As the title says, I have my own instance of OpenVPN running in a vps (default settings). Is that “safe” enough for p2p? Any settings I should change? Anything I should watch out for? I guess it would show that the IP address of my vps will be going to these p2p sites and connecting to the IP address of whoever I’m transferring from, but how hard is it for the vps traffic to be traced back to me?
Someone else asked “safe from what?” And that’s the real question.
In lieu of an answer to that though, no. It isn’t. The whole point of using a vpn to do p2p is to accomplish three things: traffic anonymization, legal protection and encrypted data transfer.
A vpn on a vps doesn’t anonymize your traffic because the vps is in your name. The vps provider is likely in compliance with kyc laws and will happily give you up to the law the moment they come knocking. If you’re using a domain with it it’s even easier to check that it’s you by looking at the whois records. On the off chance you’re getting a vps with enough storage and transfer included to act as your seedbox without kyc using cash or monero or something you’re likely paying more than the 2-3$ a month that the p2p vpns tend to charge.
A vpn on a vps most likely doesn’t provide you any legal protection either! Generally speaking, privacy focused vpn providers use nonpersistent systems where the secrets that can be subject to lawful intercept by the authorities are not stored on the systems hard drive and have protections against being read out of ram. Not only are almost all vpses generally held to be vulnerable to having their ram contents read by the provider, it is extremely unlikely that you set up openvpn without a configuration file on disk that contains your secret. This is just one example of a well documented vector of legal attack against a vpn, there are many. Paying an expert in legal attacks takes the onus off you.
A vpn on a vps doesn’t even accomplish encrypted data transfer, since the tunnel is between your pc and your vps, not whatever the vps connects to. Encryption keeps untrustworthy devices upstream of you from reading the data you send and receive. You might have prevented your untrustworthy isp devices from viewing your data, but you didn’t prevent untrustworthy vps provider devices from viewing your data. Even if your vps is trustworthy, the infrastructure it uses is the same infrastructure whose built in lawful intercept backdoors were compromised last year with no firm resolution. This wouldn’t matter nearly as much if your traffic were anonymized or had the shield of a crew of computer security experts running the system you use as a vpn, but as outlined above, you don’t.
Running your own vpn on a vps is cool, and I’m glad you have that ability, but it’s a lot like building your own car from scratch. It is possible, and a phenomenal learning experience, but not the suggested route for anyone.
Use a p2p vpn service instead. It’s much cheaper and better in almost every way.
Thanks for the info, very useful. I’m generally trying to hide my traffic from my ISP, when I’m torrenting some movies. I’m not doing a ton of p2p stuff. Not enough to need a seedbox. I’ll share/seed some stuff from my local hard drive. Nothing sits in my vps.
I understand that although the IP addresses I connect to can be hidden from my ISP by my own instance of openvpn, it doesn’t hide that my vps is connecting to those IP addresses. I think I’m okay with that. I’m not connecting to super sketchy sites. Generally, I’m trying to avoid getting some copyright warning letter from my ISP. Although that’s never been an issue, I just thought I’d be safe.
My vps has a domain name, but it does have privacy protection where my name won’t show up on a whois lookup. Not sure how much that helps, but I thought it was good to have.
In terms of a good p2p vpn services, it seems like a lot of the usual ones being advertised on podcasts and youtube are bad about privacy, and it seems like Proton may be the only one that I know of that seems good. Any recommendations for good vpns are welcome. I may just go that route if Openvpn isn’t good enough.
The isp generally doesn’t care if you’re doing p2p. Some use it as a sales tactic to get you to move up to their top tier bandwidth plans though. They handle complaints about your p2p that have been investigated by some group contracted by the rights holders who usually say they have the file or want the file and take note of the ip that offers or accepts the file and then send that information to the group responsible for that ip.
In the case of your home ip, your isp receives the letter and sends you a letter in kind complying with all the laws they’re subject to. This usually has the threat of legal action and termination of service.
In the case of your vps ip, the vps provider complies to the full extent of the law. In some places with a three strikes or similar style of enforcement they may just forward it to you. They may use it as an excuse to ditch you if you’re a problem customer for them. It’s completely within the realm of possibility that they happily provide all the information they have on you, but that usually only when the police get involved.
In the case of your p2p vpn service they often have the ability to say “we don’t know which of our customers we’re connecting from that ip and have no way of finding out”. It’s a dead end for them.
Air has worked well for me. Proton is fine as long as you’re careful about what metadata you give them. Both do port forwarding.
In general, it would be a bad idea to use the same vpn account or service for p2p that you use for browsing or whatever. So maybe don’t do that.