One Click Personal VPN Server on DigitalOcean

March 15, 2017
vpn privacy golang osx digitalocean jquery

I recently released a project called dosxvpn which simplifies the setup of your own personal IPsec VPN server with DNS adblocking running on DigitalOcean.

Background

I decided to build dosxvpn in light of the news that ISPs are now able to sell our browsing history in the United States. If you care about your privacy online, it is now more important than ever to encrypt your traffic passing through your ISP. There are plenty of commercial VPN providers that could be used, but the primary problem with all of these in my opinion is that there is no way to audit any of their claims around privacy and security of their service.

My preferred alternative to using a commercial VPN provider is to run a self-hosted VPN server. There are plenty of different VPN technologies that could be used like OpenVPN, IPsec, Wireguard, etc. I had previously been using algo to simplify the setup of an IPsec based VPN. You can read their blog post on why you may prefer an an IPsec based VPN over alternatives. At the time of this writing, Wireguard also looks like it may be an interesting alternative in the future. While algo is an amazing project, the setup and deployment isn’t the most intuitive for the average non technical user as it’s all done on the CLI and requires Python and installation of dependencies which is never fun.

Goals for this project

There a few primary goals that I tried to solve while building dosxvpn:

1) It should be simple enough for a non technical user to install. To start I built a native OSX application with no additional dependencies. Launching the app brings up a simple web based wizard to deploy a VPN server on DigitalOcean. After completing the wizard, the VPN is fully configured and running using the native OSX VPN client.

2) The user shouldn’t have to worry about managing or updating the server where the VPN is deployed. In order to solve this, updates of both the OS and VPN software happen on a regular basis automatically.

3) It should be easy to share this VPN configuration with mobile devices. To make this possible, after the installation there is a download button for both iPhone and Android that allow you to grab the VPN configuration, copy it over to your device and get them up and running quickly.

4) Adblock should be enabled by default. This is especially important on mobile devices, which generally don’t provide an easy way to both be connected to a VPN and block advertisements at the same time. Pi-hole is configured to work with the VPN and act as a DNS adblocker.

Conclusion

If any of this sounds interesting, go grab the latest release of dosxvpn and try it out.

AWS Lambda Powered HTTP/SOCKS Web Proxy

October 20, 2016
proxy privacy golang aws lambda