[riobard]

Thanks for the explanation! There are a few things I don't understand fully, could you please talk a bit more?

“since ssh -D is not a true VPN tunnel, your machine is exposed to the hostile network (if you don't have a firewall).”

I believe on OS X the SOCKS proxy is applied globally, unlike Windows where you have to do per-application settings. So aside from DNS queries, I guess other TCP connections should go through SOCKS? That should cover the major problem of FireSheep.

Also, since on Windows/OS X/iOS there is no default OpenVPN clients, I use PPTP/L2TP/IPSec-based VPN instead because they are available by default. Is there any advantage of OpenVPN over them?

[tpahax0r]

For the purpose of defeating FireSheep, ssd -D works just fine.

OpenVPN in the configuration of the blog post utilizes 443/tcp, which is open at most places, while the ports required for PPTP/L2TP/IPSec could be closed.

[draebek]

Worst than just "ports" AFAIK: last I checked PPTP required use of either GRE or its own protocol (I can't remember which)--so not TCP nor UDP, and thus more likely to be blocked or simply NATed incorrectly. I don't recall how L2TP works, but I bet it uses a different IP protocol as well. I'm not sure if it's common to use L2TP unless it's tunneled in IPsec these days. IPsec can run over UDP if configured correctly. (I always encountered the UDP transport in the context of NAT-T which has/had its own set of problems. For example, it used to be the case that many IPsec "servers" had a problem with more than a single NAT-T client behind the same NAT. Not sure if that's still the case as this stuff is no longer my job, thankfully.)