dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1549
TheButler
join:2014-03-28
Etobicoke, ON

TheButler

Member

Community input : Home all-in-one anonymizer (proxy server)

I'm looking for some community input on choosing some hardware and software for a project I'd like to setup at home.

Am I wasting my time ? my money ? Will this be more work that I realize ? Does anyone know of better options to accomplish my goals ? Just want to put things out there before I start working on this in depth.

About me : My background is Electronics, but years ago I was taught to setup a Linux server and compile code. I never really use these skills alot, but I manage to get by.

Thanks ahead of time for any responses.

My goals are :
- Access US-restricted content from my home in Canada.
- Encrypt network traffic to bypass my ISP's Deep Packet Inspection (DPI) equipment
- Be able to use the remote server as a platform for other misc. projects like hosting files, publicly-accessible game servers (i.e. Minecraft, etc.) or voice services.

Restrictions :
- Solution should be affordable. I don't mind paying 1-time costs for quality hardware but want to avoid excessive monthly bills.
- I want to maintain control of my own network (so no 3rd-party VPN services)
- I'm limited to my ISP's DSL modem @ 30MiBps/10MiBps

My current plan :

- Rent a US linux server
Not sure how much processor power / RAM I will need, or if I can use one of those cheaper virtual "VPS" options out there.

- Choose a home router capable of on-the-fly encryption.
I'm assuming I'll have to be picky here, because I want to be sure the routers runs a VPN protocol that will also run on the remote Linux box. No idea what protocols are popular atm.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

Just to get the smart aleckery out of me and out of the way...
said by TheButler:

Am I wasting my time ?

Possibly
said by TheButler:

my money ?

Most Definately
said by TheButler:

Will this be more work that I realize ?

Oh yes

...but hey, if you're up for a technical challenge and alittle "outside your comfort zone" learning,
go for it.

Off the top of my head, I don't see any conflicts between your goals and your restrictions.
If you're looking specifically into VPN, you may want to do some reading into what VPN is
and how it operates -- Wiki or this book comes highly recommended for a pretty good intro into VPN.

3 VPN protocols out there :
- IPSec -- UDP500, IP protocol 50, 51

PRO : been around forever and a day, well documented
CON : can be difficult to set up / troubleshoot, can be blocked by firewalls

- SSL

PRO : uses HTTPS / TCP443, "supposedly" easier setup than IPSec
CON : purchasing from a vendor may result in 'per seat' licencing costs

- MS PPTP -- TCP1723

PRO : been around forever and a day, Windows friendly
CON : encryption algorithm is weak (read:broken), can be blocked by firewalls

For Goals #1 and #2, a site-to-site VPN to the rented linux server could be done fairly
easily... and site to site's been around forever and a day, so setup shouldn't be that hard.
You just need a home edge device that supports forming and maintaining said S2S tunnel.

Both IPSec and SSL could be employed to do this.

For Goal #3, you'd want a remote access solution, so again, your home edge device would
have to support the 3 protocols above, and your ISP would have to allow the above traffic
into your equipment.

All 3 protocols above could be used to set this up.

The major thing, as I said, is learning a) how this stuff works, b) what equipment to get, then
c) learning how to get said equipment to work. You'd also have to budget for the actual hardware
itself -- I can't give you any hard numbers as it depends on what you want (to get) in the end.

Also about using a US-based linux server... in light of all the brouhaha with the NSA and snooping in on traffic, you sure about using this type of setup?

My 00000010bits

Regards

XANAVirus
Premium Member
join:2012-03-03
Lavalette, WV

XANAVirus

Premium Member

On the subject of VPNs, if you want to run your own you can do so quite easily with OpenVPN.

You can configure it as an SSL/TLS VPN, and have it run over port 443. As long as you configure it correctly (e.g. encryption ciphers, TLS ciphers) it ought to look just like normal HTTPS traffic.

It's quite handy for securing normal UDP traffic (e.g. VoIP), but it's not recommended to run TCP over it due to retransmission problems if there are lost packets.

You will need to be able to understand how to edit its configuration file and generate certificates which you will use on end-user devices (e.g. Android phone, PC), and how to port forward to internal servers.

I'd recommend the community version as the 'easy set-up version' from the makers has some limitations built-in (or so I heard).

For server usage, I'd recommend virtualization with CentOS and Virt-Manager. If you have a Windows PC at home you can install XMing and manage your VMs (e.g. OpenVPN, Media Server, etc.) graphically.

I'm running exactly this setup I'm talking about right now and it has worked flawlessly for a few months now.
You should definitely not skimp out on hardware, especially CPU and RAM speed, if you decide to go this route.

I hope this helps!