Have you ever needed a VPN right now, but didn’t have one at hand? I certainly have, and thus instavpn was born. Whether you need some privacy while using a public WiFi hotspot, want to circumvent a web filter, or need GeoIP localisation to report you in a different country, instavpn will get you up and running in just about a minute. Using DigitalOcean’s API, it creates a droplet when invoked, creates a VPN connection, and tears it down once you’re done.

You may be wondering “wait, this tool buys a VPS?”, and you’re right, that’s exactly what it does. DigitalOcean’s pricing structure is extremely simple, and it’s really cheap, too: for $0.007 per hour, you get a basic machine (they call it a droplet). You only pay while you actually use it. If you destroy it after a few hours, you won’t pay more than a few cents. Best of all, they promise that the droplet will be up and running within 55 seconds! These properties are what enable instavpn: a droplet is created, and once it’s there, your VPN set up. It only takes a minute until you’re connected. Once you’re done, the droplet is immediately destroyed and the meter is stopped.

To make instavpn as simple as possible, sshuttle is used to provide the VPN connection. While it actually is a transparent proxy forwarding traffic over ssh, it makes for a pretty decent no-frills setup-free VPN. But although it should be fast enough for most tasks, you probably won’t break any speed records with it.

The last part – and maybe the most important one, because it could become costly if it failes unnoticed – is destroying the droplet once you’re done. Before I continue, let me just say: if you have any doubts at all whether your droplet was destroyed, manually check the DigitalOcean control panel. I do not accept any responsibility if droplet destruction, or anything else, fails and costs you money! That said, to shut down the connection and initiate droplet destruction, simply Ctrl+C out of sshuttle. Once instavpn detects that sshuttle has exited, it will destroy the droplet immediately, and DigitalOcean stops the meter. In case that you’re using a wonky connection, an additional self-destruct mechanism is set up: a small (and, I have to admit, rather hacky) script is run on the droplet to initiate its destruction if no connection has existed for 20 minutes. This works, because the server’s sshuttle process will exit after a connection loss once a TCP timeout has occurred. Again, it’s a bit hacky, so while it worked in my tests, the whole thing comes without any kind of warranty.

Everything that happens on the droplet occurs completely in memory, and no files should ever be written to the disk. This means that its storage does not need to be wiped after destruction: there is no private data on the droplet that could leak. If you’re concerned about your ssh public key being potentially disclosed to whomever gets that piece of storage after you (and I don’t know why you would be, but if you are), you can still opt into erasing the storage in the configuration file. This will cost you around eleven or twelve additional minutes in billed time.

For configuration instructions, please have a look at the settings.py.dist file in the repository, copy or rename it to settings.py, fill in your DigitalOcean API key and Client ID, and don’t forget your ssh key ID (more on that is in the file itself). You can also set defaults for a bunch of other things, like the droplet’s region or whether to forward DNS queries through the tunnel. Most of these can be overridden by command line options – help on that is available with ./instavpn.py --help

To clone the repository or file issues, please head over to https://github.com/lorenzhs/instavpn

Note: When connecting, you will need to confirm the droplet’s ssh fingerprint twice. This is because the sshuttle connection and the self-destruction mechanism’s setup are started at the same time, so both will ask for confirmation. I’m going to think about ways to simplify that, but for now, remember to accept twice. The host key will be removed from your known_hosts file when exiting unless you explicitly disable this behaviour.