How to Build Your Own Vpn, Or: the History of Warp

Posted2 months agoActive2 months ago

yla92

96 points

28 comments

blog.cloudflare.comTechstory

calmpositive

Debate

40/100

VPNNetworkingPrivacy

Key topics

VPN

Networking

Privacy

The post discusses how to build a VPN and shares Cloudflare's experience with WARP, sparking a discussion on DIY VPN solutions and the distinction between VPN technology and services.

Snapshot generated from the HN discussion

Discussion Activity

Active discussion

First comment

Peak period

144-156h

Avg / period

Comment distribution28 data points

Loading chart...

Based on 28 loaded comments

Key moments

01Story posted
Nov 3, 2025 at 3:46 AM EST
2 months ago
Step 01
02First comment
Nov 8, 2025 at 11:10 PM EST
6d after posting
Step 02
03Peak activity
16 comments in 144-156h
Hottest window of the conversation
Step 03
04Latest activity
Nov 10, 2025 at 10:51 PM EST
2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (28 comments)

Showing 28 comments

fragmede

2 months ago

4 replies

at Cloudflare scale, absolutely. But today? Find a friend that lives in a different legal jusrisdiction that you trust. Install Tailscale on a raspberry pi Zero. Configure it all up. Send it to your friend. Get it on their wifi. Set up the corresponding app on your phone. Connect to it and use it as your exit node.

Voila, VPN!

aborsy

2 months ago

3 replies

This is something that everyone says and nobody does.

Do your friends do that?

The majority of people have no idea what is VPN or Tailscale and would be suspicious that you might be placing a hacking device or proxy for visiting bad websites in their home.

kro

2 months ago

1 reply

Some people also do run Tor exit nodes on their ISP connections, of course receiving tons of abuse complaints, but apparently it's legal enough.

inemesitaffia

2 months ago

So people may be willing to do it for strangers in exchange for paying the bills.

yoavm

2 months ago

1 reply

My siblings and I live in 3 different continents. We use Tailscale exactly for that. It's also installed on some of the VPS I own, so all-in-all we have around 7 exit nodes in different countries to choose from. It was really a breeze to set up.

The best part is that our IPs never seemed to be blocked by any service provider.

spwa4

2 months ago

3 replies

Isn't ssh -D + configuring a socks proxy in your browser a lot easier and faster? (using one of the many proxy switcher extensions) It would only work for the browser (although you do have socksify), but much quicker to set up and only ssh needs to work. No software install whatsoever. I mean, at least for VPSes, of course this won't work without an IP to connect to, or an IP behind NAT.

But: no software install.

fragmede

2 months ago

Where do you SSH to? You need to install sshd on that system somewhere, somehow? Your preferred software seems easier to install, and it is, for you. Others don't have the same experience though.

How do you configure apps on your phone to use a socks proxy?

We could rathole on what constitutes "a lot" easier, but that doesn't seem interesting so I'll just point out that there's a Tailscale app for Apple TV.

yoavm

2 months ago

With Tailscale, my clients and my exit nodes can easily include Windows machines, Apple laptops, Android phones etc. And I can explain to my siblings how to set it up in 5 minutes, without them ever needing to hear about a terminal.

dns_snek

2 months ago

Consider the case where a non-technical person wants to watch US streaming services from their smartphone. No software install, but 5% of the features and 1% of the usability.

fragmede

2 months ago

The thing that Tailscale also allows you to do is access systems on the tailnet, without exposing those servers to the Internet. For the self-hoster with friends, this is really really useful.

Do I think this is a thing that more people than you think are doing? Given that you're questioning if it happens at all, I'd say yes.

Do I think this is at all common or normal? Absolutely not. My friends and their friends are very technical compared to the general population, so it's not surprising that something "weird" like this would be overrepresented, but even then it's not commonplace to share with friends. You really need some tight-knit bonds in order for it to work. Bonds that many people don't have a ton of.

I should mention though, it's not just "bad" websites. A lot of websites geolocate, and for foreign nationals, those websites don't make content available outside the country (for whatever reason). So for a taste of streaming TV from home, a residential proxy in the home country does the trick to let them watch "local" news of home.

silisili

2 months ago

6 replies

There's zero chance I'd put some random device from anyone, even a friend, on my network - especially if I knew that was its purpose. Sounds like a huge liability. Do people really do this?

invaliduser

2 months ago

2 replies

Most people have no sense of security. They say yes to strangers if asked to plug in a USB device on their laptop. When I said no in the train to someone asking to plug their device "for charging", I was definitely the bad guy.

Just find anything plausible, for backup storage, or say, to share family photos with grand parents but it does not work on my home wifi because my ISP is blocking ports, whatever.

3oil3

2 months ago

1 reply

Ah man, this must be rethorics and you wouldn't lie to a friend close enough to do such a favour, would you? WHo the h is after you guys anyway, to want such level of degraded-internet-speed?

And about 'Warp', is it or is it not a VPN after-all? They mentionned they aren't a VPN, but that they build on wireguard ??

invaliduser

2 months ago

I wouldn't lie even to strangers, and my point was solely about people having little to no sense of security.

Arainach

2 months ago

So now the plan is to lie to people to get them to do something for you under false pretenses?

mattrighetti

2 months ago

1 reply

> Sounds like a huge liability.

This 100%.

I don't think this is being discussed enough but I frequently see a lot of landlords trying to make their contract more attractive by including an internet offer with the rent (this is especially useful for people that look for 6-months contracts when internet providers usually give you a minimum contract length of a year).

Tenants could technically do any kind of illegal activities by using that network. I've always wondered how and who would be liable in case someone uncovers something big enough to get the attention of law enforcement.

I guess this differs by country but it seems highly plausible that a legal loophole could exist, leaving the landlord unexpectedly responsible for the tenant's actions.

walletdrainer

2 months ago

> I guess this differs by country but it seems highly plausible that a legal loophole could exist, leaving the landlord unexpectedly responsible for the tenant's actions.

Not in any normal country.

> who would be liable in case someone uncovers something big enough to get the attention of law enforcement

The person doing the crimes, obviously. The cops would most likely never even contact the landlord, as they’d just show up at the address where the line is connected.

walletdrainer

2 months ago

1 reply

> Sounds like a huge liability

Not really, you aren’t responsible for what other people do without your knowledge and you’d have solid evidence that someone else was able to use your network.

Sure, if your friend was committing some horrible crimes it might end up being slightly inconvenient for you.

fragmede

2 months ago

If your "friend" uses it to download CSAM, you're in for a world of trouble. I don't know that none of my friends aren't into that stuff, but sincerely believe the friends I share a tailnet or two with aren't doing that with my connection. Tailscale has Mullvad VPN exit node integration for sketchy shit, this is more about getting access to eg Swedish television for a friend's girlfriend who gets homesick every once in a while.

gear54rus

2 months ago

Definitely. In the age of the internet where stupid 'legal'/commercial/whatever other restrictions are the norm it's the only way to guarantee access.

pirates

2 months ago

Random device? In this scenario you and your friends would have already hashed out what exactly they’re sending you and what it’s for, right?

hansvm

2 months ago

It depends on the friend, but I definitely wouldn't be opposed to it.

vjerancrnjak

2 months ago

2 replies

Won’t work if behind CGNAT or will be insanely slow. Even ipv6 is not advertised sometimes.

I miss the days when I could ssh to my computer with ddns.

hdgvhicv

2 months ago

1 reply

Choose an isp which gives you a static ipv4 address then.

vjerancrnjak

2 months ago

Hard to find. I ask for advertising an ipv6 address and they don’t want to do that. Even though they give me an ipv6 prefix.

Jnr

2 months ago

Tailscale uses STUN to do hole punching, there is a big chance that nodes would be able to achieve direct connection even if both are behind NAT.

mintflow

2 months ago

Exit node really is a handy solution for build private vpn for sharing.

I have build a vpn called Echo VPN for apple platform which actually use tailscale open source core.

Also I think there is another benefit is that wireguard can be DPIed easily now adays, but DERP leverage HTTPS and upgrade which can do some obfuscation too

rasengan

2 months ago

There’s the VPN technologies and then there are VPN services [1]. Technology alone does not give you the service.

[1] https://vp.net/l/en-US/blog/The-History-of-VPNs-and-Logging

View full discussion on Hacker News

ID: 45797083Type: storyLast synced: 11/20/2025, 6:42:50 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN