Show HN: Attempt – A CLI for retrying fallible commands (github.com)

Since government just banned facebook, youtube, instagram, reddit, discord among many others, I need a VPN for me and my family. The budget is not fixed as of yet but I would prefer it remain under 10 bucks.

I just heard that vpn server can be misused and since they are shared among many users. And that cause your applications to get flagged and be unusable.

That has led me to wanting a private virtual server and hosting a vpn server over it.

What do you think? Is this recommended?

Comments (7)

Bender · 14h ago

Before going through the effort of setting up a VPN, first test whichever cheap VPS provider you choose using an SSH Socks proxy. There are articles showing how to use your SSH connection as a Socks proxy for your browser. Once you find a VPS node that is not blocked then go through the setup of configuring a VPN so all your other devices can use it. I only suggest this as I am lazy and projecting my laziness on others. Try to build a list of VPS providers that charge by the minute to avoid wasting money on providers that are blocked.

The easiest way to use a SOCKS proxy is to call the program from the command line using either proxychains-ng or torsocks after editing the configuration to use your SSH Socks port. This prevents leaking DNS out your local DNS resolver which still matters even if the browser is using DoH, chicken-vs-egg Anycast DoH resolver lookups exposes region. This still does not remove the NetworkID that gets embedded in the browser under that Linux account after first startup but it's good enough unless one is hiding from a government.

In my experience the cheaper the VPS provider the more likely everyone is blocking it due to the phrase, "And this is why we can't have nice things." from others abusing it and getting all the CIDR blocks under all of their ASN's null routed or flagged as abusers.

jere_id · 21h ago

Think about the risks: you’ll need to install, configure, update, and secure the server yourself. It will be a single point of failure, and the new VPS IP can still be blocked by some platforms (I see you Red*it). You must trust the VPS provider or choose a privacy‑friendly region, since the host can see metadata and some providers don’t allow tunneling. if you can afford to do this then yes sure.

Centrino · 21h ago

It works. Just make sure you install and configure wireguard correctly on the VPS and on the client computers. Make sure IP forwarding is enabled on the VPS. That should suffice to have your personal VPN running.

Some censorship-heavy countries are blocking Wireguard though. And if VPN use is prohibited by law in your country, your use of Wireguard can be detected if they want to.

shivajikobardan · 20h ago

What else would you recommend? I would love to hear your thoughts. This media ban is terrible. It is throttling down the entire internet.

Centrino · 5h ago

I would recommend to start with Wireguard, test it out with a VPS and one client computer before installing it for other family members on other computers.

Another tip, for enhanced comfort and ease of installation: most modern routers, even cheap travel routers, can function as a Wireguard client. So you could install an additional router, downstream of your main router, and create a wifi access point for your family, which tunnels all traffic to the VPS. The advantage is that you do not have to install wireguard on every client machine. You just install wireguard on the VPS, and you enter the wireguard keys and other config information in the wireguard config screen of the router.

At the same time you can leave your existing router running with wifi, so that your family can switch between censored and non-censored internet by simply switching from one to the other wifi access point. Why have both options? First, because non-tunneled internet will still be faster than tunneled internet (I guess), second, because some websites or government-run services in your country may only be available from within the country.

3np · 20h ago

You can start with the wireguard only and see how that works.

You can "dry run" by setting up a local staging server on your LAN (using some nonblocked sites to test) first and then replicate on the VPS.

Try to get comfortable with tcpdump and wireshark to troubleshoot and verify.

Recommended to use some configuration management (ansible or whatever you prefer) so you can easily jump to a new provider if need be in the future.

If things are working fine locally but not on the VPS, that's when filtering may be at play (also check your MTUs; this is where tcpdump is your friend). You can add obfuscation under wireguard (meaning wg will be running on top of another overlay network). Shadowsocks used to be recommended. These days the Chinese are at the front of the game. Search for shadowsocks successors and you will find.

Sometimes openvpn (tcp) works more reliably where wireguard (udp) doesn't.

Also take care of your DNS. Check for leaks.

Sometimes it's more straightforward and can be safer to set up a forwarding HTTP or TCP proxy on the VPS (and/or locally: these can be chained) and configuring that in your browser/apps rather than straight up routing all traffic over the tunnel.

Consider how much you trust the VPS provider and its infra provider(s). If you want to be more careful you can set up multi-hop, exiting either via another VPS on a separate provider or a commercial VPN provider. Using a commercial provider for your exit can help improve anonymity wrt to the sites you visit (since your IP won't be unique from their view).

Oh, and do try to get off facebook, youtube, instagram, reddit, discord. It's really time to migrate for several reasons. Try to find better online connection points for your friends and family, as well as connecting to the world, than US Big Tech (yes I see the irony in saying that here).

shivajikobardan · 20h ago

Fck government has throttled (likely) all these vpn selling sites.