Should You Make Your Own VPN?

[jakkuh_t]

Linus explores the world of creating your own VPN, with the help of an open source project called Pritunl.

 

 

Rent a VPS for this project from Vultr (affiliate link): https://lmg.gg/cO2Wd

 

Forum Tutorial:  https://linustechtips.com/main/topic/1140511-diy-vpn-pritunl-setup-tutorial/

 

[Stu_Bear]

Ummm....I created a VPN on my home server so I can dial into it from work and visit this website undetected...seriously I set it up for giggles.  It's free to do if you use OpenVPN.

[BrinkGG]

TL;DR, if your reasoning constantly shouts "ARRRRR MATEY", no. 

Any other reason, go for it!  

I joke I joke. 

[Eigenvektor]

I think the first use case should also come with an asterisk: If you enter your credit card information on a website that doesn't use HTTPS (with a valid certificate! Unlike the VPS that is set up in the video) on an unsecured Wi-Fi, think long and hard: Should you trust a website that doesn't use HTTPS with your private data?

 

If the website does use HTTPS (as it should), neither your ISP, nor the hacker can read your credit card information. The connection is already encrypted (between you and the website in question, i.e. end-to-end). A VPN offers virtually zero additional protection.

 

If the website does not use HTTPS it is very likely your personal information stored on that servers isn't encrypted either (can you say data breach?). And while the connection between you and the VPN server is encrypted, the connection between the VPN server and the website is not. So you've simply replaced your potentially snooping ISP with a potentially snooping VPN provider.

 

As far as I'm concerned, you should use Virtual Private Networks (VPNs) for the one use case they were invented for: To securely connect to a remote network as if the computer was part of that network (i.e. your home or company network). Agreed, circumventing region locks is a welcome side effect (provided VPNs aren't blocked).

[Psyc]

anyone know if you can use a US seedbox as a vpn to get around the netflix stuff?

[Pscyan]

Can I use the 2.5 dollars plan with ipv6 to setup a vpn? I'm in n China will that plan in vultr work?

[OpSecG]

Help please!

 

sudo apt install pritunl
[sudo] password for OG: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package pritunl
 

I have the repository

 

deb http://repo.pritunl.com/stable/apt

 

added at 

 

/etc/apt/sources.list.d/pritunl.list

 

and I ran sudo apt update and it still can't find it.

[anonymous.person.102580]

I get to 5:27 in your video an have even turned off the firewall an still cant access the pritunl web interface.   Ive made he server at least 20 times with same result.  I run through each step with success an yet still no web interface.

 

VPN Walk through

[Slyp]

So, let's say I did all that (from China), and it worked fine for a while with only minimal slowdown, and then it started throttling hard after a week or two. What might be the reason, and what could I do about it?

[kokosnh]

On 1/13/2020 at 10:26 PM, Stu_Bear said:

Ummm....I created a VPN on my home server so I can dial into it from work and visit this website undetected...seriously I set it up for giggles.  It's free to do if you use OpenVPN

umm, how do i say it. It's quiet easily detectable... if you have "normal" network security in a company. 

And if somebody tried that in my company, well the security department will get all the data, from the network security reports about it. 

[CWave]

On 1/14/2020 at 11:24 AM, Eigenvektor said:

If the website does use HTTPS (as it should), neither your ISP, nor the hacker can read your credit card information. The connection is already encrypted (between you and the website in question, i.e. end-to-end). A VPN offers virtually zero additional protection.

 

If the website does not use HTTPS it is very likely your personal information stored on that servers isn't encrypted either (can you say data breach?). And while the connection between you and the VPN server is encrypted, the connection between the VPN server and the website is not. So you've simply replaced your potentially snooping ISP with a potentially snooping VPN provider.

 

 

I'm new to all of this, but I know I need some security measures in play.  I've heard a lot about the VPN stuff, but a few talk as you do that it is a false security.

Your comment intrigues me..... so what PPE (personal protection equipment :) would you recommend?  What about sites that spoof a SNL cert? 

 

Any recommendations for reading up on home security topic?

 

Thanks for the engaging discussion,

 

On 1/14/2020 at 11:24 AM, Eigenvektor said:

 

 

[Eigenvektor]

9 hours ago, CWave said:

I'm new to all of this, but I know I need some security measures in play.  I've heard a lot about the VPN stuff, but a few talk as you do that it is a false security.

I'm not a security expert by any means. I just know enough to be able to look through the marketing claims of companies claiming that using a VPN online makes you more secure.

 

I'm not saying VPNs don't work. I use one every day while working from home to connect to our office network. This is the primary use case of a virtual private network (VPN): Connect to another network, as if you were physically connected to it. It uses encryption to protect e.g. company resources and prohibit unauthorized access. That's about it.

 

There is one "side effect" to this: When you access websites you are now coming from the IP of the VPN server instead of your own IP. If the VPN server happens to be in another country, this may allow you to circumvent some regional blocking. Which is the primary reason they are popular.

 

The whole "makes you more secure", "protects your IP", "stops your ISP from snooping" is (mostly) marketing fluff, since they can't exactly go around saying "allows you to download warez hiding your true IP" and "let's you watch Netflix in other countries" (not really since Netflix is blocking VPNs as much as they can).

 

9 hours ago, CWave said:

Your comment intrigues me..... so what PPE (personal protection equipment :) would you recommend?

Backups, a virus scanner, some common sense and maybe a "proper" firewall that does not run on your personal computer. A firewall does not protect you against malicious files that you download yourself and if your computer is compromised, chances are high the virus has administrative permissions and can circumvent/compromise it anyway.

 

That's about it. The first step about information security is asking yourself: Who is trying to attack me? What is the threat? Then you can figure out how to best protect yourself. I'd say as a general user you're mostly at risk from viruses trashing your data, phishing mails trying to get to your bank account or steal your identity and e.g. bitcoin miners abusing your processing power.

 

9 hours ago, CWave said:

What about sites that spoof a SNL cert?

"Spoofing" SSL certificates isn't really a thing. While anyone can create SSL certificates, your browser isn't going to trust them, unless it is signed by a well-known certificate authority or the root certificate is installed in the browser's certificate store.

 

So someone would have to either install an additional root certificate in your browser to make it accept "their" certificates or they would have to steal a valid root certificate from a CA to sign their certificates. This is going into "targeted attack" territory of some three letter agencies trying to get at you specifically. If that's the case: good luck. No amount of "personal security" will help you unless you're an expert in that field.

[MiltonRose]

When I already tried to do this on my server, but it worked wildly slowly of course. At least when compared to usual vpn for chrome browser.

[Letgomyleghoe]

1 hour ago, MiltonRose said:

When I already tried to do this on my server, but it worked wildly slowly of course

it shouldn't be slow unless your server is slow. it may add a small amount of latency but it should be negligible unless your server is across the world, even then it should be more than maybe a 10-15ms increase.