Ask HN: Deploying WireGuard on VPS to bypass censorship?

3 points by shivajikobardan ↗ HN
Since government just banned facebook, youtube, instagram, reddit, discord among many others, I need a VPN for me and my family. The budget is not fixed as of yet but I would prefer it remain under 10 bucks.

I just heard that vpn server can be misused and since they are shared among many users. And that cause your applications to get flagged and be unusable.

That has led me to wanting a private virtual server and hosting a vpn server over it.

What do you think? Is this recommended?

5 comments

[ 3.6 ms ] story [ 21.2 ms ] thread
It works. Just make sure you install and configure wireguard correctly on the VPS and on the client computers. Make sure IP forwarding is enabled on the VPS. That should suffice to have your personal VPN running.

Some censorship-heavy countries are blocking Wireguard though. And if VPN use is prohibited by law in your country, your use of Wireguard can be detected if they want to.

Think about the risks: you’ll need to install, configure, update, and secure the server yourself. It will be a single point of failure, and the new VPS IP can still be blocked by some platforms (I see you Red*it). You must trust the VPS provider or choose a privacy‑friendly region, since the host can see metadata and some providers don’t allow tunneling. if you can afford to do this then yes sure.
(comment deleted)
Fck government has throttled (likely) all these vpn selling sites.
Before going through the effort of setting up a VPN, first test whichever cheap VPS provider you choose using an SSH Socks proxy. There are articles showing how to use your SSH connection as a Socks proxy for your browser. Once you find a VPS node that is not blocked then go through the setup of configuring a VPN so all your other devices can use it. I only suggest this as I am lazy and projecting my laziness on others. Try to build a list of VPS providers that charge by the minute to avoid wasting money on providers that are blocked.

The easiest way to use a SOCKS proxy is to call the program from the command line using either proxychains-ng or torsocks after editing the configuration to use your SSH Socks port. This prevents leaking DNS out your local DNS resolver which still matters even if the browser is using DoH, chicken-vs-egg Anycast DoH resolver lookups exposes region. This still does not remove the NetworkID that gets embedded in the browser under that Linux account after first startup but it's good enough unless one is hiding from a government.

In my experience the cheaper the VPS provider the more likely everyone is blocking it due to the phrase, "And this is why we can't have nice things." from others abusing it and getting all the CIDR blocks under all of their ASN's null routed or flagged as abusers.