Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    So, what would be a really reliable VPN-provider?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    45 Posts 13 Posters 14.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Clear-Pixel
      last edited by

      @kejianshi:

      Costing governments money these days doesn't matter much.  They will just print as much as they need anyway.
      What I like to "cost" them is cpu cycles and MEGAWATTS.  You can't print nuclear reactors.

      To decrypt encrypted data cost time and a Tremendous amount of Processing ….. It is relevant. This is why they are attempting to discourage VPN use at the moment. If it becomes a increasing problem they will simply make it illegal to use or operate a VPN without a permit/license from your local government. Basically you will be paying a annual fee to your own government to decrypt your own data you encrypted and told they will never attempt to decrypt your private data connections. LMAO

      HP EliteBook 2530p Laptop - Core2 Duo SL9600 @ 2.13Ghz - 4 GB Ram -128GB SSD
      Atheros Mini PCI-E as Access Point (AR5BXB63H/AR5007EG/AR2425)
      Single Ethernet Port - VLAN
      Cisco SG300 10-port Gigabit Managed Switch
      Cisco DPC3008 Cable Modem  30/4 Mbps
      Pfsense 2.1-RELEASE (amd64)
      –------------------------------------------------------------
      Total Network Power Consumption - 29 Watts

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        It only costs processing IF the government doesn't have full access to the unencrypted packets traversing the network of the VPN service supplier and I'd bet 99 times in 100, they get it as quick as they want it.  In the USA the crime and law enforcement act makes it mandatory for anyone running a service with more than a certain number of users to build in law enforcement access (back door) on the providers dime.  (Aint that a kick to the groin if your service is VPN)?

        I'm honestly not sure how compliant providers are, but I don't trust VPNs unless I own it, installed it and am pretty much one of just a few using it.

        http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html

        That said, I think everyone should have 1 PRIVATE VPN somewhere at least and pfsense makes that easy (-:

        1 Reply Last reply Reply Quote 0
        • C
          Clear-Pixel
          last edited by

          @kejianshi:

          I'm honestly not sure how compliant providers are, but I don't trust VPNs unless I own it, installed it and am pretty much one of just a few using it.

          http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html

          That said, I think everyone should have 1 PRIVATE VPN somewhere at least and pfsense makes that easy (-:

          Nice read ….. article over 2 years old, I wonder how far the government has pushed it so far?

          When quantum computing arrives if it hasn't already, encryption will be no problem at all for world governments. The sad thing about it is quantum computing will never be available to the general public.

          HP EliteBook 2530p Laptop - Core2 Duo SL9600 @ 2.13Ghz - 4 GB Ram -128GB SSD
          Atheros Mini PCI-E as Access Point (AR5BXB63H/AR5007EG/AR2425)
          Single Ethernet Port - VLAN
          Cisco SG300 10-port Gigabit Managed Switch
          Cisco DPC3008 Cable Modem  30/4 Mbps
          Pfsense 2.1-RELEASE (amd64)
          –------------------------------------------------------------
          Total Network Power Consumption - 29 Watts

          1 Reply Last reply Reply Quote 0
          • stan-qazS
            stan-qaz
            last edited by

            You can't print nukes but you can put a remote data center where power is plentiful and cheap. http://en.wikipedia.org/wiki/Utah_Data_Center

            The Utah Data Center, also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center,[1] is a data storage facility for the United States Intelligence Community that is designed to store extremely large amounts of data, on the scale of yottabytes..[2][3][4] Its purpose is to support the Comprehensive National Cybersecurity Initiative (CNCI), though its precise mission is classified.[5] The National Security Agency (NSA), which will lead operations at the facility, is the executive agent for the Director of National Intelligence.[6] It is located at Camp Williams, near Bluffdale, Utah, between Utah Lake and Great Salt Lake.

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              Remember the old days?  Specific individuals with a warrant and just a couple of names on the warrant and an actual judge who actually read the warrant for people who are actually suspected of something that is actually bad and not just shrimp net dragging style trolling…

              Yes - I'm well aware of Utah...

              1 Reply Last reply Reply Quote 0
              • C
                Clear-Pixel
                last edited by

                @kejianshi:

                Remember the old days?  Specific individuals with a warrant and just a couple of names on the warrant and an actual judge who actually read the warrant for people who are actually suspected of something that is actually bad and not just shrimp net dragging style trolling…

                Yes - I'm well aware of Utah...

                Just a couple of examples: NSA using intelligences data gathering to blackmail political figures to serve the Elite ….. or how about insider trading of the Financial Markets for profit.

                Very dangerous times we are living in.

                HP EliteBook 2530p Laptop - Core2 Duo SL9600 @ 2.13Ghz - 4 GB Ram -128GB SSD
                Atheros Mini PCI-E as Access Point (AR5BXB63H/AR5007EG/AR2425)
                Single Ethernet Port - VLAN
                Cisco SG300 10-port Gigabit Managed Switch
                Cisco DPC3008 Cable Modem  30/4 Mbps
                Pfsense 2.1-RELEASE (amd64)
                –------------------------------------------------------------
                Total Network Power Consumption - 29 Watts

                1 Reply Last reply Reply Quote 0
                • M
                  Mr. Jingles
                  last edited by

                  Well,  a small update; all the VPN-providers I tried to test are insane, rude, stupid and/or complete rip offs. This ranges from all the 'big names' to smaller ones.

                  They either won't allow a trial upfront 'but have a 7 day money back guarantee' (yes, I am the stupid one here; wait in line for 700 days and 17 Paypal disputes to get my 20 dollars back  ;D I often recognize a scam once I smell it).

                  Or they give a trial account for 72 hours, give no clear setup instructions and their customer 'service' department gives conflicting new instructions everytime, to finish it off by calling this prospective customer a retard if he tells them they give conflicting instructions.

                  Or they are so retarded themselves that they say my pfSense didn't connect to their service even 'though I mailed them a screenshot of the dashboard, clearly showing their external IP-address as the one the VPN-interface uses, and my pfSense OpenVPN log clearly showing it had connected.

                  Or, and that is one for real laughs, they are so braindead that they tell me: "pfSense is known to be garbage, please buy a normal retail router" (not kidding, the morons really mailed me that).

                  An old Chinese verb goes like: 99% of the world is either corrupt, or incompetent, or both  ;D ;D ;D

                  So I like the idea of renting a VPS somewhere as suggested previously, but:
                  1. Can't the sysadmin of that hoster then still 'sneak in' my traffic?
                  2. Won't that be very expensive, on a monthly basis?
                  3. Is it difficult to set something up completely yourself, then? (As you all know, I will remain a noob for many, many, years  ;D).

                  Thank you,

                  Bye,

                  6 and a half billion people know that they are stupid, agressive, lower life forms.

                  1 Reply Last reply Reply Quote 0
                  • L
                    l3lu3
                    last edited by

                    https://aws.amazon.com/free/

                    If you'd like to try out setting up a VPS, Amazon does have a year free setup (w/ some limitations, but all manageable). But then again, it is Amazon…......

                    1 Reply Last reply Reply Quote 0
                    • M
                      Mr. Jingles
                      last edited by

                      @l3lu3:

                      https://aws.amazon.com/free/

                      If you'd like to try out setting up a VPS, Amazon does have a year free setup (w/ some limitations, but all manageable). But then again, it is Amazon…......

                      Thanks  :D

                      I heard about that, but I have no clue how to set that up. I once found a blog from somebody who also uses pfSense (perhaps a member here, I don't know) who offered to set it up for 20 USD or something like that. I contacted him three times, but he never responded.

                      And yes, you are right, it is Amazon. But can Amazon see inside the encrypted traffic, or only the source/destination?

                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        They can't see inside the encrypted traffic, at least not without accesing the keys from inside your VPS instance. They could probably do that though I imagine it's against any privacy policy they have. However the VPS would be the end point of your VPN so traffic leaves that box to it's final destination unencrypted. That's true of any vpn service though.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • ?
                          Guest
                          last edited by

                          I've considered a pfSense-hosted VPN offering for pfSense Gold (or maybe pfSense Platinum) members.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Interesting idea, care to elaborate?

                            I've certainly been considering a VPN setup for some time and running pfSens eat both ends makes a lot of sense. Running a pfSense instance at a VPS provider rather than using a dedicated VPN service allows you to use whatever protocol and encryption type you want and it seems to be comparatively priced, cheaper even.

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • B
                              bryan.paradis
                              last edited by

                              I currently have a VPS from chicagovps for $40 a year which I run openvpn on. I was with strongvpn before and they are great but I can literally rent a whole VPS for much cheaper and still run other stuff on it if I so desire.

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                $40 a year? What do you get for that? Bandwith? GB per month?
                                Are you running pfSense on the VPS?

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Supermule Banned
                                  last edited by

                                  They cant even pay the powerbill for that amount :D

                                  @bryan.paradis:

                                  I currently have a VPS from chicagovps for $40 a year which I run openvpn on. I was with strongvpn before and they are great but I can literally rent a whole VPS for much cheaper and still run other stuff on it if I so desire.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Indeed. They have a $12 a year service too.  ::)
                                    Linux only though.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      Mr. Jingles
                                      last edited by

                                      Just to update that I finally had some time to try a VPN-service. Of course, by now you know me, I am the eternal noob (but I could do your taxes, economics & accounting is the one thing I know how to do  ;D): it doesn't work.

                                      If you would like to see my struggle, I've posted my problems here in a new thread:

                                      https://forum.pfsense.org/index.php?topic=75251.msg410774#msg410774

                                      :P ( :-[)

                                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        Mr. Jingles
                                        last edited by

                                        @gonzopancho:

                                        I've considered a pfSense-hosted VPN offering for pfSense Gold (or maybe pfSense Platinum) members.

                                        If it is within my financial means, I would buy it right away  :P

                                        6 and a half billion people know that they are stupid, agressive, lower life forms.

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          kejianshi
                                          last edited by

                                          Best VPN provider is a friend or family member with a pfsense box.

                                          1 Reply Last reply Reply Quote 0
                                          • ?
                                            A Former User
                                            last edited by

                                            I'm outside of my league when it comes to VPN providers, but I'll just chime in my thoughts about it.

                                            It's very nice to see a VPN provider guaranteeing absolute and complete anonymity, when in fact they are required by law to keep metadata on services they provide. In most countries the law "enforcement" will abuse their rights based on a "national security" threat, and will force the provider to provide (no pun intended) all information they can about the connection that's coming out of their server (VPN's exit server). Most providers will be found guilty of aiding "the crime" if they cannot provide these evidence, and will most likely be forced to pay a big(ish) amount of money, so they are likely to put in place the metadata retention procedures to get ready for the next time a moron with a warrant, pardon my Greek, comes along and requests information.

                                            The only way to get around those "procedures" is to prevent the provider from getting their hands on any metadata in the first place. Barring the rare occasions when providers install hardware backdoors in systems they host (don't want to point any fingers, but yes, they did), the only way to have a reliable VPN services is to rent hardware at a datacenter. Not a VPS, an entire server. Set up hardware encryption on it, lock it down, then only have it accept VPN connections from your pfsense, and send those connections through a different hosted server. Do this a couple of times in different legal regions, and it's as good as it gets when it comes to VPN.

                                            Most datacenters will not bother with keeping logs for a long time about who is connecting to what, or any logs for that matter, but all VPN providers are required by law to keep them. And those that deny it, will soon change their stance when they are forced to go to a court and listen to the judge give them crap about how they are helping the criminals. And please do not mention any of the "privacy minded countries". There is no such thing. In every country providers will be shafted, if the judge believes it's required.

                                            It's like renting a room. The room is still in your name, but the hotel owner isn't required to know what's going on inside the room, unless other neighbors make a complaint.  That's the datacenter example. The VPN provider example is not knowing what goes on in the room, but making a note of which hooker arrived at what time. You get my drift.

                                            One is renting you the room, one is renting you a place to conduct social meetings. Can you guess who is who, and who is required to keep the logs?

                                            Give your provider a chance for plausible deniability, and daisy chain a few servers in datacenters around the world. Shoot for countries that IT (so called) "professionals" have no idea what they are doing, and you are safe. If your providers can only provide metadata showing your computer connecting to that server over there, but cannot give any data about what was sent over the connection, then both they and you are relatively safe.

                                            Just my honest opinion as a provider.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.