How to build your own VPN, or: the history of WARP
blog.cloudflare.com95 points by yla92 7 days ago
95 points by yla92 7 days ago
at Cloudflare scale, absolutely. But today? Find a friend that lives in a different legal jusrisdiction that you trust. Install Tailscale on a raspberry pi Zero. Configure it all up. Send it to your friend. Get it on their wifi. Set up the corresponding app on your phone. Connect to it and use it as your exit node.
Voila, VPN!
There's zero chance I'd put some random device from anyone, even a friend, on my network - especially if I knew that was its purpose. Sounds like a huge liability. Do people really do this?
> Sounds like a huge liability.
This 100%.
I don't think this is being discussed enough but I frequently see a lot of landlords trying to make their contract more attractive by including an internet offer with the rent (this is especially useful for people that look for 6-months contracts when internet providers usually give you a minimum contract length of a year).
Tenants could technically do any kind of illegal activities by using that network. I've always wondered how and who would be liable in case someone uncovers something big enough to get the attention of law enforcement.
I guess this differs by country but it seems highly plausible that a legal loophole could exist, leaving the landlord unexpectedly responsible for the tenant's actions.
> I guess this differs by country but it seems highly plausible that a legal loophole could exist, leaving the landlord unexpectedly responsible for the tenant's actions.
Not in any normal country.
> who would be liable in case someone uncovers something big enough to get the attention of law enforcement
The person doing the crimes, obviously. The cops would most likely never even contact the landlord, as they’d just show up at the address where the line is connected.
> Sounds like a huge liability
Not really, you aren’t responsible for what other people do without your knowledge and you’d have solid evidence that someone else was able to use your network.
Sure, if your friend was committing some horrible crimes it might end up being slightly inconvenient for you.
If your "friend" uses it to download CSAM, you're in for a world of trouble. I don't know that none of my friends aren't into that stuff, but sincerely believe the friends I share a tailnet or two with aren't doing that with my connection. Tailscale has Mullvad VPN exit node integration for sketchy shit, this is more about getting access to eg Swedish television for a friend's girlfriend who gets homesick every once in a while.
Most people have no sense of security. They say yes to strangers if asked to plug in a USB device on their laptop. When I said no in the train to someone asking to plug their device "for charging", I was definitely the bad guy.
Just find anything plausible, for backup storage, or say, to share family photos with grand parents but it does not work on my home wifi because my ISP is blocking ports, whatever.
Ah man, this must be rethorics and you wouldn't lie to a friend close enough to do such a favour, would you? WHo the h is after you guys anyway, to want such level of degraded-internet-speed?
And about 'Warp', is it or is it not a VPN after-all? They mentionned they aren't a VPN, but that they build on wireguard ??
Definitely. In the age of the internet where stupid 'legal'/commercial/whatever other restrictions are the norm it's the only way to guarantee access.
Exit node really is a handy solution for build private vpn for sharing.
I have build a vpn called Echo VPN for apple platform which actually use tailscale open source core.
Also I think there is another benefit is that wireguard can be DPIed easily now adays, but DERP leverage HTTPS and upgrade which can do some obfuscation too
This is something that everyone says and nobody does.
Do your friends do that?
The majority of people have no idea what is VPN or Tailscale and would be suspicious that you might be placing a hacking device or proxy for visiting bad websites in their home.
My siblings and I live in 3 different continents. We use Tailscale exactly for that. It's also installed on some of the VPS I own, so all-in-all we have around 7 exit nodes in different countries to choose from. It was really a breeze to set up.
The best part is that our IPs never seemed to be blocked by any service provider.
Isn't ssh -D + configuring a socks proxy in your browser a lot easier and faster? (using one of the many proxy switcher extensions) It would only work for the browser (although you do have socksify), but much quicker to set up and only ssh needs to work. No software install whatsoever. I mean, at least for VPSes, of course this won't work without an IP to connect to, or an IP behind NAT.
But: no software install.
Where do you SSH to? You need to install sshd on that system somewhere, somehow? Your preferred software seems easier to install, and it is, for you. Others don't have the same experience though.
How do you configure apps on your phone to use a socks proxy?
We could rathole on what constitutes "a lot" easier, but that doesn't seem interesting so I'll just point out that there's a Tailscale app for Apple TV.
Some people also do run Tor exit nodes on their ISP connections, of course receiving tons of abuse complaints, but apparently it's legal enough.
So people may be willing to do it for strangers in exchange for paying the bills.
The thing that Tailscale also allows you to do is access systems on the tailnet, without exposing those servers to the Internet. For the self-hoster with friends, this is really really useful.
Do I think this is a thing that more people than you think are doing? Given that you're questioning if it happens at all, I'd say yes.
Do I think this is at all common or normal? Absolutely not. My friends and their friends are very technical compared to the general population, so it's not surprising that something "weird" like this would be overrepresented, but even then it's not commonplace to share with friends. You really need some tight-knit bonds in order for it to work. Bonds that many people don't have a ton of.
I should mention though, it's not just "bad" websites. A lot of websites geolocate, and for foreign nationals, those websites don't make content available outside the country (for whatever reason). So for a taste of streaming TV from home, a residential proxy in the home country does the trick to let them watch "local" news of home.
Won’t work if behind CGNAT or will be insanely slow. Even ipv6 is not advertised sometimes.
I miss the days when I could ssh to my computer with ddns.
Choose an isp which gives you a static ipv4 address then.
Hard to find. I ask for advertising an ipv6 address and they don’t want to do that. Even though they give me an ipv6 prefix.
There’s the VPN technologies and then there are VPN services [1]. Technology alone does not give you the service.
[1] https://vp.net/l/en-US/blog/The-History-of-VPNs-and-Logging