Amnezia – Self-Hosted VPN
amnezia.org16 points by eustoria 6 hours ago
16 points by eustoria 6 hours ago
I tinkered with them briefly a few years ago. Review for the version from then: A deeply frustrating software, the UI is buggy and hides a lot of things. In particular they offered a wizard to enter your VPS hostname and password/private key to login, and the scripts they have that runs Docker commands to setup the VPN server are hidden and not visible to me. At one point it only supported some distros, but I managed to find the scripts and got a server setup running on my ArchLinux system.
I exported the config (they offer this to share the connection with others), the export is a Base64 of a JSON, inside which are several strings which are JSON but as escaped strings (so { "someKey": "{\"hello\":\"world\"}" }), and sometimes the nesting happened 2-3 layers deep! I had to write an encoder/decoder for my own setup.
Then I noticed in the JSON was also the private key that I used to setup the server! Wow, great work!
Not affiliated with them but I tested them out, a few clarifications:
> hidden and not visible to me
Everything it runs is blasted out to the terminal you launched the app from.
> in the JSON was also the private key
Yes, because you asked for this. There are two types of shared connections, connection-only (VPN user) and "server management". If you shared for management, of course they shipped the SSH credentials.. how else would the receiver manage your server? Their services don't expose any kind of control plane, all management is through SSH.
Agreed on all your other points though. I strongly disliked the "wizard" interface, and it clobbered a good amount of the baseline settings I deploy to servers. I would much prefer it if they had a more manual mode, but I didn't find anything other than the wizard in their docs.
FWIW, this org is the only VPN provider (that I've found) that is both mostly focused on Russian border-firewall circumvention (yes they're doing DPI now, although not to the extent of the GFW) and runs an open-source stack.
Although their setup is kinda wacky (you provide their GUI app SSH credentials, it connects and installs packages, set up firewall rules, and spawns some containers), I walked through everything on a throwaway VPS and everything was above board (as of the most recent release about a month ago).