I also like that they let you download the raw wireguard config files so that you can connect without having to use their client. You can just plop them onto your filesystem and use wg-quick to get going.
Since I'm also a ProtonMail user and I considered switching to them for VPN as well but their python client doesn't seem to work correctly on my Arch Linux install and it doesn't give me anything useful to debug it beyond "An unknown error has occured" so I couldn't be bothered to investigate beyond that.
i just set it up to try it out (on macOS): created a free config on the proton dashboard, downloaded it, stuck it in the wireguard client, and it worked (without downloading their vpn client app). make sure your firewall isn't blocking the traffic though (something that caught me at first).
Be aware, at least Nord clearly does something different with their client than with the OpenVPN files they provide ( https://news.ycombinator.com/item?id=21664692 ). When I dug into this, I found similar cases with other major VPN providers, but my notes are sufficiently out of date, they shouldn't be trusted anymore.
Sometimes the differences are subtle, sometimes they're rather complex like this case. Personally, sketchy stuff like this is why I've moved all of my VPN use to a personal cloud instance running WireGuard.
So, I do have two VPN servers running, one on my home connection, and one on AWS, for just the reason you state.
That said, I got back from a week long trip a few weeks ago. I kept my AWS tunnel up the entire trip. For the set of websites I visit for personal and work reasons, it was never an issue. I'm sure I could find some website that doesn't work, but for me, it's just not a problem.
It's also super useful, since I can whitelist my AWS instance's IP on services that demand such things, and never have to worry about where I am as I move from network to network. I've also reserved the Elastic IP so I can stop/terminate my server when I want without needing to whitelist the IP again when I spin it back up
I use whatbox.ca as my global/universal VPN. So far I haven’t seen any issues. It works in places where most VPNs are banned or heavily throttled (like Saudi/Abu Dhabi/Qatar, my workplace, AT&T cellular data, etc)
1) It’s the only VPN that worked in areas where they work hard to block most VPNs
2) it’s still not very expensive
3) it’s absurdly fast for a “VPN”! Like 400Mbit symmetric.
4) I also use it as a seedbox. Speaking of…does anyone have an invitation a private tracker to replace what.cd because I miss that. Or a no/low compression movie tracker.
I have no idea how right the author was about how Nord got ahold of the residential IPs. I was able to recreate the technical results, and noted at the time that the OpenVPN connection to the same Nord endpoint behaved differently (and, indeed, Disney+ blocked it).
Of course, that was a while ago .. long enough I assume my notes no longer reflect the current state of things. It'd be interesting to try and recreate it with the latest stuff, but all of my VPN providers accounts have lapsed by this point.
Been using protonmail on arch for years, you have to setup the configs a tad more manually and do some editing (I forget now); definitely doable and protonmail lets you download the configs (which work out of the box depending what you use).
I've read some articles online, but I still haven't managed to understand the hype around wireguard. It's lighter than OpenVPN, but has more obscure primitives? Doesn't seem like a great trade off...
Wireguard is your plumbing layer. OpenVPN is an entire application stack. Wireguard is super simple because it's low level. If you wanted to compare something (as a user in terms of feature parity, etc.) to OpenVPN a more accurate comparison would probably be nebula or tailscale (private/mesh network management tools that are built atop wireguard). I'm a wireguard fan and it's true that its crypto is much simpler, smaller, and harder to fuck up than OpenVPN but that is really only something that matters to the security hats.
It's not hub and spoke. Any existing network topology can be mirrored essentially 1:1 with wireguard. With hub and spoke VPNs the model constrains your deployment somewhat. Now I'm not saying key distribution with wireguard is easy, that's a different problem. But wireguard is literally like "let's take your existing network interface and give it modern fast impossible to fuck up encryption".
Traditionally you have a server and all clients connect to this server (Hub and spoke). Wireguard can connect clients like you would in your network. You can mesh clients if you like. The hard part is getting the keys to all peers in the network.
Since I'm also a ProtonMail user and I considered switching to them for VPN as well but their python client doesn't seem to work correctly on my Arch Linux install and it doesn't give me anything useful to debug it beyond "An unknown error has occured" so I couldn't be bothered to investigate beyond that.