I’ve developed a Python application which rotates VPN gateways from one or more providers. This will change your outbound IP address, and optionally VPN provider(s), on a random basis within a given time period (eg, every 2-4 hours). This uses Docker, the Gluetun VPN client, virtual machines, and optionally HAProxy, MQTT, InfluxDB and Unbound DNS.
I’d really appreciate feedback from members of this subreddit, whether that’s in regards to the general concept, the example architecture I’ve included in the repo (below), the code itself, or whatever else you might have!
Randomizer supports all providers supported by the Gluetun VPN client including custom providers. The randomizer project has been biased towards Wireguard and Linux, with OpenVPN and other OSes in near-term consideration. It’s my intention to keep the project as flexible as possible allowing ease in adopting personal modifications.
Could probably do this easier with PFsense and setup all of the VPN clients on the firewall and write a script to stop and start each vpn service. I use PFsense for torrents to allow load balancing and to increase throughput. I have three openvpn clients setup into a gateway group and tunnel the traffic out.
Supporting appliance based tunnels would probably be a clear path for this project. Challenges may involve key handling and gateway/provider management. If there were a dependable, native API this could make it all the easier.
My little project so far has been biased towards (a surplus of) redundant commodity hardware. The environment where this evolved includes a very early MIPS32 based router so tunneling/proxying/resolving were not an option there.
I’m most definitely inspired here to see about supporting this kind of configuration! pfsense/opnsense have been on my list for years.
pfSense can just keep all the VPN sessions up. You make gateway groups that can be triggered by timers. "At 12:37 these clients should use this gw group which favors this VPN "
Make it so you can chain vpns… 1 random vpn over another random vpn
I don’t get the hate, this is very cool, thanks for sharing!
Thank you very much. In fact, the more challenging comments and questions inspire new ideas and shine light on knowledge gaps. Some of the funner comments help sharpen my dulling wit.
Nice project, couldn’t see me using it myself as I’m not sure why I’d want my VPN to randomly change every 24hrs say? You say the router is a spof, but that’s still going to be the case here isn’t it?
Sounds like Proxychains
That’s cool AF. Do you have any moments of connectivity in between VPN switches?
A most excellent question and an issue just recently addressed.
Gluetun includes a control server which allows state changes to the VPN connection. Early on I would send a
stopped
and let the healthcheck take care of the recovery. At some point I found that 6 second lapse to cause a bit of trouble so I played with sending astopped
and immediaterunning
. The result is a near instantaneous recovery (and random reallocation) of the tunnel.Here’s are a couple of examples:
2023-11-20T14:42:31Z INFO [vpn] stopping 2023-11-20T14:42:31Z INFO [http server] 200 PUT /status wrote 22B to 172.21.0.1:40896 in 129.856648ms 2023-11-20T14:42:31Z INFO [vpn] starting 2023-11-20T14:42:31Z INFO [wireguard] Connecting to 188.241.176.194:2049 2023-11-20T14:42:31Z INFO [http server] 200 PUT /status wrote 22B to 172.21.0.1:40902 in 108.677199ms 2023-11-20T14:42:32Z INFO [ip getter] Public IP address is 188.241.176.241 (Canada, Quebec, Montréal) --- 2023-11-20T14:43:56Z INFO [vpn] stopping 2023-11-20T14:43:56Z INFO [http server] 200 PUT /status wrote 22B to 172.21.0.1:52474 in 129.197494ms 2023-11-20T14:43:56Z INFO [vpn] starting 2023-11-20T14:43:56Z INFO [wireguard] Connecting to 198.54.131.98:2049 2023-11-20T14:43:56Z INFO [http server] 200 PUT /status wrote 22B to 172.21.0.1:52482 in 108.371437ms 2023-11-20T14:43:56Z INFO [ip getter] Public IP address is 198.54.131.120 (United States, Washington, Fairwood)
You’ve raised a great point here and it’s something I may look into further (as in soon). It wouldn’t be to difficult to measure the entire sequence in milliseconds and offer that up as a metric.
Since I’m not seeing anyone else say it; I think it’s a cool concept and the first time I’ve seen someone make this. I can imagine this being added to one of those ultra privacy focused bootable Linux distro’s. Nice work!
Thanks tons kind sir. A warm muffin to you!
But this is not privacy. This is creating false sense of privacy.
One could even argue that it is reducing privacy by intentionally giving your browsing habits away to more than one entity, thereby increasing the chance of actually being spied on.
For education is perfect, though. Kudos to that.
I was thinking more along the lines of people who don’t care about some random vpn companies knowing fragments of their browsing habits as opposed to the government of their country knowing it, in order not to get arrested or killed.
Cool idea but a lot of work for nothing. Every provider offer multiple gateway around the world with a couple of click
Have you thought to encrypt and segment each data frame then send them out in a random order over those multiple gateways, for decryption and reassembly at their destination? Two endpoints set up in this manner could provide significant security, since not only would each frame be encrypted, but the reassembly order would not be determinable via en-route packet sniffing.
I haven’t looked too deeply into it yet, looks interesting. Does your original IP leak when the tunnel is changing?
Doing gods work
This is very good as a proof of concept and education. Otherwise, I don’t see a real life benefit except for a few corner cases. In fact, it is going to ruin your everyday browsing experience if VPNs just randomly disconnect every 2 hours.
I just use VPNgate with its 100-300 vpn’s to rotate if needed. But in general when using python , 99% of the time you can do just fine with a rotating proxy setup (socks5) , just bit of scraping online and et voila.