Google WiFi Client Explained

Update: Glenn has some more details.

Following my previous post, a lot of you (thanks!) sent me information about where all you were using the client. Given the different locations, I guess this is “general availablity” for now. A dozen of you sent me some special thoughts. So putting it all together, here are some more details…

1. It is a PPTP (Point-to-Point Tunneling Protocol) based VPN client. (uses Microsoft’s built-in PPTP VPN)
2. As James pointed out, the VPN in theory should work from anywhere and not just from Google hotspots.
3. Rajat Gopal writes in and says, “The Google client establishes a SSL connection to, tears it down, then establishes a SSL connection to, tears it down, and then kicks off the PPTP VPN connection to”
4. Gopal also writes, “If you set it to ‘connect automatically’ it tries to find out if you are connected to a hotspot by querying the WLAN adapter. If you are connected it launches the VPN connection. Otherwise you can always connect manually.”
5. Clicking on the ‘Security’ Tab, then Advanced ‘Settings’ reveals even more. They are allowing CHAP, MS-CHAP, and MS-CHAP v2. Both CHAP and MS-CHAP (v1) are known for their weaknesses, searching on google.

Another reader, Boris writes, “They give you a VPN end point, just like they give you an email account, jabber account, blogger account.”

WiTopia folks tell me that there might be some problems.

1. Next problem, clicking on the ‘Networking’ tab reveals that everything that is loaded (TCP/IP, File and Printer Sharing for Microsoft Networks, Client for Microsoft Networks, etc, etc) is enabled to pass through the VPN. This doesn’t seem to be a a good idea and should be limited to just TCP/IP.

2. MS-CHAPv2 is better, but it isn’t being enforced. For example, both CHAP and MS-CHAP (v1) both suffer from man-in-the-middle attacks. While MS-CHAPv2 partially solves the man-in-the-middle attack problem, it’s still susceptible to other attacks and is highly reliant on password complexity and integrity. It’s still not clear what you use with Secure Access to authenticate.

That’s a lot of tech talk, but WiTopia does bring up an important point in #1. Any one want to chime in on this? Maybe Glenn can write something? He is the WiFi guru after all?

I promise, this is the very last post on this whole topic. I am getting a bit of a Google-strain!