Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Thu Jul 14, 2022 20:36 Post subject:
I use SSH tunnels and configure browsers client side to use the proxy, but that's just for browser traffic and OS client traffic when configured to use the tunnel. This is 100% free. CHACHA-poly has been enabled in DD-WRT recently SSHd side, so its even better performance and security tradeoff.
Router side you and to absolutely make things hard, OpenVPN or Wireguard are both valid solutions, Wireguard being a better performant since its an in Kernel implementation so needs lesser resources vs a userspace implementation like OpenVPN.
To get those for free, no idea your mileage may vary.
For free? You know what they say, when it's free, you're the product.
I'm going to assume OpenVPN for this discussion, but WireGuard may be a worthy alternative, esp. for that older router.
Given the situation, you absolutely want to use a VPN. It's no different than being at a wifi cafe or hotel. You're sharing an ethernet network w/ others, which typically has no security against arp poisoning and other MITM attacks. So even if you have to pay for the peace of mind of a VPN, it's well worth it.
Now that doesn't necessarily mean you have to use a commercial VPN provider. You *could* establish your own VPN server on a VPS (virtual private server).
FWIW, I did recently find the following, which helps you establish an OpenVPN server of your own on AWS, and at least at the time, it was FREE for the first year.
Of course, like anything free, there's probably some limitations, like the amount of bandwidth per month. But it may be cheaper than using a commercial VPN provider over that same period. That's just something you'd have to check.
One of the advantages of managing your own VPS and VPN server is that you gain remote access over that same VPS+VPN! In order to gain remote access w/ the local router, you'd have to beg the landlord to allocate and manage port forwards just for you. Seems highly unlikely. Even a commercial OpenVPN provider could offer the same provided they supported port forwarding over their end of the tunnel (some do, most don't).
So regardless of the path you take, remote access is something to keep in mind when making a decision, at least if remote access is important to you.