https://github.com/jlund/streisand (6000+ stars)
https://github.com/sovereign/sovereign (6000+ stars)
https://github.com/Nyr/openvpn-install (3000+ stars)
https://github.com/ttlequals0/autovpn (1400+ stars)
https://github.com/trailofbits/algo (1100+ stars)
https://github.com/robbintt/popup-openvpn (700+ stars)
After all, getting users to voluntarily direct their traffic through your network would be much easier than installing snooping hardware at every ISP, backdooring hardware in transit or snooping on undersea cables.
not worth the trouble when you can just compel existing VPN companies to send all traffic to you.
But since the NSA apparently shares its findings with other agencies, then the same applies if you're using a VPN in hopes of avoiding any sort of government monitoring.
So a VPN is only useful to (possibly) help protect yourself from corporate spying.
Yeah there's a few VPNs that look shady because of their pricing. One that springs to mind is LeafVPN[1]. For $5.00 you get to send all your traffic to Mallory. And it even has `LEA` as the first three letters, so you're safe! This is not an endorsement of this service BTW.
[1]: https://leafvpn.com
Hell, most of them host in super cheap DCs too so guess how good the physical security is?
PS: I have checked lababit website, seems like they are reopening in 2 days.
I've read arguments that firewalls tend to block IPsec packets, but there's also UDP encapsulation. And IME, I've never had connectivity issues, from multiple random coffee shop / airport WiFi, in multiple countries. I suspect it's because Cisco's VPN product used to (still?) uses IPsec, just with proprietary authentication schemes, and a lot of businesses use it, so most firewalls are configured to let it through.
IKEv{1,2} + IPsec (ESP) (tunnel mode) is recommended. strongSwan is probably the best free, open source IPsec solution out there (much better than libreswan...), good documentation, use cases and examples etc, actively developed and maintained by a group of passionate developers that knows the stuff well.
My employer (pre-IPO startup) has been using strongSwan for 2+ years as site-to-site solution from AWS VPC to on-premises data centres (or other cloud virtual network), proved to be rock solid as long as it's properly configured (pretty much all outages were caused by AWS...) ;-)
The only drawback is that strongSwan currently does NOT have a mature HA solution but it's shaping up (5.4.0 introduced IKEv2 redirect). Hopefully a proper HA solution (not sure if it is something similar to VRRP - curious to know more - PLEASE comment) will be built on top and later productized ;-)
In addition: I myself have been using strongSwan since its 5.0.x for remote access, to protect privacy, fight censorship (yes, originally from China mainland where the infamous GFW is in place...). The native strongSwan client for Android is a killer feature, RSA authentication with X509 certificates works flawlessly with 1 click ;-)
BTW: OpenVPN is SSL VPN, relatively easy to install and configure, that's why it's more popular (remote access). IPsec works at IP layer (layer 3), generally speaking it requires deeper networking knowledge and more experience to get things right. OpenVPN is harder to block as it can disguise as HTTPS (TLS) or other traffic while IPsec requires UDP ports 500 (IKE) and 4500 (NAT-T) to work which is easier to block.
HTH
openvpn can also be used with obfsproxy
That's contrary to my own experience, hence my original post. Obviously I've not been to every airport, but I've been to a handful of different ones over the last decade, and I've never had problems with IPsec. And IME airport / coffee shop / hotel WiFi are usually not the ones most locked down, but corporate guest WiFi. The last one I used blocked everything except TCP port 80, 443...and UDP port 500, 1723, and 4500.
I used to run OpenVPN to my home network, since that's the general recommendation, and Cisco VPN to the school, and later work, networks, and I've had more connectivity issues with OpenVPN. Switching to one of ports 53, 80, or 443 generally works, but Cisco VPN always "just works"...connectivity wise anyway. The client software broke like every other minor OS update. I even switched to PPTP for a while, because it'd also always worked, plus support was built into the OS. And that's what drew my attention to L2TP/IPsec.
Finally, when Tunnelblick stopped working after one of the OS X major upgrade, I looked into setting up L2TP/IPsec, and have been using it since.
Maybe IPsec is more often blocked in Europe / Asia / Africa?
Personally: I use AirVPN because to me it matters the client is open source. For all others, I guess PIA (Private Internet Access) is fine.
Don't most VPN providers offer OpenVPN as an option? Private Internet Access does. I always assumed that the client offered is to have an easy setup method for users who don't know how to configure a normal VPN client safely.
Has that changed recently?
>“A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States,” the FBI’s complaint reads.[1]
Unfortunately, waiting for a court case involving your VPN provider isn't a great way to determine what they log.
[1] https://torrentfreak.com/vpn-providers-no-logging-claims-tes...
Anecdotally, people routinely run small-scale VPN off DO or even AWS free tier hosts.
Torrents on the other hand, I've been having connection issues to other peers. Not sure what's up there.
ThatOnePrivacyGuy should use their open source speed test tool instead as the tests are verifiable (unlike his tests from a single location which nobody can reproduce).
And yes, you're a dick if you even kind-of imply that VPNs might be good for privacy without immediately providing a strong disclaimer: if it matters, they aren't.
Edit: Oh wow, it's worse than I expected. Check out https://thatoneprivacysite.net/choosing-the-best-vpn-for-you...
The vast majority of the recommendations here have absolutely no connection with reality.
This entire website is bullshit, here's a few quick quotes.
>a. More on Trust
>As a lawyer represents your legal interests, a VPN service (among others) represents your privacy interests.
>c. Jurisdiction >In the last few years, certain revelations have been made manifest regarding the mass surveillance programs of various countries around the globe. These countries are known as the five, nine, and fourteen eyes. These countries not only spy on their own citizens where they can get away with it, but they spy on each others, and swap notes to bypass governmental restrictions on power. If a service, or the people who run a service is based in one of these countries, it’s not unreasonable to expect that they may be susceptible to unlawful searches and compromises made in the name of national security
Suggesting that NSA & Co. don't spy outside of FVEY (or fourteen eyes if that's what you prefer) countries is utterly ridiculous at it's face and just makes it look like the author hasn't studied this stuff at all.
Instead of blogging about mass surveillance and unlawful searches, maybe focus on the more realistic issues like search and wiretap warrants which are ridiculously easy to get in some countries?
Sometimes you just need to say something is garbage and move on.
>you're a dick if you even kind-of imply that VPNs might be good for privacy without immediately providing a strong disclaimer: if it matters, they aren't.
This website reads like it's written by an amateur from some torrenting subreddit, there's not much constructive feedback to be given here besides "do some actual research and do it all again"
