Encrypt traffic between 2 locations.
- site-to-site VPNs - usually between two datacenters or an office and a datacenter
- client-to-site VPNs - usually between your desktop / laptop and the office or datacenter
- consumer VPNs - these are client-to-site VPNs that are used to encrypt traffic so your ISP can't snoop on you, or to change your geographic location to watch Netflix or other streaming services that may not be available where you are physically located or may have restricted shows by country
OpenVPN is the open source standard for VPNs.
Several products are build on this open source base software and use it under the hood, eg. Tunnelblick.
Standard open source GUI client on Mac that can connect to OpenVPN.
- OpenVPN Client
- Perimeter 81 - user friendly VPN
- Global Protect by Palo Alto Networks
Free VPNs generally have fewer server locations to routing your traffic from.
- NordVPN - commercial well-established with a kill-switch to reduce risk of leakage
- ExpressVPN - simple but more expensive than Nord
- Surfshark - best cheap VPN
AtlasVPN - discontinued- Private Internet Access - best for Linux
- TunnelBear - consumer VPN with free tier but limited to 500MB of data, use ProtonVPN instead
- PrivadoVPN - free, perhaps ok for light traffic
- Proton VPN - free to use privacy from your internet / wifi hotspot provider. Pay for more features or server locations. This often breaks DNS resolution when connecting/disconnecting on Mac. Workaround:
dscacheutil -flushcache
sudo killall -HUP mDNSResponderIf you are sourcing DevOps-Bash-tools repo in your .bashrc there is a shell function
shortcut so you can just run: flushdns.
fingerprint.com can still sort of identify you using a hash of common characteristics. Click the link from Incognito/Private Browsing and on/off VPN to see
Documentation:
Open source library (TODO read this code):