VPN

[defg]

I really need help trying to setup a L2TP/IPSec vpn tunnel but I'm not sure exactly how to do it with the desired traits I am looking for it seems like I'm picking things from a buffet so some may or may not go together.
If not please offer some suggestions.
I do have basic familiarity and understanding of ip addressing dhcp inside the router outside router etc.

The reason I looking to even do this is I'm a very big privacy fan - not because I have something to fear or am engaging in any illicit activities I just believe if I want you to know something I'll share it with you.
To this end I want my information to be under my privacy my control like (internet,email,ip address,ability of other unscrupulous people to disrupt my life with spam,etc.

I am currently connected to the internet via a Linksys BEFSR41 4 port router full-duplex 10/100 and DLS/Cable modem I do need the additional ports for my other pc's all running win xp. Ideally I want the other 3 pc’s to be able to tunnel at the same time. I do not need to remotely access them.

These are the traits I'm looking for the vpn tunnel to have and why:

1. 100% content encryption end to end. Anonymous surfing
a)(I read)Using the Transport mode, which is used to encrypt data inside a tunnel that is created by L2TP (the layer 2 tunneling protocol). Transport mode provides end-to-end security, all the way from the sending computer to the final destination.

2. AES 256 encryption

3. Stateful Packet Inspection (SPI) and Network Address Translation (NAT)I know some routers have the ability to use L2TP/IPSec.

4. Secure VPN
(I read)Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking intercept and thus packet sniffing), sender authentication (blocking identity spoofing), and message integrity blocking message alteration to achieve privacy
Cryptographic signing – Generating a security signature for a block of data such as the text of an e-mail message. The signature becomes invalid if the message is changed. it is extremely
difficult to pad a message to make a certificate valid. That is, it is difficult to fake the signature of a signed message.

5. I prefer not to use Microsoft client a proxy SSL or SSH.

a) (I read) The main difference between an SSL or SSH encrypted tunnel proxy and VPN
(Virtual Private Network) tunneling, is that VPN doesn't use a proxy and anonymizes and encrypts all activities

6. Currently I don’t have a vpn client or a vpn server (part of why I can't connect to create a tunnel I suppose) Can OpenVPN / Cisco AnyConnect provide these for me?

7. Because L2TP (I read) requires a Certificate Authority (CA) and certificate distribution. How does this impact what I want to do?

8. Because IPSec (I read) To use IPSec in Windows 2000/XP, you must define an IPSec policy that specifies the authentication method and IP filters to be used like Kerberos. How does this impact what I want to do?

9. If my data becomes encrypted after the tunnel has been established what will encrypt my data before tunnel is established and what is unencrypted?

10. I want to be able to use instant messengers like aim icq etc. Are any of the chat sessions encrypted and if not can I make them encrypted?

I know this is a rather lengthy post and I'm trying to provide the folks who read and respond as much information before hand so I don't waste their time and expertise.
I have been searching the internet for weeks trying to put all of this together and finally arrived at the conclusion I have to ask the experts.

[wimiadmin]

A service like this should take care of the anonymity you desire. http://www.vpnaccounts.com/

And software like this will encrypt data on your hard drive. http://www.pgp.com/

As a matter of fact, we use PGP to encrypt some of our emails/data and it works very well.

Just remember, your connection to the internet will always be controlled by someone else. So at some connection point, someone will be logging your traffic.

[defg]

Thank you for the response however I'm not looking for a vpn "pay" for use client I am am looking for a free client that is reputable i.e. OpenVPN / Cisco AnyConnect something like these that have been around for awhile and seem to be good.

I am also not looking to looking to encrypt my hard drive but to create a

L2TP/IPSec vpn tunnel to encrypt data inside a tunnel and provide end-to-end security.

[wimiadmin]

Because you want it for free, I think you're asking for a lot.

I don't know of a free service that provides all of what you're asking for, but I haven't done an in depth search for this type of service either.

My suggestion, hit Google or your favorite search engine and start searching.

Perhaps another member of the forum knows of a service like this and can help save you some time by making a recommendation.

[AboveTheLogic]

I'm having trouble understanding what it is you are looking for, there seems to be a piece of the puzzle missing unless I'm mistaken.

You want a super secure VPN tunnel for all the machines on your LAN... but what... to some other connection you don't manage?

If you are trying to tunnel between two connections you manage, this is easy. If you want to tunnel to some other unmanaged network then you are at the mercy of the security of that network.

If you are just trying to browse anonymously, try tor.

If you are concerned with secure chats you can setup a secure encrypted private jabber server. If you want secure file transfers, consider FTP over SSH.

[0siris]

I think AboveTheLogic identified a major misconception here. It seems to me, also, that defg is thinking of a VPN as a kind of way to hide his/her network usage from prying eyes. True, but only half the picture.

The hiding is done with a two-point connection that establishes an encrypted connection between those two points. And all packets between the points are then encrypted.

Let's say I have a VPN from myself to my workplace, for example. If I try to use that VPN connection to browse the Web, I'm not gaining any privacy. Sure, the traffic via the VPN is encrypted, but my workplace switches and routers don't maintain the encryption as the Web page I requested gets found and served to me.

Quote:

Originally Posted by defg

The reason I looking to even do this is I'm a very big privacy fan - not because I have something to fear or am engaging in any illicit activities I just believe if I want you to know something I'll share it with you.
To this end I want my information to be under my privacy my control like (internet,email,ip address,ability of other unscrupulous people to disrupt my life with spam,etc.

As far as I'm concerned, you have no need to justify your desire for privacy. Without getting into Constitutional debates here, as an American, I believe you have every right to privacy, regardless of your reason for wanting it.

But if you're trying to use a VPN sort of like I described above, it's not going to provide what you're expecting.