VPN question - what is your take?

[brandonkick]

So I am looking into putting in a VPN solution and perhaps an "upgrade" in terms of my "router".


So right now, I have an Xfinity eMTA gateway and Ubiquiti UniFi AP. I really want to put a VPN in front of my entire network. I'd like the privacy feature most of all for many reason.

So my ideas are something (in terms of VPN) that:

Can be in front of every device on my network, essentially the VPN runs "at the router level" and every device hooked to my router is behind the VPN be it hard wired, wireless, computer, laptop, tablet, cell phone, PS4.... ect whatever.

I want a VPN service that will not majorly hamper my current bandwidth. My current connection, when not running a VPN, is hitting around 70Mbps or so down and 5-6 Mbps down. It used to be almost triple that both up and down but I fought with Comcast to get my bill down and the result was these decreases in speed. I'm going to want any VPN I run to not really hamper my current speeds. I can't afford much slow down due to VPN.

I want something that is really private. Not all VPNs are. Some do not allow methods of payment that are really private. Some keep activity logs. I really do want one that has no way of mapping back to me, so to speak.

I'm thinking, after doing some research, that I might be best off building a router out of a PC. Something like a core i3 optiplex with a good pair of intel NICs. Not sure how I'd rope the Ubiquiti in there though but I think it just operates off the router PC much like it does my Xfinity gateway now? Probably run pfsense as an OS.


Thoughts, opinions, ideas from people who have gone this route or done some of these things?


The main reason for this is that I don't care for Xfinity to be able to throttle me based upon what I'm doing. So if they get butthurt at Netflix, I don't need to worry about my speed with Netflix to go to crap. IMO, Xfinity has no right to tell me what to do with my bandwidth or slow me down if I use a site / service they can't strongarm. And if I'm going to be really private, might as well really pick a service that is actually private and also try to avoid my speeds going to crap.

 

[Sky-Knight]

VPN means decreased speeds, and I have yet to find a "VPN Service" if you want to call them that, that's worth a crap.

They don't stay online all the time, they slow things down, they randomly cause connectivity faults...

You should see some of the things on the Untangle forums, all of this has come up since Untangle added the TunnelVPN app, which allows Untangle to push traffic into a service VPN based on rules. It's pretty nice if you want to do this sort of thing, but thus far IMHO it's way too much trouble.

Better off getting an ISP that's worth a crap, and if that means moving... so be it.

 

[SAFCasper]

Setup your own VPN server in AWS

Partly joking, but partly not. Would get you better speeds and reliability as you aren't sharing resources with other clients. I'd imagine AWS keep some logs though, and they have your billing details, so it's not going to be private in that way. Gets around the ISP throttling though.

To be honest I'm actually thinking about it myself now! Might go sign up for Google Cloud and use that $300 free credit they give new users. (I already abused the AWS free tier on several different accounts).

 

[Markverhyden]

If you are looking for absolute anonymity it's pretty much a lost cause. One cannot prove that a third party VPN service is truly anonymous.

Beyond that I have my own VPN service. Easy thing with an ERL3.

 

[GTP]

Most if not all VPN services are under some sort of pact, act, coalition, whatever and if asked would have no hesitation in handing over your traffic logs to be analysed.
There is the US, the "5 Eyes" countries and the "14 eyes" countries that all work together.
Glenn Greenwald has a good writeup here and a recommended list of VPN's (not edge VPN's) but worth reading anyway.

 

[fencepost]

Pretty sure Private Internet Access supports setting it up on your router, but no matter what service you use you're going to take a hit on speed. They support a wide variety of payment methods, including some that should be fully anonymous though you'll pay a premium for some of those (e.g. purchasing gift cards for cash, then selling them through one of the card trading services to pay for a subscription).

Since you mentioned Netflix, you're probably also going to run into issues there - people have been using VPNs to bypass regional protections for years, and I'm pretty sure Netflix blocks streaming through VPNs (totally or selectively by show I don't know). I'm sure the same applies to other streaming services.

You also mentioned a PS4. You weren't hoping to game through this, were you? The added latency is likely to kill most real-time gaming, and some gaming servers may also block known VPN endpoints (as well as ranges which couldn't reasonably be expected to have end-users gaming on them such as the entirety of the AWS, Azure, GCP, Linode, DigitalOcean, etc. address spaces).

 

[trevm999]

Setup your own VPN server in AWS

Partly joking, but partly not. Would get you better speeds and reliability as you aren't sharing resources with other clients. I'd imagine AWS keep some logs though, and they have your billing details, so it's not going to be private in that way. Gets around the ISP throttling though.

To be honest I'm actually thinking about it myself now! Might go sign up for Google Cloud and use that $300 free credit they give new users. (I already abused the AWS free tier on several different accounts).

This might be the only good way to do it. Shared VPN solutions mean that most of the time you're using an IP that has been flagged for some reason. Google will make you do captchas all the time, cloudflare will make you wait before sending you on, etc.

 

[ComputerRepairTech]

I want something that is really private. Not all VPNs are. Some do not allow methods of payment that are really private. Some keep activity logs. I really do want one that has no way of mapping back to me, so to speak.

If the router is connected to the vpn 24/7 isnt there always a way to map back to you with enough effort?