I'm not sure that making 'security' easy in this style helps people. Say you set this up, and you get yourself that nice cosy feeling of security, how does that compare to reality? People used to buy anti-virus software to buy 'security' and it turned out to not really help against actual problems like zero-day malware. Now, we get VPNs and people that don't actually know what they are or how they work or what they're for install and 'use' them (for lack of a better term) and get that sense of security with no backing. How is it secure for them? Is it still secure after one month? Was it secure to begin with?<p>Security isn't a thing that you 'buy' or 'add', it's something that you 'do' and 'know'.<p>Using a VPN server and a VPN client doesn't do anything other than getting traffic from A to B over a presumed hostile network. Ideally using asymmetrical encryption to make sure the keys don't have to travel the network. Then, you sure probably use that tunnel to send all traffic, not just your p2p or http traffic. Using DNS over the normal network and your 'secret' stuff over the tunnel still exposes what you are doing and actually makes you more suspicious since you now look like you are trying to hide things (and doing a bad job at it). And what about firewalls, WebRTC hacks, routing tables etc. that now expose your network setup to any software you execute (be it an application or a webpage), or applications that don't honor your VPN setup and route packets wherever they want to. What about your OS routing stuff elsewhere? What about that Pi not being setup correctly and you happily using it but still leaking a ton of traffic over the visible network? A user of an easy VPN setup will not know and be covered by a false sense of security.<p>Even if you have perfect instructions and set it up perfectly initially, you would still be vulnerable down the road as new problems arise and mitigations might be available but unknown due to a user not actually knowing what it is or what they are doing.
I personally use Streisand [1] hosted on a t2.micro using the AWS Free Tier. Some people also recommend Algo [2]. Both have all their code open sourced on GitHub.<p>I do have a Pi too, but after all these new laws where ISP's can sell your Internet history etc. I think it's nice to be able to hide traffic from them too.<p>[1] - <a href="https://github.com/jlund/streisand" rel="nofollow">https://github.com/jlund/streisand</a><p>[2] - <a href="https://github.com/trailofbits/algo" rel="nofollow">https://github.com/trailofbits/algo</a>
The Pi is far too slow to do more than a couple of MB/s of vpn traffic so hosting a VPN server on it feels like a rather pointless exercise.<p>A bit more expensive but at least 100x faster option would be <a href="https://www.amazon.com/Supermicro-A1SRi-2558F-Intel-Fanless-Server/dp/B016VHBA7C/" rel="nofollow">https://www.amazon.com/Supermicro-A1SRi-2558F-Intel-Fanless-...</a><p>And I suppose something like <a href="https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-Barebone/dp/B01GIVQI3M/" rel="nofollow">https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-Bare...</a> or maybe <a href="https://www.amazon.com/Solana-Tech-pfSense-firewall-router/dp/B01D6I5VV0/" rel="nofollow">https://www.amazon.com/Solana-Tech-pfSense-firewall-router/d...</a> would be an OK cheaper alternative.
I've seen quite a few guides and blog posts using OpenVPN, but very few show how to setup native Cisco ipsec which works out of the box with macOS and iOS without any 3rd party software to configure.<p>Thus, here is a blog post I wrote a bit ago on how to setup a dedicated native Cisco ipsec pi:<p><a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" rel="nofollow">https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec...</a>
Running it with Pi-Hole (<a href="https://pi-hole.net/" rel="nofollow">https://pi-hole.net/</a>) makes it a pretty sweet set up.
How much extra security does this actually provide over a subscription-based VPN service? I mean, yeah, I control the physical hardware (assuming my apartment doesn't get busted in), but it means I have to make sure everything is configured properly/patched/etc. Is it really worth all that extra effort? I'm legitimately curious here.
I built my own IPSec IKEv2 VPN using OpenBSD 6 and a BeagleBone Black. It worked really well and I would do it again. It replaced a FreeBSD 11 Raspberry Pi Model B which had only been doing NAT and VLANs. Never ran into issues with either. I do prefer the OpenBSD pf syntax as well as the ease with which OpenBSD facilitates IKEv2.
<a href="https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/?comments=1" rel="nofollow">https://arstechnica.com/gadgets/2017/05/how-to-build-your-ow...</a>
here is a guide on building you own vpn. If you are unable to built it then use a paid vpn service. Ivacy vpn is the right option which is cheap and effective.
I've been using PiVPN[0], which sets up a VPN server for you, but also wraps a lot of the admin commands (creation and revocation of certs, for instance) in easier-to-remember commands.<p>[0] <a href="http://www.pivpn.io/" rel="nofollow">http://www.pivpn.io/</a>
Does anyone know VPN service (NOT self-hosted server) that could help establish small private networks for multiple PCs without public IP? Right now i should to setup OpenVPN in DigitalOcean, but i really prefer to pay for service here.