I was thinking of Marv in Sin City See https://en.wikipedia.org/wiki/Marv_(Sin_City) I haven't used it enough to have an opinion.
The beta notice on their website, looks to me like they only have one IP (213.73.91.35) with no alternate(?), everything is in German and their setup guides have not been updated for W7, nevermind W8 or W10. All that does not leave me with much confidence...
Okay I didn't see anything of concern to me. I haven't seen many of the issues complained about, and as to the port forwarding, not something I need.
Well GRC can "ask very hard" all it wants to. If the VPN tunnel is setup correctly you will ONLY get the dns that is allowed to use it. If you are paying for a quality vpn service they should have a trusted and reliable dns to use. Although my provider changes (vpn1, vpn2, etc..) at my discretion, it is trivial to assure that only the current vpn1 dns is ever seen by anything inside or leaving the tunnel. If I don't trust their dns then why would I use the vpn in the first place?
Yes this is a very good point. I intend to quiz my VPN why my ISP's DNS severs leaked on GRC. Google Open DNS servers do not leak, at all.
I totally love his dive down that stairwell! Yes, it is. I'm pretty sure that any VPN using OpenVPN with PKI (ca.crt etc) will have it.
I have one question for users that have more experience using VPN. Right now I'm using Freedome VPN and like it so far. Speeds for casual browsing on most servers are OK and pricing is OK for me also. I like simple interface and simple configuration. I would like to know from those that have tested various VPNs if they encountered any problems or have any other reservations about this service. I also performed some ip and dns leak tests and it passed all of them.
I have tested Freedome VPN from various times. The speeds as you say getting are fine, at least if you live in Europe. Can't say any about North American servers if you live in there. It is limited in features, like the lacking of the so called "killswitch". But yes, servers seem stable. Coming from F-Secure, it is a respectacle company and privacy statements have been often heard from its leader and criticism against internet spyings, NSA things etc.. I have noticed I can't disable Internet Protocol 6 from FreedomeVPNConnection network adapter, or is it just me? Worries me a bit. There are some things about safeguarding against unsafe sites and tracking protection that it has.
Thank you Jarmo P for your answer. I didn't encounter situation when VPN connection would be lost so far. I don't care much about killswitch - I would probably notice VPN drop when systray icon would change.
not always you would. there are times when the connection drops but the client software still indicates it's connected. i'm not naming any provider, just saying that this can happen to you with any one of the providers. do not put your trust in a sys tray icon.
Just use a firewall! In Linux, use https://www.whonix.org/wiki/VPN-Firewall I prefer to use iptables-persistent. But I steal the Whonix rules I can post rules files, if there's interest. I'm not sure about the current best option in Windows. Maybe someone else can cover that.
same goes for findows. you need to configure your fw to act as a killswitch. be it cfw or pfw or oafw or something else. any one of them would be one of the best options when properly configured.
Thanks imdb and mirimir. That'a a little too inconvivnient for me. I don't conduct all my online activities over VPN - just my browsing. Online banking, personal email and P2P are done over my ordinary connection.
It depends on the software if you use a Windows VPN client. Some like SecurityKiss implement this feature in a way that I consider reliable. It is not called kill switch, but exclusive tunnelling: https://www.securitykiss.com/resources/articles/exclusive_tunneling/ Unfortunately for other VPNs that may not be so reliable in this feature, the firewall option for me with TinyWall I think is not possible, since it can't control a remote IP. EDIT: Another thing limited in Freedome is you can't choose from Freedome client what port the tunnel uses. For instance if I limited my router to allow only certain TCP ports out and not UDP ones, the connection to the VPN server took longer if I remember right. But it did not seem to affect speeds noticeably, they were fast. So it should work well for a casual browsing without needing to bother about such things.
In that case, it would be best to install VirtualBox and create a Debian VM. Run a VPN client in the Debian VM, with Whonix VPN-Firewall. Do all of your non-private stuff in the host OS, and only the private stuff in the VM.
Or possibly even better, do your non-private stuff in a different VM - this ensures that your host OS is as squeaky-clean as you can make it. Browsing and opening email attachments is one of the main sources of infection, and at very least should be done sandboxed.
@deBoetie: i think the reason why mirimir recommends doing their non-private stuff in the host os to op is because op finds it inconvenient to do it the other way around.
Understand, getting your confidence (and RAM) up to scratch is certainly part of the process. But, jump in, the water's nice!
OK; thanks. I use VirtualBox for testing purposes. If I'll find enough space on my SSD I might try to install another system for that purpose.
There are some tiny Linux distros. But some with small RAM footprint still use lots of disk. Also, one can run VMs from USB drives. And one can put an old 2.5" SSD in a USB case, and get a fast USB drive.