If you simply must use a public wifi such as those found in popular restaurants, cafes or even hotels. There is a way to secure your connection from would be eavesdroppers and attackers, and it is actually extremely cheap and relatively easy to setup for you and your family.
We are of course talking about using a VPN, but not just any VPN service. We are talking about how to establish your own legitimate VPN service which would be unknown to would be attackers, ISPs, and perhaps even anyone seeking to intercept your data.
Most VPN providers will prompt you to install one of their applications which requires you to enter a username and password in order to establish a connection. The application will then download a certificate to be used on your device, and from there a secure tunnel established to one of their servers.
If said VPN provider were to be compelled by a regional government to hand over their user lists and provide access to the information being transmitted, then there is also the possibility of your account and data being intercepted.
With your own private VPN server you are insulated from the other users who may cause your VPN to become interesting to authorities.
1. Find a VPS provider who is either nearby, or in a region where you would prefer your data to be coming from.
For the purposes of my demonstration I have chosen to utilise an OVH VPS which offers me unmetered 100Mbps, 10GB of disk space and 2GB of RAM. This is more than enough for my purposes (since broadband in Australia is slower than morse code tapped out through a pair of tin cans and a relatively generous piece of string).
This VPS will only cost me approximately $4.50 AUD per month, and I do not pay for excessive bandwidth either. I will also be able to connect several device through this server too, so it's cost benefit ratio is more than favorable.
2. Connect to your newly commissioned VPS and ensure the latest updates have been applied.
There is no point in creating a VPN server when you have not patched the server against the latest update list. You are effectively allowing would be attackers to attempt infiltration against an older version of your OS.
Since I am utlising CentOS for my implementation Yum will be doing my updates and front loading our requirement for Perl. I like using Wget too, although Curl will work quite well too.
yum update -y
yum install perl -y
yum install wget -y
3. Install the Roadwarrior OpenVPN server.
I have been using this distribution of OpenVPN and a management script behind it for a couple of years now, and it has been extremely easy to create, edit, and delete profiles as well as re/configure DNS servers.
Yes, this will also allow you to configure which DNS servers your VPN server will use (blocked websites no more).
The RoadWarrior OpenVPN installer will front load all of your software requirements on the Linux box.
wget https://git.io/vpn -O openvpn-install.sh
4. Create User Profiles.
OpenVPN will create certificates for each user profile you allow to connect through your VPS server.
Instead of entering a username and password each time a connection is made a certificate is copied to the device which will be connecting via your new VPN server.
So now we need to create individual certificates through the console application. Once you have created the profile, an ovpn file is generated for each client.
Download this file using SFTP or SSH and load the contents into the configuration directory of OpenVPN.
5. Connecting devices to your OpenVPN server
There are a number of applications which can utilise the OVPN profile to create your secure connection.