As the title says, I have my own instance of OpenVPN running in a vps (default settings). Is that “safe” enough for p2p? Any settings I should change? Anything I should watch out for? I guess it would show that the IP address of my vps will be going to these p2p sites and connecting to the IP address of whoever I’m transferring from, but how hard is it for the vps traffic to be traced back to me?
Your VPS provider will likely just forward copyright infringement letters to you, same as your ISP would, or they’ll suspend your account.
It will hide your ISP IP from torrent peers, but the VPS provider still knows exactly who you are.
but how hard is it for the vps traffic to be traced back to me?
Very easy by the VPS provider, as the VPS has a static IP assigned to you.
Someone else asked “safe from what?” And that’s the real question.
In lieu of an answer to that though, no. It isn’t. The whole point of using a vpn to do p2p is to accomplish three things: traffic anonymization, legal protection and encrypted data transfer.
A vpn on a vps doesn’t anonymize your traffic because the vps is in your name. The vps provider is likely in compliance with kyc laws and will happily give you up to the law the moment they come knocking. If you’re using a domain with it it’s even easier to check that it’s you by looking at the whois records. On the off chance you’re getting a vps with enough storage and transfer included to act as your seedbox without kyc using cash or monero or something you’re likely paying more than the 2-3$ a month that the p2p vpns tend to charge.
A vpn on a vps most likely doesn’t provide you any legal protection either! Generally speaking, privacy focused vpn providers use nonpersistent systems where the secrets that can be subject to lawful intercept by the authorities are not stored on the systems hard drive and have protections against being read out of ram. Not only are almost all vpses generally held to be vulnerable to having their ram contents read by the provider, it is extremely unlikely that you set up openvpn without a configuration file on disk that contains your secret. This is just one example of a well documented vector of legal attack against a vpn, there are many. Paying an expert in legal attacks takes the onus off you.
A vpn on a vps doesn’t even accomplish encrypted data transfer, since the tunnel is between your pc and your vps, not whatever the vps connects to. Encryption keeps untrustworthy devices upstream of you from reading the data you send and receive. You might have prevented your untrustworthy isp devices from viewing your data, but you didn’t prevent untrustworthy vps provider devices from viewing your data. Even if your vps is trustworthy, the infrastructure it uses is the same infrastructure whose built in lawful intercept backdoors were compromised last year with no firm resolution. This wouldn’t matter nearly as much if your traffic were anonymized or had the shield of a crew of computer security experts running the system you use as a vpn, but as outlined above, you don’t.
Running your own vpn on a vps is cool, and I’m glad you have that ability, but it’s a lot like building your own car from scratch. It is possible, and a phenomenal learning experience, but not the suggested route for anyone.
Use a p2p vpn service instead. It’s much cheaper and better in almost every way.
Thanks for the info, very useful. I’m generally trying to hide my traffic from my ISP, when I’m torrenting some movies. I’m not doing a ton of p2p stuff. Not enough to need a seedbox. I’ll share/seed some stuff from my local hard drive. Nothing sits in my vps.
I understand that although the IP addresses I connect to can be hidden from my ISP by my own instance of openvpn, it doesn’t hide that my vps is connecting to those IP addresses. I think I’m okay with that. I’m not connecting to super sketchy sites. Generally, I’m trying to avoid getting some copyright warning letter from my ISP. Although that’s never been an issue, I just thought I’d be safe.
My vps has a domain name, but it does have privacy protection where my name won’t show up on a whois lookup. Not sure how much that helps, but I thought it was good to have.
In terms of a good p2p vpn services, it seems like a lot of the usual ones being advertised on podcasts and youtube are bad about privacy, and it seems like Proton may be the only one that I know of that seems good. Any recommendations for good vpns are welcome. I may just go that route if Openvpn isn’t good enough.
The isp generally doesn’t care if you’re doing p2p. Some use it as a sales tactic to get you to move up to their top tier bandwidth plans though. They handle complaints about your p2p that have been investigated by some group contracted by the rights holders who usually say they have the file or want the file and take note of the ip that offers or accepts the file and then send that information to the group responsible for that ip.
In the case of your home ip, your isp receives the letter and sends you a letter in kind complying with all the laws they’re subject to. This usually has the threat of legal action and termination of service.
In the case of your vps ip, the vps provider complies to the full extent of the law. In some places with a three strikes or similar style of enforcement they may just forward it to you. They may use it as an excuse to ditch you if you’re a problem customer for them. It’s completely within the realm of possibility that they happily provide all the information they have on you, but that usually only when the police get involved.
In the case of your p2p vpn service they often have the ability to say “we don’t know which of our customers we’re connecting from that ip and have no way of finding out”. It’s a dead end for them.
Air has worked well for me. Proton is fine as long as you’re careful about what metadata you give them. Both do port forwarding.
In general, it would be a bad idea to use the same vpn account or service for p2p that you use for browsing or whatever. So maybe don’t do that.
no. it all depends on the vps provider. linode for example has sent me emails about detecting torrent traffic, and threatens to end my service. if a government asked them for logs, i assume they would send them right over.
VPS VPN hides you from ISP but VPS IP still shows to peers → worst case: abuse email/suspension. Use WireGuard, not OpenVPN: faster, leaner, modern crypto. No compression, full-tunnel + DNS leak protection, firewall to block non-VPN traffic, minimal logs. If host’s fine with P2P, you’re set.
I keep hearing about WireGuard being better, but also harder to set up and configure, so I went with Openvpn. I’ll look into WireGuard, and see if I’m brave enough to set that up. For the hosting company, they didn’t point out anything against p2p traffic in their TOS. 🤷♂️
But…why? It would probably be cheaper and easier to just run your torrent client through a basic VPN, or pay for a seedbox.
Since I already have a vps to run websites and other stuff, I just wanted to spin up my own instance of Openvpn on the same vps in a docker container, so it wasn’t any additional cost. If Openvpn doesn’t work well for me, I may just go with a basic VPN like you said. I don’t torrent enough to need a seedbox. I’m just a filthy casual when it comes to torrenting. 😛
You are risking the other services you host on that VPS if you get a copyright complaint. It’s up to you, but considering VPN’s can be obtained for around $2 per month, I would imagine that the extra cost is lower than the liability.
That’s a good point. I may just sign up for Proton VPN.
Safe from what?
my ISP mostly. Just want to avoid getting a copyright warning from them. Hasn’t been a problem, just being safe.
Then yes. The VPS provider will get it instead.
If you’re paying for the hosting with untraceable Monero… I guess it depends on the country, but if it’s US hosting and the host knows who you are, I wouldn’t bet on them never ratting you out if they get a copyright complaint.
Renting a seedbox is my solution to all these issues. I imagine your VPS probably wouldn’t be happy with self-hosting a seedbox (although technically its very easily doable) perhaps you could find a VPS that allows seedboxes (or vice versa, a seedbox that lets you run other stuff on your seedbox since it’s basically just a VPS anyway)
