So, what would be a really reliable VPN-provider?
-
@jflsakfja:
Not a VPN, an entire server.
You mean VPS here?
Steve
-
Ah, one of my usual brainfarting moments. Thanks for pointing it out ;D
-
No problem. :)
How would you compare a commercial VPN service against terminating a VPN in a VPS?Steve
-
A VPS means that ultimately you are putting your trust into the hands of the VPS provider. VPSs aren't exactly up to par with a dedicated server (not only speed wise, security wise), since there have been numerous occasions where an exploit running in one VPS got root in another VPS on the same server. Not saying that every VPS out there is bound to be rooted, I'm saying that the security provided on a VPS isn't always the best.
As I said above, the only things I trust, are systems I have personally set up. If you don't have access to the system, choose the person that will bring it up to a point where you have access to it wisely. If things get freaky up to the point where you are flying a person along with the server, to do the server installation in a remote datacenter, then welcome to the paranoid club :o
Dedicated server prices have gone way down. I'm sure you can find a reasonable offer somewhere. It's what I would do if I had the need for a VPN. Daisy chain a couple of them and you are good to go.
The little known fact about VPNs is that they actively resist tampering attempts by tearing down the tunnel and reconfiguring a new one, in realtime(ish). The upside of that is if communication between your two dedicated servers is tampered with, traces will show up on your side. The same does not apply to the VPN providers, since the tunnel terminates on their systems. Why attack the encrypted side of it, when you are perfectly fine attacking the decrypted side of it?
-
I prefer to have a private server (either hardware or vps) because the associated IPs are not on the well known list of heavily used public vpn IPs.
Keeps you from being blocked by default in some countries.
-
I rent a VPS to run as a high-speed Tor exit node (my contrib to web anonymity), and I never thought about configuring OpenVPN or IPSec on it and using it that way. Something to think about.
-
@jflsakfja:
The only way to get around those "procedures" is to prevent the provider from getting their hands on any metadata in the first place. Barring the rare occasions when providers install hardware backdoors in systems they host (don't want to point any fingers, but yes, they did), the only way to have a reliable VPN services is to rent hardware at a datacenter. Not a VPS, an entire server. Set up hardware encryption on it, lock it down, then only have it accept VPN connections from your pfsense, and send those connections through a different hosted server. Do this a couple of times in different legal regions, and it's as good as it gets when it comes to VPN.
This was the original / genesis idea behind the "rack of NUCs". (http://imgur.com/6DNonNp)
@jflsakfja:
Most datacenters will not bother with keeping logs for a long time about who is connecting to what, or any logs for that matter,
It's not that they won't bother, it's that, at that level, they can't. It would be like sampling a firehose with a test tube.
-
@gonzopancho:
This was the original / genesis idea behind the "rack of NUCs". (http://imgur.com/6DNonNp)
Yeap, hardware prices have gone way down, there is (IMHO) no reason to shoot for a VPS instead of a small dedicated server.
@gonzopancho:
It's not that they won't bother, it's that, at that level, they can't. It would be like sampling a firehose with a test tube.
Agreed.
-
@jflsakfja:
@gonzopancho:
This was the original / genesis idea behind the "rack of NUCs". (http://imgur.com/6DNonNp)
Yeap, hardware prices have gone way down, there is (IMHO) no reason to shoot for a VPS instead of a small dedicated server.
in a datacenter, the limiting factor is not space, hardware or bandwidth.
It's power.
-
I think this has already been discussed (in the thread even) but the advantages of using a VPS are that you can run whatever you want on it, so any VPN type you like, and that you will get an IP that's unlikely to be blacklisted as a VPN endpoint. I hadn't really ever considered security (or lack of) between virtual machines to be an issue. From a privacy/logging point of view is there much difference between a VPS and dedicated hardware?
Currently I run neither but have often considered it.SreceSteve
Edit: Can't even type my name. ::) -
I think this has already been discussed (in the thread even) but the advantages of using a VPS are that you can run whatever you want on it, so any VPN type you like, and that you will get an IP that's unlikely to be blacklisted as a VPN endpoint. I hadn't really ever considered security (or lack of) between virtual machines to be an issue. From a privacy/logging point of view is there much difference between a VPS and dedicated hardware?
Currently I run neither but have often considered it.Srece
I'd be more inclined to log the VPSs instead of the dedicated servers to be honest. In general VPSs attract more abusers than dedicated servers, in my experience, which considering an abuse report will come in, you need something to troubleshoot it with. YMMV
