How to Setup my own VPN on a VPS: Open VPN or L2TP ?

[FredericLeger]

Hello All,

I decided recently to set up my own VPN for privacy reason.

I found out two options:

Open VPN on a Digital Ocean : https://anonymster.com/setup-openvpn-server-digitalocean/
Monthly cost will be 5 usd with DO.

L2TP on Linode : https://www.linode.com/stackscripts/view/37239-hwdsl2-setup-ipsec-vpn
Cost would be the same as DO.

I tried the Anonymster config up there as i got a Free Trial with DO the speed is very good but I am wondering would it be faster if i dropped Open VPN and go for L2TP instead?

I was reading than L2TP is faster but also less secure.

Do you have any idea how faster would be L2TP ? I can't find any answer about this.

Thanks for your advice.

Cheers

 

[yorgi]

Hello All,

I decided recently to set up my own VPN for privacy reason.

I found out two options:

Open VPN on a Digital Ocean : https://anonymster.com/setup-openvpn-server-digitalocean/
Monthly cost will be 5 usd with DO.

L2TP on Linode : https://www.linode.com/stackscripts/view/37239-hwdsl2-setup-ipsec-vpn
Cost would be the same as DO.

I tried the Anonymster config up there as i got a Free Trial with DO the speed is very good but I am wondering would it be faster if i dropped Open VPN and go for L2TP instead?

I was reading than L2TP is faster but also less secure.

Do you have any idea how faster would be L2TP ? I can't find any answer about this.

Thanks for your advice.

Cheers

go with openvpn its more recent. L2TP is old and not supported anymore. I would say OpenVPN is the safer way but nothing is really safe is it?

 

[Xentrk]

Hello All,

I decided recently to set up my own VPN for privacy reason.

I found out two options:

Open VPN on a Digital Ocean : https://anonymster.com/setup-openvpn-server-digitalocean/
Monthly cost will be 5 usd with DO.

L2TP on Linode : https://www.linode.com/stackscripts/view/37239-hwdsl2-setup-ipsec-vpn
Cost would be the same as DO.

I tried the Anonymster config up there as i got a Free Trial with DO the speed is very good but I am wondering would it be faster if i dropped Open VPN and go for L2TP instead?

I was reading than L2TP is faster but also less secure.

Do you have any idea how faster would be L2TP ? I can't find any answer about this.

Thanks for your advice.

Cheers

Did you look into the Amazon cloud service? It is free. There are many how to guides on the net. Here is one: How to make your own free VPN with Amazon Web Services. https://www.comparitech.com/blog/vp...-your-own-free-vpn-using-amazon-web-services/

 

[sfx2000]

go with openvpn its more recent. L2TP is old and not supported anymore. I would say OpenVPN is the safer way but nothing is really safe is it?

Look at both -

OpenVPN is nice, but slow relative to other solutions - depends on external client SW to work in the userland

L2TP/IPSec - fast... doesn't need as much homework, but a bit tricky to get sorted...

 

[sfx2000]

L2TP is old and not supported anymore.

You're mistaking L2TP for pptp...

pptp is not supported by many OS's - and clearly deprecated there for good reason... CHAP/MS-CHAP/CHAP variants - probably as broken security-wise as WEP in the wifi domain...

L2TP/IPSec - still very much current - and out of the box, they're supported in core Windows/MacOS-iOS, perhaps even android/chromeOS

 

[Xentrk]

Look at both -

OpenVPN is nice, but slow relative to other solutions - depends on external client SW to work in the userland

L2TP/IPSec - fast... doesn't need as much homework, but a bit tricky to get sorted...

I wonder if OpenVPN speed will ever be fast in our lifetime? There was talk on the OpenVPN road map from several years ago to have OpenVPN take advantage of multi-core processors. But as we all know, it has not happened yet and last time I looked, I could not find any updates on it. I'm not sure how much help it would be as my core that does process the OpenVPN client on the router appears to have plenty of cycles remaining. I wonder what the magic bullet would be. I wish I had a dime for every time someone posts complaining about slow OpenVPN speeds.

 

[yorgi]

o

You're mistaking L2TP for pptp...

pptp is not supported by many OS's - and clearly deprecated there for good reason... CHAP/MS-CHAP/CHAP variants - probably as broken security-wise as WEP in the wifi domain...

L2TP/IPSec - still very much current - and out of the box, they're supported in core Windows/MacOS-iOS, perhaps even android/chromeOS

oops your right I goofed

 

[RMerlin]

here was talk on the OpenVPN road map from several years ago to have OpenVPN take advantage of multi-core processors. But as we all know, it has not happened yet and last time I looked, I could not find any updates on it.

OpenVPN 3 is still years away from being in a state anywhere near that of OpenVPN 2.

 

[fidesachates]

Take a look at Striesand. In 10 minutes it sets a bunch of different protocols so you can mess around and test. Reports say wireguard is worth a try and it's one of the ones set up by streisand. https://github.com/jlund/streisand

 

[Xentrk]

Take a look at Striesand. In 10 minutes it sets a bunch of different protocols so you can mess around and test. Reports say wireguard is worth a try and it's one of the ones set up by streisand. https://github.com/jlund/streisand

Awesome! I will try this out and report back. I was ready for a new project to try.

 

[Xentrk]

I made some progress today. I used my Raspberry Pi 3 as the client Linux machine which runs the git code to create the server on a cloud provider. I created a free Amazon AWS Ubuntu server in the cloud for the server. I had to fight thru some issues and found a bug in a python module called ec2_ami_find.py that slowed me down. I had to comment out a line of code to get the Streisand git code to work on the pi. Luckily, google search was my friend and. It was a long day getting past some errors but the server is up and running now. I will starting testing it out over the next few days and report back. I am especially interested to see if it can get around the VPN blocks of two major media streaming services.

 

[Xentrk]

Streisand is an interesting project. I had been wanting to experiment with Amazon AWS cloud service VPN and do some more projects with my Raspberry Pi 3.

I installed the various programs on the Raspberry Pi, which acts as the provisioning machine to the cloud server. Two html pages get created on the provisioning machine with instructions on how to access the server over SSH session. But I was looking for instructions on how to access over OpenVPN. I could not locate the instructions. I did some web searching, etc and was about ready to give up. But once I followed the instructions on how to configure Firefox to access the server on the cloud, I had access to other Streisand html pages that had the OpenVPN and other protocol instructions I was looking for. On this page, one can download the ovpn file for the client to use to connect to the server.

By default, the ovpn files are configured to use AES-256-CBC encryption. I prefer to use AES-128-CBC for improved performance. I did a quick search and was unable to find if this was possible. I decided not to pursue it as the OpenVPN server was not able to meet my requirements - which is being able to stream from two major media sites that block VPN connections. So, it gave me no reason to leave my current commercial VPN provider.

The html pages have instructions on how to install the OpenVPN and other protocols on various clients. The Streisand wiki has instructions on how to configure the client on a router.

 

[DarthVader]

Most simple VPN server setup method I ever found is by using https://vpn4.one/. Looks like it's just a wrapper on the kylemanna/openvpn mentioned in this article https://anonymster.com/setup-openvpn-server-digitalocean/ judging by eventual result on the server.

 

[heysoundude]

I've been having this discussion with increasing numbers of people lately (setting up a VPS to act as a remote router with every device connecting - both at home and away - via a VPN tunnel)
Wireguard (not CloudFlare's WARP implementation) seems to be gaining in popularity, if you're good with/on the command line and Vultr seems to make rolling this (VPS) out a click and go proposition.