amadaus: > Hi > Some of you may be interested in setting up your own personal VPN using > streisand software? I first read obout this in Ars Technica [ > http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/] > and have since tried it out in a dedicated Streisand VM. > To me, it seems to offer very high levels of security and anonominity. > Does anyone else have any views on this software? - it can be accessed > via github https://github.com/jlund/streisand. >
I wasn't aware of streisand before you mentioned it. Normally, I would suggest that the best method for setting up a personal VPN, is to set up a personal VPN. Even for pure novices, there are many comprehensive, user-friendly guides that will set you up with a secure configuration. (Digitalocean & Linode have nice tutorials, like this one: https://www.linode.com/docs/networking/vpn/set-up-a-hardened-openvpn-server). In the process, you can also learn about firewalls, authentication, services, etc. On the other hand, there's definitely a place for turnkey solutions with safe defaults. It's a shame though that the streisand installer is currently not able to selectively install services (https://github.com/jlund/streisand/issues/23). The security best practice of only enabling needed services to minimize attack surface is overshadowed by usability concerns. A full streisand install consists of "L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge" plus a webserver! If you connect to a VPS anonymously, one nice advantage of using an out-of-the-box preconfigured solution is that it may give you a measure of deniability. Certainly more than you would get by applying your own unique iptables rules + comments in Swahili that would fingerprint you as sysadmin. Seems like streisand is a project worth following. Plus it's important to remember that its purpose is to configure a censorship circumvention server, not provide network security and/or anonymity. Unless bypassing censorship is your only goal, IMO its services should be used before and/or after Tor. (and obviously, not both on the same server). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/850ea210-4ff3-f392-9360-c24f5d771146%40gmail.com. For more options, visit https://groups.google.com/d/optout.