amadaus:
I wasn't aware of streisand before you mentioned it.
Normally, I would suggest that the best method for setting up a personal VPN, is to set up a personal VPN. Even for pure novices, there are many comprehensive, user-friendly guides that will set you up with a secure configuration. (Digitalocean & Linode have nice tutorials, like this one:
https://www.linode.com/docs/networking/vpn/set-up-a-hardened-openvpn-server). In the process, you can also learn about firewalls, authentication, services, etc.
On the other hand, there's definitely a place for turnkey solutions with safe defaults. It's a shame though that the streisand installer is currently not able to selectively install services (
https://github.com/jlund/streisand/issues/23). The security best practice of only enabling needed services to minimize attack surface is overshadowed by usability concerns. A full streisand install consists of "L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge" plus a webserver!
If you connect to a VPS anonymously, one nice advantage of using an out-of-the-box preconfigured solution is that it may give you a measure of deniability. Certainly more than you would get by applying your own unique iptables rules + comments in Swahili that would fingerprint you as sysadmin.
Seems like streisand is a project worth following. Plus it's important to remember that its purpose is to configure a censorship circumvention server, not provide network security and/or anonymity. Unless bypassing censorship is your only goal, IMO its services should be used before and/or after Tor. (and obviously, not both on the same server).