The guide starts at 11:25 TIMESTAMPS 00:00 Introduction 01:28 Everything wrong with the VPN services 05:50 What are the alternatives? 07:39 VPN services vs. Self-hosted VPNs 08:58 Choosing a VPS provider 10:43 My choice of the VPS provider 11:25 Creating an account (The tutorial starts here) 11:45 Creating a VPS 12:37 Generating SSH keys 13:46 Updating the packages 14:07 Creating a non-root user 15:04 Configuring SSH 17:14 Installing and configuring OpenVPN 20:50 Installing mosh 21:14 Two-factor authentication 23:53 Automatic updates 25:11 Conclusion
Exactly, no matter what a VPN provider says, you have to trust them when it comes to storing and sharing your logs. If they can profit or have to protect themselves, they with share them with other companies.
Okay everyone knows this but how likely is it that they will steal your information or that it will be stolen? you're more likely to get hit by a car or be in an accident or just die.
Many commercial VPN providers make money through bogus claims to protect privacy of internet users. One example is NordVPN, which I find surprising is they refuse to allow XMR Monero but only Bitcoin and that too via Coinbase payment gateway. It is better to get a VPS that allows payment via XMR Monero crypto, and allow selfhost a VPN.
You will NEVER find out the truth on the Internet.. NEVER... It's always ONLY about money and making people feel insecure... At the end of the day, we don't know anything !! Everyone believes what they want to believe and will only google themselves in the direction of being "smart"... If you don't understand how the internet REALLY works... If you don't even know why audio is streaming through the air from a walky Talky is transmitted to the other... Then a lot can be told.. VPN, Proxy etc.. or not... Keeping the people STUPID -- It was done thousands of years ago and it's getting worse... Why? So that we don't pose a threat... But who am I... People get upset every day and yet they go back to work on Monday... Whether you believe in conspiracies or not, UFO's "YES" - "NO" ..Repteliuden and so on.. doesn't matter .. because we humans still do what they want, we go to work, consume, spend money and pay money to be entertained so that we feel good about ourselves to be able to go back to work...The REAL goals of each country, we will NEVER know and what we believe in whether sure or not sure if the government is bugging us or not.. Irrelevant... The question isn't, "Will we lied to - truth or lie? You should think about WHY we are told this and that - how do we behave because of it... Clearly: If we are told bullshit, and more bullshit and more bullshit .. what happens right - bullshit, doesn't matter how smart you are.... Stop racking your brains and focus on life and people that mean a lot to you and invest your time with your loved ones instead of thinking about it the government or your ISP is bugging you or your data is being sold...
Hey, thank you for this. I saw this on google but no one makes a tutorial. Glad I saw this today on my recommendation. Gonna finish this tutorial and will sign up with your link. Thanks again
One thing of note... If you are using a VPS - Check the Terms Of Service for the hosting/rental company. Many companies have policies against setting up VPNs on there networks for a variety of both technical and legal reasons. Many companies also have a 'One Strike / No Warning' policy when it comes to TOS violations meaning that if there systems team detects a 'banned service' or there legal team gets a DMCA violation / take-down notice. They will take down your node, wipe all of the data (including onsite backups), cancel your hosting/rental account, and notify you via email after... No Refunds. --- TLDR: Lots of providers DO allow you to set up a VPN however, If for some reason a provider doesn't allow a VPN or other services/content to be set up, it will be in the Terms of Service. Because providers don't want to terminate your account, it will usually be written in very plain, easy to understand, language... Just read the TOS and make sure you understand what you can and can not do/run with that provider *before* starting hosting with them.
Yes sir! Very Good point! Sorry my reply is also 2yrs later, but I had to chime in and give a nod to this point. The DMCA violation / take-down notice or any legal dispute regardless of your innocense or guilt that you may be involved in doesn't get sent to you directly. So, you might think, "yea that's good for me, I'm anonymous with no logs and a fake name and account paid with crypto" But you don't own the server, you're renting it, and are subject to their usage policy and their legal right to operate rides on your conformity. They won't wait 1 sec when they get a complaint, you're gone and if you were malicious its justified, if not you're just unlucky. This exact scenario applies to public VPN providers Nord, Express,etc. You're subject to their AUP, and if you're not attempting malicious activities then you don't need to be paranoid about no logs because no-one will have a reason to pursue you. If you are malicious on a seedbox or virtual server and they get a court order to expose you, given that you are using a fixed IP and all of your VPN traffic is tied to that IP, obviously they know what server is assigned said Ip because they delete/ban your account and you might want to be Tor'ing in or using another VPN or proxy to access the server so that your personal WAN IP is not exposed. That said, they can be a cost effective sandbox to learn how to install/configure various OS/software and host services you just have to remember they own it and will boot you if they get shit for your actions.
@stormyweathers08 The text guide covers Windows as well th-cam.com/users/redirect?v=gxpX_mubz2A&event=video_description&q=https%3A%2F%2Fnotthebe.ee%2FCreating-your-own-OpenVPN-server.html&redir_token=QUFFLUhqbnlRRGRvY1RpemZRSFI2WkdFbGxWd3A3NExoUXxBQ3Jtc0trS0s5TFJwWlZfUHVoRUxVNk5Pc0ozbGJsUHBtWEJKVGctaV9JejktdnhtVWIyU1dUaTRWenc4cWhCd21SQWFfQi1FOFE4aWtudXJGdE4zWFhCTU9LN0hSclhEMmVPQzVhcjdpaEE4Y2Z3cnBON25zbw%3D%3D
Welcome to the comment section! Please read the FAQ before leaving a comment: Q: How do you know that the VPS doesn't keep the logs? Isn't that the same as trusting a VPN service? A: Every Internet gateway can potentially log and monitor your traffic. A VPN (be that a VPN service or a self-hosted VPN) doesn't give you extra privacy or anonymity and can potentially monitor your activity. Instead, if you need some extra privacy while browsing the Internet, you should use Tor 06:00 As I mentioned in my last video, VPNs should be used to avoid censorship, geoblocks and DMCA letters, but they won't magically make you more secure and anonymous. Q: Are you only recommending a VPS as a solution because you were sponsored by Linode? A: No. I've been using a self-hosted VPN since 2017 and am currently using a VPS from another company. I've also been approached by a several VPN companies that offered to sponsor my videos; I politely refused their offers because such sponsorship will go against my point of view on VPN services. Linode is one of the biggest VPS providers on the market and I'm glad they sponsored this video, however you can always choose another VPS to host your VPN: DigitalOcean, Vultr, Hetzner, etc. Q: But doesn't a self-hosted VPN make you more identifiable since you're the only user? A: Unlike a VPN service, on a self-hsoted VPN you get a dedicated IP that isn't shared with any other users. However, a shared IP on a VPN service doesn't give you more privacy: you still use your real IP to connect to it, and your account has a unique identifiable set of keys. In both cases if a certain government agency were interested in your online activities, it would require requesting logs from the provider, and in case of Linode (or any VPS provider) the authorities would only retrieve connection logs (e.g. when you connected to the VPS from your IP address) - so pretty much the same as with a VPN service. In both cases the authorities can also request logs from the data center providers or hit the service with a FISA warrant if they reside in the US. Q: Is this tutorial only going to work for Linode? A: No, this tutorial applies to any KVM- (and possibly Xen-) based VPS. The only part that's going to be different is the process of creating an account, which is pretty easy.
What´s about vmware as a Virtualisation Technology ? Is it on the same level as KVM, or more in the direction towards OpenVZ ? Cant really find any Infos about that, maybe u have an Idea.
The main reason people look for VPNs is anonimity and the possibility to change connection location and gain the ability to access services reserved only for specific places (ex Netflix). With a self hosted VPN you lose both. Anonimity: basically the same things that your ISP would spy on you, now are spyable by your VPS provider, you're just trusting a different entity. But, as you correctly said, this is a marginal problem, because only source IP and destination IP can be seen, the traffic in between is encrypted. The only thing that changes is that your ISP can only see you are contacting your VPS, and your destinations can see you are contacting them from your VPS. But that VPS can be traced back to your identity, because you're the only owner of that IP address. So we have no anonimity benefit here: in the case the sites you contact want to know who the source IP address belongs to, they can very easily if your VPS provider is complicit. This is more difficult (not impossble) with VPN services ( if they have logs of your real IP) because they have to link the traffic on their system to your real IP and identity manually by looking at metadata, because there are a lot of people using their system simultaneously. And also if the VPN service is, by chance, reliable as they say and they really don't save any logs, then you're anonymous. I don't think VPS providers keep less logs than a VPN service tbh, in this video you're just saying 'meh, I trust VPS providers more then VPN providers', without counting the fact that VPNs grants you the ability to avoid geoblocking by default, and also that the VPN providers base their business on the 'zero logs' policy, and that's not the case for VPS providers.
Hello Wolfgang, I want you to know that i appreciate your in depth knowledge and have deep respect for you that you take the time to share the results of the hard work that you do in order to educate the MANY MANY people that simply have NO CLUE! Thank you. Mike S.
Dry humor, subtle sarcasm, good content including debunking... Gotta love this video man. TY (learning if you search 'is pee is stored in balls' comes up with yes, was the one of the real highlights)
I appreciate your honesty, you sum up pro's and cons and if you are sponsored, you mention it, if you see another video which explains the same thing you do but better, you are man enough to admit and mention it and give credit where it's due. You also have a very clean info page with timestamps and more and are quite humble(with self-promotion). Good lad
He does have a lot of integrity for sure, but mentioning a sponsor isn't really special, they're required to do that by law and contract with their sponsor.
I once followed a tutorial to install AnsibleVPN and although the install process was so long, I was never able to get it to work. Your video on the other hand, is straight to the point. I followed the video from 17:16 to 20:51 and was able to get OpenVPN working on my EC2 instance in less than 10 minutes. Thanks a ton!
Personally I love the movement for personally owned data like your privacy and files. As an enthusiast with multiple industry grade certifications behind me ranging from general certifications in cyber-security & general networking to Cisco university grade diplomas. I don’t care about my own privacy (I know controversial opinion for my field..) however I stand behind this video in more ways then one, he outlines the benefits to self-hosting your own VPN perfectly. The reason I use VPN’s is to allow much better security within my networks for the company I run. By only allowing OpenVPN’s port past our network firewalls and then encrypting all user profiles substantially it allows me and our employees to access and be on these networks remotely without fear of multiple ports/applications vulnerabilities. Awesome video, love your other content too!
@@xXRealXx You have no idea what you're talking about. Windows 10 is fully functional without activating it. Even the iso is free from microsoft. The only reason it's not usable is because of that little watermark on the lower right corner. And even that, can be ignored. Obadiah is right.
Wolfgang, your content is phenomenal. Thank you for your generosity. I hope I can find the cash to donate to your channel soon because you've pieced together some concepts that I understood only in the abstract. Thank you.
It's always good to be critical about any service you're making use of. In the same sense I have two questions about the points you're making in your video: - If you're using your own OVPN install on some VPS, then all traffic can still be pinpointed to exactly the virtual machine that your running on that server. In affect, you're still rely on that VPS not to disclose the account holder to that VM. I'd say that assumption is at least as "dangerous" (and maybe even more so...) as assuming that VPN providers wouldn't back-trace the user corresponding to some traffic from x months ago. Wouldn't you agree? - Secondly, at 12:50, you seem to be saying ssh exchanges your pass in plaintext. That's not correct. To verify, I just ran a wireshark capture on my own system. Openssh is using the Diffie-Hellman encryption before your key exchange of the actual ssh connection. Maybe I'm misunderstanding you? I hope you'll take the time to respond, I'm curious to hear your thoughts.
Surely, there would be many, many users that would rent bandwidth on a specific remote VPS server? Would the VPS owner be able to tell who was doing what and do they log your activity regardless of the server setup that you configure? If you were the only subscriber to a particular machine, then yes, I can see how that would be a massive problem, but for a low cost VPS contract, you'd be sharing a machine with multiple other users, surely? If you choose not to log, is that it - no logging full stop? Complete novice here by the way.
@@MarkAinsworthAinz The hypothetical scenario is that someone is tracing data traffic that originates from your VPS. If this "someone" is tracking your traffic, they know precisely which IP this traffic corresponds to. This IP one-to-one correlates to the rented VPS. They would literally only have to ask the provider "who is the account holder to the VPS with this IP" to directly land on your doorstep, despite your fancy OpenVPN implementation. I would thus argue that it is actually *much more* unsafe than a regular VPN provider. Because for a regular VPN provider, you would be absolutely right; the same IP is shared among many users at any point in time, and the VPN provider would have to keep *huge* logs to even be able to tell this "someone" who was corresponding to a certain data flow. P.s. I would love to be corrected on this if I'm wrong, but it really seems to me that this approach *significantly* weakens the weakest link in your security.
Exactly what I was thinking about. If you have a dedicated Public IP, this can be traced directly to your vps. Law enforcement can force your vps provider to tell them who owns it.
Hi Wolfgang, Thank you for sharing this information. Assuming that everything you've said is true, both the loss of privacy and not knowing who to trust is a bigger issue that most of us realize.
Thank you for the in-depth explanation, prior to even starting the setup tut. No unexpected surprises halfway through the process. This is a refreshing compared to many various installation/setup tuts I have reviewed in the past. I have subscribed. Thanks again!
Excellent video! Finally someone who explains this thoroughly and also shows how to improve everything. Thank you! I'm gonna give it a try. I just want to also mention that in Linode's Master Services Agreement and in their Privacy Policy they state that personal data (including network logs) are all maintained on their servers and may be presented to law enforcement if there is a court order etc. These will be used in case of suspicious criminal activities. So unless I'm reading this wrong, they do state that information is kept on their servers. So don't go and try something bad now ;)
This video actually had some very useful info aside from the VPN FUD at the beginning. I'm very thankful for pointing me to an alternative VPS provider that can do terraform and ansible so I don't have to constantly suck on AWS' teat.
Nice video. Most VPN subject videos won't dare explain both sides (like covering situations where other tools fit - most vpn videos just say: "you need this, and this alone: It solves everything in the world."). Rare to see honesty on the subject - might actually be the first VPN based video where I've actually seen balance (it can be tiring). Kudos.
Correction: You say using a clear text password is a bad idea because it isn’t encrypted in transit. It IS in fact encrypted in transit and a hacker would NOT be able to see it over an infected network. However I do still recommend an ssh key as it is a much better option for many different reasons.
Seems to me that Linode (or whatever VPS service you pick) can log your traffic. So if someone tracks your traffic to your VPS, the company that runs the VPS can tell them the identity of the person who was renting that IP address. So, it doesn’t really seem particularly anonymous.
yes it is, and this video is only for private network, you shouldnt be using this for trying to be anonymously in the web and do shade stuff, you will be fuckt.
If you want good VPN anonymity, might I recommend Mullvad? It has a good track record for logging (or lack thereof), only costs 5€/month, and can be paid for with cash.
@@TheZenytram so will it be sufficient enough to keep your internal network secure from very primative ISP? Where I'm living there recently was an incident where the ISP's customers' every creature personal information incl. payment infos and stuff were leaked and now being sold in the darkweb, and things won't change anytime soon so keeping at least your internal network transactions secure is unfortunately a mandatory procedure which you should do, by needlessly investing more money into which the ISP should be doing in the first place with the amount of fee they charge you anyways.
I mean, you are right in the sense that having your private VPS will avoid someone collecting logs of your traffic. But in any case, if you're using a single IP address, you're still trackable and your IP will get identified for ad purposes and stuff. So definitely if all your traffic moves from IP A, to B, then the result is the same. Part of the point in having a VPN provider is that the collective use of the server makes harder for have an identity linked an IP.
Thanks for sharing such an interesting content for free and with so much clarity. You deserve a lot more subscribers than people sharing their gaming sessions...
4 ปีที่แล้ว +148
imagine using openvpn in 2020 this post was made by wireguard gang
Perfect! Finally someone who speaks at the speed of thought instead of raising my blood pressure wishing they would hurry up. Thanks for not digressing and just sticking to the facts. Don't changing anything. I hadn't heard of Linode. I just went there to check it out. I will use it for more than a VPN. Thanks TONS!
And we can say that its pretty much true... sadly its not problem that vpn itself solves. Every service you use and service they use to handle your usage will store lots of data. If you open any page in internet they probably have some google services that save something about you. Lets say they save time, ip, page address, browser agent, resolution/ viewport and some other data that tells how you are browsing web. Like where did you come to site (ref) and how much time you used to stay on page.
Then if they compare 'data' they have about page/site and your browsing history they know what you are interested in. And now we can advertise this item you did talk with Steven and opened single link steve gave to you about item. Then think how many pages have for example facebook 'like' button which isnt only picture but script.
10:25 I'm in Switzerland and I _might_ use BitTorrent a lot without a VPN. I have never been contacted by any copyright authorities nor have I heard of something like that happening to someone else. In Germany, however, the threat of receiving an "Abmahnung" from copyright lawyers with an invoice for a substantial sum is very real. And regarding "strict copyright laws": in Switzerland we have the legal right to make personal copies of any published work and share them with close family and friends. You can legally copy a book or a movie and give it to your mother. You can even hire a third-party to copy it for you.
Needed to see this. Thanks for the update. Already found some info that contridicts your statements. But this is important. It means I'm looking in the right direction, so again. Thank you. Great video.
Love your videos man so informative and honest. Off topic but I seen a video of yours from 2020 and you had longer hair, looked awesome and I want to try it put for myself because of seeing you with it. Thanks for the great videos bro
Using password authentication on SSH is encrypted, it's send over the encrypted SSH tunnel just like any other data to the SSH server. SSH Key authentication is preferred option and provides much better security, against people setting silly easy to crack passwords.
Once upon a time, there was an exploit attempt aimed at ssh encrypted passwords. It used the time stamps of the sniffed packets that the client sent to the server upon authentication to guess the characters by the statistics of typing speed, distance between keys, etc. After someone proposed that, a random delay between packets was introduced into the routine that sends the password over... but Key auth is much safer, tho. EDIT1 - Adding the link to the paper, as some of you won’t believe it: people.eecs.berkeley.edu/~daw/papers/ssh-use01.pdf EDIT2 - In fact, SSH sends each keystroke separately because otherwise single stroke commands, such as pressing ESC in vi, would not be interpreted by the server.
@@xaviergm that doesn't sound right. I guess I could be mistaken, but I'm fairly certain client sends the entire encrypted password at once, not as each character is typed. There wouldn't be a way during authentication to detect delays between keys.
Most videos i wouldn't trust to tell me these kinds of things, but seeing how you clearly address each claim and take it apart, and you address the counter-claims to your own argument and explain why that is wrong in such a clear way. You could call this blind faith, but i think this is one of the mos educational videos i've seen in the last 4 years. (please don't mind my grammar and capitalization errors, i just quickly wrote this to express how great this video is)
Thanks. I don’t mean it in a patronizing way, but please don’t believe someone just because they seem like they know what they’re talking about. I’m pretty sure there are a few inconsistencies and mistakes in my video.
I am confused as to why you would make a video about creating your own VPN, only to give instructions telling people to purchase a virtual server from a commercial company (Linode, in this case)?
For those watching in 2023, as he mentioned, a VPN like this won't work for changing location often, BUT this is now extremely useful if you have a Netflix account that has multiple users. Netflix recently started charging extra for users not in the same household. Give those users access to your personal VPN and BOOM! No more extra charges!!
You might need two OpenVPN servers depending on your use case. I use it sometimes for old games that try to find other users on the LAN, so for that you need a bridged interface (tap) rather than the more typical tun, but if you want to use the VPN from your phone, well, the phone clients only support tun. You can run two servers on the same machine without any issues, just with the different config files. You might also need this if you want to reach other devices on your VPN, like some printers. I'm not a fan of scripts like the road warrior one... I would if they were more careful, but my server already runs a bunch of other services and unless these scripts are written super carefully they can mess up other stuff you have running already. I guess they're fine on a fresh VM though. I'm not sure offhand if Wireguard supports a bridged setup.
You can't! That's why you use Tor for the private-sensitive stuff. Don't rely on the single point of failure solutions for something that can get you in trouble. Still, it's totally fine for Netflix or torrenting since neither Netflix nor law companies will bother tracking you that far.
@@theohenson7283 And VPS will be associated to you, directly. VPS services company will be forced to provide info about which it is obliged to provide.
@@nirmalmanoj Exactly. Please, don't use a VPN (doesn't matter whether a service or self-hosted) for any kind of illegal stuff (except for piracy). You never know whether your provider is logging your activity, but you should always assume that it does. Use Tor
@@WolfgangsChannel In my opinion, a widely trusted VPN service like ProtonVPN is much better than using a VPS service to create a VPN for personal use. VPS services are perhaps worse at safeguarding your privacy than a trusted VPN that promises privacy.
I am a cyber student and just learned SSL. TCP is the one in making sure the data to be delivered to the destination (server). Since HTTP is using TCP port then it has that 3-way handshake connection-oriented capability. However, TCP does not offer any security features then SSL also called TLS gives that security features to it. So HTTPS does encrypt the data over the internet. Is crazy that comment showed in the video.
There are a few thing he got wrong: ISPs only have access to your IP address and the destination like he said, but that's still valuable information since third party cookies are often blocked and the only other good identification method that's left is fingerprinting. I know out of second hand that ISPs sell mapping files legally in eurpe. The IP addresses and the time can be used to connect your accounts on different platforms. There is a difference between the https encryption (128 bits) and aes-256 (256 bits). 256 is practically impossible to crack, while 128 is just still very resource intense to crack. A self hosted VPN does not really make you anonymous, if your the only person using it and the server can be traced back to you. The anonymity with a VPN comes from multiple people using the same server (and IP address).
Thank you so much, man! It was quite difficult to set up through Windows but it worked in the end. I used your affiliate link but, really, this video is worth much more that whatever Linode pays you.
anyone who thinks they are being observed by incredibly busy secret services, government bodies or whatever are just exploding with arrogance. I bet you're way too boring for that. Or you have a reason to fear them. In which case they probably should observe you!
@@lionelschmitt8251 Ah the "well if your not doing anything wrong you shouldn't mind them spying on you" defense. I am sure you're perfectly safe. You sound quite sheep like.
hey Wolfgang, first of all thanks for the Video it helps a lot to understand more about VPNs. But a small note you showed an article from DW at 10:24 that interviewed few people from the "Piraten Party" the comments from these people sounds fine but we should not forget that the "Piraten Party" is a satire party in Germany (for example they demand a "beer price brake"). All in all I don't think the article is the best to show the problems we have with copyright laws in german speaking countries. Thanks for the Video. Greetings from Germany
I think you are confusing the "Piratenpartei" with "Die Partei". "Die Partei" is a satire party, the "Piratenpartei" is a normal party (as far as i know).
Thank you for this video WolfGang, I usually rely on typed tutorials but I thought this was so well done that you definitely deserved the full view. Was wondering how you initially got into coding? And how a newcomer may get into it?
Great tutorial and I’m a linode fan myself. However, I would recommend a VPS provider outside of the 14 eyes territory to heighten privacy if VPN is the main objective. . Otherwise great content
I m using Http injector with free SSH from website just insert ID and password you created in the website, FREE unlimited VPN (mostly 3-7 days but you can get 30 day if your hand fast enough because in free SSH website the 30 day account will snatched in minutes). I m using "SSH ocean" website mostly.
Literally got an ad for Private IP VPN that used all the same marketing tactics you mentioned, I almost thought it was part of the video for a second XD
For Mobile Users Timestamps: 00:00 Introduction 00:33 "But I only use VPN for Netflix..." 01:28 Everything wrong with the VPN services 01:49 "Your ISP is spying on you!" 02:27 "Open Wi-Fi networks are dangerous!" 02:39 Military Encryption (tm) 03:28 "We will never keep logs or sell your data!" 04:03 PureVPN and Schroedinger's logs 05:09 PrivateInternetAccess acquisition 05:23 NordVPN 2018 breach 05:50 What are the alternatives? 06:00 Tor 07:25 Self-hosted VPN 07:39 VPN services vs. Self-hosted VPNs 08:58 Choosing a VPS provider 09:18 Virtualisation technology 09:49 Dedicated IPv4 address 10:11 Location 10:43 My choice of the VPS provider 11:25 Creating an account (The tutorial starts here) 11:45 Creating a VPS 12:37 Generating SSH keys 13:46 Updating the packages 14:07 Creating a non-root user 15:04 Configuring SSH 17:14 Installing and configuring OpenVPN 20:50 Installing mosh 21:14 Two-factor authentication 23:53 Automatic updates 25:11 Conclusion
Nice video man, but at 12:25 or so, you say that passwords will be sent unencrypted-In the clear. That just isn’t true. SSH never sends passwords in the clear. Now it is true that if you use passwords instead of public keys, your server can much more easily be hacked, but that’s not because the password is sent in the clear. It’s just because passwords are easier to guess using sophisticated password cracking tools. If you use a password that is over 12 characters long, maybe 20 or 30 characters, including non-dictionary words, your password will be pretty secure and not able to be broken by the current generation of cracking technologies running on GPUs or FPGAs. That said, there is no good reason not to use a public key. However please don’t give out miss information like passwords are sent in the clear.
Yes, they can. As I mentioned in the video, Tor is a much better option for privacy-sensitive use cases. However, with a selfhosted VPN you have more control than on a VPN service, and that's good, even for stuff like torrenting and Netflix.
@@WolfgangsChannel Except you can't watch Netflix on a linode VPN since Netflix/Disney blocks data center originating connections like these in the US. At least that was my experience. I was kind of hoping that would not be the case.
I'm a newbie to all things related to coding. I'm learning SQL and Python and how API's work. But how did you learn about this? Can you give me some pointers on how you learned all this? What books have you read? Do you have any recommendations on where I should start? Warmest regards M
These are very broad concepts that includes various different concepts. First you should learn and master the basics. Then go for concepts like Operating Systems, Computer Networks and Database management system. After doing all there you will have a thorough knowledge of how things actually work and using that information you can really choose your interest more specifically. Like if computer networks interest you, you can go for projects in that and learn web development, cyber security and network engineering. Create projects, use the things you learned and don't limit yourself in one coding language or such stuff. Be flexible in what you use. Never stop learning and say you can't do this literally everything is one google search away.
VPS Servers aren't safe... at all. They are actually much more dangerous to your information than any VPN, because VPS can see and log EVERYTHING you do. But he is sponsored, so he will not mention that
@@afdkj7863 I actually did mention it quite a few times in response to other comments. VPS servers can also potentially log or monitor the traffic, just like any other gateway on the Internet. That's why you use Tor for the private-sensitive stuff. Don't rely on the single point of failure solutions for something that can get you in trouble. However, unlike VPN servers you can be sure that the VPN itself doesn't store logs, the binary isn't compromised and the server itself is properly secured.
@Wolfgang's Channel And what's the point of sureness in your vpn server program? It's like you don't have security cams inside of your house but you have plenty outside of every door and window. And the end result is the same: anything going in and out are monitored exactly as with logging vpn server. Even worse, VPS providers are openly stating in their privacy policy that they collect a lot of information about you, which VPNs are at least trying to persuade you they hiding.
Yeah... ugh. Hoping so fervently that open source RISC CPU designs start to gain traction soon. Intel can fucking rot (and AMD are realistically no better). All that said though I still think it's worth it for people to become literate in these technologies and even proficient in setting up tools for themselves in the meantime. True equity comes from proficiency & skill, and knowledge is power yadda, yadda.
As a Network Engineer and Security Analyst, I can safely say most of what Wolfgang is saying in true. However, I can tell you that Tor is actually monitored. The NSA has control of many TOR exit nodes and retains logs for many ISPs. I can point you to numerous leaked documents proving they are pushing the security-conscientious among us, towards Tor for a reason. Snowden was used as a Trojan horse to get us Analysts into believing Tor was a safe alternative. Not to mention, you are disregarding that vPS is just as bad. The provider you go with has the exact same capabilities to monitor you as a VPN provider would.
Yeah uh, recently, my wonderful president decided to threaten us with "shutting the social media down" just because this brilliant person got a hate comment in his tweet Bruh
The guide starts at 11:25
TIMESTAMPS
00:00 Introduction
01:28 Everything wrong with the VPN services
05:50 What are the alternatives?
07:39 VPN services vs. Self-hosted VPNs
08:58 Choosing a VPS provider
10:43 My choice of the VPS provider
11:25 Creating an account (The tutorial starts here)
11:45 Creating a VPS
12:37 Generating SSH keys
13:46 Updating the packages
14:07 Creating a non-root user
15:04 Configuring SSH
17:14 Installing and configuring OpenVPN
20:50 Installing mosh
21:14 Two-factor authentication
23:53 Automatic updates
25:11 Conclusion
Bruh
thank you i was about to look for this
Fun fact: make your own server do not avoid your network traffic to be shared, they still can order linode to give your network history.
This is exactly what I needed thanks.
nice vid bruh
starts at 0:00
Thanks
That's what I like.
0:00
thanks I was so lost
saved me a lot of waiting
Exactly, no matter what a VPN provider says, you have to trust them when it comes to storing and sharing your logs. If they can profit or have to protect themselves, they with share them with other companies.
Okay everyone knows this but how likely is it that they will steal your information or that it will be stolen? you're more likely to get hit by a car or be in an accident or just die.
And government too
Many commercial VPN providers make money through bogus claims to protect privacy of internet users. One example is NordVPN, which I find surprising is they refuse to allow XMR Monero but only Bitcoin and that too via Coinbase payment gateway. It is better to get a VPS that allows payment via XMR Monero crypto, and allow selfhost a VPN.
Do they sell insurance? Term GPU?
You will NEVER find out the truth on the Internet.. NEVER... It's always ONLY about money and making people feel insecure... At the end of the day, we don't know anything !! Everyone believes what they want to believe and will only google themselves in the direction of being "smart"... If you don't understand how the internet REALLY works... If you don't even know why audio is streaming through the air from a walky Talky is transmitted to the other... Then a lot can be told.. VPN, Proxy etc.. or not... Keeping the people STUPID -- It was done thousands of years ago and it's getting worse... Why? So that we don't pose a threat... But who am I... People get upset every day and yet they go back to work on Monday... Whether you believe in conspiracies or not, UFO's "YES" - "NO" ..Repteliuden and so on.. doesn't matter .. because we humans still do what they want, we go to work, consume, spend money and pay money to be entertained so that we feel good about ourselves to be able to go back to work...The REAL goals of each country, we will NEVER know and what we believe in whether sure or not sure if the government is bugging us or not.. Irrelevant... The question isn't, "Will we lied to - truth or lie? You should think about WHY we are told this and that - how do we behave because of it... Clearly: If we are told bullshit, and more bullshit and more bullshit .. what happens right - bullshit, doesn't matter how smart you are.... Stop racking your brains and focus on life and people that mean a lot to you and invest your time with your loved ones instead of thinking about it the government or your ISP is bugging you or your data is being sold...
Hey, thank you for this. I saw this on google but no one makes a tutorial. Glad I saw this today on my recommendation. Gonna finish this tutorial and will sign up with your link. Thanks again
Aye!!
All the TH-cam ads being for VPN services is hilarious. Nice video!
Yeah, that's called personalized ads...
Truly. It's so cringe lmao
TH-cam be like "no, wait, hold on, let us take your money, plz don't go"
Ads? What are ads?
wouldnt know I use adblocker
One thing of note... If you are using a VPS - Check the Terms Of Service for the hosting/rental company. Many companies have policies against setting up VPNs on there networks for a variety of both technical and legal reasons. Many companies also have a 'One Strike / No Warning' policy when it comes to TOS violations meaning that if there systems team detects a 'banned service' or there legal team gets a DMCA violation / take-down notice. They will take down your node, wipe all of the data (including onsite backups), cancel your hosting/rental account, and notify you via email after... No Refunds. --- TLDR: Lots of providers DO allow you to set up a VPN however, If for some reason a provider doesn't allow a VPN or other services/content to be set up, it will be in the Terms of Service. Because providers don't want to terminate your account, it will usually be written in very plain, easy to understand, language... Just read the TOS and make sure you understand what you can and can not do/run with that provider *before* starting hosting with them.
Oh, that is a very useful information, thank you. Yes, I thank you two years later :).
Yes sir! Very Good point! Sorry my reply is also 2yrs later, but I had to chime in and give a nod to this point. The DMCA violation / take-down notice or any legal dispute regardless of your innocense or guilt that you may be involved in doesn't get sent to you directly. So, you might think, "yea that's good for me, I'm anonymous with no logs and a fake name and account paid with crypto" But you don't own the server, you're renting it, and are subject to their usage policy and their legal right to operate rides on your conformity. They won't wait 1 sec when they get a complaint, you're gone and if you were malicious its justified, if not you're just unlucky. This exact scenario applies to public VPN providers Nord, Express,etc. You're subject to their AUP, and if you're not attempting malicious activities then you don't need to be paranoid about no logs because no-one will have a reason to pursue you. If you are malicious on a seedbox or virtual server and they get a court order to expose you, given that you are using a fixed IP and all of your VPN traffic is tied to that IP, obviously they know what server is assigned said Ip because they delete/ban your account and you might want to be Tor'ing in or using another VPN or proxy to access the server so that your personal WAN IP is not exposed. That said, they can be a cost effective sandbox to learn how to install/configure various OS/software and host services you just have to remember they own it and will boot you if they get shit for your actions.
15:48 "I personally prefer to use the port 69." I see you are a man of culture
No tftp for you! :P
@stormyweathers08 The text guide covers Windows as well th-cam.com/users/redirect?v=gxpX_mubz2A&event=video_description&q=https%3A%2F%2Fnotthebe.ee%2FCreating-your-own-OpenVPN-server.html&redir_token=QUFFLUhqbnlRRGRvY1RpemZRSFI2WkdFbGxWd3A3NExoUXxBQ3Jtc0trS0s5TFJwWlZfUHVoRUxVNk5Pc0ozbGJsUHBtWEJKVGctaV9JejktdnhtVWIyU1dUaTRWenc4cWhCd21SQWFfQi1FOFE4aWtudXJGdE4zWFhCTU9LN0hSclhEMmVPQzVhcjdpaEE4Y2Z3cnBON25zbw%3D%3D
Wolfgang's Channel Thank you!
@@WolfgangsChannel wolfgang, you either missed this joke or ignored it? lol the port number is significant LMAO
@@yogiballa I was replying to @stormyweathers08
Welcome to the comment section! Please read the FAQ before leaving a comment:
Q: How do you know that the VPS doesn't keep the logs? Isn't that the same as trusting a VPN service?
A: Every Internet gateway can potentially log and monitor your traffic. A VPN (be that a VPN service or a self-hosted VPN) doesn't give you extra privacy or anonymity and can potentially monitor your activity. Instead, if you need some extra privacy while browsing the Internet, you should use Tor 06:00 As I mentioned in my last video, VPNs should be used to avoid censorship, geoblocks and DMCA letters, but they won't magically make you more secure and anonymous.
Q: Are you only recommending a VPS as a solution because you were sponsored by Linode?
A: No. I've been using a self-hosted VPN since 2017 and am currently using a VPS from another company. I've also been approached by a several VPN companies that offered to sponsor my videos; I politely refused their offers because such sponsorship will go against my point of view on VPN services. Linode is one of the biggest VPS providers on the market and I'm glad they sponsored this video, however you can always choose another VPS to host your VPN: DigitalOcean, Vultr, Hetzner, etc.
Q: But doesn't a self-hosted VPN make you more identifiable since you're the only user?
A: Unlike a VPN service, on a self-hsoted VPN you get a dedicated IP that isn't shared with any other users. However, a shared IP on a VPN service doesn't give you more privacy: you still use your real IP to connect to it, and your account has a unique identifiable set of keys.
In both cases if a certain government agency were interested in your online activities, it would require requesting logs from the provider, and in case of Linode (or any VPS provider) the authorities would only retrieve connection logs (e.g. when you connected to the VPS from your IP address) - so pretty much the same as with a VPN service. In both cases the authorities can also request logs from the data center providers or hit the service with a FISA warrant if they reside in the US.
Q: Is this tutorial only going to work for Linode?
A: No, this tutorial applies to any KVM- (and possibly Xen-) based VPS. The only part that's going to be different is the process of creating an account, which is pretty easy.
I mean if your threat model includes state agents you shouldn’t use anything other than Tails
Wouldnt it be better to pin this comment?
@@princericard3702 thought it was pinned. youtube has a tendency to randomly unpin comments fter editing.
@@WolfgangsChannel typical lmao
What´s about vmware as a Virtualisation Technology ? Is it on the same level as KVM, or more in the direction towards OpenVZ ? Cant really find any Infos about that, maybe u have an Idea.
Been doing it on my own for quite a while now, but with your hints I just took it to a new level of customization. Great video!
do u need a vpn provider or can u use data that u have when u were in another country .
is this a good thing to do if you want to work abroad without your employer knowing?
Yo-yo you wanna help me create a good vpn ?
@@jloc151 ye I would want to
The main reason people look for VPNs is anonimity and the possibility to change connection location and gain the ability to access services reserved only for specific places (ex Netflix). With a self hosted VPN you lose both. Anonimity: basically the same things that your ISP would spy on you, now are spyable by your VPS provider, you're just trusting a different entity. But, as you correctly said, this is a marginal problem, because only source IP and destination IP can be seen, the traffic in between is encrypted. The only thing that changes is that your ISP can only see you are contacting your VPS, and your destinations can see you are contacting them from your VPS. But that VPS can be traced back to your identity, because you're the only owner of that IP address. So we have no anonimity benefit here: in the case the sites you contact want to know who the source IP address belongs to, they can very easily if your VPS provider is complicit. This is more difficult (not impossble) with VPN services ( if they have logs of your real IP) because they have to link the traffic on their system to your real IP and identity manually by looking at metadata, because there are a lot of people using their system simultaneously. And also if the VPN service is, by chance, reliable as they say and they really don't save any logs, then you're anonymous. I don't think VPS providers keep less logs than a VPN service tbh, in this video you're just saying 'meh, I trust VPS providers more then VPN providers', without counting the fact that VPNs grants you the ability to avoid geoblocking by default, and also that the VPN providers base their business on the 'zero logs' policy, and that's not the case for VPS providers.
"I know you guys are lazy and are not going to do that" - Fuck I really DO need a VPN he knows me too well.
Don't give up Rick !
@@mbedj1974 Rolled
Just download a cracked vpn
Don't let the internet hate stop your grind! Keep up the good work!
Hello Wolfgang,
I want you to know that i appreciate your in depth knowledge and have deep respect for you that you take the time to share the results of the hard work that you do in order to educate the MANY MANY people that simply have NO CLUE! Thank you.
Mike S.
what the fuck is that supposed to mean?
Hey Yanish Mounnah,
I want you to know that he is just telling nothing. Have a Good day !
Killua Z.
Dry humor, subtle sarcasm, good content including debunking... Gotta love this video man. TY
(learning if you search 'is pee is stored in balls' comes up with yes, was the one of the real highlights)
Much appreciated!
I love that you posted the timestamps. Makes this video so much more useful! Thanks!! I "liked" the video.
i really appreciate the amount of effort you put into making this tutorial and showing how serious you are about privacy
I appreciate your honesty, you sum up pro's and cons and if you are sponsored, you mention it, if you see another video which explains the same thing you do but better, you are man enough to admit and mention it and give credit where it's due. You also have a very clean info page with timestamps and more and are quite humble(with self-promotion). Good lad
He does have a lot of integrity for sure, but mentioning a sponsor isn't really special, they're required to do that by law and contract with their sponsor.
I once followed a tutorial to install AnsibleVPN and although the install process was so long, I was never able to get it to work. Your video on the other hand, is straight to the point. I followed the video from 17:16 to 20:51 and was able to get OpenVPN working on my EC2 instance in less than 10 minutes. Thanks a ton!
Personally I love the movement for personally owned data like your privacy and files. As an enthusiast with multiple industry grade certifications behind me ranging from general certifications in cyber-security & general networking to Cisco university grade diplomas. I don’t care about my own privacy (I know controversial opinion for my field..) however I stand behind this video in more ways then one, he outlines the benefits to self-hosting your own VPN perfectly.
The reason I use VPN’s is to allow much better security within my networks for the company I run. By only allowing OpenVPN’s port past our network firewalls and then encrypting all user profiles substantially it allows me and our employees to access and be on these networks remotely without fear of multiple ports/applications vulnerabilities.
Awesome video, love your other content too!
I certainly hope nobody is getting Linux ISOs from Pirate Bay lol
Oh bro u haven't herd the last of it in my country , over here we get window from pirate bay
@@davidr2421 Yah but that water mark is annoying tho
@Obadiah Guyman No. That's just simply false if you're using Windows 10.
@@xXRealXx You have no idea what you're talking about. Windows 10 is fully functional without activating it. Even the iso is free from microsoft. The only reason it's not usable is because of that little watermark on the lower right corner. And even that, can be ignored. Obadiah is right.
@Obadiah Guyman just simply download KMS Pico and activate your windows
Wolfgang, your content is phenomenal. Thank you for your generosity. I hope I can find the cash to donate to your channel soon because you've pieced together some concepts that I understood only in the abstract. Thank you.
It's always good to be critical about any service you're making use of. In the same sense I have two questions about the points you're making in your video:
- If you're using your own OVPN install on some VPS, then all traffic can still be pinpointed to exactly the virtual machine that your running on that server. In affect, you're still rely on that VPS not to disclose the account holder to that VM. I'd say that assumption is at least as "dangerous" (and maybe even more so...) as assuming that VPN providers wouldn't back-trace the user corresponding to some traffic from x months ago. Wouldn't you agree?
- Secondly, at 12:50, you seem to be saying ssh exchanges your pass in plaintext. That's not correct. To verify, I just ran a wireshark capture on my own system. Openssh is using the Diffie-Hellman encryption before your key exchange of the actual ssh connection. Maybe I'm misunderstanding you?
I hope you'll take the time to respond, I'm curious to hear your thoughts.
hmmmm no answer yet...
very very nice point everyone (including me) overlooked!
Surely, there would be many, many users that would rent bandwidth on a specific remote VPS server? Would the VPS owner be able to tell who was doing what and do they log your activity regardless of the server setup that you configure?
If you were the only subscriber to a particular machine, then yes, I can see how that would be a massive problem, but for a low cost VPS contract, you'd be sharing a machine with multiple other users, surely? If you choose not to log, is that it - no logging full stop? Complete novice here by the way.
@@MarkAinsworthAinz The hypothetical scenario is that someone is tracing data traffic that originates from your VPS. If this "someone" is tracking your traffic, they know precisely which IP this traffic corresponds to. This IP one-to-one correlates to the rented VPS. They would literally only have to ask the provider "who is the account holder to the VPS with this IP" to directly land on your doorstep, despite your fancy OpenVPN implementation.
I would thus argue that it is actually *much more* unsafe than a regular VPN provider. Because for a regular VPN provider, you would be absolutely right; the same IP is shared among many users at any point in time, and the VPN provider would have to keep *huge* logs to even be able to tell this "someone" who was corresponding to a certain data flow.
P.s. I would love to be corrected on this if I'm wrong, but it really seems to me that this approach *significantly* weakens the weakest link in your security.
Exactly what I was thinking about. If you have a dedicated Public IP, this can be traced directly to your vps. Law enforcement can force your vps provider to tell them who owns it.
I agree with the comment
Hi Wolfgang,
Thank you for sharing this information. Assuming that everything you've said is true, both the loss of privacy and not knowing who to trust is a bigger issue that most of us realize.
Thank you for the in-depth explanation, prior to even starting the setup tut. No unexpected surprises halfway through the process. This is a refreshing compared to many various installation/setup tuts I have reviewed in the past. I have subscribed. Thanks again!
Excellent video! Finally someone who explains this thoroughly and also shows how to improve everything. Thank you! I'm gonna give it a try. I just want to also mention that in Linode's Master Services Agreement and in their Privacy Policy they state that personal data (including network logs) are all maintained on their servers and may be presented to law enforcement if there is a court order etc. These will be used in case of suspicious criminal activities. So unless I'm reading this wrong, they do state that information is kept on their servers. So don't go and try something bad now ;)
Or if the govt is bent on getting opposition activity check. Fear factor
that video from Tom Scott is indeed brilliant, I watched it many times for the entertainment value alone
Can you please put up the Tom Scott link
@@johnheikkinen3916 th-cam.com/video/dQw4w9WgXcQ/w-d-xo.html That's the link, hope it helps!
gay pirate assassins
@@dgfhjdgfhkjdgfhjdgfhkj4970 i remember the rickroll link... you arent fooling me!
our pronounciation is very on point. I really respect people who put in the effort to pronounce words of different languages as well as possible
This video actually had some very useful info aside from the VPN FUD at the beginning. I'm very thankful for pointing me to an alternative VPS provider that can do terraform and ansible so I don't have to constantly suck on AWS' teat.
Ima be honest. I have no interest in having a vpn, but this was very informative and entertaining.
Nice video. Most VPN subject videos won't dare explain both sides (like covering situations where other tools fit - most vpn videos just say: "you need this, and this alone: It solves everything in the world."). Rare to see honesty on the subject - might actually be the first VPN based video where I've actually seen balance (it can be tiring). Kudos.
This seems like an all day class crammed into less than 30 minutes.
seems pretty dope. was originally just gonna buy a vpn but this seems like a way better option.
And cheaper sometimes
@@lionelesquivel2498 i could use an express account...
@@lionelesquivel2498 nord please
@@lionelesquivel2498 I would love one thanks
@@lionelesquivel2498 I'm down for nord :--)
Correction: You say using a clear text password is a bad idea because it isn’t encrypted in transit. It IS in fact encrypted in transit and a hacker would NOT be able to see it over an infected network. However I do still recommend an ssh key as it is a much better option for many different reasons.
MITM is still possible with SSH, just hard to pull off. Any dedicated attacker could pull it off.
Seems to me that Linode (or whatever VPS service you pick) can log your traffic. So if someone tracks your traffic to your VPS, the company that runs the VPS can tell them the identity of the person who was renting that IP address. So, it doesn’t really seem particularly anonymous.
11:16
shocked when I saw you have the same wallpaper as myself.. subbed because you have good taste in wallpapers..
valuable info as well
keep it up
Isn't providing your details with the vps provider a vulnerability? Shouldn't you pay for these things anonymously?
yes it is, and this video is only for private network, you shouldnt be using this for trying to be anonymously in the web and do shade stuff, you will be fuckt.
@Mohammad Reza
Exactly‼️🎯 I agree with you 100% 🏆📌
If you want good VPN anonymity, might I recommend Mullvad? It has a good track record for logging (or lack thereof), only costs 5€/month, and can be paid for with cash.
@@TheZenytram so will it be sufficient enough to keep your internal network secure from very primative ISP? Where I'm living there recently was an incident where the ISP's customers' every creature personal information incl. payment infos and stuff were leaked and now being sold in the darkweb, and things won't change anytime soon so keeping at least your internal network transactions secure is unfortunately a mandatory procedure which you should do, by needlessly investing more money into which the ISP should be doing in the first place with the amount of fee they charge you anyways.
I only download the highest quality *linux isos*
Yes, *linux isos*
the Full HD one, right?
Did someone mention I use the highest quality of arch?
@@bleuify7 I hear the high quality ones can come in various sizes several times a day, and it's important to stay up to date.
@@bleuify7 4K only.
I mean, you are right in the sense that having your private VPS will avoid someone collecting logs of your traffic. But in any case, if you're using a single IP address, you're still trackable and your IP will get identified for ad purposes and stuff. So definitely if all your traffic moves from IP A, to B, then the result is the same.
Part of the point in having a VPN provider is that the collective use of the server makes harder for have an identity linked an IP.
Thanks for sharing such an interesting content for free and with so much clarity. You deserve a lot more subscribers than people sharing their gaming sessions...
imagine using openvpn in 2020
this post was made by wireguard gang
Switching to wireguard is still on my todo list. The last time I looked at it it seemed not ready for productive use. How is the cussent status?
@@dameck9570 It was merged into Linux 5.6. I would say it is pretty stable right now.
Wireguard = not as secure :)
Did they had their Independent Audit yet ?
@@HenryT Why is Wireguard not as secure?
I'm a security analyst and it's the 1st time I watch your video and I already like you cause you tell the truth. You've got one more sub!
Perfect! Finally someone who speaks at the speed of thought instead of raising my blood pressure wishing they would hurry up. Thanks for not digressing and just sticking to the facts. Don't changing anything. I hadn't heard of Linode. I just went there to check it out. I will use it for more than a VPN. Thanks TONS!
Excellent summary.
Don't worry about redundancy in your videos. In case of tutorials it's useful.
i can watch your videos all day your voice is so Calming, one of the best channels on TH-cam
I got an ad on a Vpn called ipvanish and the first words where "The internet is tracking everything you do!"
And we can say that its pretty much true... sadly its not problem that vpn itself solves. Every service you use and service they use to handle your usage will store lots of data. If you open any page in internet they probably have some google services that save something about you. Lets say they save time, ip, page address, browser agent, resolution/ viewport and some other data that tells how you are browsing web. Like where did you come to site (ref) and how much time you used to stay on page.
Then if they compare 'data' they have about page/site and your browsing history they know what you are interested in. And now we can advertise this item you did talk with Steven and opened single link steve gave to you about item. Then think how many pages have for example facebook 'like' button which isnt only picture but script.
LOL GOT THAT AD TOO
IPVanish is based in US therefore is on the UKUSA Agreements on Cyber Espionage your not safe m8
10:25 I'm in Switzerland and I _might_ use BitTorrent a lot without a VPN. I have never been contacted by any copyright authorities nor have I heard of something like that happening to someone else. In Germany, however, the threat of receiving an "Abmahnung" from copyright lawyers with an invoice for a substantial sum is very real.
And regarding "strict copyright laws": in Switzerland we have the legal right to make personal copies of any published work and share them with close family and friends. You can legally copy a book or a movie and give it to your mother. You can even hire a third-party to copy it for you.
Needed to see this. Thanks for the update. Already found some info that contridicts your statements. But this is important. It means I'm looking in the right direction, so again. Thank you. Great video.
I have never known that I can do two-factor authentication with ssh until you post this video.
Samy K's Evercookie can be used to track Tor users and Snowden revealed the NSA uses Evercookie.
Love your videos man so informative and honest. Off topic but I seen a video of yours from 2020 and you had longer hair, looked awesome and I want to try it put for myself because of seeing you with it. Thanks for the great videos bro
Using password authentication on SSH is encrypted, it's send over the encrypted SSH tunnel just like any other data to the SSH server.
SSH Key authentication is preferred option and provides much better security, against people setting silly easy to crack passwords.
Yeah, my bad. I thought it was plain text my whole life
@@WolfgangsChannel it was and in old installation it is still the case
Once upon a time, there was an exploit attempt aimed at ssh encrypted passwords. It used the time stamps of the sniffed packets that the client sent to the server upon authentication to guess the characters by the statistics of typing speed, distance between keys, etc. After someone proposed that, a random delay between packets was introduced into the routine that sends the password over... but Key auth is much safer, tho.
EDIT1 - Adding the link to the paper, as some of you won’t believe it: people.eecs.berkeley.edu/~daw/papers/ssh-use01.pdf
EDIT2 - In fact, SSH sends each keystroke separately because otherwise single stroke commands, such as pressing ESC in vi, would not be interpreted by the server.
@@marcello4258 it is still the case? no.
@@xaviergm that doesn't sound right. I guess I could be mistaken, but I'm fairly certain client sends the entire encrypted password at once, not as each character is typed. There wouldn't be a way during authentication to detect delays between keys.
dude learning a lot here thank you. this is definitely the way
Most videos i wouldn't trust to tell me these kinds of things, but seeing how you clearly address each claim and take it apart, and you address the counter-claims to your own argument and explain why that is wrong in such a clear way. You could call this blind faith, but i think this is one of the mos educational videos i've seen in the last 4 years. (please don't mind my grammar and capitalization errors, i just quickly wrote this to express how great this video is)
Thanks. I don’t mean it in a patronizing way, but please don’t believe someone just because they seem like they know what they’re talking about. I’m pretty sure there are a few inconsistencies and mistakes in my video.
I have a VPN set up on a VPS for port forwarding. Our home network is behind double NAT, so this is the only way for me to host anything on my PC.
I am confused as to why you would make a video about creating your own VPN, only to give instructions telling people to purchase a virtual server from a commercial company (Linode, in this case)?
Thanks a ton, Wolfgang - very helpful,
Roger (now a subscriber)
Excellent stuff thanks, wish I knew enough about coding to set one of these up for myself.
Great video, just wish I understood it more so I could give it a go! 😂
For those watching in 2023, as he mentioned, a VPN like this won't work for changing location often, BUT this is now extremely useful if you have a Netflix account that has multiple users. Netflix recently started charging extra for users not in the same household. Give those users access to your personal VPN and BOOM! No more extra charges!!
"I know you guys are lazy and you're not gonna do that" 😂😂😂 this guy knows his audience too well.
Not me j actually went and typed in to you search and subscribed as well. Lol
@@infotruther Did you also smash the like button? What about ringing the bell?
Naah, I never refuse to watch a Tom Scott video.
@@WolfgangsChannel Yes I smashed it!
@@WolfgangsChannel sellout
You might need two OpenVPN servers depending on your use case. I use it sometimes for old games that try to find other users on the LAN, so for that you need a bridged interface (tap) rather than the more typical tun, but if you want to use the VPN from your phone, well, the phone clients only support tun. You can run two servers on the same machine without any issues, just with the different config files. You might also need this if you want to reach other devices on your VPN, like some printers. I'm not a fan of scripts like the road warrior one... I would if they were more careful, but my server already runs a bunch of other services and unless these scripts are written super carefully they can mess up other stuff you have running already. I guess they're fine on a fresh VM though. I'm not sure offhand if Wireguard supports a bridged setup.
You've actually got so quality stuff on your channel. Keep that up man!
6:47 The fact that he recorded himself actually searching this up is hilarious XD
to make it realistic lol
How you can be sure that ISP of your server doesnt keep logs of all traffic in dc?
You can't! That's why you use Tor for the private-sensitive stuff. Don't rely on the single point of failure solutions for something that can get you in trouble.
Still, it's totally fine for Netflix or torrenting since neither Netflix nor law companies will bother tracking you that far.
While they can still take logs, it will be associated with your vps, not you
@@theohenson7283 And VPS will be associated to you, directly. VPS services company will be forced to provide info about which it is obliged to provide.
@@nirmalmanoj Exactly.
Please, don't use a VPN (doesn't matter whether a service or self-hosted) for any kind of illegal stuff (except for piracy). You never know whether your provider is logging your activity, but you should always assume that it does.
Use Tor
@@WolfgangsChannel In my opinion, a widely trusted VPN service like ProtonVPN is much better than using a VPS service to create a VPN for personal use. VPS services are perhaps worse at safeguarding your privacy than a trusted VPN that promises privacy.
I am a cyber student and just learned SSL. TCP is the one in making sure the data to be delivered to the destination (server). Since HTTP is using TCP port then it has that 3-way handshake connection-oriented capability. However, TCP does not offer any security features then SSL also called TLS gives that security features to it. So HTTPS does encrypt the data over the internet.
Is crazy that comment showed in the video.
There are a few thing he got wrong:
ISPs only have access to your IP address and the destination like he said, but that's still valuable information since third party cookies are often blocked and the only other good identification method that's left is fingerprinting. I know out of second hand that ISPs sell mapping files legally in eurpe. The IP addresses and the time can be used to connect your accounts on different platforms.
There is a difference between the https encryption (128 bits) and aes-256 (256 bits). 256 is practically impossible to crack, while 128 is just still very resource intense to crack.
A self hosted VPN does not really make you anonymous, if your the only person using it and the server can be traced back to you. The anonymity with a VPN comes from multiple people using the same server (and IP address).
+1, one of the first things I thought when Linode was presented was: ok but now it's the Linode server that will identify us.
Thank you for 23:28 , I almost had a heart attack when my server refused to connect. Luckily I had a previous tab that I kept minimised.
Thank you so much, man! It was quite difficult to set up through Windows but it worked in the end. I used your affiliate link but, really, this video is worth much more that whatever Linode pays you.
Did you use Ubuntu 20.10 or the one he used in the video? Also what did you use to edit the config? Thank you in advance.
@@zachg8941 I use Ubuntu 20.04 and the Neovim editor. Pretty much exactly the same setup as Wolfgang except I use the OpenVPN client for Windows.
Unfortunately one just needs to read or listen to Edward Snowden to know especially in the US we can be easily observed
anyone who thinks they are being observed by incredibly busy secret services, government bodies or whatever are just exploding with arrogance. I bet you're way too boring for that. Or you have a reason to fear them. In which case they probably should observe you!
@@lionelschmitt8251 Ah the "well if your not doing anything wrong you shouldn't mind them spying on you" defense. I am sure you're perfectly safe. You sound quite sheep like.
@@odaydrums are you too dumb to make arguments? Is references to unrelated animals all you got?
i prefer this kind of content over gnu/linux ricing
good vid!
hey Wolfgang, first of all thanks for the Video it helps a lot to understand more about VPNs. But a small note you showed an article from DW at 10:24 that interviewed few people from the "Piraten Party" the comments from these people sounds fine but we should not forget that the "Piraten Party" is a satire party in Germany (for example they demand a "beer price brake"). All in all I don't think the article is the best to show the problems we have with copyright laws in german speaking countries. Thanks for the Video. Greetings from Germany
They also advocate for fast internet for every household and abolishing astronomical fines for torrents, so 💁♂️
I think you are confusing the "Piratenpartei" with "Die Partei".
"Die Partei" is a satire party, the "Piratenpartei" is a normal party (as far as i know).
Thank you for this video WolfGang, I usually rely on typed tutorials but I thought this was so well done that you definitely deserved the full view. Was wondering how you initially got into coding? And how a newcomer may get into it?
i was gonna do all these steps until i realized i don't know anything about coding.
He doesn't do any coding in this video though
If you know what an if-statement and a loop are doing you prety much allready know "coding". Besides, you dont have to code in this case.
@Karl Marx youll have to pay for it no matter what
Great tutorial and I’m a linode fan myself. However, I would recommend a VPS provider outside of the 14 eyes territory to heighten privacy if VPN is the main objective. . Otherwise great content
What Non-14 eyes VPS providers do you recommend?
Why do you need a VPS? I'm curious.
@@locutusofborg7122 Cyber Ghost is one
I have no idea how to do anything I just watched. Still interesting though
same XDD
I m using Http injector with free SSH from website just insert ID and password you created in the website, FREE unlimited VPN (mostly 3-7 days but you can get 30 day if your hand fast enough because in free SSH website the 30 day account will snatched in minutes). I m using "SSH ocean" website mostly.
Literally got an ad for Private IP VPN that used all the same marketing tactics you mentioned, I almost thought it was part of the video for a second XD
For Mobile Users
Timestamps:
00:00 Introduction
00:33 "But I only use VPN for Netflix..."
01:28 Everything wrong with the VPN services
01:49 "Your ISP is spying on you!"
02:27 "Open Wi-Fi networks are dangerous!"
02:39 Military Encryption (tm)
03:28 "We will never keep logs or sell your data!"
04:03 PureVPN and Schroedinger's logs
05:09 PrivateInternetAccess acquisition
05:23 NordVPN 2018 breach
05:50 What are the alternatives?
06:00 Tor
07:25 Self-hosted VPN
07:39 VPN services vs. Self-hosted VPNs
08:58 Choosing a VPS provider
09:18 Virtualisation technology
09:49 Dedicated IPv4 address
10:11 Location
10:43 My choice of the VPS provider
11:25 Creating an account (The tutorial starts here)
11:45 Creating a VPS
12:37 Generating SSH keys
13:46 Updating the packages
14:07 Creating a non-root user
15:04 Configuring SSH
17:14 Installing and configuring OpenVPN
20:50 Installing mosh
21:14 Two-factor authentication
23:53 Automatic updates
25:11 Conclusion
Thanks, but the timestamps are also in the description...
If a computer turned human, he is exactly what it would look and sound like.
:c
Ouch
This dude has intelligent humor! Subbed!
It's funny seeing downloading legally obtained content turned into linux ISO's through time hahahahaha lol
Nice video man, but at 12:25 or so, you say that passwords will be sent unencrypted-In the clear. That just isn’t true. SSH never sends passwords in the clear.
Now it is true that if you use passwords instead of public keys, your server can much more easily be hacked, but that’s not because the password is sent in the clear. It’s just because passwords are easier to guess using sophisticated password cracking tools. If you use a password that is over 12 characters long, maybe 20 or 30 characters, including non-dictionary words, your password will be pretty secure and not able to be broken by the current generation of cracking technologies running on GPUs or FPGAs. That said, there is no good reason not to use a public key.
However please don’t give out miss information like passwords are sent in the clear.
why is there no follow up to this by wolfgang?
This is a fantastic video!
Thank you for starting with the clarification, and moving on to creating an at-home VPN.
Also, I like your name. xD
If the vpn is hosted on Linode, can't Linode still see the traffic going to the vpn server?
Yes, they can. As I mentioned in the video, Tor is a much better option for privacy-sensitive use cases. However, with a selfhosted VPN you have more control than on a VPN service, and that's good, even for stuff like torrenting and Netflix.
Wolfgang's Channel ah ok, thank you
@@WolfgangsChannel Except you can't watch Netflix on a linode VPN since Netflix/Disney blocks data center originating connections like these in the US. At least that was my experience. I was kind of hoping that would not be the case.
"Linux ISOs" 😂 Good one.
I love the way you talk, it's very relaxing
I'm a newbie to all things related to coding.
I'm learning SQL and Python and how API's work. But how did you learn about this?
Can you give me some pointers on how you learned all this? What books have you read? Do you have any recommendations on where I should start?
Warmest regards
M
These are very broad concepts that includes various different concepts.
First you should learn and master the basics.
Then go for concepts like Operating Systems, Computer Networks and Database management system.
After doing all there you will have a thorough knowledge of how things actually work and using that information you can really choose your interest more specifically.
Like if computer networks interest you, you can go for projects in that and learn web development, cyber security and network engineering.
Create projects, use the things you learned and don't limit yourself in one coding language or such stuff. Be flexible in what you use. Never stop learning and say you can't do this literally everything is one google search away.
I've Been Waiting This, Thanks !!
But How Can You Trust These VPS Servers,isn't it the same as trusting vpn servers?
Many Thanks
VPS Servers aren't safe... at all. They are actually much more dangerous to your information than any VPN, because VPS can see and log EVERYTHING you do. But he is sponsored, so he will not mention that
@@afdkj7863 I actually did mention it quite a few times in response to other comments.
VPS servers can also potentially log or monitor the traffic, just like any other gateway on the Internet. That's why you use Tor for the private-sensitive stuff. Don't rely on the single point of failure solutions for something that can get you in trouble.
However, unlike VPN servers you can be sure that the VPN itself doesn't store logs, the binary isn't compromised and the server itself is properly secured.
@Wolfgang's Channel And what's the point of sureness in your vpn server program? It's like you don't have security cams inside of your house but you have plenty outside of every door and window. And the end result is the same: anything going in and out are monitored exactly as with logging vpn server. Even worse, VPS providers are openly stating in their privacy policy that they collect a lot of information about you, which VPNs are at least trying to persuade you they hiding.
looking forward to learning from the rest of your videos. Subscribed!
15:49 Someday I'll be grown up enough to not laugh at 69, but today is not the day 😆
That day will never come, my friend.
I'm pretty sure the more "grown" you get, the more you will actually be able to appreciate that number HA! good luck benjamin button..
69 likes. Nice!
😂😂😂👍
13:08 hmmm, last time I check ssh was installed by default on Windows 10
I had to install it separately on my Win10 machine. Weird
@@WolfgangsChannel maybe it's because of the edition? like a difference between Home, Pro and Enterprise?
If you install git, you get ssh installed to your path as well. That is likely why.
Great tutorial especially the tutorial with changing ssh to mosh and configuring automatic update / upgrade of the server.
Somebody ask how does AES, DES, VPN technology secure their data? answer: Intel Management Engine (ME)=wide open for us!
Dude
Yeah... ugh. Hoping so fervently that open source RISC CPU designs start to gain traction soon. Intel can fucking rot (and AMD are realistically no better). All that said though I still think it's worth it for people to become literate in these technologies and even proficient in setting up tools for themselves in the meantime. True equity comes from proficiency & skill, and knowledge is power yadda, yadda.
As a Network Engineer and Security Analyst, I can safely say most of what Wolfgang is saying in true. However, I can tell you that Tor is actually monitored. The NSA has control of many TOR exit nodes and retains logs for many ISPs. I can point you to numerous leaked documents proving they are pushing the security-conscientious among us, towards Tor for a reason. Snowden was used as a Trojan horse to get us Analysts into believing Tor was a safe alternative.
Not to mention, you are disregarding that vPS is just as bad. The provider you go with has the exact same capabilities to monitor you as a VPN provider would.
This tutorial is amazing and you are really good at teaching !! great job sir !
Good info ... BUT : in the end your just trading 1 VPN Service for another.... hahhhaha
Yeah yeah all the stuff... IS THAT GNOME? (mine was just a joke, I didn't mean to start a DE war >.
at this point I'm happy he's using Linux at least
He's also using hackintosh in the video. Somehow he's juggling linux, macos and windows, lol.
So? A lot of pro devs use gnome, including Linus. Not everyone enjoys ricing.
He made a video about Gnome
bogdan t b using a tiling window manager is not ricing, it’s just better, but it takes more time to learn how to use them
This video is hilarious at the beginning and so honest! Great job!~
interesting, almost all the ads that pop up are VPN ads, lol.
Yeah uh, recently, my wonderful president decided to threaten us with "shutting the social media down" just because this brilliant person got a hate comment in his tweet
Bruh
sounds like trump, he's a whiny entitled senile baby
Probably talking about Germany here. They wanted to shut it down and only people can access if they linked their ID.
@@crashniels source?
Everyone else trying to get more security
Me and the bois selling our own data
No one is going to pay you for ur own data when they can get it for free