If I Wanted To Start A VPN Business, Where Would I Start?

Discussion in 'Networking & Security' started by parityboy, Feb 28, 2013.

  1. parityboy

    parityboy Limp Gawd

    Messages:
    384
    Joined:
    Nov 13, 2010
    I've been thinking about this for a little while. VPNs look like they'll be more popular over the coming years so they are looking like a good business to get into. The question is, where would I start?

    I know I could sign up for an affiliate program but I'd really like to do my own thing, albeit on a small scale. I have an idea of what I'd need: servers, virtualization, decent VPN software (OpenVPN, IPsec), billing, a website. If anyone has had any relevant experience of this, I'd be grateful if you'd share your experiences.

    Many thanks. :)
     
  2. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    You'll never be able to compete price-wise with the big players. You will need high-bandwidth links and enterprise networking gear if you want it done properly. Can you give at least 2 MB/s speed for 5-10 a month? Say you have 5 customers at $10 a month, that right there is a 100/100 line and it's going to cost you WAAAAY more than $50 a month for the line let alone the networking gear and power costs and everything else.

    It's not really feasible at a small scale.
     
  3. Skripka

    Skripka [H]ardForum Junkie

    Messages:
    10,792
    Joined:
    Feb 5, 2012
    Unless you're insanely independently wealthy to start a massive business from scratch. .. You'll never make ends meet to make it worth the effort.
     
  4. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    You also need to host them in countries that do not have to abide by copyright laws, or you'll just get shut down. That means not only do you have to worry about finding such place, but also have to worry more about exchange rates.

    This VPN thing will be short lived I think though. They'll just make VPNs illegal, or put some kind of restriction on it like making it require a special license or something.

    It could be doable though. Start with 1 server, and then move up from there. You wont need lot of disk space, mostly a high end connection, and unlimited bandwidth. Unlimited might be hard to find though but I'm sure there are host out there that offer it.
     
  5. parityboy

    parityboy Limp Gawd

    Messages:
    384
    Joined:
    Nov 13, 2010
    @thread

    Many thanks for the replies. The plan is to start small and then move upwards. I'm not based in the US, so I should face a reduced amount of headache. :)
     
  6. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,771
    Joined:
    Nov 4, 2005
    i was about to say, i'd hope you're in a scandanavian company or something where you kind of have a laissez faire approach to ISP monitoring... and have a LOT of bandwidth CHEAP

    you're gonna have all sorts of child porn and stuff going across your networks in addition to the bittorrent...

    it kind of sounds like a nightmare, but if you just offered it to some of your buddies for some extra cash it wouldn't be so bad...
     
  7. robvas

    robvas Gawd

    Messages:
    619
    Joined:
    Jun 30, 2011
    ^^ Doing it for a small community of people would probably be the best way to do it, less abuse that way.

    Get a server, preferably with unlimited bandwidth. Get some sort of authentication setup going. Get a payment system going. Get your VPN protocols setup.

    Then advertise and wait for the DMCA notices, SPAM complaints, and FBI to confiscate your server when someone uses it to tweet how they want to blow up their school. Deal with credit card chargebacks and PayPal fraud. And get an email at 3:00 in the morning when some hackers knock your site offline.
     
  8. zero1945

    zero1945 Limp Gawd

    Messages:
    139
    Joined:
    Sep 9, 2012
    I was going to post this and then I saw your comment. I think you are spot on.

    I predict they will make encrypted traffic illegal next. The traffic gets dropped unless they can decrypt and read it. Perhaps some sort of licensing scheme where the traffic is still encrypted to everyone but the ISP is able to decrypt.

    If they are able to do what they are doing now, there really is no limit to this.
     
  9. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,771
    Joined:
    Nov 4, 2005
    what are they doing now? i know what they're TRYING to do....

    banning encryption will have a HUGE blowback, and not by just the average joe, corporations (who run the govt) would never let it happen, so don't worry...

    encryption is illegal in China... plenty of people there still using it...

    believe me, i'm not one to have faith in any government, but to think they'll outlaw encryption and VPNs is really quite radical... like if you really believe that i'd hope you've been wearing tin foil hats for years by now...
     
  10. zero1945

    zero1945 Limp Gawd

    Messages:
    139
    Joined:
    Sep 9, 2012
    I should clarify. If this takes off, they'll do something to stop it. If it remains minor, they'll probably ignore it.

    Encrypted traffic itself will not be illegal. But encrypted traffic that cannot be decrypted by the ISP and government will be made illegal. You'll need a license to send/receive this encrypted traffic. The license may even be registered at the time of purchase and you'll pay a small fee. Third parties still cannot read your traffic, but the ISP and government can.

    Anyone caught sending encrypted traffic that cannot be decrypted will have their internet cut off. I can't imagine this is very difficult to do.

    All they'll have to do is say people are using it for illegal activities or dodging taxes (the reasons don't have to make sense), and you'll hit the right buttons for just enough people to support it.
     
  11. robvas

    robvas Gawd

    Messages:
    619
    Joined:
    Jun 30, 2011
    They tried this in the 90's with the clipper chip. Idea was that everyone would use this chip for encryption and the government could snoop whenever they felt the need.
     
  12. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,771
    Joined:
    Nov 4, 2005
    yea, it's totally not going to happen dude...
     
  13. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    Not gonna happen. Unlike BT and things like that where its primary use (most likely) is infringing on copyrighted music/tv/movies/apps etc, the primary use of VPN is legitimate corporate traffic. VPN tunnels between offices, remote workers etc all rely on that, and nobody is going to support allowing the government or anyone else to snoop in on it. You might as well allow the government to monitor the local LANs of every company in the country if you allow them to decrypt vpn traffic.
     
  14. SirMaster

    SirMaster 2[H]4U

    Messages:
    2,122
    Joined:
    Nov 8, 2010
    Being in the US is optimal for VPN Privacy services since the US is one of the few countries that does not have a mandatory data retention policy. Countries in the EU are forced to log, even though some claim they do not.

    https://www.privateinternetaccess.com is an example of a great large vpn service that operates out of the USA and doesn't keep any form of logs.
     
  15. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,213
    Joined:
    Nov 16, 2009
    There is no way they can ban VPNs and encryption. Too many companies/corporations use them for site/site and client/site communications, the blowback would be huge. Esepcially companies based in multiple countries that need to move confidential data between sites.
     
  16. zero1945

    zero1945 Limp Gawd

    Messages:
    139
    Joined:
    Sep 9, 2012
    No one is banning anything. You can still use a VPN. You just need a license to use it and allow the government and ISP to decrypt the traffic.

    If this concept takes off (which I am confident it won't) and people start to use VPNs for "nefarious" purposes, the lobbyists will descend on Washington, DC and my "tin-foil hat" proposal will be the law of the land.

    The networking companies can be brought on board because the re-sale of used VPN-capable device will need re-licensing. The companies will make the re-licensing process so expensive that you will be better off buying a new device.

    Microsoft will like it because they can tie their license key to the VPN activation.
     
  17. Metraon

    Metraon Limp Gawd

    Messages:
    307
    Joined:
    Feb 23, 2011
    Yes indeed, saying that they will ban VPN, is like saying that they will ban SSL because some malicious site use it.

    The VPN technology is in a way like torrents, its has been created for specific reasons and people ''abusing'' it.
     
  18. robvas

    robvas Gawd

    Messages:
    619
    Joined:
    Jun 30, 2011
    Or you could just use an open-source based VPN, hardware or software.

    Bottom line is that's never going to happen.
     
  19. Brak710

    Brak710 [H]ard|Gawd

    Messages:
    1,424
    Joined:
    Oct 27, 2008
    lol, people think they'll one day require no encryption or to hand over the ability to decrypt.

    tinfol hats everywhere it seems.

    OP, for hardware, I'd recommend investing in AES-NI capable CPUs and use OpenVPN as your tunnels. That would maximize bandwidth and keep costs way down. You're not going to to able to afford Cisco ASA 5585s, here.
     
  20. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    yes, I see numerous high tech companies willing to let their ISP and .gov decrypt their confidential traffic just to make a few bucks licensing something that is already in widespread use. There is a 0.001% chance of this happening in anything short of a martial law scenario.
     
  21. zero1945

    zero1945 Limp Gawd

    Messages:
    139
    Joined:
    Sep 9, 2012
    What exactly are you going to do about it?
     
  22. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
    You think companies like microsoft, cisco, hp, dell or any other fortune 500 companies (as I bet most of them use VPN to various degrees) are going to support any legislation forcing them to open their networks to government & ISP monitoring?

    Nobody other than media companies would push this, and they don't have the power to overcome virtually the entire corporate world going against it.
     
  23. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,771
    Joined:
    Nov 4, 2005
    plenty, i'm not sure you quite understand how the internet/corporate networks work.... if there was a monitor-able back door you can be 100% positive the enemies of this nation will have that access as well... even from a national security standpoint it will not happen...

    GL banking online w/o SSL, it's literally an impossibility...

    it's not even that, it's any company that USES THE PRODUCTS of those companies... the very people who run the governments in the tin foil hat scenario would never let this happen...
     
  24. parityboy

    parityboy Limp Gawd

    Messages:
    384
    Joined:
    Nov 13, 2010
    @thread

    That mention of the Clipper chip just sparked another dark memory. Does anyone here remember the FBI's "Carnivore" from around 1999/2000? Anybody know what happened to that program?

    Anyway, as I said the plan is to start small (maybe a few friends with high-speed connections just to see what the box can handle) and go from there. Ultimately I'm not looking to make a profit from this; I'm thinking of running it as a non-profit operation - any and all profits will be put back into the operation. :)

    Question: what do you think would be best suited in terms of software: a minimal Ubuntu Server install running OpenVPN, or something more complete like pfSense or Vyatta? Also, for something like this would virrualisation give better utilisation of the hardware?
     
  25. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    The data coming out of the VPN server will not be encrypted though. So the US will see the traffic and then shut down the service because they don't like what it contains.

    Remember, the US government works for corporations. They'd make sure to make it easy for the big megacorporations to use it but not individuals. I can easily see it happen in the future.

    Though if they really want to decrypt something, if it's using a standard well known protocol, chances are they can.
     
  26. Brak710

    Brak710 [H]ard|Gawd

    Messages:
    1,424
    Joined:
    Oct 27, 2008
    I would recommend pfSense on bare metal hardware with multiple Ivy Bridge Xeon CPUs (You want AES-NI acceleration). PM me if you need help with hardware.
     
  27. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    7,303
    Joined:
    Dec 18, 2010
    The current state of the global economy is horrid. Good luck starting a business with out large amounts of capital. I mean large.

    I started my business 5 years ago and while it is doing quite well at times is lulls badly. I started with no capital and these days you must have it before due to the rediculous prices of advertising, supplies, access, etc... due to hyper inflated dollars.
     
  28. SirMaster

    SirMaster 2[H]4U

    Messages:
    2,122
    Joined:
    Nov 8, 2010
    It is unencrypted sure, but PIA has been around for years and is one of the biggest VPNs used by pirates and such and they definitely aren't being shut down at all. With no logs they can't attribute any of the data to a user and they can't be blamed for how users use the service. I mean they even say plainly on their website that they operate out of the USA because it's the best for their business as a privacy-centric VPN service.
     
  29. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    What about active packet sniffing? Isin't this what the NSA built a data center for?
     
  30. parityboy

    parityboy Limp Gawd

    Messages:
    384
    Joined:
    Nov 13, 2010
    @Red Squirrel

    You mean that giant data centre out in Utah (not Ohio)? The one where they hoover up everyone's emails? I think they're doing big data analysis on communications (SMS, email, Facebook, Twitter etc). Being the NSA, I don't think they're much interested in copyright infringement. After all, they're domestic spies, not lawyers. :)
     
    Last edited: Mar 4, 2013
  31. Qinsp

    Qinsp 2[H]4U

    Messages:
    2,154
    Joined:
    Jan 7, 2011
    All the major powers have the ability decrypt targeted data. Not all data, just data of interest.

    The Top500 list does not include surveillance supercomputers.

    They aren't looking for kiddy pron. They are looking for threats.

    Making non-govt encryption illegal won't work (edit) AGAINST THREATS anyhow. You can embed data inside govt encrypted data. Gov't opens it, it appears to be JPG images, when it's not.
     
    Last edited: Mar 1, 2013
  32. Qinsp

    Qinsp 2[H]4U

    Messages:
    2,154
    Joined:
    Jan 7, 2011
    Of minor interest is that there are "scrap" computers flooding the market in the US. These are state-of-the-art 2010 computers. Brand new spare mobos with Gov't sale P/N's with locked BIOS. The factory default settings are full blast, 24/7, ie - power saving settings are disabled by default.

    Exactly who sets up supercomputers that never throttle down? Somebody who doesn't care what it costs to operate it. Who throws away 3 year old supercomputers? Somebody with 2015 equipment.
     
  33. parityboy

    parityboy Limp Gawd

    Messages:
    384
    Joined:
    Nov 13, 2010
    @Qinsp

    Steganography. :)

    NSA. DoD. Take your pick. :p
     
  34. BryanSh

    BryanSh n00b

    Messages:
    1
    Joined:
    Jul 1, 2015
    Considering the tough competition, the best way to setup a VPN business is by joining White label reseller program.

    This will help Entrepreneur to avoid fixed cost associated with maintaining and managing server and rest of the complications.

    PureVPN offer one of the best white label program. First their process are completely white labeled including server address along with maximum number of countries and servers to their resellers.
     
  35. rand4505

    rand4505 Limp Gawd

    Messages:
    272
    Joined:
    Oct 25, 2007
    The Carnivore program is still in operation but has been wrapped up in other projects, just like the way of most govt projects another more expansive one gobbles up and takes over others. Use GPG. pfSense rocks. Host your own DNS server, and add DNSSEC.
     
  36. /usr/sbin

    /usr/sbin Successfully Trolled by Megalith

    Messages:
    3,927
    Joined:
    Jul 18, 2010
    If you have to ask.....
     
  37. +Eric

    +Eric Limp Gawd

    Messages:
    128
    Joined:
    Jul 4, 2012
    The DMCA has provisions for Safe Harbor, and that's it. Just because you do something illegal, whether it is on your local ISP or a VPN, only you're responsible. The VPN is still an ISP and still protected, just like if you spin up a server in Amazon cloud and do something illegal, they're protected.

    In fact in the US the protections for ISP's are quite good.

    VPN's aren't going anywhere, and it's short sighted and likely naive to think so. Even if made illegal (and it will never be made illegal lol), how would they stop it? Chase down everyone using a VPN? Come on.

    I don't see why this thread needs to be all about everyone's silly opinions on vpn's and their legalities. The OP asked what he'd need, very few have given him anything constructive.

    There are seedbox guys who start out on a relatively small scale. It's not hard to find servers to rent on a monthly basis. You can just get one, just one entire server to yourself in a data center somewhere and pay monthly for it. It's not guaranteed you'd need boatloads of upfront capital to get going. This isn't to say it wouldn't be a tough long and hard road.

    I don't know the economics of running a VPN service, but to suggest that if you had 10 clients and wanted to provide 10mbps you'd need 100/100 is absurd. On a 100/100 most VPN providers are likely serving WAY more than 10 clients.

    OVH has datacenters all over the world, they'll rent you a server right now for like 100 bucks a month, guaranteed 500mbps and burst to 1gb, no monthly bandwidth limits. Sometimes OVH even has crazy deals, like I've personally rented a server for 34 dollars monthly. An i3 with 8gb of ram and 2tb of HD. I had 5tb of monthly traffic on a 100mbps port.

    And OVH is far from the only game in town. You can easily find data centers that will rent rack space to you, or even let you send them tower to be placed on shelving. Joes datacenter will let you send them a mid-tower and give you 10tb for 40 bucks a month on a gig port.

    I'd almost think the easy part is getting the hardware running. The difficult part is security, software for billing/handling of users, etc.

    Safe harbors aren't going anywhere in the US. Not the least of which because companies like Google, Facebook and Microsoft would immediately start throwing their weight around. Then you'd have the absolute conniption the tech community would have. If you don't think that works, read up on SOPA/PIPPA.
     
  38. ntba

    ntba Limp Gawd

    Messages:
    185
    Joined:
    Sep 28, 2005
    Instead of going on about the NSA, lets get back to your original question...

    Like others have said it would cost a huge amount....but if you want to start small as you have said (I mean fairly small here)

    Buy a few virtuailzed private servers around the world, either from one of the big companies (RAMNODE, DigitalOcean, etc) or the MANY smaller, widespread companies with servers all around the world. They offer quite powerful virtualization, static IP's in places like the Netherlands, UK, USA etc with plenty of high speed bandwidth

    Digital Ocean Pricing
    RAMNode Pricing
    OVH Canada

    These things are dirt cheap, even Amazon's Cloud services can be used.....

    Set up Ubuntu 14.04 if you're not too experienced, both ramnode and Digital Ocean provide guides on how to setup most if not all popular services with only a few hours of work, for example here's how to set up OpenVPN

    OpenVPN tutorial

    Start with three locations, with decent bandwidth caps, start with friends and go from there.

    On a personal note, I have a VPS that hosts my personal blog and some other services along with an OpenVPN server located in the US that I tunnel Netflix and Web Browsing through since I live in Canada. I manage it myself fully, $20/month is well worth it to not only get my own VPS, but my own VPN service.

    All this talk of the NSA and tin foil hats, I'm not saying this isn't a pressing issue we all face, but most people just want to watch Netflix from another country. :D


    EDIT:

    +1

    What I and +Eric have mentioned can literally be done in your underpants over a weekend. Yes, the billing, security and automation would take the most amount of time, but its all about how much work you want to put in. This can even be turned into one of those "I made $1000000 in my underpants working from home" schemes, if you wanted to ;)
     
    Last edited: Jul 1, 2015
  39. ntba

    ntba Limp Gawd

    Messages:
    185
    Joined:
    Sep 28, 2005
    I just realized if I charged 4 of my friends $5/month (60$ lump for a year), I can pay off my VPS server costs AND have a better price than PIA

    BRB starting a business bro......:D
     
  40. rand4505

    rand4505 Limp Gawd

    Messages:
    272
    Joined:
    Oct 25, 2007
    https://twitter.com/thegrugq/status/616330591177281536This is why everyone always brings up the NSA now.

    Professionalism is gone in our government, so people bring there own personal agendas to work, you get officials targeting Americans who want to reign in Government power(Tea Party, Freedom works, Wikileaks supporters, etc.) by labeling them as domestic extremists, using agencies to cause grief, then you get the cattle mob, that swallows media propaganda regurgitating that filth back on social media such that normal moral people who have legitimate complaints are afraid to speak and hold power accountable looking to empower themselves with technology so they can do what they think is right and just. If you don't like that, be part of the solution.

    OP: There are various levels of "security", theater not with standing, to get you what you need, you need to define your threat models, and build, yourself, your solution that solves that, and change your behavior to match your threat profile. Start reading those that empower this, cypherpunks, security experts(ex. thegrugq, ioerror, Bruce Schneier), get multiple sources and cross reference and you decide. There is no quick single fix, true security is about mitigation of threats, there is no silver bullet, but there are things you can do and behavior to change, think like the enemy and criminals, and adopt what works for you and what you will accept.
    /endrant