3 Comments

Summary:

Update: Glenn has some more details. Following my previous post, a lot of you (thanks!) sent me information about where all you were using the client. Given the different locations, I guess this is “general availablity” for now. A dozen of you sent me some special […]

Update: Glenn has some more details.

Following my previous post, a lot of you (thanks!) sent me information about where all you were using the client. Given the different locations, I guess this is “general availablity” for now. A dozen of you sent me some special thoughts. So putting it all together, here are some more details…

1. It is a PPTP (Point-to-Point Tunneling Protocol) based VPN client. (uses Microsoft’s built-in PPTP VPN)
2. As James pointed out, the VPN in theory should work from anywhere and not just from Google hotspots.
3. Rajat Gopal writes in and says, “The Google client establishes a SSL connection to vpn.google.com, tears it down, then establishes a SSL connection to wifi.google.com, tears it down, and then kicks off the PPTP VPN connection to vpn.google.com.”
4. Gopal also writes, “If you set it to ‘connect automatically’ it tries to find out if you are connected to a hotspot by querying the WLAN adapter. If you are connected it launches the VPN connection. Otherwise you can always connect manually.”
5. Clicking on the ‘Security’ Tab, then Advanced ‘Settings’ reveals even more. They are allowing CHAP, MS-CHAP, and MS-CHAP v2. Both CHAP and MS-CHAP (v1) are known for their weaknesses, searching on google.

Another reader, Boris writes, “They give you a VPN end point, just like they give you an email account, jabber account, blogger account.”

WiTopia folks tell me that there might be some problems.

1. Next problem, clicking on the ‘Networking’ tab reveals that everything that is loaded (TCP/IP, File and Printer Sharing for Microsoft Networks, Client for Microsoft Networks, etc, etc) is enabled to pass through the VPN. This doesn’t seem to be a a good idea and should be limited to just TCP/IP.

2. MS-CHAPv2 is better, but it isn’t being enforced. For example, both CHAP and MS-CHAP (v1) both suffer from man-in-the-middle attacks. While MS-CHAPv2 partially solves the man-in-the-middle attack problem, it’s still susceptible to other attacks and is highly reliant on password complexity and integrity. It’s still not clear what you use with Secure Access to authenticate.

That’s a lot of tech talk, but WiTopia does bring up an important point in #1. Any one want to chime in on this? Maybe Glenn can write something? He is the WiFi guru after all?

I promise, this is the very last post on this whole topic. I am getting a bit of a Google-strain!

  1. More On Google WiFi Client

    Google WiFi Client Explained from Om Malik is a quick, nice follow up on some of the Google WiFi stuff. In short, people ARE using it even outside of San Francisco, along with some info on how it works and maybe isn’t so secure….

    Share
  2. Google, WiFi, SF

    Google, WiFi, SF: Om Malik: “Google is making a bid to build a San Francisco-wide free wifi network, according to company officials. The company today filed documents in response to San Francisco Mayor Gavin Newsom’s request for information for the…

    Share
  3. [...] Google officials say San Francisco residents (and visitors) will enjoy a free 300 kilobits per second, always on connection anywhere in the city. As part of its proposal, the company says it will be offering wholesale access to other service providers, who will offer higher throughput connections to their customers. Google says it plans to use its own authentication services. (That explains the Google WiFi VPN client to some extent). The company is going to use San Diego-based WFI, a cellular network builder company to build out the WiFi network. [...]

    Share

Comments have been disabled for this post