[bdarnell]

I've used streisand on DO (while traveling in China) and it worked well. There's also a similar project called algo[1] which provides a single protocol with maximum security, in contrast to streisand's multi-protocol flexibility (and increased surface area).

https://github.com/trailofbits/algo

[andreyf]

Why does he refer to OpenVPN as a "risky server"? Does it have a history of embarrassing security vulns?

[analogist]

I think a recurrent concern is OpenVPN's reliance on TLS, and its codebase complexity as a result of being built on OpenSSL--but with far less attention and resources and vuln hunting compared to say, actual browsers. Complexity + lack of auditing person-hours is never a good combo. (See https://twitter.com/tqbf/status/806646188158152705)

Matt Green's audit of OpenVPN, when completed, may lead to more light on the matter. Otherwise, we're just relying on informed intuitions.

[bitexploder]

Except all the shenanigans with IPSEC.

https://en.m.wikipedia.org/wiki/IPsec#Alleged_NSA_interferen...

As a "security people" I think me and tptacek could split a great number of hairs and get not too far on this one, but I am open to new info. I know a lot can hide in the complexity of OpenSSL. Maybe the whole thing with IPSEC was to sway us toward OpenVPN likes. Regardless, I still lean slightly towards OpenVPN

But honestly I am out to defeat ad networks. I only aspire to give nation states indigestion (at a mass scale). Individually if a well funded adversary wants any one of us I think they have us.

[bdarnell]

I think "other risky servers" may refer to the lesser-known servers that streisand includes, like shadowsocks.

[danisth]

Would a 512mb RAM DO server be enough for this? I've been looking for an alternative to a VPN for a while, but it would only be cost effective with the $5 option.

[andreyf]

Yes. Your bottleneck will most likely be network and CPU speed as that's used for encryption. Google around for specific numbers, but my intuition is that network will max out before CPU does even on the $5/mo instance.

[chrisper]

I'm running openvpn on one of those just fine.

[newman314]

I've been looking at algo but not sure how much it lives up to the billing.

The ssh configs contained within do not enable ed25519 for instance.