So, what would be a really reliable VPN-provider?
-
Remember the old days? Specific individuals with a warrant and just a couple of names on the warrant and an actual judge who actually read the warrant for people who are actually suspected of something that is actually bad and not just shrimp net dragging style trolling…
Yes - I'm well aware of Utah...
-
Remember the old days? Specific individuals with a warrant and just a couple of names on the warrant and an actual judge who actually read the warrant for people who are actually suspected of something that is actually bad and not just shrimp net dragging style trolling…
Yes - I'm well aware of Utah...
Just a couple of examples: NSA using intelligences data gathering to blackmail political figures to serve the Elite ….. or how about insider trading of the Financial Markets for profit.
Very dangerous times we are living in.
-
Well, a small update; all the VPN-providers I tried to test are insane, rude, stupid and/or complete rip offs. This ranges from all the 'big names' to smaller ones.
They either won't allow a trial upfront 'but have a 7 day money back guarantee' (yes, I am the stupid one here; wait in line for 700 days and 17 Paypal disputes to get my 20 dollars back ;D I often recognize a scam once I smell it).
Or they give a trial account for 72 hours, give no clear setup instructions and their customer 'service' department gives conflicting new instructions everytime, to finish it off by calling this prospective customer a retard if he tells them they give conflicting instructions.
Or they are so retarded themselves that they say my pfSense didn't connect to their service even 'though I mailed them a screenshot of the dashboard, clearly showing their external IP-address as the one the VPN-interface uses, and my pfSense OpenVPN log clearly showing it had connected.
Or, and that is one for real laughs, they are so braindead that they tell me: "pfSense is known to be garbage, please buy a normal retail router" (not kidding, the morons really mailed me that).
An old Chinese verb goes like: 99% of the world is either corrupt, or incompetent, or both ;D ;D ;D
So I like the idea of renting a VPS somewhere as suggested previously, but:
1. Can't the sysadmin of that hoster then still 'sneak in' my traffic?
2. Won't that be very expensive, on a monthly basis?
3. Is it difficult to set something up completely yourself, then? (As you all know, I will remain a noob for many, many, years ;D).Thank you,
Bye,
-
https://aws.amazon.com/free/
If you'd like to try out setting up a VPS, Amazon does have a year free setup (w/ some limitations, but all manageable). But then again, it is Amazon…......
-
https://aws.amazon.com/free/
If you'd like to try out setting up a VPS, Amazon does have a year free setup (w/ some limitations, but all manageable). But then again, it is Amazon…......
Thanks :D
I heard about that, but I have no clue how to set that up. I once found a blog from somebody who also uses pfSense (perhaps a member here, I don't know) who offered to set it up for 20 USD or something like that. I contacted him three times, but he never responded.
And yes, you are right, it is Amazon. But can Amazon see inside the encrypted traffic, or only the source/destination?
-
They can't see inside the encrypted traffic, at least not without accesing the keys from inside your VPS instance. They could probably do that though I imagine it's against any privacy policy they have. However the VPS would be the end point of your VPN so traffic leaves that box to it's final destination unencrypted. That's true of any vpn service though.
Steve
-
I've considered a pfSense-hosted VPN offering for pfSense Gold (or maybe pfSense Platinum) members.
-
Interesting idea, care to elaborate?
I've certainly been considering a VPN setup for some time and running pfSens eat both ends makes a lot of sense. Running a pfSense instance at a VPS provider rather than using a dedicated VPN service allows you to use whatever protocol and encryption type you want and it seems to be comparatively priced, cheaper even.
Steve
-
I currently have a VPS from chicagovps for $40 a year which I run openvpn on. I was with strongvpn before and they are great but I can literally rent a whole VPS for much cheaper and still run other stuff on it if I so desire.
-
$40 a year? What do you get for that? Bandwith? GB per month?
Are you running pfSense on the VPS?Steve
-
They cant even pay the powerbill for that amount :D
I currently have a VPS from chicagovps for $40 a year which I run openvpn on. I was with strongvpn before and they are great but I can literally rent a whole VPS for much cheaper and still run other stuff on it if I so desire.
-
Indeed. They have a $12 a year service too. ::)
Linux only though.Steve
-
Just to update that I finally had some time to try a VPN-service. Of course, by now you know me, I am the eternal noob (but I could do your taxes, economics & accounting is the one thing I know how to do ;D): it doesn't work.
If you would like to see my struggle, I've posted my problems here in a new thread:
https://forum.pfsense.org/index.php?topic=75251.msg410774#msg410774
:P ( :-[)
-
@gonzopancho:
I've considered a pfSense-hosted VPN offering for pfSense Gold (or maybe pfSense Platinum) members.
If it is within my financial means, I would buy it right away :P
-
Best VPN provider is a friend or family member with a pfsense box.
-
I'm outside of my league when it comes to VPN providers, but I'll just chime in my thoughts about it.
It's very nice to see a VPN provider guaranteeing absolute and complete anonymity, when in fact they are required by law to keep metadata on services they provide. In most countries the law "enforcement" will abuse their rights based on a "national security" threat, and will force the provider to provide (no pun intended) all information they can about the connection that's coming out of their server (VPN's exit server). Most providers will be found guilty of aiding "the crime" if they cannot provide these evidence, and will most likely be forced to pay a big(ish) amount of money, so they are likely to put in place the metadata retention procedures to get ready for the next time a moron with a warrant, pardon my Greek, comes along and requests information.
The only way to get around those "procedures" is to prevent the provider from getting their hands on any metadata in the first place. Barring the rare occasions when providers install hardware backdoors in systems they host (don't want to point any fingers, but yes, they did), the only way to have a reliable VPN services is to rent hardware at a datacenter. Not a VPS, an entire server. Set up hardware encryption on it, lock it down, then only have it accept VPN connections from your pfsense, and send those connections through a different hosted server. Do this a couple of times in different legal regions, and it's as good as it gets when it comes to VPN.
Most datacenters will not bother with keeping logs for a long time about who is connecting to what, or any logs for that matter, but all VPN providers are required by law to keep them. And those that deny it, will soon change their stance when they are forced to go to a court and listen to the judge give them crap about how they are helping the criminals. And please do not mention any of the "privacy minded countries". There is no such thing. In every country providers will be shafted, if the judge believes it's required.
It's like renting a room. The room is still in your name, but the hotel owner isn't required to know what's going on inside the room, unless other neighbors make a complaint. That's the datacenter example. The VPN provider example is not knowing what goes on in the room, but making a note of which hooker arrived at what time. You get my drift.
One is renting you the room, one is renting you a place to conduct social meetings. Can you guess who is who, and who is required to keep the logs?
Give your provider a chance for plausible deniability, and daisy chain a few servers in datacenters around the world. Shoot for countries that IT (so called) "professionals" have no idea what they are doing, and you are safe. If your providers can only provide metadata showing your computer connecting to that server over there, but cannot give any data about what was sent over the connection, then both they and you are relatively safe.
Just my honest opinion as a provider.
-
@jflsakfja:
Not a VPN, an entire server.
You mean VPS here?
Steve
-
Ah, one of my usual brainfarting moments. Thanks for pointing it out ;D
-
No problem. :)
How would you compare a commercial VPN service against terminating a VPN in a VPS?Steve
-
A VPS means that ultimately you are putting your trust into the hands of the VPS provider. VPSs aren't exactly up to par with a dedicated server (not only speed wise, security wise), since there have been numerous occasions where an exploit running in one VPS got root in another VPS on the same server. Not saying that every VPS out there is bound to be rooted, I'm saying that the security provided on a VPS isn't always the best.
As I said above, the only things I trust, are systems I have personally set up. If you don't have access to the system, choose the person that will bring it up to a point where you have access to it wisely. If things get freaky up to the point where you are flying a person along with the server, to do the server installation in a remote datacenter, then welcome to the paranoid club :o
Dedicated server prices have gone way down. I'm sure you can find a reasonable offer somewhere. It's what I would do if I had the need for a VPN. Daisy chain a couple of them and you are good to go.
The little known fact about VPNs is that they actively resist tampering attempts by tearing down the tunnel and reconfiguring a new one, in realtime(ish). The upside of that is if communication between your two dedicated servers is tampered with, traces will show up on your side. The same does not apply to the VPN providers, since the tunnel terminates on their systems. Why attack the encrypted side of it, when you are perfectly fine attacking the decrypted side of it?
