This still seems too difficult for the average person who isn't a sysadmin, but still wants to protect their privacy. Python? Virtualenv? Config files? Ugh. My ideal VPN appliance would be a minimal Busybox-based disk image that updates using A/B partitions and has a nice web UI. It lets you set basic things like the hostname, time, admin password, and then regenerates all of /etc. A cross-platform GUI setup wizard uploads the disk image to a VPS provider, you get back a URL for the web UI with clear client setup instructions, and that's it. If an update becomes available, you click a button, it downloads the new image to the idle partition, modifies the GRUB config to boot from it, and restarts. Done.
Note that Algo is designed by security professionals, is recommended by some you may have heard of FWIW (grugq, Kenn White, more), and is careful about what it claims to do:
* "Does not claim to provide anonymity or censorship avoidance"
* "Does not claim to protect you from the FSB, MSS, DGSE, or FSM"
7 comments
[ 3.3 ms ] story [ 22.9 ms ] threadDisclosure: I am the author of this repo.
[1] https://github.com/hwdsl2/setup-ipsec-vpn
* It is an OSX packaged app that launches a GUI wizard and deploys to digitalocean, auto configures VPN on OSX, and spits out a mobileconfig file.
* It is based on CoreOS (not busybox) but it set to auto update the OS using A/B partitions.
* VPN docker image running on droplet is also configured to auto update
https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-th...
Note that Algo is designed by security professionals, is recommended by some you may have heard of FWIW (grugq, Kenn White, more), and is careful about what it claims to do:
* "Does not claim to provide anonymity or censorship avoidance"
* "Does not claim to protect you from the FSB, MSS, DGSE, or FSM"
The Linux IPSec stack is just... incomparable.....