Roll Your Own VPN for Private Browsing

About the time I started to traveling to China for work I realized I needed a VPN solution.  For trips abroad it was so that I could actually get to all the web sites that I used to keep in touch with friends and family and also to provide me with a US based IP address if I wanted to be able to watch Netflix or Hulu in the evenings.  In addition to this use, though, I’ve come around to the fact that I’m on open Wifi a lot these days and while more and more companies are using https by default, not all are, and so it’s just easier and safer to make sure everything is sent out over a secure connection while on Wifi.

The first thing I used to do was to just use an SSH based SOCKS proxy that I could run from my command prompt to my server back home.  It worked well enough but it was slow and added a fair amount of latency compared to the direct connection.  Plus, some Flash based scripts wouldn’t use the browser to make their file requests so it wouldn’t go over the proxy all the time.  Annoying.  But the speed was the biggest issue.

I also worked at getting my OpenVPN server working and I did at one point.  Something, however, got screwed up and I couldn’t figure out why it stopped working.  I also lost interest in digging in to OpenVPN configuration inner workings when I found this OpenVPN AMI for Amazon.  Nice admin UI and easy to configure the OpenVPN Mac app client when I use that server.  One weird caveat, Craigslist seems to block most EC2 public IP addresses.  Or at least the few that I received.

I had tried services such as HideMyAss.com but I had read they were having occasional issues with China blocking their IP addresses plus I only needed it occasionally at the time.  They are convenient though and it seemed to work well when I demo’d it.  If you want one and don’t really want to spend the amount of time I did looking into them, just use something like that.

Back to the OpenVPN AMI for Amazon.  That worked really well but it cost about as much as a service like HMA (or more!) above so I started looking around for other solutions .  I tried TunnelBear.  Simple, cute, but omg slow.

And getting to my current solution, I was reading Hacker News and came across this OpenVPN installer for Debian distros.  Combine this with a cheap VPS like Digital Ocean’s droplets and you have a really really easy VPN solution for $5/month that won’t grab enough attention to be blocked or on VPN blacklists.  And it’s fast.  Very fast.  It works with the Mac OpenVPN client really easily and when the installer generates the client config you just copy them to your client machine, import them into the OpenVPN client and away you go.   As long as you can SSH into a box and run a script you can get this going pretty easy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s