I just heard that vpn server can be misused and since they are shared among many users. And that cause your applications to get flagged and be unusable.
That has led me to wanting a private virtual server and hosting a vpn server over it.
What do you think? Is this recommended?
The easiest way to use a SOCKS proxy is to call the program from the command line using either proxychains-ng or torsocks after editing the configuration to use your SSH Socks port. This prevents leaking DNS out your local DNS resolver which still matters even if the browser is using DoH, chicken-vs-egg Anycast DoH resolver lookups exposes region. This still does not remove the NetworkID that gets embedded in the browser under that Linux account after first startup but it's good enough unless one is hiding from a government.
In my experience the cheaper the VPS provider the more likely everyone is blocking it due to the phrase, "And this is why we can't have nice things." from others abusing it and getting all the CIDR blocks under all of their ASN's null routed or flagged as abusers.
Centrino•5mo ago
Some censorship-heavy countries are blocking Wireguard though. And if VPN use is prohibited by law in your country, your use of Wireguard can be detected if they want to.
shivajikobardan•5mo ago
3np•5mo ago
You can "dry run" by setting up a local staging server on your LAN (using some nonblocked sites to test) first and then replicate on the VPS.
Try to get comfortable with tcpdump and wireshark to troubleshoot and verify.
Recommended to use some configuration management (ansible or whatever you prefer) so you can easily jump to a new provider if need be in the future.
If things are working fine locally but not on the VPS, that's when filtering may be at play (also check your MTUs; this is where tcpdump is your friend). You can add obfuscation under wireguard (meaning wg will be running on top of another overlay network). Shadowsocks used to be recommended. These days the Chinese are at the front of the game. Search for shadowsocks successors and you will find.
Sometimes openvpn (tcp) works more reliably where wireguard (udp) doesn't.
Also take care of your DNS. Check for leaks.
Sometimes it's more straightforward and can be safer to set up a forwarding HTTP or TCP proxy on the VPS (and/or locally: these can be chained) and configuring that in your browser/apps rather than straight up routing all traffic over the tunnel.
Consider how much you trust the VPS provider and its infra provider(s). If you want to be more careful you can set up multi-hop, exiting either via another VPS on a separate provider or a commercial VPN provider. Using a commercial provider for your exit can help improve anonymity wrt to the sites you visit (since your IP won't be unique from their view).
Oh, and do try to get off facebook, youtube, instagram, reddit, discord. It's really time to migrate for several reasons. Try to find better online connection points for your friends and family, as well as connecting to the world, than US Big Tech (yes I see the irony in saying that here).
Centrino•5mo ago
Another tip, for enhanced comfort and ease of installation: most modern routers, even cheap travel routers, can function as a Wireguard client. So you could install an additional router, downstream of your main router, and create a wifi access point for your family, which tunnels all traffic to the VPS. The advantage is that you do not have to install wireguard on every client machine. You just install wireguard on the VPS, and you enter the wireguard keys and other config information in the wireguard config screen of the router.
At the same time you can leave your existing router running with wifi, so that your family can switch between censored and non-censored internet by simply switching from one to the other wifi access point. Why have both options? First, because non-tunneled internet will still be faster than tunneled internet (I guess), second, because some websites or government-run services in your country may only be available from within the country.