnel and provide end-to-end security.