Greetings friends. Today we will talk about a very old and hackneyed topic, namely, VPN. About the role of this tool in building Your personal security. I will try to be brief and to the point, without any unnecessary words. What is a VPN, what does it do (or what doesn't) You probably already know. If for some reason not, then go to https://duckduckgo.com and we're looking for it. There's plenty of information.
When we prepare our PC for safe operation and it comes to VPN, we usually have 3 ways:
Before we start, it will be good if you understand the obvious points:
In fact, to raise your personal VPN config, you do not need to have any deep knowledge in the field of system administration. Of course, ideally, raise it yourself, but on Github there is a script that will raise OpenVPN on your VPS with a minimum of effort on your part. But first we need to rent this server. Where is the best place to do this?
For our purposes, a VPS with 512mb RAM, 10gb SSD and very preferably unlimited bandwidth is suitable. For OpenVPN, we will need our VPS to support TUN/TAP. Usually, this feature is present everywhere, but somewhere it is enabled by default, and somewhere you will need to enable it yourself (control panel on the site). As for payment, we are interested in Bitcoin, but now this is not a problem, since many providers accept It without any problems. Ideally, of course, Monero, since BTC is actually very far from anonymous. What swings the OS that will spin on your server, then both Debian and Ubuntu or CentOS 64bit of the latest versions will work. After a successful lease, your email address will receive login details for your server (you should immediately change the root password using passwd). The script for raising OpenVPN is publicly available and is as easy to install as possible. https://github.com/angristan/openvpn-install
As for Wireguard - I don't recommend it. Although this technology is already several years old, but, as for me, it has not yet been tested, unlike OpenVPN. Moreover, it was noticed that Wireguard leaves very strange settings in resolv. conf. Therefore, it is better to use OpenVPN.
Next, you will only need to specify the port for connecting to OpenVPN, then select the Protocol and DNS servers. Next, you just need to enter the name of Your config file, after which it will be saved to the user's home folder.
The following steps are very briefly listed if you want to upgrade your OpenVPN To a VPS. The caveat is that the server you have rented still needs to be properly configured. Protect against brute-force attacks, install a firewall, and ban unnecessary traffic. Disable ipv6 and that's not all.
It will also be much more difficult for a novice user to deal with traffic obfuscation and implement it for their own config. You will also need to write your own killswitch, which will cut down traffic outside of your VPN connection, thereby protecting You from leaks. As a result, after all the manipulations, You have only one location. And this is a problem for those who need diversity.
It may seem that I am dissuading you from raising your own VPN at all.
No. If you are an experienced user and you have a clear understanding of what needs to be done, then the ideal option is to do everything yourself. With obfuscation and so on, make the necessary number of configs if necessary. My point is that just renting a server, running a script there and dragging the config to the PC is not difficult, but it's definitely not enough. Here it is worth remembering one rule - to do either well, or not to do at all. Unfortunately, this option is ideal, but due to time and complexity, it is not suitable for many users. What should I do?
My unpopular point of view is that you can't rely on just one VPN. A VPN should only play a partial, limited role in ensuring your security. VPN is best combined with TOR and other technologies, but never use it alone!
What should you pay attention to when choosing a provider?
You can use an interesting resource that we have already mentioned earlier on the channel. But the most important features to pay attention to are:
The VPN provider doesn't know what happens to the traffic at all if You connect to a VPN before Tor. Just like it doesn't know about Your existence if you connect to a VPN after Tor. The only caveat that may arise is the price.
However, you can purchase brute VPN accounts (with a guarantee).) with us. This will significantly reduce possible expenses on Your part.
What is the conclusion?
A commercial VPN can only be used as a part, a small cog in Your security system that performs only the role assigned to it.
Russians:
1. http://free-vpn.org/
2. http://shadeyouvpn.com/ru/
3. https://www.securitykiss.com/index.php
4. http://wafers.cc/channelloading/ru/
Foreign companies:
5. https://www.vpnreactor.com/
6. http://gpass1.com/gpass/
7. http://www.vpnbook.com/
8. http://justfreevpn.com/
9. http://vpnip.net/europe-vpn
10. http://www.vpngate.net/en/
11. http://linkideo.com/
12. http://www.vpntool.com/services.php
13. http://itshidden.com/
14. http://www.anchorfree.com/
15. http://www.usaip.eu/en/free_vpn.php
16. http://thefreevpn.com/
17. http://proxpn.com/
18. https://www.proxpn.com/index.php
19. http://www.usaip.eu/en/index.php
20. https://openvpn.net/
21. http://itshidden.eu/
22. https://www.torvpn.com/en/vpn
When we prepare our PC for safe operation and it comes to VPN, we usually have 3 ways:
- Raise a VPN yourself on a rented VPS purchased with cryptocurrency
- Use the services of a commercial provider
- Use the services of a free provider
Before we start, it will be good if you understand the obvious points:
- Absolutely all providers store logs. Some people store more information for a longer period of time, while others, on the contrary, collect less data and store it for a shorter period of time. But this is done by everyone without exception, there is no provider that does not store logs at all. Every last one of them! If they try to convince You otherwise, then this is, of course, cunning.
- No merchant (this applies not only to VPN providers) will put Your interests above the interests of their own business. More precisely — if the refusal to issue your data at the request of the competent authorities will mean any inconvenience or, God forbid, losses for business, Then you will be handed over. No one will think long.
- Despite the 2 points above, you should make allowances for geography (not only for faster connection), but also for the political climate. A rough example : If Your activity is connected, for example, with the Russian Federation, then you should exclude the use of services from Germany, since there is a bilateral agreement on cooperation and mutual extradition of suspects in the field of cybercrime. Perhaps, if we are talking about the Russian Federation, then we should look in the direction of countries that do not have the most rosy relations with the Russian Federation. In General, the vast majority of European providers are very reluctant to respond to any requests from the CIS authorities at all. The most win — win option is the Netherlands, Switzerland, Gibraltar, Czech Republic, Greece and others. It is also worth mentioning inter-European treaties and cooperation within their framework, such as the Alliance of five, nine and 14 eyes, if your activities affect EU and US countries.
The first option is your own VPN on a VPS
In fact, to raise your personal VPN config, you do not need to have any deep knowledge in the field of system administration. Of course, ideally, raise it yourself, but on Github there is a script that will raise OpenVPN on your VPS with a minimum of effort on your part. But first we need to rent this server. Where is the best place to do this?
- https://lowendbox.com/ - Aggregator of low-cost VPS providers. Huge selection
- https://www.comparevps.com/ - Aggregator of VPS providers, comparison in the table
- https://www.PoiskVPS.ru -Russian VPS aggregator. Selection of the parameters.
For our purposes, a VPS with 512mb RAM, 10gb SSD and very preferably unlimited bandwidth is suitable. For OpenVPN, we will need our VPS to support TUN/TAP. Usually, this feature is present everywhere, but somewhere it is enabled by default, and somewhere you will need to enable it yourself (control panel on the site). As for payment, we are interested in Bitcoin, but now this is not a problem, since many providers accept It without any problems. Ideally, of course, Monero, since BTC is actually very far from anonymous. What swings the OS that will spin on your server, then both Debian and Ubuntu or CentOS 64bit of the latest versions will work. After a successful lease, your email address will receive login details for your server (you should immediately change the root password using passwd). The script for raising OpenVPN is publicly available and is as easy to install as possible. https://github.com/angristan/openvpn-install
As for Wireguard - I don't recommend it. Although this technology is already several years old, but, as for me, it has not yet been tested, unlike OpenVPN. Moreover, it was noticed that Wireguard leaves very strange settings in resolv. conf. Therefore, it is better to use OpenVPN.
Next, you will only need to specify the port for connecting to OpenVPN, then select the Protocol and DNS servers. Next, you just need to enter the name of Your config file, after which it will be saved to the user's home folder.
The following steps are very briefly listed if you want to upgrade your OpenVPN To a VPS. The caveat is that the server you have rented still needs to be properly configured. Protect against brute-force attacks, install a firewall, and ban unnecessary traffic. Disable ipv6 and that's not all.
It will also be much more difficult for a novice user to deal with traffic obfuscation and implement it for their own config. You will also need to write your own killswitch, which will cut down traffic outside of your VPN connection, thereby protecting You from leaks. As a result, after all the manipulations, You have only one location. And this is a problem for those who need diversity.
It may seem that I am dissuading you from raising your own VPN at all.
No. If you are an experienced user and you have a clear understanding of what needs to be done, then the ideal option is to do everything yourself. With obfuscation and so on, make the necessary number of configs if necessary. My point is that just renting a server, running a script there and dragging the config to the PC is not difficult, but it's definitely not enough. Here it is worth remembering one rule - to do either well, or not to do at all. Unfortunately, this option is ideal, but due to time and complexity, it is not suitable for many users. What should I do?
The second option is a commercial provider
And now for the fun part:My unpopular point of view is that you can't rely on just one VPN. A VPN should only play a partial, limited role in ensuring your security. VPN is best combined with TOR and other technologies, but never use it alone!
What should you pay attention to when choosing a provider?
You can use an interesting resource that we have already mentioned earlier on the channel. But the most important features to pay attention to are:
- Ability to obfuscate traffic
- Jurisdiction (with possible reference to 5/9/14 eyes, or depending on your situation)
- The presence of the client for Linux and OpenVPN support
- Ability to pay with cryptocurrency (BTC, or ideally Monero)
- Having a killswitch
The VPN provider doesn't know what happens to the traffic at all if You connect to a VPN before Tor. Just like it doesn't know about Your existence if you connect to a VPN after Tor. The only caveat that may arise is the price.
However, you can purchase brute VPN accounts (with a guarantee).) with us. This will significantly reduce possible expenses on Your part.
What is the conclusion?
A commercial VPN can only be used as a part, a small cog in Your security system that performs only the role assigned to it.
Option three - a free provider
If for some reason there is no possibility, or there is simply no need for extra spending (for Example, you need to banally hide your IP), or there are financial problems, then there is a list of free VPN providers. Keep in mind that the speed of the function and data quality of providers is noticeably inferior to commercial ones for obvious reasons. But it is quite suitable if you just need to hide your IP address.Russians:
1. http://free-vpn.org/
2. http://shadeyouvpn.com/ru/
3. https://www.securitykiss.com/index.php
4. http://wafers.cc/channelloading/ru/
Foreign companies:
5. https://www.vpnreactor.com/
6. http://gpass1.com/gpass/
7. http://www.vpnbook.com/
8. http://justfreevpn.com/
9. http://vpnip.net/europe-vpn
10. http://www.vpngate.net/en/
11. http://linkideo.com/
12. http://www.vpntool.com/services.php
13. http://itshidden.com/
14. http://www.anchorfree.com/
15. http://www.usaip.eu/en/free_vpn.php
16. http://thefreevpn.com/
17. http://proxpn.com/
18. https://www.proxpn.com/index.php
19. http://www.usaip.eu/en/index.php
20. https://openvpn.net/
21. http://itshidden.eu/
22. https://www.torvpn.com/en/vpn
