Hacker News new | ask | show | jobs
by archivator 4440 days ago
What's the recommended non-serious-personal-use VPN these days?

PPTP is completely broken (MS-CHAPv2 especially), OpenVPN is hard to setup and maintain.

I've been using ssh as an impromptu VPN-like thing but I'd really, really like an actual VPN solution.
4 comments
atmosx 4439 days ago
> OpenVPN is hard to setup and maintain.

That's not true. OpenVPN is the easier, most straight-forward solution when it comes to set-up[1] and configuration (routing, firewalling, client auth, etc.). Try to setup OpenSWAN and you'll see what hard to setup really means. I don't know about new software like SigmaVPN.

[1] Or maybe I am too used to it.

link
arnehormann 4439 days ago
I wrote a ruby script to help with OpenVPN.

https://gist.github.com/arnehormann/9744964 There's a usage howto in the comments and this should be short enough to fully grasp what it does. No third party requirements, just ruby core + openssl.

It creates client and server configuration and creates and manages CA and CRL.

The VPN uses tun mode over UDP. Required changes on the server are written down in comments at the beginning of the server configuration.

If there is sufficient interest, I can make it a real repo so it can get issues and pull requests.

link
stormbrew 4440 days ago
I use n2n for things that don't really matter, it's quite nice and simple, but has some pretty glaring potential if not real security flaws in its design (and the v2 that was supposed to fix some of them seems to be in some kind of deep technical debt hole and tends to crash).

After this thread I'll be looking at fastd and zerotierone, though.

link
uuid_to_string 4439 days ago
What do you use for things that matter?

Do you have something else to create L2 overlays that is more secure?

link
stormbrew 4439 days ago
Unfortunately, openvpn. :/
link
uuid_to_string 4439 days ago
As you know, OpenVPN cannot do what n2n can do.

Someone has to run an OpenVPN server. Everyone on the network has to trust that server.

And connections between network participants are not peer to peer.

With OpenVPN and most other VPN's, if I'm not mistaken, each person's traffic passes through a central point: some VPN server/appliance.

This is a major difference and has its own set of security implications.

link
borplk 4439 days ago
Has anyone used or know about SoftEther VPN?

I was looking them up the other day they seem very nice.

Link: http://en.wikipedia.org/wiki/SoftEther_VPN

link