So what are you using for a VPN solution?

I was curious what level1 forum users are using for a VPN…if you’re using anything at all. Personally, I’m neither paranoid nor a human rights activist. I’m not terribly worried about a nation state poking around in my business. What I am worried about are casual snoops and script kiddies trying to steal my credit cards or identity.

So what I’ve done is set up OpenVPN on a pfSense VM on a server at home, port forwarded the relevant port on my dd-wrt router, and just beam into that when I’m on public wifi at the local coffee shop, or the guest wifi when I’m at work. I feel like this works for my use case, but am curious if others feel the same, or if I should take more careful measures. (I do realize that this doesn’t keep my ISP from snooping on my outbound traffic, but in the rare cases I’m worried about that I use Tor.)

So do you use a VPN at all? Do you use one of the big commercial VPN providers, or do you roll your own VPN? Do you have endpoint(s) in the cloud, or on physical hardware you own on your premises?

I’m using Comcast as my ISP but on occasion I will use my PIA connection.

I’ve not looked into doing my own VPN hosting but L1 does have some nice guides on setting these up.

I have very little faith in my cellular provider, cough AT&T cough, to not monetize my browsing so all my cellular data flows through my own wireguard + pihole VPN on a VPS. I’m a little more trusting on my home internet provider and only p2p traffic flows through a commercial VPN. If you want to support L1 then a $5/m Linode is a great option for rolling your own. Or if you’re on an extreme budget you can spin up a arm64 instance on Oracle Cloud to run Wireguard for free.

I use OpenVPN on PFSense for all my devices, works great and is simple enough!

I selfhost OpenVPN on pfSense like many others, but It’s mostly for remote access and to bypass carrier throttling for video.

I have set up wireguard on a linode VPS and use that. I had the linode for other things anyway, so it’s basically a free feature for me.

I use it when on public wifi or when I’m on the office wifi.

Edit: for my use case, I want to keep things private, not necessarily anonymous.

I use Mullvad.

They hijack DNS if you don’t DOT/DOH, but they are alright otherwise.

Their endpoints are know by all the main streaming sites, so it’s not much good for geo-unblocking.

It’s not the cheapest either.

But it’s pretty fast, and they have a nice, simple cli app, and it’s easy to switch locations

I’m using Wireguard mostly to SSH into my systems. I prefer it over OpenVPN because it’s way lighter both on resources (running on a 2GHz Pi4) and bandwith usage.

I don’t know if it would improve my privacy when running over public wifi connections or not. Got 100GB/mo on mobile so I don’t even think about public wifi.

While I technically have wireguard setup, I tend to use sshuttle more day-to-day. Sshuttle runs a python program on the remote end to act like a VPN, while modifying host iptables/nftables to direct traffic over it. Since it’s ssh you can go through bounce boxes without issue. It also has less of the speed/latency issues that DynamicForward can have.

Well that certainly piqued my interest. Who is your provider and how much does such a generous allowance cost?

Currently using OpenVPN on pfSense and Wireguard on a RPi 4 2GB at another location. Port forwarded both to the ISPs routers.

Me neither. But I’d rather they not. I’d like to take a moment and thank my personal FBI agent monitoring me for keeping my conversations private and not selling my card info.

I’m mostly using it to trick big tech that I’m still in Europe, so in case they are still collecting data about the sites I visit, at least it will be irrelevant to them. Although location is just one data entry.

Those are scams, unless you are only using them to get cheap user subscriptions from netflix and youtube red from Brasil and India and cheap games from whatever other developing nation. Or get around content restrictions.

Because of the free WiFis I logged into in Burgerland, I am contemplating on setting up a TCP OpenVPN server on port 443 to get around the stupid restrictions in case I need to do phone calls or other stuff via wifi that are blocked otherwise on the network, with ports other than 80, 443 and 53 likely also blocked. I don’t use free WiFis often, but it may be necessary sometimes, just in case.

What other thing I’m contemplating is, since I already have a Road-Warrior VPN setup that I use daily, I could increase my TTL on my Pi 3 so that I can hotspot on my mobile 5G without being restricted to 56 Kbps, even though I pay for 15 GB of hotspot / month, but it’s restricted in speed (thank you T-Mobile) in case my normal internet drops again, or in case I want to work on-the-go from another town.

That, and a stupidly expensive contract, were reasons I ditched the very same provider. Current carrier has a fairly low hi-speed data cap, but after that it is unlimited at 1Mbps…much better than your carrier’s “unlimited” speed.

I was using TunnelBear for 2 years, but didn’t need it for a while now.
I don’t even know if it is still on the market.

But it did its job for me.

For the moment I am using ProtonVPN. It can keep my actual connection saturated and has a Linux client.

Can I trust them ? Well at least there not US based.

As an experiment, about half a year ago or so I setup ZeroTier bridging between my home LAN and my Android phone. I ended up not using it much, since it turned out I don’t actually need to access my LAN that much (hence the experiment), but the important thing to me was that I got everything to work the way I wanted.

In short, It’s cool to SSH into your LAN from your phone via Termux without any public IPs or cloud VPNs, but the time I spent configuring and debugging all the neccesary network configuration for the bridging to work was quite painful.

In long:

My home network is itself behind a router, so my router doesn’t have a public IP. Most people seem to opt for the cloud-hosted gateway, but I decided to try out ZeroTier (one of their main selling points is the ability to route hosts separated by NAT.)

I already had an RPi attached to my home LAN, so I followed the guide here to create a ZeroTier gateway into my LAN.

I then installed The ZeroTier VPN app for Android, and confirmed I could SSH into my machines from Termux, and that I could access my self-hosted Docker Wiki/Gitlab/whatever.

There were two major pain points. The first was configuring the RPi. Admittedly, I’m no networking guru, but even with the guide I’m still not 100% sure how the whole thing actually works, and thats a major turnoff.

The second, well, not major paint point, but annoyance was the “ZeroTier One” VPN app. It’s rather buggy and not terribly polished. I don’t mind the rudimentary UI, but I frequently have to delete and re-add my network if I decided to reconfigure something (because something wasn’t working, or whatnot.)

I haven’t used it for a while now, I think if I ever go back to needing a VPN I will go the more traditional route of cloud-hosted gateway + Wireguard/OpenVPN. ZeroTier is cool but maybe too clever for my liking.

family member has PIA so I’m using that account login. Not complaining since it’s free.

I don’t use a vpn. I assume they’re just honeypots or at the very least easy targets for the three letter agencies to raid or demand to install equipment at.

I’ve never had any issues.

I did set up a proxy in the USA via azure for work though so we can lodge taxes (or something similar I forget) for our USA subsidiary. Because making gov websites for tax geo blocked is a thing for the us government apparently.

Took me literally 30 minutes to circumvent including setting up a USA based VM environment to run the squid instance in.

Mullvad plus a mesh of my own systems so I can seamlessly access my network from outside. Something like a manual tailgate. I pay Mullvad with Bitcoin via the Lightning Network.

I use Hotspot Shield. I got the premium version for free with a purchase of Dashlane. So far it serves me well, although I’m not really worried about privacy as much as most people here are. I just use it when I visit some real sketchy sites.

Wireguard manually setup between server/client has been the limit of my VPNing.

Been thinking about setting up Nebula, seems an underrated project. Tailscale/head scale gets all the attention, but Nebula looks pretty nice for us self hosting types.

As for a VPN to proxy Internet access? Keep meaning to setup something (Mullvad based?) but never get around to it.