
Show HN: VPNHome – 1-click, self-hosted OpenVPN deployment and management app - ezaquarii_com
https://github.com/ezaquarii/vpn-at-home
======
tptacek
I think you might be surprised how straightforward an app like this would be
for Wireguard, and, unlike OpenVPN, for which there are a zillion wrapper
options, Wireguard really needs some non-shell-user UX love right now.

Have you considered doing a version of this for Wireguard? It's much, much
better than OpenVPN.

~~~
InGodsName
The other day i commented same thing in the Wireguard thread but got
downvoted.

I've hard time installing Wireguard on a VPS.

~~~
InGodsName
I deleted that comment already.

------
msh
It would properly be safer to use algo.
[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

~~~
tptacek
This comment is inexplicably downvoted; if you're going to set up a VPN for
the first time and don't want to get sysadmin-level intimate with Linux
networking to boot up Wireguard (surprisingly easy!), Algo is your best bet.

~~~
preinheimer
I feel like "here's a similar tutorial for algo, which has these advantages
..." would have received upvotes. This just looks like it's pissing on the
efforts of the actual post.

------
djbeadle
This looks interesting, and I'm going to try it. Alternatively if you want
something a little more lightweight but less-feature packed, there's
[http://www.pivpn.io](http://www.pivpn.io)

------
sirodoht
I recently found a similar solution, Outline [1]. Works pretty good, fast,
open source.

[1] [https://getoutline.org/](https://getoutline.org/)

~~~
AndrewConn
Looks cool, but FYI for those trying to remove themselves from the Google
surveillance ecosystem... Outline was created by Jigsaw, an Alphabet/Google
owned subsidiary. Outline could very well have the best intentions, and they
likely do based on Jigsaw’s mission, but the link to Alphabet/Google should
caution some people.

------
busheezy
I had an OpenVPN server setup for the first time yesterday with a docker
container, in about five minutes. This thread's app is probably very useful
but I figured someone in here might be interested in the docker container. I
found it at the top of google with "openvpn docker." I ended up using the
thread on HN yesterday to setup wireguard instead, though. I used the ansible
setup and it was a breeze as well.

Sorry for not staying on topic. VPNHome looks nifty.

------
nodesocket
Looks great, but I prefer to use native Cisco IPSec[1] so I don't have to
install 3rd party applications. Works out of the box with macOS, iOS, and
Android. Non-technical users can follow a tutorial and setup on their devices.
It does lack some nice-to-haves such as two-factor authentication though.

[1] [https://github.com/hwdsl2/setup-ipsec-
vpn](https://github.com/hwdsl2/setup-ipsec-vpn)

------
eximius
I say this on every VPN thread and it's still the best advice:

Just use Wireguard.

~~~
g45y45
I say this on every VPN threat and its still the best advice: Just use algo
(IPSEC VPN):
[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

Wireguard is great, but is not supported on many devices, and does not auto
provision configuration files for all your devices. Please look into algo, it
really is the best solution for 99% of people.

~~~
tptacek
IPSEC and OpenVPN are far more dangerous than Wireguard is, so while it might
be simpler for some kinds of users to boot up an OpenVPN connection, that
doesn't necessarily make it the "best solution".

~~~
handzbagz
What's wrong with OpenVPN?

~~~
wolf550e
OpenVPN depends on TLS and basically all the code in openssl (many lines of
code, not possible to audit by one person).

In a version I used, after TLS handshake it used a custom bulk data protocol
and defaulted to blowfish for the crypto (these defaults might have changed
since).

It runs in userspace so the speed is not good.

IPSec has better performance because it runs in the kernel, but the protocol
is bad and the amount of code in the kernel is enormous, as much as all of
openssl, and this cannot be audited by a single person.

Wireguard has good performance, has only ~4000 lines of code that need to be
audited (designed to be audited by a single person) and uses very modern
crypto.

------
borski
We host a similar solution:
[https://www.tinfoilsecurity.com/vpn](https://www.tinfoilsecurity.com/vpn)

It's also open-source:
[https://github.com/tinfoil/openvpn_autoconfig](https://github.com/tinfoil/openvpn_autoconfig)

------
then
works in china?

~~~
ezaquarii_com
The VPN is self-hosted, so: 1) technically yes, you can install it on your
laptop and deploy VPN to any Linux or OpenBSD host 2) legally, I have no idea
if your government allows you to use a VPN

------
CameronBanga
A good friend is working on a similar idea, and live-streaming his process on
Twitch, and doing this as a SaaS. He's calling it Ghostifi, more info below.

[https://twitter.com/_rchase_/status/1074789686261022720](https://twitter.com/_rchase_/status/1074789686261022720)

He's charging for this because he has some nice convenience features (like
auto-rebuild server every day, week, etc), and then managing the VPS
integration to make it one click rebuild anywhere in the world, etc.

Been using it for ~7-10 days and getting amazing speeds on my iPhone/Mac. Well
worth the small fee he's charging for a dedicated VPN point that I can rebuild
whenever on a different location.

