Dan Q

Tag: law

Run your own WireGuard VPN

With the news that the British government are considering requiring identity checks for age verification before allowing people to use VPNs, it’s time for my periodic reminder that you don’t have to use a “VPN provider” to use a VPN1.

As I’ll demonstrate, it’s surprisingly easy to spin up your own VPN provider on a virtual machine hosted by your choice of the cloud providers. You pay for the hours you need it2, and then throw it away afterwards.

Today, I’ll be using Linode to host my “throwaway” VPN provider for a price of USD $0.0075 per hour ($5/month if I ran it full-time), using a Linode StackScript I created for this purpose.

If you’d prefer to use GCP, AWS Azure, or whomever else you like: all you need is a Debian 13 VM with a public IP address (the cheapest one available is usually plenty!) and this bash script.

Screenshot from Linode's Web interface, showing my StackScript and indicating the location of the Deploy New Linode button.
If you prefer the command-line, Linode’s got an API. But we’re going for ‘easy’ today, so it’ll all be clicking buttons and things.

First, spin up a VM and run my script3. If you’re using Linode, you can do this by going to my StackScript and clicking ‘Deploy New Linode’.

Linode configuration screenshot with the key options highlighted as described below.
You might see more configuration options than this, but you can ignore them.

Choose any region you like (I’m putting this one in Paris!), select the cheapest “Shared CPU” option – Nanode 1GB – and enter a (strong!) root password, then click Create Linode.

It’ll take a few seconds to come up. Watch until it’s running.

Screenshot of Linode's Web interface showing a running VM, overlaid with a terminal using SCP to download wireguard.conf from it.
Don’t like SCP? You can SSH in and ‘cat’ the configuration or whatever else you like.

My script automatically generates configuration for your local system. Once it’s up and running you can use the machine’s IP address to download wireguard.conf locally. For example, if your machine has the IP address 172.239.9.151, you might type scp -o StrictHostKeyChecking=no root@172.239.9.151:wireguard.conf ./ – note that I disable StrictHostKeyChecking so that my computer doesn’t cache the server’s SSH key (which feels a bit pointless for a “throwaway” VM that I’ll never connect to a second time!).

If you’re on Windows and don’t have SSH/SCP, install one. PuTTY remains a solid choice.

File doesn’t exist? Give it a minute and try again; maybe my script didn’t finish running yet! Still nothing? SSH into your new VM and inspect stackscript.log for a complete log of all the output from my script to see what went wrong.

Screenshot highlighting WireGuard's 'Import tunnel(s) from file' button.
Not got WireGuard installed on your computer yet? Better fix that.

Open up WireGuard on your computer, click the “Import tunnel(s) from file” button, and give it the file you just downloaded.

You can optionally rename the new connection. Or just click “Activate” to connect to your VPN!

Screenshot of WireGuard running, connecting to our new VPN on a Linode VM.
If you see the ‘data received’ and ‘data sent’ values changing, everything’s probably working properly!

You can test your Internet connection is being correctly routed by your VPN by going to e.g. icanhazip.com or ipleak.net: you should see the IP address of your new virtual machine and/or geolocation data that indicates that you’re in your selected region.

When you’re done with your VPN, just delete the virtual machine. Many providers use per-minute or even per-second fractional billing, so you can easily end up spending only a handful of cents in order to use a VPN for a reasonable browsing session.

Screenshot showing Linode list with our new VM's kebab menu opened and the 'delete' option selected.
Again, you can script this from your command-line if you’re the kind of person who wants a dozen different locations/IPs in a single day. (I’m not going to ask why.)

When you’re done, just disconnect and – if you’re not going to use it again immediately – delete the virtual machine so you don’t have to pay for it for a minute longer than you intend4.

I stopped actively paying for VPN subscriptions about a decade ago and, when I “need” the benefits of a VPN, I’ve just done things like what I’ve described above. Compared to a commercial VPN subscription it’s cheap, (potentially even-more) private, doesn’t readily get “detected” as a VPN by the rare folks who try to detect such things, and I can enjoy my choice of either reusable or throwaway IP addresses from wherever I like around the globe.

And if the government starts to try to age-gate commercial VPNs… well then that’s just one more thing going for my approach, isn’t it?

Footnotes

1 If you’re a heavy, “always-on” VPN user, you might still be best-served by one of the big commercial providers, but if you’re “only” using a VPN for 18 hours a day or less then running your own on-demand is probably cheaper, and gives you some fascinating benefits.

2 Many providers have coupons equivalent to hundreds of hours of free provision, so as long as you’re willing to shuffle between cloud providers you can probably have a great and safe VPN completely for free; just sayin’.

3 Obviously, you shouldn’t just run code that strangers give you on the Internet unless you understand it. I’ve tried to make my code self-explanatory and full of comments so you can understand what it does – or at least understand that it’s harmless! – but if you don’t know and trust me personally, you should probably use this as an excuse to learn what you’re doing. In fact, you should do that anyway. Learning is fun.

4 Although even if you forget and it runs for an entire month before your billing cycle comes up, you’re out, what… $5 USD? Plenty of commercial VPN providers would have charged you more than that!

× × × × × ×

Article posted at UTC on .

No comments

Actually, Yes! (that IS what my birth certificate says)

Duration

Podcast Version

This post is also available as a podcast. Listen here, download for later, or subscribe wherever you consume podcasts.

I’ve been going by the name Dan Q for almost 19 years… so like two-thirds of my adult life. I haven’t even needed to show a deed poll to anybody in over a decade1

But just sometimes, somebody asks2 “Yeah, but what does your birth certificate say?”

Dan, a white man with blue hair and a goatee beard, wearing a t-shirt reading 'you see a mousetrap, I see free cheese and a fucking challenge', holds up a Birth Certificate Extract on which his name appears as 'Dan Q'
My birth certificate says… Dan Q. Fuck the haters3.

It didn’t used to say “Dan Q”, but nowadays… yes, that’s exactly what my birth certificate says.

Y’see, I was born in Scotland, and Scottish law – in contrast to the law of England & Wales4permits a change of name to recorded retroactively for folks whose births (or adoptions) were registered there.

And so, after considering it for a few months, I filled out an application form, wrote an explanatory letter to help the recipient understand that yes, I’d already changed my name but was just looking for modify a piece of documentation, and within a few weeks I was holding an updated birth certificate. It was pretty easy.

Adapted comic based upon frames from Rick and Morty Season 6, Episode 7 (Full Meta Jackrick). Beyond a sports-themed force field, Morty says to Rick 'That's called ret-conning; couldn't his name just BE Dan Q.' On the near side of the force field, Brett/Rhett Caan, with a comic-art version of Dan's head, says 'It is. And always has been, now.'
Somehow my modification does not make this Rick and Morty episode any more batshit-crazy than it already was.

I flip-flopped on the decision for a while. Not only is it a functionally-pointless gesture – there’s no doubt what my name is! – but I was also concerned about what it implies.

Am I trying to deny that I ever went by a different name? Am I trying to disassociate myself from my birth family? (No, and no, obviously.)

But it “feels right”. And as a bonus: I now know my way around yet another way for (some) Brits to change their names. Thanks to my work at FreeDeedPoll.org.uk I get an increasing amount of email from people looking for help with their name changes, and now I’ve got first-hand experience of an additional process that might be a good choice for some people, some of the time5.

Footnotes

1 By the time you’ve got your passport, driving license, bank account, bills etc. in your name, there’s really no need to be able to prove that you changed it. What it is is more-important anyway.

2 Usually with the same judgemental tone of somebody who insists that one’s “real” name is the one assigned closest to birth.

3 If you’re zooming in on the details on that birth certificate and thinking “Hang on, he told me he was an Aquarius but this date would make him a Capricon?”, then I’ve got news for you about that too.

4 Pedants might like to enjoy using the comments to point out the minority of circumstances under which a birth certificate can be modified retroactively – potentially including name changes – under English law.

5 I maintain that a free, home-made deed poll is the easiest and cheapest way to change your name, as a British citizen, and that’s exactly what FreeDeedPoll.org.uk helps people produce… and since its relaunch it does its processing entirely in-browser, which is totally badass from both a hosting and a user privacy perspective.

× ×

Article posted at UTC on .

3 comments

Woodcraft Folk statement on the exclusion of trans children from Girlguiding

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Woodcraft Folk stands in solidarity with every trans child, young person and volunteer who faces exclusion from Girlguiding UK following the announcement on Trans inclusion.

We recognise that Girlguiding UK have taken this decision in the context of intense political pressure and legal uncertainty. However, this does not make the outcome acceptable. Young people should never bear the consequences of political disputes. All children and young people deserve respect, safety and inclusion in their youth organisations.

Excellent statement from Woodcraft Folk.

I was saddened to hear the news that Girlguiding will no longer accept trans girls as members. It seems to me that it would have been perfectly reasonable for them to change their articles in response to the Supreme Court silliness: instead of declaring themselves as being for the benefit of “girls and women” they could have become for the benefit of “girls, women, trans girls, and trans women”.

Yes, obviously it’s horrible that the Supreme Court’s othering decision means that people have to spell out that “by women, we mean all women, including trans women”. But that’s a thing that a charity can do. It’s perfectly reasonable for a charity to be for the benefit of multiple groups.

But no, they took the easy option.

So it’s great to see youth-supporting organisations like Woodcraft Folk make a statement like this that trans kids continue to be welcome with them. Okay, this was easier for them than for Girlguiding because Woodcraft’s articles didn’t contain any gendered language in the first place. And it’s fine that Girlguiding’s does use gendered language – it’s okay for charities to be gender-specific! – but it’s a shame that they didn’t… pardon the pun… have the balls to stand up for what’s right for all women and girls, in spite of the UK’s growing transphobia. Ugh.

Anyway: nice work, Woodcraft Folk.

Repost posted at UTC on .

No comments