 I plan to do some things regarding VPNs. One of our, again, our first workshop, we used a VPN for a different form of privacy where instead of visiting a website direct, you visit that website via some VPN server. And the VPN has different purposes. There's some instructions on the course website to set up the VPN server on your VPS. We will not try them right now. We'll do a quick solution, and then do a few other things on the server just to cut down on time. First, we'll use, whoa. First, I'm in my browser on my laptop, your browser on your computer. Find your IP address with respect to your browser, your computer. So maybe go to a website which tells you your IP address. What is my IP? There are many. Why is it so slow? So in your browser, this is not about your server at the moment, okay? Go to a website that tells you what your IP address is and it detects me as 203.131.209.66. What is yours if you go to a website? This one is whatismyipaddress.com. See what it identifies you as. It's the same. From the perspective of this website, which is somewhere out on the internet, when someone sent a packet requesting the webpage, the source address was this one. And we are all the same. Well, why is that? Because inside SIT, we have this thing called NAT, Network Address Translation, which even though my laptop, your computers are all different internal IP addresses, they all get mapped to the one public IP address, this one. So when it goes out of SIT, the public IP address is actually this one. So when it goes to the website, the website thinks it came from this address, which is identified as Thomas Art University. So the website can track us to Thomas Art, but they can't directly track it to my laptop. But if maybe some government went to the website and says, who accessed this website at this day? The website owner would know it went to Thomas Art here, and then the government would come to our university and tell us the logs of who accessed or who used this IP address at this time of the day, and then they'll trace it back to my computer. So it's not hard for someone to trace who accessed this website. It requires a few steps. So the website identifies us. Let's use a VPN server, where when I access this website, I do it via another server, and the other server will be our VPS, our droplet. There are different ways to do a VPN, and there's instructions on the website for doing openVPN, PPTP, which are probably the best. But the fastest for us is using secure shell. Open up a terminal on your computer. You're not logged into your VPS. You're just on your computer. And SSH minus ND, choose a port number, and then the IP address of your... So you will not see this on the screen on yours. You have to copy up here. So in a fresh terminal, SSH minus ND, choose a port number. I choose 9999. You can do the same. It's okay. And then the IP address of your VPS. Maybe get it from the email or from before. I can't remember mine. It's here. The IP address, not the URL. This is going to create a secure shell connection from my laptop to my VPS. Normally, we use secure shell to log in and then run commands. But this minus ND 9999 says, do something different. It's going to set up a connection from my laptop to this VPS. And then, from my laptop's perspective, it's going to listen to other applications on this port 9999. It's going to set up an actor's a proxy. Let's run it and see how we use it. Do we need the login user? Yes, we do. Well done. Why didn't you tell me before I pressed enter? Okay, correct. I did it wrong. Let's do it again. We need to specify who we log in as. Yours will be different. Secure shell into this IP address as this user, Steve, and use this special option, minus ND 9999. Yours doesn't have to be the same number there, but it doesn't hurt if it is. Yes, I want to connect and Steve's password on the VPS or your password on your VPS. And there should be no feedback. It should sit there doing nothing like this. If there's some feedback after that, something went wrong. So now my laptop is connected to the server, a secure connection. But what it's doing on my end point is that the secure shell software is listening for other applications on my computer who want to send data. Let's set up another application to send data via this secure shell connection. Open Firefox. In Firefox, you go to your, well, preferences, edit preferences. It works on other browsers, but let's follow on Firefox preferences. I've already got it open. In the Advanced tab on the far right, under the Advanced button, there's a Network tab. And Connection. Configure how Firefox connects to the Internet. Click Settings. It sets up a proxy. Should be no proxy. We'll set it to manual proxy. And I've set it before. Proxy configuration and then look for Sox host. The others should be clear. Sox host set it to local host, meaning your computer. And the port, the same one you used in the secure shell command line. 9999 in my case. And these options, I think Sox version 5, remote DNS is important as well. Yep. You don't have this option. Ah, sorry, don't worry that. We'll tell you how to do that later. Sorry, mine's a different version of Firefox than yours. If you don't have remote DNS, don't worry, you'll survive. Any other questions? It is important, the remote DNS, but we can set it some other way. Sox host, local host, port 9999. Okay, what this does is tells Firefox anything that it sends, send to the local computer to port 9999. And the previous step, we set up secure shell to listen on port 9999. Is that enough? And secure shell that will then send that data to our VPS. And our VPS will then send it out to the real destination. The idea is that, if you can see this, is that on my computer, Firefox will send to the secure shell software. The secure shell software sends on a secure connection across the internet to my VPS, which will then send it out to the real website. So this is the VPS, your server, this is your computer, you. Instead of Firefox sending across the internet to the real website, Firefox sends to SSH on your computer, and then sends it via a secure connection to your VPS, which then sends it out to the internet. So this part is all encrypted. Let's see if it works. Press OK. Close. And now visit, let's say, refresh here. Visit what is my IP address. Look at your IP address. And look where you are. You're in Singapore now. Or the website thinks you're from Singapore. So this is a simple form of a VPN using secure shell. You haven't given your password for a secure shell. Type your password there. Try again. So two steps. First, start the secure shell client in a special mode that it connects to the server and then listens on this port 9999. You don't need to use this number. You can use other ports. That creates a secure connection between you and your VPS. Then tell your browser to send everything via this secure connection. Use a proxy. The result, two results. The web server that receives your data identifies you as the VPS. Note that this IP address is the IP address of my VPS. Yours will be the IP address of your VPS. So the web server doesn't identify you being from Tamasat and now identifies you being from Singapore. So there's some form of privacy. The second benefit here is that the data between you and your VPS is encrypted. So if there was somewhere on that path that you wanted to hide your data from, then you've done so in this case. You can see your employer or your university or whoever you're accessing the internet by. That is everything I'm sending from my computer now is encrypted as it goes out of SIT. No one inside SIT can see that data. Did it work? Still refusing connections? Yours worked? So let me see.