CastleVPN

This is a free VPN service ran by a group of volunteers. It is invite-oriented, based on WireGuard, and stores pretty much no logs.

Things this VPN might be useful for:

Forwarding ports to a machine behind a restrictive firewall.
Allowing you to circumvent regional censorship and/or firewalls.
Allowing you to LAN up with your friends over a virtual network.
Hiding your real IP.
Making your traffic blend in with other users, so you are harder to fingerprint.

Things no VPN can do:

Keep you 100% without a doubt anonymous.
Anyone who says theirs can, is probably lying.

Still, our service does not record any of your activities, hosts you visit, etc. Your IP address is stored in memory while you are connected, and is cleared after 10 minutes has passed since your last handshake to the server, and it is never written to the disk. The amount of data your peer has sent and received persists in memory until the system powers off, as well as the time since your last handshake to the server. There is no central database, and invitation codes are in no way tied to your peer on the server. Additionally, we can not see when your peer was created or which invitation code was used to make it. The only information stored on the disk is your peer information, which includes your internal wireguard addresses, public key, and pre-shared key. Each code can be used to make 1 configuration for each server, and you can have 1 device connected per configuration. Also, for what it is worth, our servers do use full disk encryption. To start using the service, you can go to one of the links below and enter a valid code.

Servers

Server	IPv4	IPv6	Port Forwarding	Location
vpn1.strcat.su	✓	✓	45000-49000	Riga, Latvia
vpn2.strcat.su	✓	✓	45000-49000	Helsinki, Finland
vpn3.strcat.su	✓	✓	45000-49000	Missouri, USA

webfw

To manage Port Forwards for yourself, go to your VPN server's gateway address (eg. 10.90.1.1) in your web browser. You will be presented with an interface that allows you to manage them.

Help improve

This service is still pretty new, so there are probably bound to be bugs or issues somewhere. If you find any, feel free to reach out to sl on the ergo.chat or castle.i2p IRC networks. If it is security related, an XMR or Bitcoin payment can be given out as a reward. Feel free also reach out to make suggestions. My OTR fingerprint on castle.i2p is: 17ED7D95 0DE58CFF 291BCC76 8180CE60 1F396EEA

Troubleshooting common issues

"Firewall blocks DNS before connecting"
If your system's firewall is configured to block traffic outside of the VPN, you might need to replace the "vpn*.strcat.su" hostname in your configuration file. Just replace it with the IPv4 or IPv6 address for the server. This is probably relevant for you if you have configured a "Kill Switch" for the VPN on your firewall.

"I dont want to route all my traffic through the VPN"
Simply update your AllowedIPs section in the configuration. Change it to the internal subnet for the VPN you are connected to, then restart the interface. For example, if your address is "10.91.235.108/32" then update AllowedIPs to "10.91.1.1/16" and then your normal traffic wont go through the VPN, only traffic to and from the VPN subnet. Similar steps can be taken for IPv6. The setup we just went over is called a split tunnel. When you route all your traffic through the VPN, it is referred to as a full tunnel.

"Split tunnel stops working"
You can try adding the "PersistentKeepAlive" option to your configuration. This helps me stay connected when i have a split tunnel set up and no traffic is sent through it for some time.

This section will be updated as new issues or quirks are discovered and mentioned to me.