- Personal IPsec-based VPN (strongSwan).
- Ad blocking DNS setup by default (Pi-hole).
- Generates profiles for sharing VPN with OSX/iPhone and Android.
- No additional software required for OSX/iPhone - uses native VPN client.
- Simple Web or CLI installation methods.
- Automated OS and VPN software updates.
Web Installer (OSX)
- Download the latest pre-built app from the GitHub Releases page.
- Open the app and run through the web based installation wizard to setup a new VPN.
CLI Usage (OSX)
- Download the latest pre-built cli from the GitHub Releases page.
- Make the binary executable
chmod +x dosxvpn
- Create an API token (https://cloud.digitalocean.com/settings/api/tokens) and export it
- See help for all options
- Deploy a new VPN droplet and configure OSX VPN
./dosxvpn deploy --region sfo2 --auto-configure
- List dosxvpn VPN droplets
- Remove dosxvpn VPN droplet and OSX VPN profile
./dosxvpn rm --name <name> --remove-profile
- Should I use dosxvpn? That's up to you. Use at your own risk.
- Why is this better than using public VPN provider XYZ? While most VPN providers will provide a secure connection to their endpoints, you may not be interested in putting blind faith in their claims that they will not log or track your activity online.
- How is this different than algo? 1) Installallation - is simple and has no additional system dependencies. 2) Updates: dosxvpn handles updates of both the OS and VPN. This means any critical security updates or bug fixes will automatically be applied for you.
- How much does this cost? This launches a 512MB DigitalOcean droplet that costs $5/month currently.
- What is the bandwidth limit? The 512MB DigitalOcean droplet has a 1TB bandwidth limit. This does not appear to be strictly enforced.
- Where does dosxvpn store VPN configuration files? You can find all deployed VPN configuration files in your ~/.dosxvpn directory.
- How do I SSH into the deployed droplet? Assuming you had public SSH keys uploaded to your DigitalOcean account when the VPN was deployed, all of those keys should be authorized for access. You can SSH using any of those keys:
ssh -i <ssh-private-key> core@<vpn-ip>. If you had no SSH keys uploaded to your DigitalOcean account, then a temporary key was autogenerated for you and you will need to redeploy if you want SSH access.
- Are you going to support other VPS providers? Not right now.
- Will this make me completely anonymous? No, absolutely not. All of your traffic is going through a VPS which could be traced back to your account. You can also be tracked still with browser fingerprinting, etc. Your IP address may still leak due to WebRTC, Flash, etc.
- How do I uninstall this thing on OSX? You can uninstall through the Web interface, which will also remove the running droplet in your DigitalOcean account. Alternatively go to System Preferences->Network, click on dosxvpn-* and click the '-' button in the bottom left to delete the VPN. Don't forget to also remove the droplet that is deployed in your DigitalOcean account.
- strongSwan - IPsec-based VPN software
- CoreOS - used for running containers and automatic OS updates capabilities
- Pi-hole - used for DNS adblocking
- Platypus - used to build the native OSX app
- godo - DigitalOcean Go API client
- trailofbits/algo - strongSwan configuration is borrowed from this project
- jbowens/dochaincore - Deployment code is borrowed from this project
- vimagick/strongswan - Using a forked version of this docker image for VPN server
- Install dependency platypus cli
brew install platypus
- Fetch the project with
go get github.com/dan-v/dosxvpn cd $GOPATH/src/github.com/dan-v/dosxvpn
- Run make to build