Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Which VPN would you recommend?
61 points by mirap on Aug 18, 2016 | hide | past | favorite | 59 comments

Roll your own! Setting up your own, private VPN can be done quite easily with https://github.com/jlund/streisand and a DigitalOcean account. Costs $5 per month. It doesn't require a whole lot of technical competence either, as the Streisand project configures just about everything for you.

If you do roll your own, consider trying out WireGuard, the VPN protocol I've been working on. It's a lot faster and simpler than anything else. I'd appreciate all the feedback I can get. https://www.wireguard.io

I haven't take a look yet but will do soon.

If this can be used under ARM cpu and has smaller memory footprint compared to openvpn, I am going to use it.

Very often point of using VPN is to get away from one jurisdiction and censorship to a provider which offers endpoints in more countries. Getting own server with VPN basically puts a person under different jurisdiction, you're on you're own with supporting and maintaining it. Public-IP VPNs mix your traffic with other traffic and make single person harder to track. It requires a lot of specialized knowledge about protocols and encryptions, heart-beats, pings, system network buffers, setting up firewalls, will I ever need IPSec or PPTP? I don't know... I tried, learnt a lot and gave up quite quickly, too much stuff to handle.

~ Happy TorGuard and TigerVPN user.

What about when you need to update the box? How does it handle protecting and maintaining the vm? What if there is a critical vulnerability in either the client or the server, how will you find out?

I know i'm capable of running my own VPN, but I'd rather pay someone else to manage the details and I just get an endpoint I can connect to that will always work (and will be shut off if there is a major security problem).

unattended-upgrades is enabled by default, so security updates are handled automatically. You can also just destroy and recreate the box once in a while, without any extra cost.

But it is of course completely up to you. If you trust your VPN provider when they say they don't log anything, I guess you are fine.

If you want a VPN so that your activity is not logged, how will hosting your own under your own digital ocean account help you?

Sure, your activities may no longer be logged, but does that matter when 100% if the traffic coming from your droplet IP must be yours?

This is definitely a valid point. In my case, I share my VPN with friends and family, and also use it from a number of different devices (several laptops, and mobile devices). Anyway, the point is not necessarily to make it impossible for anyone to connect my internet traffic to me, but rather make it harder to monitor me.

That's great! Until something breaks.

Destroy the broken droplet and spin up a new one. I bet someone has written a cloud-init script so you never even have to login to the droplet.

But then you are responsible for the security of the server which you probably don't have a lot of time for.

A firewall is configured as part of this setup. unnattended-upgrades is also enabled, so security updates are automatically installed (which of course might be a security problem itself). If you are really paranoid, you can destroy and recreate the box every so often, as the whole process takes about 10 minutes.

And in some ways it reduces the chance of a security problem because VPN's with alot of users is a bigger target than one with just you.

If you're a student you can get the GitHub Student Pack (https://education.github.com/pack) with 50$ platform credit on DigitalOcean.

I'm using this with streisand, very very easy to set up.

What a GREAT idea. Thank you!

I use https://www.privateinternetaccess.com/ on recommendation from a colleague, and I'm pretty happy. No logs, plenty servers, no real issues, and they recently shut down their Russian server due to imminent privacy concerns. So I feel that they have their priorities straight.

I used https://www.frootvpn.com/ briefly when it was free - seemed ok too, but not many servers back then.

Depends really what you want to use it for, but you could look into something like https://www.zerotier.com/ or even hosting your own.

This might be useful for more in depth comparisons: https://thatoneprivacysite.net/

+1 for PIA UK exit nodes work for watching BBC. Plus as a bonus they have recently implemented an option that block ads and malware on a DNS level. There are apps for iOS, macOS and Windows. It can also work without the app and be setup on a router level to protect the entire network.

PIA has said they actively won't be circumventing geoblocks anymore. Last time I tried BBC was blocked on both London & Southampton (in the last 24hrs).

EDIT: It seems iPlayer is now working again, although if you check their forums from when they began this change in policy, they specifically stated they would not actively circumvent the blocks.

They seem to have some ongoing issues with their client - there have been speed issues with the last couple of releases, on Windows at least.

I've had to regress to an earlier version or I get DNS timeouts galore with v60. There's quite a few open threads on their forums about this.

Aside from that, their IPs seem to regularly get hit with Cloudflare captcha. Usually, but not always, switching to a different exit will fix, for a while at least.

I've not found anyone better though.

I didn't like their client so switched to using the OpenVPN client instead: https://openvpn.net/index.php/open-source/downloads.html

>No logs

Don't kid yourself. They are logging everything, and would be completely negligent not to.

Why would it be negligent?

I use PIA and I can't complain. One issue I noticed that may affect others as well is that they are being blocked more and more around the internet. I don't think this is only a PIA problem though.

Yeah I love PIA, but i've found several sites that outright block you in very "opaque" ways (my favorite is one that says the site is down for emergency maintenance when you connect from a PIA VPN IP).

It sucks, but I think PIA (and others) are going to need to start using different IPs and getting around these blocks if they want to stay competitive.

It definitely is a problem with PIA. And furthermore, they have said they won't be circumventing the geoblocks, as they have done before.

I think that a analyzing VPNs is quite impractical, but here we go:

After trying a couple, I'm now with Private Internet Access; the reasons are:

  - the support actually replies and helps (this doesn't hold true for all the companies); although I think VPN typical problems are very technical (in fact, I didn't really solve the issue at the time) and may not be solved by them, it shows that the company is actually striving to provide a good service
  - they don't keep logs
  - the quality is stable and fast; my network is permanently connected to it
  - they have many servers around the world
  - they do provided their service with integrity; they've pulled their Russian servers because the Russian authorities imposed them to keep logs
Some of these statements can't be proved, but as far as I can possibly examine and experience, it's a really good service.

With Verizon becoming an ad company and AT&T showing signs of the same thing, I was wondering what would be involved in having my home's router automatically and permanently connect to a VPN service to keep my data from my ISP? I understand the performance hit would be huge (I have a gigabit fiber connection), but as long as I can still stream MLB and Netflix, I'd be happy.

Your VPN provider would be the bottleneck, not the VPN itself, in which case if you take a performance hit you should explore other VPN providers.

But to tunnel all of your home traffic you can either (1) buy a router that supports VPN tunneling or (2) try and save some money by buying a generic router and flashing it with something like DD-WRT, which would give you an OpenVPN client which would allow you to do the same thing, just with cheaper hardware.

Once set up, whenever your router boots it will connect the VPN and all of your traffic will go over that connection.

Hasn't shipped yet, but Keezel may be interesting: http://keezel.co

It's a hardware product and they broker the VPN provider... so the VPN provider doesn't know who you are, and the Keezel device can use the best-performing VPN provider / nodes.

For launch they're partnering with PureVPN, LeVPN and ProXPN.

I am launching a new product (VPN router permanently connected to anonymous VPN) within a month, I don't want to link to the website yet because it's a WIP. Send me an email (in profile) if you are interested.

Torrentfreak has a quite excessive comparison list of different providers: https://torrentfreak.com/vpn-anonymous-review-160220/

I'm also not a big fan of rolling my own VPN, don't have the time to keep it updated.

OpenVPN, on a host you do control.

Everything else is not trustworthy.

Also, there are lots of third party plugins that work nicely with OpenVPN. I use OneLogin with OpenVPN via RADIUS for example.

Privateinternetaccess.com besides their somewhat uncatchy name and dated looking website is cheap and reliable. You can even pay with Amazon gift cards, in case you want to anonymise your payment and don't want to dive into Bitcoin

I had PIA for a year and when the subscription ran out, though being a happy customer, I got tempted by iVpn.net, which was 3x the price, and had a pretty website. It also got many recommendations here on HN, but think they were not 100% honest. I regret moving away and will go back to PIA asap.

Takeaways: also important is which device you will be using to surf. Many vpn providers have a flawed or no iPad app, and refer to the standard openvpn app. It's very cumbersome to use (you can not copy paste your username and password, just to name one thing).

And setting up your own, doesn't make much sense to me as you will always have the same public ip then.

I've been using Tunnelbear(https://www.tunnelbear.com/) for a couple of years now and my experience has been fantastic:

  • It doesn't keep activity logs.
  • Their tunnel network has been recently improved and it counts something like 20 countries at the moment.
  • It's really fast and it keeps your device safe even in the possibility of a connection issue, it will block all unsecured traffic until it's possible to properly gain access again.
  • Something not directly related as a VPN feature but since I have to pay for it I'm more than happily going to underline this, the UI is really really nice, the design is clean, smooth and is one great experience on every device I've been using it on(Android, iOS and Windows).

On iOS, it's free up to 500MB/mo, $4/mo after. Their app has VPN auto-reconnect on iOS, which is useful because iOS does not seem to support always-on VPNs (except for "enterprise").

Yeah, it's 500MB/month shared across all devices since it's linked to the account you login with. Depending on what mobile device you're using there are different offers since it's possible to go with an Android/iOS-only subscription. I usually end up picking the $7.99/mo offer which is the most logic one if you have multiple devices with different OS enviroments.

Didn't you ask the same question two days ago? https://news.ycombinator.com/item?id=12290362

Looks like the difference is free (previous post) and not free (current one).

I prefer http://BlackHoleCloud.com . You get your own VPN server(s) in the cities that you choose so there is no fighting for bandwidth, and no other vpn subscriber will try to hack into your computer. It also comes with your choice of tiny hardware firewalls. The smallest one fits on a keychain. You can put up to 64 devices on the VPN at no extra cost. Oh, and it has Tor built in if you want it and the firewall blocks ads like a PiHole.

I've done "VPNs" using sshuttle https://www.unixmen.com/sshuttle-poor-mans-vpn-ssh/

Basically, if you have SSH access to a machine and Python is installed on the endpoint, you can set up a "VPN" over SSH. To me, this is much easier to set up. You can get by most of the time by having a vanilla Linux installation on a cheap VPS without any additional work.

I'm in Sydney and a very satisfied user of AirVPN. I mostly use it to get around geo-blocking. They have more than enough servers and I've never had an issue with the reliability of their service. Speeds in Europe are reasonable, but I'm on crappy ADSL anyway.

You should check out this very extensive comparison sheet as well:


If you need it only for web browsing, than I highly recommend the free VPN that’s now integrated in developer release of Opera. https://www.opera.com/computer/beta

On iOS, all traffic goes through it. http://www.opera.com/apps/vpn

Opera has been acquired by a Chinese consortium, https://techcrunch.com/2016/05/25/operas-shareholders-greenl...

Huge fan of getcloak.com. Osx/ios only, but Android coming soon. Been a paid customer for four or five years.

I use NordVPN. Pay annually and it can be as low as $40. Allows up to 5 devices and they have servers all over the planet. I primarily use it for streaming; Netflix US/UK/CA/FR, i-player, and checking how advertising looks in different countries.

And popcorntime, occassionally.

I used to be a customer of PIA but the speed wasn't good anymore and I got blocked.

I switched to ExpressVPN and they are very reliable. Especially if you travel in Asia.

In addition, they have dedicated router firmwares so you can secure your whole network.

I've found F-secure Freedome quite suitable for me. Works on phone also (sometimes there's some issues though) and blocks tracking attemps.

I always liked mullvad, but they don't offer multiple countries and stuff. It really comes down for what you need it actually.

But they do nowadays. I used to be a customer and used to connected to american servers for example.

Thats strange, guess they changed their TOS then. There is no way they can provide the same privacy they did back then on a US Server :/

airvpn, privateinternetaccess It's easy to set up your own VPN as well. Just get a VPS and then install OpenVPN server on it. https://vpntips.com/how-to-setup-a-vpn-server/

I use hide.me I tested several providers over the years but this one has given me the best speed and lowest latency when I choose servers close to me. Works well to have it running 24/7 on the phone. Of course it's more expensive than just hosting a droplet, but very helpful to get IPs of various countries. Unlimited traffic also comes in handy..

I'm using Overplay vpn service.I chose it from this rating https://myipservices.com/vpnrating . I chose a paid service as they say that it works much better and faster. And to be honest, their security is much better.

Many good recommendations in here, but I use froot and am pretty happy with it.

Hola chrome extension VPN - works for couple of websites I dont have access to.

AirVPN. It allows to setup a stable port-forward, unlike PIA which (by design, I suppose, due to being safer) changes the port forward every connection.

Also, AirVPN allows 3 or 5 port forwards, whereas PIA allows 1.

DOT VPN is one of the best i have ever used.

You can use this VPN Comparator to choose the right VPN for you: https://thatoneprivacysite.net/simple-vpn-comparison-chart/

Personally, I've been using ExpressVPN for the last 6 months. Absolutely great service and speed with a large choice of locations/servers.

You can get 30 days free trial using my referral link: http://bit.ly/2bKHXgO

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact