# open source vpn



## doughy (Jan 18, 2018)

I've been looking at open source vpn solutions.  There are several but none of them actually hide your ip address that I've found.  There are several vpn solutions that do hide your ip but they all charge for service.  Are there any opensource (free) vpn solutions that will hide your ip?


----------



## obsigna (Jan 18, 2018)

doughy said:


> ...  Are there any opensource (free) vpn solutions that will hide your ip?


You could set up a free and open source FreeBSD instance in the Cloud and install a VPN server utilizing the free and open source projects security/strongswan + net/mpd5. This works perfectly with EC2 of the Amazon Web Services and with Google Cloud Computing. The VPN server exchanges the client IP by its server IP. Amazon and Google offer a free test installation for one year, which is bound to your e-mail-address and a phone number.


----------



## ShelLuser (Jan 18, 2018)

A VPN was never designed to hide your IP address, that's what some companies made out of it and now many people believe that nonsense. A VPN is mainly useful to set up a _Virtual Private Network_, so basically your own network on top of another (usually public) network.

My personal favorite on FreeBSD is security/openvpn.

(edit)

What you're basically looking for is a VPN client to connect to another VPN and then use that for your traffic. OpenVPN can definitely help, but a client alone isn't enough: you'd also need an actual network to connect to.


----------



## doughy (Jan 18, 2018)

I have the same opinion on VPNs.  I'm just surprised no one has made a VPN solution that does what these companies are charging for.  I started thinking about TOR (the onion router) and how it works.  I wonder if there's a way for someone with the knowledge of how this works to implement a solution that will do what TOR does but with all ip traffic, not just HTTP/HTTPS.


----------



## sko (Jan 19, 2018)

doughy said:


> I'm just surprised no one has made a VPN solution that does what these companies are charging for


Because it is technically impossible to just "hide" an IP Address or there would be no traffic. If you don't provide Amazon your address, they can't ship you any goods. Same goes with TCP/IP traffic - no return address, no response.
What VPN providers do is NAT your traffic, so you get the IP of their egress server and appear to be wherever that server is located. Internally you are still traceable because they somehow have to route your traffic back to you.



doughy said:


> I started thinking about TOR (the onion router) and how it works. I wonder if there's a way for someone with the knowledge of how this works to implement a solution that will do what TOR does but with all ip traffic, not just HTTP/HTTPS.


TOR is not only for HTTP/HTTPS, it is a "normal" tunnel that can relay almost any IP traffic (with some exceptions to e.g. multicast or some UDP-based protocols). It is even not a very bright idea to just relay HTTP(S) traffic through tor, because you'd leak a lot of other traffic, especially DNS which is easily sufficient to track what you are doing. If you use tor, use it as a proxy for _all_ traffic.
IMHO the tor browser was a stupid idea from the beginning because it made people think of tor as a pure "browsing thingy". In fact almost all reports of "tor being cracked" and IPs of tor users revealed were caused by leaking DNS or other traffic and/or just doing simple timing attacks in which traffic on a server and the timing of associated traffic (again, mostly DNS) was compared.


EDIT:
I've been using tincd(8) especially for multi-site/node VPNs, which is masterless and creates a mesh network. It can either provide routed (Layer 3) or switched (Layer 2) tunnels, so it can be easily used to bridge multiple remote networks transparently.


----------

