How should I configure a VPN in order to access blocked websites and to hide my identity?
Usually I use SSH tunneling to protect my privacy and to escape censorship. I know nothing else about VPNs but I would like to know how to use it correctly.
(I'm on Mac OS X)
I'm afraid your question is rather vague, but I'll provide some quick answers for various possible interpretations :
You should try out the Tor Browser Bundle because Tor has grown incredibly user friendly under Mac OS X and usually offers better 'privacy' than VPNs, especially now that Aurora uses HTTPS Everywhere by default. There are always bandwidth considerations with Tor that might make it unsuitable. You cannot realistically use bittorrent over Tor in particular, but you indicated web browsing.
If you aren't concerned about privacy, but reside in a country that blocks some website, then you could probably bypass their blocking by using a DNS provider outside you country. I used this for bypassing Turkey's youtube ban in 2009 for example.
If you are only visiting such a country, your employer or university abroad might offer a free VPN service which could be used to bypass their filtering, even if they go beyond DNS filtering. You'd enjoy some privacy from the local authorities by doing this, but not from your employer or university.
If you are a resident of a country who's filtering goes beyond DNS, there are various public service VPNs offered by humanitarian organizations like Telecomix (starting point). There are also various commercial VPN providers if you aren't eligible for humanitarian ones (previously).
There is a delicate question about exactly when any VPN solutions offer enough privacy, but again HTTPS Everywhere improves that situation significantly. In fact, you should also check if HTTPS Everywhere solves your problem completely all by itself.
VPN means Virtual Private Network. It is a very generic name which covers any kind of technology aiming at emulating the security benefits of having "your own wires" while doing it over the wires which are already there.
A VPN can help for privacy issues only in a specific context: namely, whoever wants to spy on you controls a specific part of "the Internet" through which your packets must go; e.g. the envisioned enemy is the government of the country in which you live, and you assume that this government has complete control of the national telecommunications infrastructure. To thwart them, you establish a VPN between your home machine and an external system (outside of the reach of your enemy) to which you forward all your communications. The attacker will be able to know that you have some network activity with the World at large; he may even have a relatively precise notion of how much data you exchange. But he will not be able to discover what data you send and to whom (ultimately -- you send everything to the external system, which then forwards it to the intended recipient).
There are various technologies to implement such a VPN, and SSH tunneling is one of them. Therefore, you already have a VPN !
In such a setup, the external system is "trusted". This is the technical term which means that it is in the ideal position to backstab you. To avoid the potential problem of having a single trustee, you can cascade them:
So that's double-encryption (the plaintext and intended final destination -- the Web site you want to browse -- are first encrypted with ES2's public keys, and the result, along with ES2's name, is encrypted again with ES1's public key). This can be viewed as two VPN, one nested within the other. Your privacy is secure as long as either ES1 or ES2 remains honest; both would have to betray you in order to uncover your Web traffic.
Tor is a tool designed to do this double-VPN trick -- actually, with possibly more than two nested VPN, and with automatic randomization of the external systems to use. It is a good match with your expressed requirements (as I understand them).
There are good directions available for configuring ssh's ProxyCommand option to use corkscrew, proxytunnel or prtunnel.
