Easily deploy your own personal VPN server with DNS adblocking running on DigitalOcean.
- Personal IPsec-based VPN (strongSwan).
- Ad blocking DNS setup by default (Pi-hole).
- Generates profiles for sharing VPN with OSX/iPhone and Android.
- No additional software required for OSX/iPhone - uses native VPN client.
- Simple Web or CLI installation methods.
- Automated OS and VPN software updates.
- Dual stack IPv4/IPv6 enabled.
- Download the latest pre-built app from the GitHub Releases page. Note: only OSX 10.12+ is supported.
- Open the app and run through the web based installation wizard to setup a new VPN.
- Download the latest pre-built cli from the GitHub Releases page. Note: only OSX 10.12+ is supported.
- Make the binary executable
chmod +x dosxvpn
- Create an API token (https://cloud.digitalocean.com/settings/api/tokens) and export it
export DIGITALOCEAN_ACCESS_TOKEN=<token>
- See help for all options
./dosxvpn -h
- Deploy a new VPN droplet and configure OSX VPN
./dosxvpn deploy --region sfo2 --auto-configure
- List dosxvpn VPN droplets
./dosxvpn ls
- Remove dosxvpn VPN droplet and OSX VPN profile
./dosxvpn rm --name <name> --remove-profile
- Should I use dosxvpn? That's up to you. Use at your own risk.
- Why is this better than using public VPN provider XYZ? While most VPN providers will provide a secure connection to their endpoints, you may not be interested in putting blind faith in their claims that they will not log or track your activity online.
- How is this different than algo?
- Installation - is simple and has no additional system dependencies.
- Updates: dosxvpn handles updates of both the OS and VPN. This means any critical security updates or bug fixes will automatically be applied for you.
- How much does this cost? This launches a 512MB DigitalOcean droplet that costs $5/month currently.
- What is the bandwidth limit? The 512MB DigitalOcean droplet has a 1TB bandwidth limit. This does not appear to be strictly enforced.
- Where does dosxvpn store VPN configuration files? You can find all deployed VPN configuration files in your ~/.dosxvpn directory.
- How do I SSH into the deployed droplet? Assuming you had public SSH keys uploaded to your DigitalOcean account when the VPN was deployed, all of those keys should be authorized for access. You can SSH using any of those keys:
ssh -i <ssh-private-key> core@<vpn-ip>
. If you had no SSH keys uploaded to your DigitalOcean account, then a temporary key was autogenerated for you and you will need to redeploy if you want SSH access. - What is the password to login to Pi-hole? The password is
dosxvpn
. - Are you going to support other VPS providers? Not right now.
- Will this make me completely anonymous? No, absolutely not. All of your traffic is going through a VPS which could be traced back to your account. You can also be tracked still with browser fingerprinting, etc. Your IP address may still leak due to WebRTC, Flash, etc.
- How do I uninstall this thing on OSX? You can uninstall through the Web interface, which will also remove the running droplet in your DigitalOcean account. Alternatively go to System Preferences->Network, click on dosxvpn-* and click the '-' button in the bottom left to delete the VPN. Don't forget to also remove the droplet that is deployed in your DigitalOcean account.
- strongSwan - IPsec-based VPN software
- CoreOS - used for running containers and automatic OS updates capabilities
- Pi-hole - used for DNS adblocking
- Platypus - used to build the native OSX app
- godo - DigitalOcean Go API client
- trailofbits/algo - strongSwan configuration is borrowed from this project
- jbowens/dochaincore - web deployment code is borrowed from this project
- vimagick/strongswan - using a forked version of this docker image for VPN server
- Install dependency platypus cli
brew install platypus
- Fetch the project with
go get
:
go get github.com/dan-v/dosxvpn
cd $GOPATH/src/github.com/dan-v/dosxvpn
- Run make to build
make