New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VPS provider recommendations for personal VPN tunnel with non-standard egress
I'm looking for a small VPS to run as the server end of a personal VPN tunnel. I'm based in Iran and the tunneling techniques that currently work from my side require the server to send packets with non-standard source addressing, so I need a provider whose network doesn't enforce strict source address validation (BCP38) at the edge.
To be very clear about what this is and isn't:
- Use case: A single tunnel, just for me, connecting my client to this VPS. Low volume. Destination is my own infrastructure only.
- Not: reflection, amplification, spoofed traffic aimed at third parties, or anything that would generate abuse complaints. Zero interest in that.
- Restrictions are fine. If the provider wants to rate-limit egress, whitelist destinations, or otherwise put guardrails on the account to prevent misuse, I'm happy to work within that. The goal is a working tunnel, not unrestricted spoofing.
Requirements:
- KVM, full root, IPv4. IPv6 a bonus.
- ~$5–10/month range, monthly billing preferred for initial testing.
- Turkey or Europe preferred for latency from Iran, but other locations are fine if the network policy is right.
- Payment method flexibility appreciated (Iranian cards don't work with most providers; crypto is fine on my end).
Has anyone here set up something similar in the last 6 months? Happy to take DMs if you'd rather not name providers publicly. I understand this topic is sensitive and I'm not looking to burn anyone's working provider — just looking for a starting point.
Thanks.
Thanked by 1MAXKO_Hosting
Comments
@Murv
@servers_guru @RIYAD I recommend for those provider.
Will they agree to what OP is asking though?
Thanks! Is BCP38 disabled by default on their networks, or should I ask when ordering?
Thanks! Is that user a provider themselves? Would they be open to the kind of setup I described?
Hello, no.
I'm just an anime gooner, or an important asset of the state depending on who you ask.
Very unusual request, what kind of legal activity requires BCP38 to be disabled?
Not unusual given circumstances
Lol... I see now
Do you have any suggestions though?
It's prolly over your budget but maybe ask @MAXKO_Hosting
I know... I kinda low-balled on the budget, but as long as it's in a reasonable range, I'll be down for that.
Thank you very much
OOT @k2evil @Murv I read owning starlink equipment in IR carries a death penalty, is it true ?
Wait till they find out we're using DNS resolvers to shatter our packets into a million pieces, ship 'em out, and catch 'em on the other side. XD
Nah, not death penalty.
If it's your first time you prolly won't even get jailed, they'd just have you take a written pledge to not get one again.
It's not an automatic execution but it can lead to death penalty under some circumstances. If they suspect you were spying on them using starlink
I think @MAXKO_Hosting mentioned (in a now removed thread) that Bulgaria (location with IPHM enabled) is out of stock currently due to high demand (i wonder what that might be)...
Their Serbia location can do spoofage too
@k2evil do you happen to know a provider on IR side?
Nope, that's even a harder task to find one and probably much more expensive, but I was thinking to use dns tunnel for uplink for now
I see
Are you aware that without BCP38 verification allow forge the IP addresses, so I don't think any provider be able to provide such service and nothing to do where you based!
Definition:
So they need to be allowed to hack? I don't think so, as such service is commonly is used for hacking and DDOS attacks.
That's exactly the point, and there are providers here who are willing to support that.
There are legitimate reasons to want to spoof IPs, such as bypassing internet censorship. @Murv is literally doing that right now and he's not hacking or DDoSing anyone. In an age of frequent internet shutdowns in countries at war, sometimes the only way around it involves spoofing the IP address of a whitelisted service.
We literally already had this discussion. How about merging these threads?
It comes up over and over as new people post questions looking for the same thing.
Fixing search sure would be a good first step to get people to use search...
Previous thread was nuked
Why? It's not for blackhat purposes, so it's not against the rules.
Because some reguarded guy was pissing and moaning while tagging jbiloh about how people shouldn't be taught to break laws of their countries or something.
I guess a country's laws precedes morals and human rights.
Well that's stupid. It's not going to stop these threads, of course. It's a shame that jbiloh is pro-blackout, though.