
Ask HN: What VPN service are you currently using? - doorbellguy
And would you recommend it? I&#x27;ve decided to get one and so far my only two requirements seem to be:<p>1. It should work with OpenVPN<p>2. It should support SOCKS5 (Proxy)<p>PIA, Nord, Mullvad, ZorroVPN, ProtonVPN look promising. On the other hand, SigaVPN is based on a not-for-profit model so I was not sure about it. What is your personal preference?
======
kinkora
PIA (Private Internet Access) and am a happy customer for 3rd year running.

Why do I choose them? Besides the ease of use over multiple platforms, they
are the only VPN (I am aware of) that has held up in court that they do not
store any logs when asked to handover personal information.

Sources:

[1] [https://torrentfreak.com/private-internet-access-no-
logging-...](https://torrentfreak.com/private-internet-access-no-logging-
claims-proven-true-again-in-court-180606/)

[2] [https://www.scribd.com/doc/303226103/Fake-bomb-threat-
arrest](https://www.scribd.com/doc/303226103/Fake-bomb-threat-arrest)

~~~
whocares123
I have 1GB fiber, do they offer 1GB speeds? How badly would using them as my
VPN affect my speed?

~~~
Jonnax
IPsec at 1gbps needs a powerful router.

A Juniper SRX 320 that I have can only can reach about 500mbps.

~~~
fgonzag
PFSense on a cheapish high clockspeed server will easily get there. Total cost
about a grand, a bit more if you want to use a low power no fan solution.

------
woodruffw
I use Algo[1] on a variety of VPS providers. It supports IPSec, but I only use
Wireguard through it. Supporting OpenVPN is an explicit anti-goal for Algo[2].

I generally _strongly_ recommend against using VPN providers on false
advertisement grounds -- VPNs fundamentally cannot provide strong anonymity
properties, but that doesn't stop many providers from listing anonymity as a
selling point. In terms of the property VPNs _can_ provide (privacy), you're
better off maintaining as much control as possible over the service: you don't
want to be tied to someone else's weak cipher or insecure protocol choices.

FD: I work for the company that made Algo, but have nothing to do with its
development.

[1]:
[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

[2]:
[https://github.com/trailofbits/algo/blob/master/docs/faq.md#...](https://github.com/trailofbits/algo/blob/master/docs/faq.md#why-
arent-you-using-openvpn)

~~~
jorgesborges
Another option via this route is Streisand.

[https://github.com/StreisandEffect/streisand](https://github.com/StreisandEffect/streisand)

~~~
cyberferret
I've used Streisand for a couple of years now with good result (running on a
couple of Digital Ocean $5/mo instances). It takes a bit of setting up on new
devices initially, but once done, is super smooth and easy to use.

------
dfee
This might sound dumb. But, I use ProtonVPN because Mozilla partnered with
them and I place trust in Mozilla’s ability to make a more informed choice
than I can make — largely due to their access to information and on hand
knowledge and expertise.

[https://blog.mozilla.org/futurereleases/2018/10/22/testing-n...](https://blog.mozilla.org/futurereleases/2018/10/22/testing-
new-ways-to-keep-you-safe-online/)

~~~
phillc73
As much as I would like to support Mozilla, connecting to protonvpn.com with
Firefox 65.0.1 throws me an insecure site error:

 _Your connection is not secure

The owner of protonvpn.com has configured their website improperly. To protect
your information from being stolen, Firefox has not connected to this
website._

Doesn't inspire confidence.

~~~
worble
Have you messed with your certs? It should be absolutely fine. I read over the
weekend that some people were distrusting QuoVadis because or something or
other to do with DarkMatter? I don't really understand too much about it, but
proton use QuoVadis[0] so you'll get improper SSL for their sites if you did
that.

[0][https://old.reddit.com/r/firefox/comments/au7zcz/how_to_remo...](https://old.reddit.com/r/firefox/comments/au7zcz/how_to_remove_darkmatter_certificates_from/)

~~~
phillc73
No, but.... The above error was from my office. When connecting to ProtonVPN's
website via a VPN, there is no error. Seems like it could be a certificate
configuration error with the network I'm using, which is odd because it's a
University and I've not seen that error anywhere else I regularly visit.

~~~
HenryBemis
>No, but.... The above error was from my office

So.. IT that manages the certs and the gateway, use a MIMT 'attack' to decrypt
all your traffic, scan/read it, and then encrypt it again to send it out to
the wilderness of the Internet. This is what the browser is messaging.
Notifying you that "something is wrong with the connection. Browser is not
sure what exactly, thus pointing the finger on the certificate.

Perhaps someone can explain the above with more technical terms, but in a
nutshell, our companies, on our corporate desktops/laptops sniff through each
and every bit and byte that goes in and out of our machines.

A commom workardound "permanent accept this exception" (or similar wording)
makes the browser to stop complaining about this breach of privacy.

~~~
jsingleton
The reason this warning will appear in Firefox is that it does not use the OS
certificate store and it uses a built-in store. The corporate MitM cert will
have been added to the OS root cert store so other browsers will trust it but
it probably hasn't been added to the Firefox one.

~~~
eggsome
Yep, sounds like they're lazy. They should be using a script like this to
inject the cert into Firefox:

[https://github.com/eggsome/AddFirefoxCert](https://github.com/eggsome/AddFirefoxCert)

Although:

1\. I don't like to encourage this kind of behavior (I only use this for
"good")

2\. The certutil tool needs to be recompiled from the mozzila sources for new
firefox.

------
SCdF
I apologise if this is unhelpful: but none.

I trust the (more than not at all) regulated space of ISPs in my country more
than I do the unregulated space of people running VPNs out of their basements.
It's important to be clear: you're just moving trust from one entity (your
ISP) to another (the company / human who runs the VPN). It's not clear to me
why the VPN people are more trustworthy than ISPs.

~~~
weavejester
> It's not clear to me why the VPN people are more trustworthy than ISPs.

In my country, the UK, ISPs are legally required to retain logs of customer
activity for 12 months. A VPN has no such legal requirement.

So while I can't be 100% sure that my VPN is monitoring me, I can be 100% sure
my ISP is. Additionally, my VPN has a financial incentive not to log customer
data, or at the very least, not to be caught doing it.

(I'm currently using IVPN ([https://www.ivpn.net/](https://www.ivpn.net/)).
It's on the more expensive side, though that isn't necessarily a bad thing,
and it supports multihop over OpenVPN, and the experimental Wireguard
protocol.)

~~~
m0nty
Plus, in the UK the VPNs do not block certain websites which ISPs are legally
required to block.

------
hannob
The first question you should ask is why you want a VPN.

Because I believe many people newer ask this question and have some vague idea
about "it somehow improves security and/or privacy". In most situations this
likely isn't true. You add an additional attack vector and you centralize your
communication to a single point.

~~~
muppetman
100% this. VPN marketing appears to have really gotten to people, everyone's
always asking about it.

Real reasons I can see to use a VPN service

1) You want your traffic to reliably egress in that country. i.e. I live in
New Zealand but to access some Australian TV on demand, I need to "appear" in
Australia. 2) Errr, I can't think of any others.

If you are really trying to hide your traffic from your ISP:

1) Change ISP 2) If that's not possible, buy a cheap VPS and run
OpenVPN/Wireguard on it and egress your traffic via it. Disable all logging
etc.

i.e. Unless you need traffic to egress via a particular place and you don't
care about someone you don't know seeing your traffic, buy a VPN service. If
you DO care about your privacy really, buy a VPS service in the country you
want it to egress.

~~~
bigiain
For some of us, we live in jurisdictions where all ISPs are legally required
to keep all metadata for all connections. (In tinpot pseudo democracies with
governments who fail to understand technology but pass intrusive laws
governing it anyway, then declare "The laws of mathematics are very
commendable, but the only law that applies in Australia is the law of
Australia.")

In that case, a few bucks per month is a pretty good deal - it won't protect
me if the NSA or any of their FVEYs friends get curious about me specifically,
but it _will_ protect me against all my internet metadata getting bulk
collected by my ISP and handed over to "national security" relevant agencies,
such as local councils, dog catchers, and the taxi commission (yes, those
agencies really do request and gain access to ISP metadata!)

I can and have run my own VPN (and VPN-like) endpoints on cheapo vpses, but
it's worth my while/time to pay FSecure/Freedome, to do that for me.

~~~
muppetman
So to me this filters down to: You care about your privacy and not have your
(meta) data gathered up, but you don't care enough about it ensure that you're
really protected, you just hope you are by piping your data off somewhere
else, even though the place you're piping it to might also be doing the dirty
you.

I do understand your point, which is (correct me if i'm wrong) that you trust
FSecure/Freedome to be taking care of your privacy correctly and not just
reselling your metadata back to your country of origin etc.

Perhaps I am being a pedantic, grumpy old man though. Because now I think
about it, even if we all run our own VPSes there's no way to vet the VPS
provider doesn't just tap your egress traffic too.

~~~
llukas
I'd say you are grumpy ;)

There is no comparison for ISP with TOS saying they can and will sell your
data and VPN company which explicitly advertises privacy.

First it is false advertising and second with GDPR such company would be wiped
out after somebody figures it out.

~~~
throwawaymath
Be careful with that assumption. Many, many VPN vendors actually sell their
user data even if they advertise otherwise. They can also be far harder to
penalize than ISPs, especially if they're outside the US/EU.

~~~
bigiain
Part of me thinks "I don't care. If Facebook or Google or Experian or Equifax
or whoever it's work a buck to wants to pay my VPN provider for my metadata -
that's kinda bad, but possibly not as bad as being part of a great big juicy
pile of government compelled metadata retention records at my ISP which can be
easily accessed by random government agencies or evil actors working in
government agencies with very little oversight."

I suspect my data leaking through profit motive from a VPN company
specifically selected to be in a far away country is much less likely to fall
into the hands of an internet troll or griefer, a disgruntled ex employee or
partner, or a vindictive neighbour - than the trove of ISP metadata that can
quite likely be readily accessed by bribing or blackmailing some random low-
level government employee locally...

------
spindle
Mullvad, because it has a good interface for port forwarding, and I kinda like
the fact that it supports wireguard. It's also fast and reliable (but so are
many of the others), and apparently has good privacy.

I've previously used AirVPN, which was great except for not having any servers
near me, and ExpressVPN, which was great except for not having such a good
interface for port forwarding (and also it's the most expensive of the ones I
like).

PIA failed to answer a question that I sent in using their web support form
(they didn't even say that they'd received it but couldn't answer it).

~~~
frio
I keep mullvad + Wireguard in my back pocket for when there's no choice but
VPNing. It's been a perfectly workable combo so far.

~~~
sandGorgon
how do you use wireguard from your phone (i assume that's what you meant by
pocket).

I thought wireguard was all cli based for now and no good UI (I use Linux
desktop and Android phones)

~~~
latch
There's an android app (1). Works fine. Running it 24/7.

[https://play.google.com/store/apps/details?id=com.wireguard....](https://play.google.com/store/apps/details?id=com.wireguard.android&hl=en_SG)

~~~
h9n
Not exactly what the GP asked, but there’s also Wireguard in the iOS[0] and
Mac App Stores[1].

Wireguard from the Mac App Store works successfully with Little Snitch (per-
app firewall) and comes with a menubar icon that shows connectivity and allows
quick switching. With the commandline-based version of Wireguard (installed
from homebrew or wherever), Little Snitch sees all traffic as originating from
the wireguard-go process. This is because the App Store version makes use of
MacOS’s new network extension API, and Apple has only made that available to
apps distributed through the App Store.

[0]
[https://itunes.apple.com/us/app/wireguard/id1441195209](https://itunes.apple.com/us/app/wireguard/id1441195209)

[1]
[https://itunes.apple.com/us/app/wireguard/id1451685025](https://itunes.apple.com/us/app/wireguard/id1451685025)

------
mirimir
My favorite is IVPN. It's true that I've written stuff for them. But that's in
part because I've known the CEO, Nick Pestel, for several years. And to the
extent that I trust anyone, I trust him. But also, they're one of the older
VPN services, and one of the first to accept Bitcoin. And their apps are well
designed.

I also like AirVPN, Mullvad and PIA a lot. I don't know anyone there
personally, but they're all strong privacy advocates.

I'm concerned about relationships between Tesonet and NordVPN and ProtonVPN.
So I wouldn't use them.

~~~
kdmedev
Thanks for introducing me to IVPN. Seems like a good VPN, uses WireGuard.

Can you elaborate on the problem with the relationship between Tesonet,
NordVPN and ProtonVPN. Also does your problem with ProtonVPN extend to
protonmail? Should I be considering switching to a new email?

~~~
mirimir
There's an old HN thread about it. Basically, the ProtonMail and PIA CEOs got
in a catfight, and traded accusations. I don't recall what PIA was accused of.
Maybe connections with China? But I've seen nothing more about that.

The PIA CEO basically claimed that Tesonet operated ProtonVPN for the
ProtonMail team. And then additional articles appeared, detailing the
connections. And adding NordVPN to the mix.

But many of their HN posts were deleted. And much of the other online coverage
disappeared, presumably because of pressure from NordVPN and/or ProtonVPN. But
I found caches for three of them.[0,1,2]

Maybe it's all bullshit. But it leaves me suspicious. And I gotta say that
ProtonVPN's responses seemed evasive.

0) VPNscam.com: NordVPN, ProtonVPN, ProtonMail, Owned by Tesonet CEO Darius
Bereika
[https://keybase.pub/mirimir/NordVPN%2C%20ProtonVPN%2C%20Prot...](https://keybase.pub/mirimir/NordVPN%2C%20ProtonVPN%2C%20ProtonMail%2C%20Owned%20by%20Tesonet%20CEO%20Darius%20Bereika%20-%20VPNscam.com.html)

1) best10vpn.com: Proof that NordVPN is Owned by Data Mining Company Tesonet
[https://keybase.pub/mirimir/Proof%20that%20NordVPN%20is%20Ow...](https://keybase.pub/mirimir/Proof%20that%20NordVPN%20is%20Owned%20by%20Data%20Mining%20Company%20Tesonet%20-%20Best%2010%20VPN%20Reviews.html)

2) airvpn.com: Why You Can’t Trust NordVPN
[https://keybase.pub/mirimir/Why%20You%20Can%E2%80%99t%20Trus...](https://keybase.pub/mirimir/Why%20You%20Can%E2%80%99t%20Trust%20NordVPN%20-%20Other%20VPN%20competitors%20or%20features%20-%20AirVPN.html)

Edit: Also FYI

Lawsuit names NordVPN, Tesonet in proxy data extraction scheme
[https://news.ycombinator.com/item?id=17873164](https://news.ycombinator.com/item?id=17873164)

HolaVPN (luminati) is suing NordVPN (Tesonet) for stealing p2p proxy patents
[https://drive.google.com/open?id=1_AlNxNN-
fiIVW64-605c_OJO0C...](https://drive.google.com/open?id=1_AlNxNN-
fiIVW64-605c_OJO0CqYoRHc)

~~~
eyeball
Well that blows. I just set up a proton mail account and was going to migrate
from gmail.

~~~
mirimir
There might really be nothing to it, as the Proton* people claim. Or at least,
just a somewhat iffy roll-out of their VPN, using Tesonet staff.

But on the other hand, I gather that Mozilla has picked ProtonVPN for its
integrated VPN testing. And they seem competent and privacy-friendly.

Also, whatever they did with ProtonVPN, there's no reason to believe that
there's anything wrong with ProtonMail. That's arguably their core competency.
And they arguably brought in Tesonet because VPNs were not part of their core
competency.

~~~
kjsbfkjbf
I'm not sure why Mozilla is still held on such high esteem despite multiple
gaffs.

~~~
mirimir
It's largely desperation, perhaps.

But they do seem more privacy-friendly than most.

------
plexiwood
(1) Read this about VPN issues: [https://krebsonsecurity.com/2017/03/post-fcc-
privacy-rules-s...](https://krebsonsecurity.com/2017/03/post-fcc-privacy-
rules-should-you-vpn/)

(2) Then read this about VPN services and deceptive ratings:
[https://thatoneprivacysite.net/choosing-the-best-vpn-for-
you...](https://thatoneprivacysite.net/choosing-the-best-vpn-for-you/)

(3) REFERENCE -- look up any VPN you're considering here before using it
(there are mistakes in this table, e.g., encrypt.me was named cloak but the
specs don’t match).

[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

Note: products are listed by product name instead of by manufacture, e.g.,
F-Secure's VPN is listed as "Freedome," not "F-Secure."

Remember: NEVER USE FREE VPN.

------
alasdair_
I use Streisand -
[https://github.com/StreisandEffect/streisand](https://github.com/StreisandEffect/streisand)

It's insanely easy to set up a new box (I use linode right now but it works
with a bunch of cloud providers) and it works well for my mobile devices too.

I like the fact that it's my own server and I am the only person with a copy
of the encryption keys.

Also, I have a buddy who is in a middle-eastern country where using a VPN is
illegal who was unable to use any other VPN service but had no issue
connecting to and using my Streisand box.

------
peteretep
I'm using Freedome, which requires special software (best I can tell). I'm
using it because it's made by F-Secure, and I know the F-Secure people from a
long time ago.

They have a large commercial business that would get seriously Kaperskied if
it turned out they were knowingly doing anything wrong, and I've decided that
that's the kind of incentive I want in a VPN provider.

~~~
dcbadacd
It's actually just OpenVPN in the background. I've successfully used it with
Linux, Windows and Android without the official apps.

~~~
failedcoder
How did you get it set up with Linux? Last time I tried I found some obscure
guide which didn't exactly help me.

------
ajdecon
It doesn’t support OpenVPN, but I’ll leave a plug for the Outline VPN from
Jigsaw (Alphabet). [0]

It’s similar in concept to Algo, in that you deploy your own VPN server on a
VPS rather than use a hosted service. However, it provides a polished desktop
app for deploying the server, and walks you through creating a VPS on
DigitalOcean very easily.

This is incredibly helpful, because most folks I’ve helped with VPN setups are
not comfortable aren’t handy with a CLI, and I’ve been able to walk more than
one person through setting Outline up very easily.

[0] [https://www.getoutline.org/en/home](https://www.getoutline.org/en/home)

~~~
woodruffw
I'm glad to see Jigsaw tackling the UX side of things, but some caveats about
shadowsocks (the protocol backing Outline): it's an encrypted proxy, not a
VPN, and there are some open questions about weaknesses ( _not_ necessarily
flaws) in its design[1].

I think easy-to-manage platforms like Outline will probably be the future, but
I'm not convinced that shadowsocks is the right foundation.

[1]:
[https://crypto.stackexchange.com/questions/39776/evaluatung-...](https://crypto.stackexchange.com/questions/39776/evaluatung-
shadowsocks-crypto-strength)

------
vinay_ys
Everyone has an ISP – even the VPN and VPS providers and the websites you
visit – have ISPs. Most governments regulate their ISPs to monitor and censor.

To comply with these regulations, ISPs deploy appliance/boxes that can do
packet inspection and blocking. It used to be IP blocking and DNS blocking.

As silicon became faster, these boxes have become more powerful. They can
operate at multiple 100Gbps+ packet header scale and not just L3/L4, but also
L7 packet headers (a.k.a deep packet inspection). Both of my ISPs (home and
mobile) do this.

These same appliance companies sell data monetisation solutions to collect and
sell metadata – usually done indirectly by a sister entity.

These boxes can also inject ads directly into plain http pages and manipulate
DNS responses to do the same nefarious thing. In fact this clickjacking
injection is the thing that turned me towards VPNs.

While the VPN solves the clickjacking injection problem, I’m fully aware of
the fact that my VPS provider’s ISP maybe logging and selling all the
metadata.

Even with https or TLS connections the domain name is revealed in plain text
during connection setup. ESNI solves this problem, but no browser supports it
by default yet. Other metadata collected usually includes – time, location,
connection protocol fingerprinting to uniquely identify devices (TV, phones,
laptops etc) behind customer IP address, frequency of access, bytes
transferred per connection etc.

The real danger is this – as adtech evolves the lines are blurred between
plain advertisement vs personalised experiences and targeted digital
brainwashing. Election manipulations, shifting the sentiments (distributed
lobbying) in favor of desired outcomes, addictive spending - these become just
natural evolution/extensions of this ad tech. With ISPs data mining and
selling to invisible companies we won't be cognizant of this manipulation.

~~~
bnkamalesh
DNS over HTTPS would help

------
miki123211
Box in a basement. A friend in the states provided one for me and I'm happy.
It does what it needs to do (AKA encrypts traffic on public networks and lets
me get to the US only stuff). It's also undetectable compared to commercial
VPNs, because the number of people using it is very small and services think
it's just a household.

~~~
bronco21016
I offer my server to some friends and family in the military who want access
to stuff from home. I often wonder how their activity shapes what the
collection companies think of my household. Do they think 20 people live here?
Do they think the household income is that of many adults?

Also, it would be really cool if there was a P2P exchange for services like
this. With Netflix et al blocking IPs from VPNs and VPSs there must be a large
market for VPNs egressing from residential IPs.

------
crsv
ExpressVPN has been a really great experience in terms of price and ease of
use. Been a customer for a few years now.

~~~
xiphias2
I like it as well, but Netflix blocks it much more than a year ago...it's a
shame, because I travel a lot, and changing country means that I can't finish
a series that I was watching in another country

~~~
joering2
Netflix blocks majority of VPN but in contrast Spectrum/Brighthouse is in
long-term fight with Sling Tv and they block them unless you use VPN. So you
win some you lose some.

ExpressVPN has been great to me and I continue to fail finding bad news about
them. They dont offer any discounts tho and Im on $99/year plan but I was
tempted to get NordVPN for half thatprice. I gave up on setting up their
stone-age designed router software and came back to Express. Express has
amazing software for N7000 router series and it allows me to exclude iPad that
I use to watch Netflix while rest of network continues to be secure. So with
their router software and $99/year you have unlimited amount of devices
covered. Speed is amazing too and number of servers avail is very hight.
Honestly I feel its worth double the proce I would pay for Nord, as I put it
in my company costs anyways ;)

I could not recommend them high enough.

~~~
xiphias2
I'm using ExpressVPN Miami servers to video chat to Europe from Colombia, and
the quality of the video feed is day and night.

------
noahster11
Here's a comparison of different VPN's for anyone who's interested:
[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

------
antihero
I am running Algo VPN on DigitalOcean. OpenVPN has issues:
[https://github.com/trailofbits/algo/blob/master/docs/faq.md#...](https://github.com/trailofbits/algo/blob/master/docs/faq.md#why-
arent-you-using-openvpn)

Edit: I am also testing out AzireVPN as they have WireGuard support.

------
CameronBanga
Been using Ghostifi for about three months now. You’re the sole user of the
VPN, and you get root access to the VPS that it’s built on.

You may ask “how is this different than just running my own vps”, and the
answer is the ability to redeploy to another region with no downtime and push
of a button. I love that feature and use it often.

Because you’re on your own VPS, so far in my experience, I’ve never even
noticed I’m connected to a VPN. It’s blazing fast. I cancelled my PIA account
and moved over entirely.

[https://ghostifi.net](https://ghostifi.net)

------
JCDenton2052
I used a few over the years. Boleh, Nord, PIA, etc.

One day I woke up and realised I do not know who runs those companies. For
example, Nord is registered in Panama, a country where declaring company
ownership is not mandatory. Why should I trust them with my data?

After a little digging I found that Proton is the only VPN provider whose
owners have put their names and reputations on the the line. The only one.

It doesn't mean I trust them 100%. But if someone is willing to put their face
on their website, I'd say it gives them an extra incentive to do their job
right.

~~~
doorbellguy
Your approach to this reminded me of an article[1] I bookmarked last week.
Their methodology was kinda similar.

\---

[1] [https://thewirecutter.com/reviews/best-vpn-
service/](https://thewirecutter.com/reviews/best-vpn-service/)

------
AndrewDucker
I use NordVPN, largely because they were recommended by a friend. But I only
really use them to reach sites blocked by my ISP. So I find it really useful
to use their Firefox plugin which doesn't affect other applications I'm
running at the same time.

~~~
danpalmer
I switched to Nord from Private Internet Access because their apps looked
nicer. I regret it entirely. NordVPN has been noticeably less stable, slower,
and their apps aren't actually that nice to use, and can be slow and buggy.
PIA looks a bit "programmer art" but it's far better.

~~~
Iaison
What client were you using when you were using PIA? The UI was drastically
improved with the release of the new client in January and you may like it a
lot more.

~~~
danpalmer
This was about 18 months ago. The client looked awful (low DPI icons, etc) but
worked fine.

I'm definitely switching back when my 2 year subscription to NordVPN runs out.

------
berbec
Private Internet Access has treated me well. Their price and compatibility is
great.

------
diftraku
I personally use Freedome to get around geo-based blocking or when using open
Wi-Fis.

I also have a self-hosted OpenVPN-server running at home, which I occasionally
use for open Wi-Fi networks or getting around content blocking on some
networks.

For day-to-day usage, I don't use a VPN. I place some trust on my ISP (both
mobile and wired) to carry my traffic.

------
SkyPuncher
IVPN historically, but lately I'm just running wireguard on my home router.

It accomplishes 99% of what I used a VPN for (privacy on the go) and leaves
only one point of trust (my ISP provider).

------
Diederich
Not per your requirements, but Wireguard plus digital ocean/linode/etc just
blows the others away in terms of robust and efficient service.

------
theshrike79
NordVPN

I use it pretty much exclusively to tunnel my traffic when using a public
and/or open WiFi with my phone or laptop.

------
lowpro
There's a website[0] that goes into detail comparing different providers. This
used to be a shared spreadsheet but the author chose to turn it into a
website. I still have the old spreadsheet if anyone wants it (from 2016?).

I was looking for a reasonably priced VPN not based in the 5 eyes territory,
and I came to iVPN as the best solution for my criteria and at $110 per year.

[0] [https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

~~~
pimeys
Sent iVPN an email a few weeks back if they'd check all my requirements:

\- Wireguard in Switzerland

\- IPv6 /64 subnet

\- No bandwidth penalty

Now they can only fill the last point, if they ever get all three they'll get
a lifelong customer out of me.

What I now have is Mullvad for IPv4 for their Swiss servers and good
bandwidth, AzireVPN for their /64 IPv6 subnet. Both are running on my router,
but I'd be happy to have only one provider.

------
avaika
There's no silver bullet. It all depends on why you need VPN.

Personally I use it for privacy (I don't trust any ISP in the country and
especially local government). I host my own VPN on a virtual node outside
country (even outside continent). It makes the connection a bit slower, than
without any tunnels, but I got used to it. Also I have to pay extra efforts to
maintain it, but that's the privacy cost.

Moreover, with own server it's possible to achieve things which are usually
unavailable with paid VPN services. E.g. run openvpn through ssl/ssh tunnel or
something similar. Or use just ssh tunnel or anything like that. It helps to
mask the traffic and ease your life in case of question from some people.

Depending on your country popular services might be simply unavailable and
you'd need at least couple of them at the same time to ensure connection
redundancy. Also (depending on what you're doing and local laws) you might
have a hard time explaining your country secret agency why you're paying vpn
proxy company, while explanation for hosting service might save a lot of time
for you (and avoid additional questions). But that's (hopefully) extreme
cases.

Also you receive static IP in case with hosting. But you might rotate it as
often as you want by just recreating the machine.

But also keep in mind, that some services ban popular hosting (and VPN)
providers IP ranges.

------
samirm
[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

------
_xerxes_
IVPN:

[https://thewirecutter.com/reviews/best-vpn-
service/](https://thewirecutter.com/reviews/best-vpn-service/)

------
rb666
Have used many, the one that stuck is AirVPN. Best capabilities and Linux
support.

~~~
QualityReboot
I agree. I've been using airvpn with pfsense for a while now. The connection
is reliable, I can have multiple connections to multiple regions, and it's
simple to route an entire vlan out of a particular VPN.

~~~
adsadadsad
Was hoping for a bit more diversity in Singapore - Seems only seven VPN nodes
- leaseweb and M247.

------
q3k
A dedicated server at the Warsaw Hackerspace, which is its own LIR/ISP
(AS204880) and has a BGP session to the local IX and an upstream mix.

I highly recommend running your own VPN endpoint on at least a VPS/cloud
instance somewhere. Such address blocks are used by tons of other users at
immense traffic levels, and as such your traffic is much less likely to be
intercepted by the provider itself.

~~~
sl1ck731
I doubt the scale of the data being intercepted is much concern for the
hyperscale providers. AWS already has a customer-facing service that monitors
for connections to its own "watchlist", I'd be surprised if all traffic isn't
monitored in the same way.

------
bilal4hmed
Private Internet Access

------
zknz
What problem are you trying to solve?

------
nikisweeting
I run
[https://github.com/jawj/IKEv2-setup](https://github.com/jawj/IKEv2-setup) on
a $2.50/mo Vultr server and it's been great for my whole family. Blazing fast,
the connection survives IP changes (e.g. switching from cellular to Wifi), and
it works in China.

------
jvagner
I used [https://encrypt.me](https://encrypt.me) and really liked their client.
To be honest, I didn’t know a whole lot about them, but that wasn’t a primary
concern factor at the time.. it was who I was vpn-ing to be unseen that drove
me to a vpn at the time.

~~~
SyneRyder
Happy user of Encrypt.Me here as well.

I was a customer when they were called Cloak & were just 3 guys writing some
of the best Mac & iPhone software. They had the best customer service I've
ever experienced (Dave spent a lot of time helping me with some weird
networking issues related to MacPostFactor on an outdated Mac), and with my
business clients we used to talk about Cloak as the kind of company we aspired
to work with - genuine, trustworthy & talented people.

The founders have since sold the company (hence the rename to Encrypt.Me), and
it now has Windows & Android versions. But as they've grown & the founders
left, it's lost a bit of that small indie / Jerry Maguire feel where you knew
all the developers & customer support team by name. It's still good, just
feels like your favorite underground band has gone mainstream.

I use them for hotel/cafe WiFi protection & testing how my website looks from
overseas. They're not a service for seeding torrents etc. I'm glad they try to
keep their network clean, makes it better & more reliable for legit business
users like myself.

------
hylianwarrior
I use PIA. No problems so far.

~~~
unforeseen9991
Same, for about 6 years.

------
glerk
I have been using PIA for a few years and am very satisfied.

------
vmlinuz
Since my main use for a VPN is to access things in the UK _from_ the UK, I use
a Raspberry Pi which I left hidden behind the TV in my parents' living room,
running things including OpenVPN. Their upload bandwidth isn't great, so I try
to avoid loading it during the day - one useful effect of being in a very
different timezone!

I also setup OpenVPN access on my mum's laptop, so she can access things in
the UK when she's traveling...

Bandwidth costs and blocking of known IP blocks makes a VPS-based solution not
so attractive to me. I do have a couple of 'lifetime' accounts with random VPN
providers as a backup. I also have the OpenVPN client running in a docker
container on my PC with a SOCKS server in front of it, for flexibility.

------
Ace_of_Knaves
I'm going to link here the site [1] I found while researching the same topic
several months ago. I was overwhelmed by information available and in the end
I didn't choose any option. Seems like all providers have pros and cons and I
didn't have any specific use case to weight in on the decision.

The person running it provided a number of detailed comparisons of various VPN
providers here [2].

[1] [https://thatoneprivacysite.net/choosing-the-best-vpn-for-
you...](https://thatoneprivacysite.net/choosing-the-best-vpn-for-you/)

[2] [https://thatoneprivacysite.net/vpn-
section/](https://thatoneprivacysite.net/vpn-section/)

------
r2ut3u
Private Internet Access

------
ignoramous
I just want to point out the excellent VPN comparison site that might be
helpful.

[https://thatoneprivacysite.net/vpn-
section/](https://thatoneprivacysite.net/vpn-section/)

------
_bashskids
For privacy host your own on digitalocean. (Don't ask me, haven't done it).

I use VPN for torrenting, which is blocked in my country, use a leecher like
seedr & get direct download link. for this proton is enough

~~~
mgalgs
This is what I do. $5/month. There's a great docker image that makes setup a
snap:

[https://hub.docker.com/r/kylemanna/openvpn](https://hub.docker.com/r/kylemanna/openvpn)

------
companyhen
I use PIA but it's the only one I've ever used.

I travel a lot in Asia which is why I need it as some countries block websites
I need.

Had issues with it in China but put ExpressVPN on my phone which seemed to
work fine 70% of the time.

------
larkeith
Personally, I just use OpenVPN on one of my DigitalOcean instances. I don't
place a lot of reliance on a VPN for privacy (disabling JS, using Firefox's
tracking protection, blocking third-party cookies, and avoiding most any
social media sites are my main defenses), but I've heard fairly good stuff
about Streisand if you're looking to set up at a new IP and datacenter more
frequently.

One thing that's often missed is making sure you configure your local firewall
to disallow all non-VPN traffic, such as startup/network initialization info.

------
jacobush
I read about a project, widely deployed, where people install special router
software in their homes for instance. And that they got better availability
than "plain" internet. Sadly, I did not bookmark it, because I thought I would
remember the name or terms to google it up again.

Anyone know what I'm talking about? It would compensate for instance censored
web sites, or routing table errors at the ISP, and route/tunnel the traffic
through one of your peers in the project. Damn, I don't think I dreamed this
up.

------
lorenzk
PIA (Private Internet Access) for years now. Everything just works.

------
oedmarap
Mullvad + WireGuard, works exceedingly well across my phone and my Linux
laptop.

One of the benefits of WG is that it's extremely performant and I can set my
own DNS within the config (a Pi-Hole hosted at DigitalOcean for adblocking).

As WG isn't available for Windows just yet, I use OpenVPN's native binary on
my Windows machine; Mullvad offers .ovpn files in the same way as they offer
.conf files for WG.

Mullvad also requires no PII when signing up, so ensure that you securely
store your account number.

------
gnicholas
I’m curious to know about use cases. I recently started thinking about
anonymizing my web activity because a few minutes after I searched for a
particular make/model vehicle, my wife saw an ad for it on Facebook. It seems
like this is IP-based tracking, since I was searching in Firefox Focus (and
she doesn’t get car ads in general).

Would a VPN help with this? I’ve tried using Tor (through Brave), but I run
into tons of captchas and many sites won’t load at all.

~~~
DavideNL
A VPN won't solve the problem entirely, but it can help (because you share a
public IP with many other users of that VPN service). Of course it's crucial
you pick a vpn provider you trust, that won't sell your data etc.

There are many other ways of tracking though, first of all browser cookies and
cache, but also browser fingerprinting. So, with these methods, you can even
be tracked/uniquely identified while using a VPN.

[https://www.privacytools.io/#fingerprint](https://www.privacytools.io/#fingerprint)

------
my7h1cal
I use NordVPN. I've been using it for a few months, and I'm happy with it. It
has a lot to offer. Also, to others reading this, do you think NordVPN is bad?
I've heard some say PIA is better, but didn't explain as to why.

I also have another smaller VPN called CrypticVPN. They have a lifetime plan
and a small amount of servers, but they also allow port forwarding.

I also made a openVPN server with a cheap VPS, and I'm just toying with it
really.

------
markshawn
Been using PureVPN for 1+ year and it works great so far. The connection speed
is decent, the app is easy to use, and their live chat support is on point.
Fulfills all your requirements too. OpenVPN can be used directly with the app
and can be manually configured on other platforms. The SOCKS5 (Proxy) comes
with their Chrome/Firefox extension which can be also be used on Windows, MAC,
and Linux except for mobile devices.

------
k-ian
TorGuard is great, I get excellent speed and very low ping from east coast.

the only thing I like is how they aren't actually associated with Tor in any
way... lol...

------
windexh8er
Mullvad and NordVPN. Mullvad because they support WireGuard. NordVPN I'm
transitioning away from since Mullvad is significantly better. With both I
needed Linux support and both deliver that in spades. Not a fan of the
performance of OpenVPN anymore after getting a taste of Wireguard. Mullvad is
likely one of the more privacy focused services - although YMMV with any of
them.

------
noufalibrahim
I'm not particularly well informed here but I currently use
[https://github.com/StreisandEffect](https://github.com/StreisandEffect) with
a standard VPS provider to give me a nice VPN + tor bridge. I'm interested to
know what the pros/cons of this approach are. The setup is fairly
straightforward and pain free.

------
amanj
I've been running my own personal OpenVPN for several years now. Normally
either running on AWS or GCP or Linode.

Incidentally, I posted on HN yesterday volunteering to setup free VPN. -
[https://news.ycombinator.com/item?id=19241382](https://news.ycombinator.com/item?id=19241382)
. Happy to set one up for you, or anyone in this forum.

------
gpm
The only reason I use a VPN is to shift my traffic to make it look like it's
coming from another country. Only for traffic that I don't care about getting
sniffed. I close everything I can before activating it.

That said I just use a free one that didn't ask for a signup -
[https://www.vpnbook.com/](https://www.vpnbook.com/)

------
tzhenghao
Like a few have commented here, I just use openVPN on a DigitalOcean instance.
I thought of just paying for a service, but decided that set-it-up-once and
paying for an instance is good enough for me. After all, in my view, the
purpose of a VPN is not to send traffic to some host which I don't have
control of. I can "trust", but trust != control.

------
Down_n_Out
I recently answered this in another thread[0]: I'm using Wireguard in
combination with Pi-Hole on a cheap VPS as a VPN on my iPhone, it's blazingly
fast and super stable. Will be trying this on my Mac as well now.

[0]
[https://news.ycombinator.com/item?id=19186795](https://news.ycombinator.com/item?id=19186795)

------
givinguflac
I've been using NordVPN for a few years now and I like it. They recently added
some optional adblocking via vpn which is a nice option when I am off my own
network. I've considered PIA, but I don't like that they're based in the USA,
and Nord has frequent deals where you can get a few years of service for
stupid cheap discounts.

~~~
mwilliaams
+1 Nord is awesome. I know from experience that it works.

------
doorbellguy
Here's another question I had for a few weeks:

I tried a server of a certain free VPN via OpenVPN and since it _did not_
support tunneling traffic through their own servers for IPv6 requests, my
friend told me to disable IPv6 on my adapter's settings. Now ipleak.net
doesn't detect my location. Was it a smart thing to do?

~~~
mirimir
Unless you're using a VPN service that provides its own IPv6 address, as well
as an IPv4 address, it's crucial that you disable IPv6 and/or use a firewall
to block IPv6 traffic.

Or at least, it is if your ISP provides IPv6 service. If it does, and the VPN
both routes IPv6 and doesn't push its own IPv6 address, IPv6-capable websites
will see a global IPv6 address that's owned by your ISP.

~~~
doorbellguy
Thank you very very much.

~~~
mirimir
De nada.

[https://test-ipv6.com/](https://test-ipv6.com/) is a good test site.

------
a012
Currently manually pay for an EC2 instance and install wireguard on it (I have
my playbook to automate the processes).

~~~
andromedavision
I've done the same but for a proxy I needed to circumvent geofencing
restrictions. I got a local(non-US) VPS provider and installed squid on it. I
found it more affordable than the paid services out there and it's immensely
better than free options that are prone to abuse and are rendered essentially
unusable.

------
TheGrumpyBrit
For day to day browsing: None. For occasional VPN requirements without a
serious privacy concern (bypassing geoblocks etc): The free service provided
with one of my Usenet providers. If I have an actual need for privacy, I'd
fire up a cheap VPS somewhere and deploy a VPN server, then dispose of it
afterwards.

------
wryyy
NordVPN, its very good.

------
tantalum
I don't know what your needs are, but for me I needed a VPN for when I was
using public networks at conferences and airports.

I've simply setup OpenVPN on a little server I have sitting in my house. It's
been very reliable and simple to manage and has covered my needs.

~~~
sisk
Along these lines, I recently switched from OpenVPN running on a (powerful)
server in my home (primarily a NAS) to WireGuard running directly on my
gateway (Unifi Security Gateway by Ubiquiti). Despite running on far less
capable hardware, WireGuard is magnitudes faster. Not only that but setting up
WG was perfectly intuitive. I highly, highly recommend it.

------
wenc
I create one on AWS with CloudFormation as needed. It's not the cheapest
option overall but for intermittent use, it's far cheaper than paying a
monthly subscription.

Also, if you pay your AWS bills using an Amazon Prime credit card, you get 5%
back. (just checked on my cc)

~~~
User23
Parent informed me of an option I hadn't even considered.

------
nurettin
I just use some 5$ cloud offering and ssh tunnel through that. Works fine in
my dictatorship.

------
weishigoname
There is alternative option beside VPN, which is shadowSocket, you can search
keyword SSR, it works very well, in order to use it, you need to rent a VPS
(about $10 per year), which is used to deploy SSR service. it is more secure
than VPN I think.

------
plexiglass
NordVPN. As a basic user who would like to have access the web via VPN on
mobile and desktop, NordVPN fulfills my needs. I would say that the desktop
client is a bit buggy (sometimes logs my username out for no reason). iOS
client is solid.

------
SJetKaran
Trust.Zone, cheap (relatively), outside of the 5 eyes, and has an server in
India

------
rorykoehler
For personal use I use ExpressVPN because it's rock solid with simple setup
and UX. For work we setup our own OpenVPN server in a cloud vm. ExpressVPN
covers both your requirements with a little extra setup.

------
ScannerSparkly
Nord has worked quite well for me for the last couple of months. It's easy to
use and has plenty of servers to choose from. I guess I can recommend it even
though I haven't tried other vpn services.

------
JustFinishedBSG
I just VPN using Wireguard to my own home. I only care about the security part
( when using public/work wifi ), not the privacy one, so I'm ok with that and
having access to my LAN network is nice.

------
parito
Surfshark.

1\. IKEv2 and OPENVPN both supported 2\. I did not find many VPN's that
actually have Linux app (they do) 3\. Good price 4\. NOT a US based company
5\. Very fast updates - I keep receiving new updates weekly

------
Bilal_io
I use Windscribe. Very flexible. Pay only $1 for a country (may have multiple
locations) , and $1 for unlimited data. (this can be purchased without a
premium location as free locations are as good)

------
executesorder66
[https://thatoneprivacysite.net/simple-vpn-comparison-
chart/](https://thatoneprivacysite.net/simple-vpn-comparison-chart/)

------
Ttlequals0
Shameless plug but this is super handy
[https://github.com/ttlequals0/autovpn](https://github.com/ttlequals0/autovpn)

------
exodust
Seedbox.io

Primarily it's a cheap but good seedbox. VPN is included and works with
openVPN. I use it to access piratebay every now and then, which is otherwise
blocked in my country.

------
ys_tian
Bandwagon [https://bwh1.net/index.php](https://bwh1.net/index.php) I created a
shadowsocks server on Bangwagon

------
wnevets
I'm using outline on digital ocean.

[https://www.getoutline.org/en/home](https://www.getoutline.org/en/home)

------
snikch
I use NordVPN for my home server's docker containers, on my phone and on my
Mac. Never had any issues and it's v. cheap when purchasing for 3 years.

------
elnik
It's pretty easy now to setup your own VPN on "major cloud providers". Add Pi
Hole to that, and you've got awesome browsing experience.

~~~
wulfmann
And a fortune in bandwidth!

------
kabacha
I've been using NordVPN mostly because I know the few guys who work on it
(some of the best engineers in Lithuania IMHO), but even more so because they
have some great arch community packages etc. I've been mostly using this easy
cli: [https://github.com/nstinus/nordvpn](https://github.com/nstinus/nordvpn)

Managing openvpn can get really awkward especially if you're not keen on
learning everything about it.

Though my input might not be very valuable because I only care about
geoblocked content and torrents.

~~~
apocalyptic0n3
> I only care about geoblocked content and torrents.

I thought Nord blocked (at least some) P2P? I always hear great things about
Nord, but their P2P support always gets some bad reviews when I go looking on
sites like Reddit, Ars, LTT, and TorrentFreak (at least in the comments).

~~~
mathgenius
Not if you use one of their servers in sweden.

------
mapster
Suggestions for a novice to learn how to use a VPN? My sites are on shared
hosting and want to switch to VPN, but don't know anything about it.

------
Tepix
Rented a dirt cheap small VPS (256MB RAM, less than $10/year) and setup my own
OpenVPN.

To find a cheap VPS hang out on lowendtalk.com / lowendbox.com

Also, tor browser.

------
edoceo
I use a VPS with OpenVPN. I control both sides so I could switch clients or
service providers pretty easy. Current cost is about $20usd/mo

------
nullcipher
I selfhost VPN server using cloudron on digital ocean

------
borplk
I use serverless Wireguard running on AWS Lambda.

No .. just kidding :)

------
SqwRock
My personal preference is Surfshark. It's a relatively new VPN but over
several months it was improved a lot. They released native apps for all major
platforms, unblocked Netflix and other streaming services for various
countries. Went through an audit by Cure53 to test their browser extension
security (got a good review at that). The only setback I can think of is the
number of servers, 800+ so that's not a lot comparing to some other providers.
Overall IMHO it's a high quality software.

------
pt
Is there a way to setup an “always on” VPN on my device, such that it
disallows any traffic to egress unless connected to the VPN?

~~~
ripa
On macOS/iOS you can configure the built-in VPN clients to use "on-demand"
mode, which wont allow traffic before the VPN connection is established.

The only way to configure this however is using the Apple Configurator tool
and create a custom profile.

I run this for my OpenBSD IKEv2 servers which gives me automatic on-demand VPN
on cellular and all non-known Wi-Fi networks (== not home).

~~~
dontbenebby
Algo (another commenter mentioned it[1]) allows you to set this up to be the
default for the VPN, very nice feature. I use it on my phone since I often
connect to random wifi APs. More and more of the web is moving to HTTPS but a
disturbing amount of unencrypted traffic abounds.

[1]
[https://news.ycombinator.com/item?id=19242119](https://news.ycombinator.com/item?id=19242119)

~~~
ripa
Yep, Algo uses the same approach. It's generating device configuration
profiles with the necessary settings. I'm generating mine in the same way but
slightly different to allow toggling Ethernet and to support the OpenIKED
ciphers etc.

------
ys_tian
Bandwagon Host， [https://bwh1.net/index.php](https://bwh1.net/index.php)

------
tursiops
I use protonvpn and I love it! They have a feature which I couldn't find
anywhere else called secure core, very handy!

------
wozmirek
Mullvad. I LOVE their signup process and it's really cheap (€5/mo for up to 5
devices at one time I reckon).

------
satan9
I use torguard extremely fast and reliable.

------
anilakar
None for private use. The benefits are negligible, and directly SSHing into
the home box is secure enough. My mobile ISP is much more reliable than _any_
of these third party VPN providers whose customer base mainly consists of the
uninformed public.

At work, I'm running whatever the customer requires us to use. I've got
clients from four different vendors plus an in-house SSH-and-Bash contraption
running on my workstation.

------
kevinSuttle
Nice try, NSA.

------
0utbreak
I use airvpn.org. Not the fastest but I like their stance on net neutrality,
privacy and censorship.

------
MrVulcan
I use PrivateTunnel. I don't see anything about SOCKS5 in there, but it does
work with OpenVPN.

------
Untit1ed
VyprVPN. Fastest one I've found.

------
rblion
Express VPN. No complaints. Should switch to annual instead of monthly to save
money.

------
thatsJustBadUX
I'm using SurfShark, they're pretty small but development seems quite fast.

------
yellow_postit
Was using TunnelBear but need an alternative now that they were acquired by
McAfee.

~~~
vorpalhex
Oh crap really? I've loved them for several years now, and I appreciated that
they published their audits...

------
humbleferret
Mullvad. They support wireguard, accept Bitcoin and have great customer
support.

------
andreimiulescu
I have built a private VPN server on top of wireguard and IPSec, still very
early days soft launch this week:
[https://www.tunnelhero.com](https://www.tunnelhero.com) early adopters and
beta testers welcome, msg me for a discount code!

------
miyuru
Avira Phantom and ProtonVPN

Lately I am using Avira Phantom more because they support IPv6.

------
e-m-p
Nord.

------
fidla
I'm using Proton VPN on my laptop and Windscribe VPN on my Android.

------
deca6cda37d0
I use ProtonVPN since they launched. No issues experienced so far...

------
RohithMeethal
not exactly a VPS but a ssh tunnel to $5 digital ocean server. ssh -fND 8989
user@mydomain.com And using proxychains for anything that doesnt support socks
proxy out of the box.

~~~
system2
I do the same for static IP for firewall whitelisting purposes. VNC is very
stable but technically it doesn't make your current connection encrypted. I
only use it for emergencies while I am traveling and don't want to deal with
firewall whitelisting.

------
User23
I'm using Nord because I got the three year deal for $99.

------
gls2ro
Private Internet Access

------
terrycody
Nord is the best, no logs, clean, enough nodes, speed is okay

------
LeicaLatte
I rotate between ProtonVPN, self-hosted streisand instances.

------
epynonymous
anyone use wireguard? i hear it’s extremely lightweight and can be used
between containers, but curious if it’s beneficial for common use like
netflix?

~~~
nightfly
I use Wireguard for a VPN I run at work and am very happy with it. But for a
use like Netflix it doesn't really make a difference compared to any other VPN
technology.

~~~
epynonymous
i meant from a reliability/stability perspective, i guess you partly answered
it in that wireguard requires you to run your own vpn servers, i assume
wireguard's just a client. and how stable you can maintain your vpn servers is
under your control.

~~~
nightfly
It's been rock-solid. Only time it hasn't worked for me was when I was on one
public wifi that blocked most/all UDP traffic.

------
_masterBrain_
I use my own instance of OpenVPN server running on a VPS

------
legionof7
I run an OutlineVPN client on my AWS server.

------
aboutruby
Anyone has experience with multi-hop VPNs?

------
EduardoBautista
I use ProtonVPN along with ProtonMail.

------
ptaipale
Using Freedome. Main purpose is to get around the stupid geoblocking brought
in by GDPR, which often prevents me from accessing web sites from the EU.
Also, while I don't think it would entirely protect me if a government agency
of a superpower decided to direct its full attention to me, it'll give some
protection against e.g. a criminal organisation that has infiltrated the
mobile operator.

------
jwr
iVPN, and rather happy with it so far. WireGuard support, and good apps for
iOS.

------
neelkadia
hide.me VPN.

Unlimited and Free.

They've a bug in their Mac app which let you use for Unlimited time. ;)

------
jtchang
Have you tried Shadowsocks?

~~~
doorbellguy
Had not heard of it, but I will certainly take a look. Appreciate it

------
redhot2323
using nord. but for apps like intercom its not able to hide the users IP

------
qrbLPHiKpiux
Algo on a DO droplet.

------
czbond
Freedome by F-secure

------
maranatha84
Freedome!!!

------
davisonio
NordVPN

------
krapans
Mullvad

------
WrtCdEvrydy
Cyberghost.

I was cheap.

------
dajeuwi
PureVpn

------
crispytx
NordVPN

------
jraby3
Safer vpn.

------
bzavados
ProtonVPN

------
arthurcolle
ExpressVPN

------
dajeuwi
purevpn

------
neokantian
If you use something like sshuttle, you can use any arbitrary VPS. If you
insist on openVPN, however, you can always:

$ sudo apt install openVPN

and run your own VPN instance.

But then again, openVPN requires an excessive amount of configuration, in
order to achieve something as menial as a key exchange. The silly thing is
that it does not achieve more than what "ssh-copy-id" does, without all the
silly ceremonies.

By the way, commercial VPN services also tend to be more expensive than
renting your own VPS, which you can nowadays even rent by the hour, if you
want to.

In other words, OpenVPN is a service for people who do not know what they are
doing. The problem with that is, that their security strategy will ultimately
not work either. Paying money to an OpenVPN provider will not make any
difference to the problem.

~~~
rsync
"If you use something like sshuttle, you can use any arbitrary VPS..."

If I may expand this a bit - you can use _any system anywhere that you have an
ssh login to_. There is no server side software requirement - you just need to
have a login and the "server" needs to have python installed.

It's really a fantastic VPN model and I recommend looking into it.

------
plexiwood
(1) Read this about VPN issues: [https://krebsonsecurity.com/2017/03/post-fcc-
privacy-rules-s...](https://krebsonsecurity.com/2017/03/post-fcc-privacy-
rules-should-you-vpn/)

(2) Then read this about VPN services and deceptive ratings:
[https://thatoneprivacysite.net/choosing-the-best-vpn-for-
you...](https://thatoneprivacysite.net/choosing-the-best-vpn-for-you/)

(3) REFERENCE -- look up any VPN you're considering here before using it:

[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

(Choose "all" instead of 10, 20, etc. for the "Show" number of items to
display setting. Click a column heading to sort by that column. Green is good.
Red is bad.)

Note: products are listed by product name instead of by manufacture, e.g.,
F-Secure's VPN is listed as "Freedome," not "F-Secure."

Remember: NEVER USE FREE VPN.

