Roll your own! Setting up your own, private VPN can be done quite easily with https://github.com/jlund/streisand and a DigitalOcean account. Costs $5 per month. It doesn't require a whole lot of technical competence either, as the Streisand project configures just about everything for you.
If you do roll your own, consider trying out WireGuard, the VPN protocol I've been working on. It's a lot faster and simpler than anything else. I'd appreciate all the feedback I can get. https://www.wireguard.io
Very often point of using VPN is to get away from one jurisdiction and censorship to a provider which offers endpoints in more countries. Getting own server with VPN basically puts a person under different jurisdiction, you're on you're own with supporting and maintaining it. Public-IP VPNs mix your traffic with other traffic and make single person harder to track. It requires a lot of specialized knowledge about protocols and encryptions, heart-beats, pings, system network buffers, setting up firewalls, will I ever need IPSec or PPTP? I don't know... I tried, learnt a lot and gave up quite quickly, too much stuff to handle.
What about when you need to update the box? How does it handle protecting and maintaining the vm? What if there is a critical vulnerability in either the client or the server, how will you find out?
I know i'm capable of running my own VPN, but I'd rather pay someone else to manage the details and I just get an endpoint I can connect to that will always work (and will be shut off if there is a major security problem).
unattended-upgrades is enabled by default, so security updates are handled automatically. You can also just destroy and recreate the box once in a while, without any extra cost.
But it is of course completely up to you. If you trust your VPN provider when they say they don't log anything, I guess you are fine.
This is definitely a valid point. In my case, I share my VPN with friends and family, and also use it from a number of different devices (several laptops, and mobile devices). Anyway, the point is not necessarily to make it impossible for anyone to connect my internet traffic to me, but rather make it harder to monitor me.
A firewall is configured as part of this setup. unnattended-upgrades is also enabled, so security updates are automatically installed (which of course might be a security problem itself). If you are really paranoid, you can destroy and recreate the box every so often, as the whole process takes about 10 minutes.
I use https://www.privateinternetaccess.com/ on recommendation from a colleague, and I'm pretty happy. No logs, plenty servers, no real issues, and they recently shut down their Russian server due to imminent privacy concerns. So I feel that they have their priorities straight.
I used https://www.frootvpn.com/ briefly when it was free - seemed ok too, but not many servers back then.
Depends really what you want to use it for, but you could look into something like https://www.zerotier.com/ or even hosting your own.
+1 for PIA UK exit nodes work for watching BBC. Plus as a bonus they have recently implemented an option that block ads and malware on a DNS level. There are apps for iOS, macOS and Windows. It can also work without the app and be setup on a router level to protect the entire network.
PIA has said they actively won't be circumventing geoblocks anymore. Last time I tried BBC was blocked on both London & Southampton (in the last 24hrs).
EDIT: It seems iPlayer is now working again, although if you check their forums from when they began this change in policy, they specifically stated they would not actively circumvent the blocks.
They seem to have some ongoing issues with their client - there have been speed issues with the last couple of releases, on Windows at least.
I've had to regress to an earlier version or I get DNS timeouts galore with v60. There's quite a few open threads on their forums about this.
Aside from that, their IPs seem to regularly get hit with Cloudflare captcha. Usually, but not always, switching to a different exit will fix, for a while at least.
I use PIA and I can't complain. One issue I noticed that may affect others as well is that they are being blocked more and more around the internet. I don't think this is only a PIA problem though.
Yeah I love PIA, but i've found several sites that outright block you in very "opaque" ways (my favorite is one that says the site is down for emergency maintenance when you connect from a PIA VPN IP).
It sucks, but I think PIA (and others) are going to need to start using different IPs and getting around these blocks if they want to stay competitive.
I think that a analyzing VPNs is quite impractical, but here we go:
After trying a couple, I'm now with Private Internet Access; the reasons are:
- the support actually replies and helps (this doesn't hold true for all the companies); although I think VPN typical problems are very technical (in fact, I didn't really solve the issue at the time) and may not be solved by them, it shows that the company is actually striving to provide a good service
- they don't keep logs
- the quality is stable and fast; my network is permanently connected to it
- they have many servers around the world
- they do provided their service with integrity; they've pulled their Russian servers because the Russian authorities imposed them to keep logs
Some of these statements can't be proved, but as far as I can possibly examine and experience, it's a really good service.
With Verizon becoming an ad company and AT&T showing signs of the same thing, I was wondering what would be involved in having my home's router automatically and permanently connect to a VPN service to keep my data from my ISP? I understand the performance hit would be huge (I have a gigabit fiber connection), but as long as I can still stream MLB and Netflix, I'd be happy.
Your VPN provider would be the bottleneck, not the VPN itself, in which case if you take a performance hit you should explore other VPN providers.
But to tunnel all of your home traffic you can either (1) buy a router that supports VPN tunneling or (2) try and save some money by buying a generic router and flashing it with something like DD-WRT, which would give you an OpenVPN client which would allow you to do the same thing, just with cheaper hardware.
Once set up, whenever your router boots it will connect the VPN and all of your traffic will go over that connection.
Hasn't shipped yet, but Keezel may be interesting: http://keezel.co
It's a hardware product and they broker the VPN provider... so the VPN provider doesn't know who you are, and the Keezel device can use the best-performing VPN provider / nodes.
For launch they're partnering with PureVPN, LeVPN and ProXPN.
I am launching a new product (VPN router permanently connected to anonymous VPN) within a month, I don't want to link to the website yet because it's a WIP. Send me an email (in profile) if you are interested.
Privateinternetaccess.com besides their somewhat uncatchy name and dated looking website is cheap and reliable. You can even pay with Amazon gift cards, in case you want to anonymise your payment and don't want to dive into Bitcoin
I had PIA for a year and when the subscription ran out, though being a happy customer, I got tempted by iVpn.net, which was 3x the price, and had a pretty website. It also got many recommendations here on HN, but think they were not 100% honest. I regret moving away and will go back to PIA asap.
Takeaways: also important is which device you will be using to surf. Many vpn providers have a flawed or no iPad app, and refer to the standard openvpn app. It's very cumbersome to use (you can not copy paste your username and password, just to name one thing).
And setting up your own, doesn't make much sense to me as you will always have the same public ip then.
I've been using Tunnelbear(https://www.tunnelbear.com/) for a couple of years now and my experience has been fantastic:
• It doesn't keep activity logs.
• Their tunnel network has been recently improved and it counts something like 20 countries at the moment.
• It's really fast and it keeps your device safe even in the possibility of a connection issue, it will block all unsecured traffic until it's possible to properly gain access again.
• Something not directly related as a VPN feature but since I have to pay for it I'm more than happily going to underline this, the UI is really really nice, the design is clean, smooth and is one great experience on every device I've been using it on(Android, iOS and Windows).
On iOS, it's free up to 500MB/mo, $4/mo after. Their app has VPN auto-reconnect on iOS, which is useful because iOS does not seem to support always-on VPNs (except for "enterprise").
Yeah, it's 500MB/month shared across all devices since it's linked to the account you login with. Depending on what mobile device you're using there are different offers since it's possible to go with an Android/iOS-only subscription. I usually end up picking the $7.99/mo offer which is the most logic one if you have multiple devices with different OS enviroments.
I prefer http://BlackHoleCloud.com . You get your own VPN server(s) in the cities that you choose so there is no fighting for bandwidth, and no other vpn subscriber will try to hack into your computer. It also comes with your choice of tiny hardware firewalls. The smallest one fits on a keychain. You can put up to 64 devices on the VPN at no extra cost. Oh, and it has Tor built in if you want it and the firewall blocks ads like a PiHole.
Basically, if you have SSH access to a machine and Python is installed on the endpoint, you can set up a "VPN" over SSH. To me, this is much easier to set up. You can get by most of the time by having a vanilla Linux installation on a cheap VPS without any additional work.
I'm in Sydney and a very satisfied user of AirVPN. I mostly use it to get around geo-blocking.
They have more than enough servers and I've never had an issue with the reliability of their service.
Speeds in Europe are reasonable, but I'm on crappy ADSL anyway.
You should check out this very extensive comparison sheet as well:
If you need it only for web browsing, than I highly recommend the free VPN that’s now integrated in developer release of Opera. https://www.opera.com/computer/beta
I use NordVPN. Pay annually and it can be as low as $40. Allows up to 5 devices and they have servers all over the planet. I primarily use it for streaming; Netflix US/UK/CA/FR, i-player, and checking how advertising looks in different countries.
I use hide.me
I tested several providers over the years but this one has given me the best speed and lowest latency when I choose servers close to me. Works well to have it running 24/7 on the phone.
Of course it's more expensive than just hosting a droplet, but very helpful to get IPs of various countries. Unlimited traffic also comes in handy..
I'm using Overplay vpn service.I chose it from this rating https://myipservices.com/vpnrating . I chose a paid service as they say that it works much better and faster. And to be honest, their security is much better.
AirVPN.
It allows to setup a stable port-forward, unlike PIA which (by design, I suppose, due to being safer) changes the port forward every connection.
Also, AirVPN allows 3 or 5 port forwards, whereas PIA allows 1.
