and VPN Connections speeds using a VPS server
Why do I bother run my own Virtual Private Server (VPS)?
I do ask myself why I still bother with running a VPS on IONOS. I no longer have a business to run, so the old web pages are an archive now. I thought old URLs should never die (*).
I am often tempted to shut the VPS down and use email only service providers. They seem to be as expensive, even more than running as VPS that can run the email. I need 50Gb for each email box. Emails are a useful personal archive; ours goes back to 1992.
Running an email server on a VPS can be problematic. Both Google and Microsoft impose their email server monopoly on security grounds. Rarely they have blocked whole swathes of Internet Service Provider’s addresses, with no notice or explanation. I assume just one of the ISP’s customers has been naughty by sending out spam. It can take a day of two to get unblocked from these secret blacklists. I hope I have not jinxed it but the last such episode blocking email was over a year ago. This big-boys IP blocking was never reported by blacklisting sites such as MX toolbox. One needs to avoid getting on any blacklist lists so chose ISP carefully. Set up SPF DMARC DKIM and even DNSEC. All would be quite fiddly if it was not for the likes of PLESK to set up and control your VPS.
Plesk is very expensive when sold as a stand-alone, personal purchase, but cheap when it is part of the ISP VPS package. Always buy with a VPS server with cPanel or Plesk.
What do I still use VPS for?
1. EMAIL The advantage of running an email is you are your own man in the middle, your data is not being mined. You are in control and back up. I spoil the lack of data mining by having my google Gmail account pop read all the incoming emails. Searching of email is so much faster and intelligent with Gmail than directly searching on the server or Outlook. Gmail then is one of the backups. I also backup the entire server and settings to Dropbox. Tight fail2ban rules are essential for email servers and PLESK sets that up easily.
2. A Virtual Private Network VPN when abroad keeping a UK IP address is very useful. To use a VPS as a VPN is a cost saving, as a commercail VPN service can cost as much as a VPS, but you can do more with a VPS. The VPS’s IP is not recognised as a likely VPN address and has never been blocked as being from abroad; the IP address does not belong to any of the major VPN providers. Again, you are not being mined, logged or surveyed with your own. I use Softethervpn on the servers and Raspberry Pis as it is so much easier to set up and can use OpenVPN. Softethervpn even makes a client OpenVPN script to do so. Beware VPNs do not route IPv6 well, so to ensure that seen to be a UK address turn off IPv6 on your PC when abroad.
3. SSH tunnels and reverse tunnels. Some of my projects have no inbound route (say they are on 4g). Using autossh on the remote site will open a port on the server to connect to the remote site to use for anything, including VPN connections. SSH needs care: I change the default port number of SSH, run fail2ban and of certificate only, no password logins are allowed.
4. SOCAT. This is a useful programme if you want to reach the fixed IPv6 address from IPv4. One of my places has no fixed IPv4, no route from the internet (CGNAT) but has IPv6 allocation. Opening IPv6 pinholes on that router I can can access multiple devices from the internet, even using the same port number, at the remote site. Alas, some business networks, hotels and phones are still not routing IPv6. So I need to direct the request to a VPS server port, and the configured SOCAT will read IPv4 and forward on to the remote reachable IPv6 address.
5. Web Server. Setting up web pages. Social media has reduced the need to have a vanity domain and web pages as I set up long ago. For email alone one needs to get a proper a wildcard SSL certificate. You can then use that certificate on any machine (some are RaspberryPis) once using by the same domain or subdomain. Plesk makes setting all this up easier.
6. Frame forwarding. One can set up a subdomain and the point to a port to the server which is connected to a website elsewhere (such as a raspberry Pi) eg https://yell.bulger.co.uk is frame forwarded to a port on the VPS which has been autossh connected by the raspberry Pi in Shetland.
7. Never run TOR on a personal VPS server!
G3WIP
*Old URLs should never die, expect in Australia. If a business stops trading or reduces to itself such that it no longer has an business number (ABN), then the domains .com.au have to be deleted by the registrar, along with email and contacts. This is quite nuts.
VPN Connection Speeds
I use my own servers to double up as Virtual Private Network VPS servers. I also use RaspberryPis. Seems safer and reliable to me than the commercial VPN offerings. Nowadays it is quite cheap to set up the most basic internet based Virtual Server (https://www.ionos.co.uk/servers/vps) .
I have used Softethervpn https://www.softether.org/ as was the easiest to set up on the Linux servers and has many features and offers different protocols.
Then there was a claim that WireGuard was a faster protocol, so I thought I would check it out. Thanks to a nice script is now also a doddle to set up: https://github.com/angristan/wireguard-install on my servers. Beware a “feature” is that the Wireguard client looks as if it has connected, creates a default route to nowhere, when there is no connection. I thought it was not routing, it was much simpler than that; it had not connected at all. I had a firewall problem. Wiregaurd should change the route until there is a connection.
I put WireGuard https://github.com/angristan/wireguard-install server on Ubuntu VPS and a domestic RaspberryPi using the same script.
I am using my Windows 11 as the client at home
I turned off IPv6 (not all VPNs route or block IPv6). I tested various protocols to my VPS server (UK to UK). The server is said to have a 3GB connection
Speedtest to the same end point averaged as follows:
Straight connection with no VPN on my fibre line gives 980Mbps. Upload and download speeds were always similar.
SocksProxy using SSH (secured; key-only authentication) connecting to my VPS server came out best to my surprise. I thought there were limitations to using a Socks proxy. Normally I used Seamonkey Browser to use this proxy tunnel, not all of windows. It averaged 600Mbps. When I set windows itself to use this proxy tunnel the speed was 680Mbps.
SoftetherVPN with its own protocol and client 460Mbps
WireGuard 280Mbps
Open VPN 150Mbps
L2PP/IPSEC 140Mbps
IPv6 and VPNs is a whole new ball game, and I do not know the rules. At least WireGuard using this script prevented IPv6 direct routing to the internet (stopping a leak bypassing the VPN) when Windows has IPV6 on as does Socksproxy. This is useful. Better if ALL traffic, IPv4 and IPv6 is be routed via a VPN, I am not sure how to achieve that as yet (see such discussions https://www.reddit.com/r/WireGuard/comments/mg9mlp/ipv6_routing_subnet_through_wireguard/ ). Currently with my setup with WireGuard VPN and other VPN protocols do not find sites by IPv6 address.
My conclusion is that I will use the Socks Proxy via SSH proxy more often. This little script below simplifies switching the proxy on and off. https://github.com/zubir2k/WindowsProxySwitch.git although it offers no choice as which proxy to use if you have more than one set up.
