Brother
Professional
- Messages
- 2,590
- Reaction score
- 507
- Points
- 83
Greetings friends. Today we are going to talk about a very old and hackneyed topic, namely VPN. About the role of this tool in building your personal security. I will try briefly and to the point, without any unnecessary words. You probably already know what a VPN is, what it does (or what it doesn't). If for some reason not, then go to https://duckduckgo.com and search. There is plenty of information.
When we prepare our PC for a secure activity and it comes to VPN, then we usually have 3 ways:
In fact, in order to raise your personal VPN config, you don't need to have any deep knowledge of system administration. Of course, ideally, do it yourself, but there is a script on Github that will raise OpenVPN on your VPS with a minimum of effort on your part. But first, we need to rent this very server. Where is the best place to do it?
About Wireguard - I don't recommend it. Although this technology is already several years old, but, as for me, it has not yet been tested, unlike OpenVPN. Moreover, it was noticed that Wireguard leaves very strange settings in resolv.conf. Therefore it is better to use OpenVPN.
Next, you only need to specify the port for connecting to OpenVPN, then select the protocol and DNS server. Then you just need to enter the name of your config, after which it will be saved to the user's home folder.
The above is a very brief list of the procedure if you want to raise your OpenVPN on a VPS. The nuance is that the server you rented still needs to be properly configured. Protect against brute-force attacks, install a firewall and deny unnecessary traffic. Disable ipv6 and that's not all.
It will also be much more difficult for a novice user to deal with traffic obfuscation and implement it for his config. You will also need to write your own killswitch, which will cut traffic outside your VPN connection, thereby protecting you from leaks. As a result, after all the manipulations, you have only one location. And this is a problem for those who need variety.
It may seem that I'm discouraging altogether from the idea of raising my own VPN.
No. If you are an experienced user and you have a clear understanding of what needs to be done, then the ideal option is to do everything yourself. With obfuscation and so on, make the required number of configs if necessary. I am leading to the fact that simply renting a server, running a script there and dragging the config onto a PC is not difficult, but this is definitely not enough. It is worth remembering one rule here - to do well, or not to do at all. Unfortunately, this option is ideal, but due to the time and complexity it is not suitable for many users. What to do?
Now for the fun part:
My unpopular point of view is that you can't rely on just one VPN. A VPN should only play a partial, limited role in keeping you safe. VPN is best combined with TOR and other technologies, but never use it alone!
What should you pay attention to when choosing a provider?
You can use an interesting resource that we have already mentioned on the channel. But the most important features to look out for are:
A commercial provider will perform its task efficiently if you combine it with Tor (both before and after, there are statements that VPN is undesirable to use in this duo. For example, if it is used AFTER Tor, then claims are made about the last "static" Tor The author is of the opinion that VPN can and should be used precisely because the final Tor node is hidden due to the fact that it can be listened to / artificially created by ill-wishers + the vast majority of resources in the clearnet are cursing on Tor now, which is a problem for many) ...
The VPN provider does not know what is going on with the traffic at all if you connect to the VPN before Tor. Also, he does not know about your existence if you connect to a VPN after Tor. The only caveat that may arise is the price.
However, you can purchase brute VPN accounts (with a guarantee) from us. That will significantly reduce possible expenses on your part.
What's the conclusion?
A commercial VPN can only be used as a part, a small cog in your security system that serves only its intended role.
If for some reason there is no possibility, or there is simply no need for extra spending (For example, you need to hide your IP corny), or there are financial problems, then there is a list of free VPN providers. Remember that the speed of function and data quality of providers is noticeably inferior to commercial ones for obvious reasons. But it is quite suitable if you just need to hide your IP address.
Russians:
1. http://free-vpn.org/
2. http://shadeyouvpn.com/ru/
3. https://www.securitykiss.com/index.php
4. http://wafers.cc/channelloading/
Foreign:
5. https://www.vpnreactor.com/
6. http://gpass1.com/gpass/
7. http://www.vpnbook.com/
8. http://justfreevpn.com/
9. http://vpnip.net/europe-vpn
10. http://www.vpngate.net/en/
11. http://linkideo.com/
12. http://www.vpntool.com/services.php
13. http://itshidden.com/
14. http://www.anchorfree.com/
15. http://www.usaip.eu/en/free_vpn.php
16. http://thefreevpn.com/
17. http://proxpn.com/
18. https://www.proxpn.com/index.php
19. http://www.usaip.eu/en/index.php
20. https://openvpn.net/
21. http://itshidden.eu/
22. https://www.torvpn.com/en/vpn
When we prepare our PC for a secure activity and it comes to VPN, then we usually have 3 ways:
- Raise VPN yourself on a rented VPS, bought for cryptocurrency
- Use the services of a commercial provider
- Use the services of a free provider
- All providers keep logs. Someone stores more information and a longer period of time, someone, on the contrary, collects less data and stores it for a shorter time. But this is done by all without exception, there is no provider that does not store logs at all. One and all! If they are trying to convince you otherwise, then this, of course, is slyness.
- Not a single merchant (this applies not only to VPN providers) will put your interests above the interests of their own business. Or rather, if the refusal to issue your data at the request of the competent authorities means any inconvenience or, God forbid, losses for business, then you will be handed over. Nobody will think long.
- Despite the 2 points above, an adjustment should be made for geography (not only for reasons of faster connection), but also for the political climate. Rough example: If your activity is connected, for example, with the Russian Federation, then you should exclude the use of services from the Federal Republic of Germany, since there is a bilateral agreement on cooperation and mutual extradition of suspects in the field of cybercrimes ... Perhaps, if we are talking about the Russian Federation, then it is worth looking towards the countries that have not the most rosy relations with the Russian Federation. In general, the overwhelming majority of European providers are very reluctant to respond at all to any requests from bodies from the CIS. The most secure option is the Netherlands, Switzerland, Gibraltar, Czech Republic, Greece and others.
Option one - own VPN on VPS
In fact, in order to raise your personal VPN config, you don't need to have any deep knowledge of system administration. Of course, ideally, do it yourself, but there is a script on Github that will raise OpenVPN on your VPS with a minimum of effort on your part. But first, we need to rent this very server. Where is the best place to do it?
- https://lowendbox.com/ - Aggregator of low-cost VPS providers. Huge selection
- https://www.comparevps.com/ - VPS providers aggregator, comparison in the table
- https://www.PoiskVPS.ru - Russian VPS aggregator. Selection by parameters
For our purposes, a VPS with 512mb RAM, 10gb SSD and very desirable unlimited traffic (Unlimited bandwidth) is suitable. For OpenVPN, we need our VPS to support TUN / TAP. Usually, this function is present everywhere, somewhere it is enabled by default, and somewhere you will need to enable it yourself (control panel on the site). As for payment, we are interested in Bitcoin, but now this is not a problem, since many providers accept it without any problems. Ideally, of course, Monero, since BTC is actually very far from anonymity. As for the OS that will run on your server, then both Debian and Ubuntu or CentOS 64bit of the latest versions will do. After a successful lease, you will receive login information to your server (you should immediately change the root password using passwd) https://github.com/angristan/openvpn-install
About Wireguard - I don't recommend it. Although this technology is already several years old, but, as for me, it has not yet been tested, unlike OpenVPN. Moreover, it was noticed that Wireguard leaves very strange settings in resolv.conf. Therefore it is better to use OpenVPN.
Next, you only need to specify the port for connecting to OpenVPN, then select the protocol and DNS server. Then you just need to enter the name of your config, after which it will be saved to the user's home folder.
The above is a very brief list of the procedure if you want to raise your OpenVPN on a VPS. The nuance is that the server you rented still needs to be properly configured. Protect against brute-force attacks, install a firewall and deny unnecessary traffic. Disable ipv6 and that's not all.
It will also be much more difficult for a novice user to deal with traffic obfuscation and implement it for his config. You will also need to write your own killswitch, which will cut traffic outside your VPN connection, thereby protecting you from leaks. As a result, after all the manipulations, you have only one location. And this is a problem for those who need variety.
It may seem that I'm discouraging altogether from the idea of raising my own VPN.
No. If you are an experienced user and you have a clear understanding of what needs to be done, then the ideal option is to do everything yourself. With obfuscation and so on, make the required number of configs if necessary. I am leading to the fact that simply renting a server, running a script there and dragging the config onto a PC is not difficult, but this is definitely not enough. It is worth remembering one rule here - to do well, or not to do at all. Unfortunately, this option is ideal, but due to the time and complexity it is not suitable for many users. What to do?
Option two - commercial provider
Now for the fun part:
My unpopular point of view is that you can't rely on just one VPN. A VPN should only play a partial, limited role in keeping you safe. VPN is best combined with TOR and other technologies, but never use it alone!
What should you pay attention to when choosing a provider?
You can use an interesting resource that we have already mentioned on the channel. But the most important features to look out for are:
- The ability to obfuscate traffic
- Jurisdiction (With possible taking into account 5/9/14 eyes, or depending on your situation)
- Linux client and OpenVPN support
- Cryptocurrency payment option (BTC, or ideally Monero)
- Killswitch availability
A commercial provider will perform its task efficiently if you combine it with Tor (both before and after, there are statements that VPN is undesirable to use in this duo. For example, if it is used AFTER Tor, then claims are made about the last "static" Tor The author is of the opinion that VPN can and should be used precisely because the final Tor node is hidden due to the fact that it can be listened to / artificially created by ill-wishers + the vast majority of resources in the clearnet are cursing on Tor now, which is a problem for many) ...
The VPN provider does not know what is going on with the traffic at all if you connect to the VPN before Tor. Also, he does not know about your existence if you connect to a VPN after Tor. The only caveat that may arise is the price.
However, you can purchase brute VPN accounts (with a guarantee) from us. That will significantly reduce possible expenses on your part.
What's the conclusion?
A commercial VPN can only be used as a part, a small cog in your security system that serves only its intended role.
Option three - a free provider
If for some reason there is no possibility, or there is simply no need for extra spending (For example, you need to hide your IP corny), or there are financial problems, then there is a list of free VPN providers. Remember that the speed of function and data quality of providers is noticeably inferior to commercial ones for obvious reasons. But it is quite suitable if you just need to hide your IP address.
Russians:
1. http://free-vpn.org/
2. http://shadeyouvpn.com/ru/
3. https://www.securitykiss.com/index.php
4. http://wafers.cc/channelloading/
Foreign:
5. https://www.vpnreactor.com/
6. http://gpass1.com/gpass/
7. http://www.vpnbook.com/
8. http://justfreevpn.com/
9. http://vpnip.net/europe-vpn
10. http://www.vpngate.net/en/
11. http://linkideo.com/
12. http://www.vpntool.com/services.php
13. http://itshidden.com/
14. http://www.anchorfree.com/
15. http://www.usaip.eu/en/free_vpn.php
16. http://thefreevpn.com/
17. http://proxpn.com/
18. https://www.proxpn.com/index.php
19. http://www.usaip.eu/en/index.php
20. https://openvpn.net/
21. http://itshidden.eu/
22. https://www.torvpn.com/en/vpn
