If anyone's ever looking for an even quicker hack, ssh has built-in the ability to act as a SOCKS5 proxy, tunneling your traffic over ssh to whatever remote machine you might have access to:<p>$ ssh -D 1080 myserver.myhost.net<p>Then configure Chrome or Firefox or whatever to use a SOCKS5 proxy on localhost, port 1080. (N.B. that this does <i>not</i> tunnel DNS lookups by default.)<p>The OpenVPN-based route is the way to go for something used regularly, but the above is sometimes super-convenient!
We made this really easy, on Ubuntu: <a href="https://www.tinfoilsecurity.com/vpn" rel="nofollow">https://www.tinfoilsecurity.com/vpn</a> will generate you a private VPN on your own box with a single click.<p>If you don't trust us and prefer to do it on your own, that's fine too, it's open source: <a href="https://github.com/tinfoil/openvpn_autoconfig/blob/master/bin/openvpn.sh" rel="nofollow">https://github.com/tinfoil/openvpn_autoconfig/blob/master/bi...</a>
The disadvantage of this over a shared VPN that doesn't keep logs is that there's now a unique IP address that can be tied back to you. A cool feature for a VPS would be to have a shared IP address between a bunch of customers.
Another approach: <a href="https://github.com/jlund/streisand" rel="nofollow">https://github.com/jlund/streisand</a><p>"Streisand sets up a new server running L2TP/IPsec, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge. It also generates custom configuration instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists."
Another solution I'd recommend is SoftEtherVPN[1].<p>It's a bit easier to configure and supports multiple protocols, including OpenVPN.<p>[1] <a href="https://github.com/SoftEtherVPN/SoftEtherVPN/" rel="nofollow">https://github.com/SoftEtherVPN/SoftEtherVPN/</a>
Cool guide, makes me want to learn more about BSD and pf. I've been doing this but with a Linux VPS, iptables and EasyRSA3[0][1].<p>[0]<a href="https://github.com/OpenVPN/easy-rsa" rel="nofollow">https://github.com/OpenVPN/easy-rsa</a><p>[1]<a href="https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto" rel="nofollow">https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-...</a>.
If you aren't partial to OpenBSD, I've had good success with this:<p><a href="https://github.com/Nyr/openvpn-install" rel="nofollow">https://github.com/Nyr/openvpn-install</a><p>You can turn off logging on the server with<p>/etc/openvpn/server.conf<p><pre><code> log /dev/null
status /dev/null
</code></pre>
Remember to restart the openvpn service after that.<p>That said, this wouldn't deal with the VPS provider's logging etc.
I use Debian + UFW + OpenVPN + Digitalocean for my US Netflix needs. I get 10Mbit downstream and 20Mbit upstream from NY3 to my 60/60 fiber connection here in Zurich.
I could also configure it to use DNS only, but open dns servers are not so welcomed at the moment. Since I do quite a bit of roaming it's easiest to just configure OpenVPN.
If anyone is interested, here's a script that will install openvpn on a raspberry pi in one command[1].<p>I use it along with the openvpn ios app on my phone when I'm on corporate wifi, or I connect to it with my laptop any time I'm in a coffee shop. Just note it's meant to tunnel traffic to a "safe" network, not anonymize you on the internet.<p>1. <a href="https://github.com/stephen-mw/raspberrypi-openvpn-auto-install" rel="nofollow">https://github.com/stephen-mw/raspberrypi-openvpn-auto-insta...</a>
I've been considering running all my mobile data through a VPN for better security, and saving all of it so I can analyze anything after the fact. Anyone doing anything like this?
By far the fastest and easiest setup I've done of a VPN was with Pritunl, an open source and OpenVPN compatible VPN server that has installable packages for the big distros. It has a great web based admin interface for managing the server as well.<p><a href="https://pritunl.com" rel="nofollow">https://pritunl.com</a>
<a href="https://medium.com/pritunl-tutorials/pritunl-tutorial-ed50a5d2a4eb" rel="nofollow">https://medium.com/pritunl-tutorials/pritunl-tutorial-ed50a5...</a>
These days there's a working OpenVPN client for Android but there were times when IPsec[1] VPN was the only good way to connect many different clients like Windows, Mac OS and iPhone to your VPN server.<p>Which is why I had to mention IPsec VPN and link to a good article on how to manage it on OpenBSD.<p>[1] <a href="http://www.kernel-panic.it/openbsd/vpn/vpn3.html" rel="nofollow">http://www.kernel-panic.it/openbsd/vpn/vpn3.html</a>
Why go through all those hoops when there are plenty of open source VPNs installed with one line. eg <a href="https://github.com/sockeye44/instavpn" rel="nofollow">https://github.com/sockeye44/instavpn</a> <- works with mac, ios, android etc
Why not just use npppd, which is in the base install, and then use L2TP/IPsec?<p><a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/npppd.8" rel="nofollow">http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/...</a>
What I really want to do is set up something like the "UnblockUs" proxy servers, where it's all done through DNS or something similar. The key reason is for Netflix access here in Australia, through my Apple TV. Ideally it'd be at my router level, to require no config on the boxes themselves, and be able to have a filter list where certain hosts on that list are proxied and others aren't.<p>Last time I checked there were some nascent projects to do this in a FOSS way, but they weren't complete and most seemed abandoned. Any ideas?
Please everyone keep in mind that if you're using a tutorial to set this up you're probably not an expert, so in the future you could suffer security issues (inherent to any service) without even knowing.<p>That's why I pay for services, not because I can't follow a tutorial to set them up :)
Why not use SigmaVPN over OpenVPN? From what I gathered from the CCC talks OpenVPN can fall pretty easily to NSA.<p><a href="http://frozenriver.net/SigmaVPN" rel="nofollow">http://frozenriver.net/SigmaVPN</a><p>Last talk on HN about it: <a href="https://news.ycombinator.com/item?id=7599091" rel="nofollow">https://news.ycombinator.com/item?id=7599091</a><p>There seems to be this similar project as well:<p><a href="https://github.com/zerotier/ZeroTierOne" rel="nofollow">https://github.com/zerotier/ZeroTierOne</a>