Virtual Private Networks (VPN)

Virtual Private Networks (VPN) are generally used for one purpose: establish virtual presence in a different location.

But, practically, it is one of ways to change the IP address.

How it works

Normally, the client (phone, laptop or any other devices) connects to VPN server, establishes a secure communication channel, and after that it sends all the traffic via that encrypted channel. The VPN server sends the traffic elsewhere and puts responses back to encrypted channels.

Why is it secure

Of course, every VPN protocol is different and we can’t speak about all protocols altogether. But there are shared principles:

  1. There is a secure cryptographic key exchange between the client and server. Keys are not transferred over network. Alice and Bob guarantee that.

  2. The communication itself lies on modern cryptographic methods, usually requiring vast amount of time to bruteforce keys used.

Best practices

Known protocols

  • Wireguard
  • IPSec v2 (see strongswan and libreswan)
  • OpenVPN

All of these protocols have a good support in all operating systems.

How to set it up

We recommend not to use free services. They are not safe, they can sniff traffic and sell the metadata of your accesses.

Paid services of known providers are better, but still not encouraged for sensitive things.

The best way is to set up your VPN server. It might take a while and won’t be free, however, it will be secure and you can be assured in the privacy of your server.

Setting up your own server

You don’t need to be an expert. The simplest reliable path looks like this:

  1. Rent a cheap virtual server (VPS) in the country you want to appear from. Almost any provider works. Pay with a method you are comfortable with.

  2. Pick WireGuard. It is the easiest modern protocol to set up and the fastest. On most Linux servers a helper script does everything for you:

    # On a fresh Ubuntu/Debian server, as root:
    curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
    chmod +x wireguard-install.sh
    ./wireguard-install.sh
    

    The script asks a few questions, then prints a configuration (and a QR code) for your first device.

  3. Install the client. WireGuard has official apps for Windows, macOS, Linux, Android and iOS. Import the configuration file (or scan the QR code) and press Connect.

  4. Verify it works. Before trusting it, run the pre-flight checks — confirm your IP changed and that nothing leaks outside the tunnel.

Note. Running your own server hides your traffic from your provider and from public Wi-Fi, but the server itself sees where you connect. That is fine when you control the server — which is exactly the point.

If you prefer not to manage a server, choose a reputable paid provider with a clear no-logs policy, but remember: you are trusting them instead of your ISP.