What are the risks related to VPS VPN?
Let me try to sum up this question; I want to buy VPS from (vultr - I'm not promoting them), but before that I'm wondering how secure is to run VPN on this kind (or any kind) of VPS in sense that I can endanger myself by choosing wrong company, which can tap/monitor my traffic. I'm not trying to ask how secure is KVM virtualization, but which infrastructure is the safest for running a VPN, dedicated server, VPS (both are almost same, from my question perspective) or building your own server or something else?
Basically it is similar to giving someone physical access to a physical server. Actually the risk is a bit higher, because VPS could be passively replicated, so it's more like giving someone an unprotected, unlimited access to a real-time replica of a physical server.
All the secrets required to set up a VPN connection are stored on the VPS itself and the traffic can be easily captured, so whoever has access to the underlying virtualisation platform can utilise them to monitor the communication in real time or afterwards.By extension, you also open your own (connecting) network to the party hosting the VPS. So if you were targeted, they could utilise this connection to get into your internal network, behind your perimeter defences. This of course should be addressed separately, regardless of whether you were connecting to a hosted VPS or not, but the risk might be considered higher with VPS in comparison to a VPN on a device which you fully control. The bottom line is: if you don't trust the company, don't do it. You are storing more vital information with VPN than if you used the VPS for other purposes.