The following link (dated 5/28/2017) is an update to Salter's original article (dated 5/26/2017) in message #1 of this thread: How to build your own VPN if you’re wary of ISPs—or the government -- Tom
Hmmmm.... why it says there "Does not install Tor, OpenVPN, or other risky servers" ? What's risky about OpenVPN ? (note: I have absolutely no clue about ipsec)
The author likes IPsec, obviously There's also https://github.com/jlund/streisand which lets you choose what sort of VPN server to install.
Do you happen to know where the certs are generated for the server in Streisand? Is it on your local machine before the deployment to the remote server? Just thinking about entropy for the generation of the certs, and having a bit more control of them. Presumably one has to trust the hosting provider not to do memory scans of its VMs, or are there any mechanisms for encrypting the certs while not in use in memory?
It does that on the remote server, it seems. https://github.com/jlund/streisand/blob/master/playbooks/roles/openvpn/tasks/main.yml I don't think so. This isn't a high-security setup, for sure. It's just for people who want a private VPN, but don't know how to do it.