I just ran into a case where I needed a VPN for a short lived task. Ally bank blocks creation of time deposit accounts while in a foreign country, despite me already having an account with them.

Takes less than 10 minutes to setup a VPN with algo on DO and I just shut it down after my task was done. Cost me $0.02. The support for Wireguard + OSX Wireguard App is perfect and super easy.

Please tell your coworkers, thank you!

For simple usages like this, you can also create an SSH socks proxy with one SSH command, and then configure your browser to use a local port as a socks proxy.

Does not require any software installed on the server, and the whole setup should be quicker then configuring VPN server and client.

Also, an HTTP proxy is a couple steps more to setup, but will allow you to use command line tools on the client, not just the browser. The majority of command line tools support http_proxy and https_proxy environment variables.

An easy and pretty secure way to setup an HTTP proxy is: 1. Install tinyproxy. 2. Configure it to listen only on localhost and start it. 3. SSH port forward localhost:8888 from your server. For example to the same port on your client. 4. Configure your clients to use localhost:8888 as a proxy.

Of course there are alternatives like this and thank you for sharing, but in my eyes, this actually requires significantly more work and mental thought. Spinning up a droplet on DO and opening the config file in wireguard is literally executing one command and doesn't require touching my browser configuration. Takes a couple more clicks to just delete the droplet. Done.

Will do! I'm glad to hear that it worked well for you.

Algo is also significantly cheaper than most offerings. A Digital Ocean instance is $5 a month.

If you do much video or file transfer, you'll easily go over the 1TB you get with your $5 Digital Ocean droplet.

> you don't want to be tied to someone else's weak cipher or insecure protocol choices.

That's not part of the threat model for 99.999999% of VPN users though.

Tracing back the usage of the VPN to them is their main worry and what they have to fight against.

> That's not part of the threat model for 99.999999% of VPN users though.

You're right, and that's why it's not my primary objection. At the end of the day, the majority of VPN providers are still advertising themselves as anonymity services. This is patently false and dangerous to consumers.

Can you please elaborate a bit more why OpenVPN is risky per se?

I'd love to know more about this.

The FAQ I linked has the full details, but in short:

* OpenVPN's user experience isn't as good as IPSec's or (more recently) Wireguard's.

* OpenVPN uses TLS and specifically OpenSSL, meaning that it inherits substantial design and implementation flaws.

* OpenVPN's security track record is poor, both on the client and server sides.

I really appreciate it. I'm gonna read about Algo and give it a try for sure.

Another option via this route is Streisand.

https://github.com/StreisandEffect/streisand

I've used Streisand for a couple of years now with good result (running on a couple of Digital Ocean $5/mo instances). It takes a bit of setting up on new devices initially, but once done, is super smooth and easy to use.

I use streisand on a VPS. Its always fast and reliable. Highly recommend.

Edited to add link: https://github.com/StreisandEffect/streisand

Yes! I don't use it personally, but have heard positive things about Striesand.

Man, I love Wireguard; fast, stable and it doesnt destroy battery life. I only wish nixos didn't mess with configs, but I will fully admit that it is a very niche problem.

What do you mean? I only just started using Wireguard with NixOS, but I haven't run into any problems as of yet.