| One nice although limited alternative to openvpn is sshuttle:
https://github.com/sshuttle/sshuttle The limitations are: no ipv6 support :(, sometimes leaks dns, and always crashes shortly after it is first started (then works fine when you start it again). There seems to be little active development. To work around the limitations, I mostly use SOCKS (curl also supports SOCKS), plus run sshuttle to try to catch any additional traffic. For that matter, SOCKS alone would at least catch the most sensitive traffic for most people (and would make it easy to have another browser profile for watching netflix). I get a $15/year OpenVZ account from ramnode.com, which supports VPN usage. I haven't had an issue with bandwith (it seems to undercount quite a lot) but don't watch netflix or otherwise use that much bandwidth. The main issue I've had is that some websites (google, amazon, gog) will default to various other languages that I assume other people who are doing the same thing speak. Fixed by logging in to the site and they then seem to remember for a while even if you don't log in, but eventually they switch again. The nice thing is that the remote server can be configured to just have an SSH server on port 80 (in case you ever want to use it from restrictive public wifi; I first stated to do this after seeing SSL downgrade errors on public wifi) with public key authentication, so there is much less to worry about in terms of being responsible for a system open to the internet all the time. In SSH, I set: KexAlgorithms=curve25519-sha256@libssh.org
HostKeyAlgorithms=ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
Ciphers=chacha20-poly1305@openssh.com
MACs=hmac-sha2-256,hmac-sha2-512
So still not a super easy option but a somewhat easier option than OpenVPN. It would be quite easy with an automated way to set up the remote ssh server correctly.Edit: Speed is quite good with this setup and while I haven't done extensive comparisons, it does not seem to lower the connection speed by much. |
UDP is not tunneled at all.