Skip to content

Instantly share code, notes, and snippets.

@stonehippo

stonehippo/vpn-and-secure-internet-communcations.md

Last active October 3, 2020 21:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stonehippo/a7e80d37e599b04a6697f544253ad682 to your computer and use it in GitHub Desktop.
Save stonehippo/a7e80d37e599b04a6697f544253ad682 to your computer and use it in GitHub Desktop.
Download ZIP
VPN and secure communications options
Raw
vpn-and-secure-internet-communcations.md

Private VPNs and VPN-alikes

I like to keep my Internet traffic secure and private when I'm on the road or at home, and I want to be able to connect to servers in my private network.

I do use a commerial VPN provider, but of course there's flaw: I have to trust them, as all of my traffic goes through their tunnel. I generally am OK with this. In general, a commercial VPN provider's interest is to keep user data private and unlogged, though there have been exceptions (looking at you, Facebook).

There are good reasons to run my own VPN, including as a way to connect back to resources in my private network. I can and do use SSH for some things, but sometimes it's nice to be able to work remotely as is if I'm within my own network. And that's where a VPN can come in handy.

Running a VPN can be hard to do. Fortunately, there are some tools that can make it easier.

VPN Tools

  • Wireguard - A lightweight, secure VPN, meant to replace OpenVPN.
  • OpenVPN - VPN tools and services. Been around for a while, not too hard to set up, and can be deployed just about anywhere.
  • Algo VPN - set up a personal IPsec VPN on a cloud provider.
  • Outline - a self-hosted, Shadowsocks-based proxy implementation that redirects all traffic, similar to a VPN. Outline is interesting, because it's meant to be very simple to set up and use, with any eye towards quickly setting up and tearing down VPNs if needed.
  • Streisand - tools for setting up and managing many VPNs (OpenVPN, WireGuard, Shadowsocks, etc)
  • TOR - The Onion Router, for anonymizing traffic

If you want to use a Raspbeery Pi as a VPN server, Pivpn might be the ticket. It has a easy to use script-based method for installing and managing Wireguard and OpenVPN (you can even have both running, if that's something you need).

A couple of caveats

A couple of things to note about setting up your own VPN:

  • If one of your goals in working with a VPN is to make it hard for anyone to trace it back to you, this is hard to do without leaving breadcrumbs. For example, with Outline and cloud deployment (the recommended setup is to deploy to DigitalOcean), your traffic might be secure, but it's possible that someone can find out you paid for the cloud instance hosting the VPN.
  • You need to make sure you set up and maintain these systems correctly. Do it wrong and you may end up believing you've achieved your privacy & security goals when you really haven't.

Remember folks, security and privacy on the Internet are hard to do right.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment