[jgwest]

When setting up multiple VPSs connected by "private networking" with a company like Linode, or Digital Ocean, or what-have-you, you need to assume that the inter-VPS links are not secure. It's a little piece of knowledge that comes with experience, hard for newbies to realize.

The first time you set up one of these clusters, you might follow one of Linode or DigitalOcean's handy guides, where they might suggest i.e. a reverse proxy server receiving (and decrypting e.g. HTTPS) inbound traffic, routing it out to multiple worker machines, and a single backend database system. Linode sells dedicated Load Balancers for the front end of exactly this sort of set-up.

These guides almost always fail to mention that the data is observable as cleartext in the internal network. They ought to be reedited with big bold warnings starting that these links ought to be secured. (Can Linode's Load Balancers even secure these links?) Besides other eavesdropping customers, there could potentially be little magic government agency plugs installed -- or the eavesdropping customers could be government security agencies themselves. (Sorry, tinfoil, I know...)

OpenVPN connections are a lightweight, efficient solution. They're also transparent once you change IPs from those of the virtual network interfaces to those of the secure virtual network interfaces. Such a configuration is still non-trivial, though, for someone configuring their VPS via a control panel rather than the command line.

[atmosx]

Hm, I'm not an "expert". Believing that there's any level of security, at this point in time, in any cloud based service is a sign of a semi-retarded IT person IMHO.

That doesn't mean I don't support the cloud, don't use or don't like the technologies that we have today. I wish I could learn and use all modern services out there.

There are various levels of security needed, depending on a case-to-case scenario. I don't believe any company wilfully would create any kind of problems to any of it's users/clients. There are hosting providers (the PirateBay was using one) who are renowned for resisting subpoenas and what not.

BUT if you need absolute security - for whatever reason - in today's world you start by combining carefully the HARDWARE, you don't even buy ready-made products, then you place the server in a place where is physically safe from discrete eyes and hands. Then we can talk software...

[sneak]

People don't "need" to do that, and many don't. They are aided by the false assertions of jackass vendors like this that make false claims further reinforcing their mistaken beliefs.

The configuration overhead of OpenVPN on an internal network like this is lunacy. The correct answer is a secure L2 network... a private one.

Your VM vendor has access to your host ram. Encrypting isn't going to protect you from them. The threat model here is other customers, which are trivial to partition. They just didn't do it.

[nyir]

In your experience, is a single OpenVPN server sufficient on such a network, or is it possible to have a fallback (server)?

I previously tried using a distributed VPN setup without a single main server; that didn't work out so well however, mostly because the software was somewhat unreliable.