i used NordVPN for years, even the security seems pretty decent, you never really know about outside factors, so i decided to just do this by myself.
however, this comes with a number of issues and roadblocks that needed to be taken care of.
such as:
- Ease of use
- wide array of locations for endpoints
- multiple ip-adresses
- logging
- disposability
- Cose effectiveness
Ease of Use
compared to a established VPN service hosted by someone else, this is more complex, as you will need to create new keys for each location, and add those to your VPN Client, but this can be done in just a few mouseclicks.
Array of Locations
thanks to Digitalocean locations all around the world are avaiable. so are multiple ip adresses that can be static or changing.
Security & logging
those things are totally under your control as you “own” those instances.
Cost effectiveness
this is a bit different,
large services such as NordVPN are for sure cheaper, but you do not use those features 24/7, so wif you just deploy when you do use the feature, this can be significantly cheaper.
as you pay each instance only for the time it is created, so the trick is to keep a Snapshoot and just destroy the instance once you not need it anymore.
how to do this
it’s actually pretty easy:
- Deploy the smallest avaiable Droplet, and use the Warpspeed Package from the marketplace to do so, add your RSA Keys to it, so you not have to worry about passwords.
- log in, and copy the warpspeed-install.sh script to ~/root
- add a cronjob that executes the script after reboot
- edit the script to have it remove the warpspeed folder first (this way you can re-run it at any given time)
- execute the script and follow the steps
- once you are able to log in to the admin interface, make sure the username/password is also set in the main config of the warpspeed service.
this is important as we will delete the local installation afterwards. - open top -c and let the server do the past install tasks .. this can take up to 1 hour as it will update and upgrade everything.
- you may also want to install the digitalocean monitoring scripts
starting this on the commandline will result in apt locked errors, this is a good way for you to know when the serever is done.
just let it repeat the apt-error until its finished .. the script will install, so you can be sure everything is completed. - stop the warpspeed service
- forse delete /warpspeed (this will make the server unusable)
- shut down the server
- make a snapshoot for the server once it does show offline.
- delete the droplet (make sure you do NOT check to also destroy the snapshoot)
That’s it, so now if you want to use a VPN, you just go to the snapshot, select “create droplet” , pick a location, and click create.
because the install script is in the crontab to auto-start it. it will create the warpspeed instance, based on the new IP’s, create a ssl certificate and install it for you.
this will take now just a minute or less, as we already did all the updating and upgrading before making the snapshot.
afterwards just log on to the web interface, wit hte credentials created the first time, agree to terms and services, get the license (free) and you are ready to roll,
you can just skip the creation of a user, and just type something random, create a device, and download the config file to use locally on your computer,
paste or insert it in your client, and you are ready to go in less than 2 minutes.
once you done, destroy the droplet and it will not cost you any money.
you do have to pay for the storage of the snapshoot, but since this is less than 2GB .. it will cost you just a few cents to keep it.
i will write that “better” with more details if there is some interest in using this.
i also have a custom initialisation file that does delete the /warpspeed beforehand and sends you an email once its completed, so you just start the job and then wait for the email with the link to click on, neat eh? 😉