Maybe a dumb question, but does anyone sets up their VPN server in the cloud? Could cheapest droplet on DigitalOcean [0] handle traffic for browsing or youtube?
I use a VPS at Hetzner, but a whole lot of traffic sites stop working when I am using the VPN.
I bet in part it is due to the CloudFlare's efforts to "Cleaning up Bad Bots" [1].
In this article under how they detect bots they write:
> Another model allows us to determine whether an IP address belongs to a VPN endpoint, a home broadband subscriber, a company using NAT or a hosting or cloud provider. It’s this last group that “Bot Cleanup” targets.
I suspect when use a VPN hosted on a VPS, you often end up classified as a bot to be cleaned up...
Tried this, you will encounter a ton of sites that assume you are a bot. You will find it annoying to browse quite a few sites. Some will outright refuse to work.
Can you make edits on Wikipedia? I used to be a big contributor there but can no longer easily contribute because they (understandably) blocked all common VPN IP ranges.
No, I run into this with my Linode also. Basically any of the large VPS providers and some of the smallest are well known to other services for being used to automate scraping or other things. Linkedin is a great example of one that (used to anyway, haven't tried in a while) completely block any IP that was known to be from a VPS provider.
Nope, this is pretty common. I found out the hard way that Delta doesn’t allow access to their servers from my cloud hosted VPN, which is shitty considering airports are pretty VPN-heavy locations for me. They don’t seem interested in reconsidering this stance either.
Let's say I buy a /24 IP address block and port it to AWS. My friend Bob and I are both on AWS. Would it be possible to share some of my IP addresses with Bob in a secure way?
I know that VPC peering[0] is possible across separate AWS accounts, what I don't know is that:
1. Whether or not my /24 block is "compatible" with VPC peering or not
2. How to prove to Bob that I'm not potentially MitMing him (assign my /24 block to VPC1, peer with Bob using VPC2, and MitM between VPC1 and VPC2 since they're both under my control). Would creating an IAM user with read-only VPC permissions work for this?
AWS is just an example. I would be happy to do this at any major provider (AWS and GCP are the two I know that allows bring-your-own-ip).
Yes it is, and using routing the IP can arrive everywhere in a tunnel, not just AWS.
You only need a good system administrator. I can get you in touch with friends who specializes in that. They will certainly recommend your /24 to be pointing to a more friendly provider of your choice, like one with a flat rate!
/24 with ASN -> friendly provider -> any ip goes where you want (digital ocean, aws, etc.)
But no, you can't prove you aren't MiM. Who has control of the /24 at any point could (ex: the 'friendly' provider)
IP space is getting pretty pricey these days, unless you want to go IPv6-only. And whatever the evangelists say, that's still to un-realistic for most people.
My wireguard gateway is in the cloud (linode fremont). When I connect to it, the eventual gateway is my home router. If I were to use the VPS as my gateway, then my traffic would be blocked by all sorts of services.
Annoyingly, I have moved, and now have comcast so that brings problems. First, they tamper with DNS traffic. To combat this the resolver is unbound running on the Linode. This creates very occasional problems, usually in the form of a capcha. Additionally, comcast doesn't offer symmetric connections, so my VPN is slower than it should be (1Gbps/30Mbps is such a joke).
Not dumb at all. I'm doing this on a $5 droplet and it's faster than any of the commercial VPN's I'm currently paying for. It's a little less privacy protective than many VPN providers however - Digital Ocean will for example forward DMCA violation nastygrams they receive from content owners.
At least for me on linode, it's less-bad than others I've seen. Google doesn't typically get nasty; I think I can only think of a few sites that are especially bad (linkedin and arstechnica forums are two that come to mind). That probably has to do with me using the same IP for ~2yrs now, so it doesn't have reputation problems.
I got a special deal at a VPS provider for $1/mo for 1vCPU and 256MB RAM. With only Wireguard running, I experience no issues whatsoever. RAM usage is minimal, sub 100MB, I forget the particulars. I added unbound with a huge DNS blacklist and unbound must do some odd indexing or something because that blew it to around 400MB which required a swap drive. But even with that, the performance is more than fine. I notice no discernible performance loss on my phone and from my 1Gbps connection at home, I see speeds that are comparable with saturating the network of the VPS (~200Mbps).
It was a promotional deal and I haven't let the lease on the VPS lapse. I didn't know what to do with it at first, but it was too good of a deal to pass up.
Not quite yet. But also like another user said, DuckDNS
"Note: Starting January 1st, 2020, GCP will charge for VM instance external IP addresses. However, under the Free Tier, in-use external IP addresses will be free until you have used a number of hours equal to the total hours in the current month. Free Tier for in-use external IP addresses apply to all instance types (not just f1.micro instances)."
Instead of an IP, you can use a domain. Then you can use Dynamic DNS to keep that domain pointed at your current IP (essentially, you run a small program on the same computer as the VPN server, that updates the DNS provider every time the IP changes).
[0] https://www.digitalocean.com/pricing/#standard-compute-trigg...