Having done this the hair shirt way, definitely use a script. The reason I went for a cloud installation was to experiment with termination in other countries.
EDIT – this is an outbound VPN not a way to access my internal network securely from outside. That I do with an SSL VPN on the Draytek router.
Digital Ocean make it so simple to spin up a VM and dirt cheap. A $5 a month 1 CPU, 1 GB ram, 25GB SSD comes with 1 TB of outbound data transfer (inbound is free), but you don’t even have to pay for the month, it’s $0.007/hr. So just spinning one up for a week is trivial, plus I got $100 60 days free credit as I signed up through a referral.
Their data centres are in San Fransico, New York, Toronto, Bangalore, Singapore, Amsterdam (2), London and Frankfurt. Keeping data inside the EU is probably all they’re worried about, so who cares if it breaks out in Brussels? The pipelines are so fat it doesn’t affect performance. It’s not something I’d even considered before as the ping times on my other servers are great. Looking at tracert, it takes 7 of the 10 hops to get out of TalkTalk land.
EDIT just done another DNS Leak Test and it’s from London this time. I’ll keep an eye on it.
UPDATE it was me interpreting a report incorrectly. It’s breaking out in London and always has been. The Brussels bit is to do with Google’s regional DNS servers (the VPN server is set to 8.8.8.8 and 8.8.4.4). I have seen a Pi tutorial about using PiHole and OpenVPN on the same server. Will have another look at it as the server can easily run both and probably not notice it.
.
