VPN: Difference between revisions
Jump to navigation
Jump to search
(→PiVPN) |
(→PiVPN) |
||
Line 149: | Line 149: | ||
* [https://sylvaindurand.org/installing-pi-hole-with-pivpn/ Installing Pi-hole with PiVPN]. It is now possible to connect, from an OpenVPN client, to a computer or a phone, to benefit from the filtering of Pi-hole. | * [https://sylvaindurand.org/installing-pi-hole-with-pivpn/ Installing Pi-hole with PiVPN]. It is now possible to connect, from an OpenVPN client, to a computer or a phone, to benefit from the filtering of Pi-hole. | ||
* [https://youtu.be/5NJ6V8i1Xd8?t=254 Build your OWN VPN! Here's how (and why you NEED to)]. | * [https://youtu.be/5NJ6V8i1Xd8?t=254 Build your OWN VPN! Here's how (and why you NEED to)]. | ||
** Choose whether clients use a [https://youtu.be/5NJ6V8i1Xd8?t=291 static IP or DNS name] to connect to VPN server | |||
** PiVPN offers to set up automated updates on your computer. | |||
** [https://youtu.be/5NJ6V8i1Xd8?t=367 Running Ansible security playbook] to secure servers. [https://www.youtube.com/watch?v=gV_16dU7XjM Ansible 101 - Episode 9 - First 5 min server security with Ansible]. | |||
** Router needs to [https://youtu.be/5NJ6V8i1Xd8?t=329 forward the port 51820 with the protocol UDP]. | ** Router needs to [https://youtu.be/5NJ6V8i1Xd8?t=329 forward the port 51820 with the protocol UDP]. | ||
** Use '''pivpn add''' to [https://youtu.be/5NJ6V8i1Xd8?t=410 generate a configuration file] - naming the client by some rules. Copy the configuration file to your client or use '''pivpn -qr''' to generate a QR code from a configuration file in a list on screen. | ** Use '''pivpn add''' to [https://youtu.be/5NJ6V8i1Xd8?t=410 generate a configuration file] - naming the client by some rules. Copy the configuration file to your client or use '''pivpn -qr''' to generate a QR code from a configuration file in a list on screen. |
Revision as of 16:35, 6 May 2023
Resource
- The Biggest Misconceptions About VPNs
- Why Is Everyone Talking About VPNs?
- The Laziest, Cheapest Way to Circumvent Your Snooping ISP
- remoteaccessvpn.nih.gov for NIH. Download and unzip the profile and place the profile (.xml)in “/opt/cisco/anyconnect/profile/” directory
Blocked, ports
My self hosted VPN does not work in school, what is an alternative? WireGuard defaults to listening on port 51820.
VPN vs Tor
How You Can Host Your Own VPN: VPS
- Here’s How You Can Host Your Own VPN for Less Than $1 a Month
- How to Create and Use Your Own Cloud-Based VPN Server
- RackNerd 多机房美国VPS速度和性能综合评测
VPN Protocols Compared
6 VPN Protocols Compared: Which Is Best?
Diskless VPN
Why You Should Choose a VPN With Diskless Servers
Wireguard
WireGuard is a fairly new VPN protocol which is much more secure and faster than OpenVPN or IPsec.
- Wirguard
- Ubuntu 20.04 set up WireGuard VPN server
- How to Set Up WireGuard VPN on Ubuntu 20.04
- How to Set Up WireGuard VPN Server on Ubuntu 20.04
- How to Set Up WireGuard VPN on Ubuntu 20.04
- How to get started with WireGuard VPN
- WireGuard installation and configuration - on Linux (video)
Android part:
- How to Connect to Algo VPN From Android, iOS, Linux, and Windows
- Wireguard Android Client Setup (2022) – Simple and Secure VPN
- Setup Wireguard VPN for Mobile Clients (video)
- Setting Up WireGuard Client On Android (video)
Use in Ubuntu client
- Note that the operations on the server's side is very similar to the client's side. See the table below for a comparison of the configuration file.
- Install wireguard
sudo apt update sudo apt install wireguard
- Generate Public and Private Keys on the server:
cd /etc/wireguard umask 077 wg genkey | tee privatekey | wg pubkey > publickey
This will create two files privatekey (I think this is for server) and publickey (for client/peer?) in the current directory. We need to repeat this step of generating keys on each client you want to connect to the server.
- Create a configuration file (based on the keys obtained from the server):
- <server IP> with the IP address of the WireGuard server. ou can find the public IP address of your server by running the command curl ifconfig.me in the terminal of the server.
- <server port> with the port number of the server. By default, WireGuard uses UDP port 51820 for communication. However, it is possible that the WireGuard server is configured to use a different port.
- The roles of Interface & Peer are flipped to the client's machine from server's machine
[Interface] PrivateKey = <private key> Address = 10.0.0.2/32 [Peer] PublicKey = <public key> AllowedIPs = 0.0.0.0/0 Endpoint = <server IP>:<server port> PersistentKeepalive = 21
- Start the WireGuard interface
sudo wg-quick up /path/to/configuration/file
- Check the status of the interface:
sudo wg show
- For a new client, the server side should do
echo "[Peer]" >> /etc/wireguard/wg0.conf echo "PublicKey = <client_public_key>" >> /etc/wireguard/wg0.conf echo "AllowedIPs = <client_ip_address>/32" >> /etc/wireguard/wg0.conf
- About the keys. To generate keys in WireGuard server for a client, you can use the wg genkey command to generate a private key for the client and then use the wg pubkey command to generate a public key from that private key. You can then add the public key to the WireGuard server configuration file on the server side and use the private key on the client side.
(umask 077 && wg genkey > wg-private-client.key) wg pubkey < wg-private-client.key > wg-public-client.key
- Do I need to pass the server's public key to clients in wireguard?
- Yes, you need to exchange public keys between the server and each client for secure communication both ways.
- Each party needs to have their own private and public keys as each pair only enables one-way messaging.
- For the use in WireGuard, the server and each client must generate their own key pair and then exchange public keys.
- What does /24 and /32 mean in ip address?
- In IP addresses, the number after the slash (/) represents the number of bits used for the network portion of the address.
- For example, in 10.0.0.1/24, /24 means that 24 bits are used for the network portion of the address and 8 bits are used for the host portion of the address.
- How can we explain CIDR notation with /24 and /32 to a manager?
- Here is a summary of the structure of the configuration file
Server side Client side [Interface] PrivateKey = <server-privatekey> Address = 10.0.0.1/24 ListenPort = 51820 ... [Peer] PublicKey = <client-publickey> AllowedIPs = 10.0.0.2/32
[Interface] Address = 10.0.0.2/32 PrivateKey = <client-privatekey> DNS = 1.1.1.1 [Peer] PublicKey = <server-publickey> Endpoint = <server-public-ip>:51820 AllowedIPs = 0.0.0.0/0, ::/0
Usage with commercial VPNs
To use WireGuard with Windscribe VPN, you need to follow these steps:
- Sign up for Windscribe VPN
- Enable the WireGuard protocol: Open the Windscribe app and go to the "Preferences" section. Under the "Connection" tab, select "WireGuard" as the protocol.
- Generate a WireGuard configuration file: Go to the Windscribe website and sign in to your account. Under the "My Account" section, click on "Generate OpenVPN/WireGuard Config". Select "WireGuard" as the protocol and choose the server location you want to connect to. Click on "Generate" to download the configuration file.
- Install WireGuard on Ubuntu
- Import the Windscribe configuration file: Move the downloaded Windscribe configuration file to a directory of your choice on your Ubuntu machine. Open the terminal and run the following command to import the configuration file:
sudo wg-quick up /path/to/windscribe-config-file
- Verify the connection:
sudo wg show
PiVPN
- https://pivpn.io/, https://docs.pivpn.io/
- Build Your Own VPN With Raspberry Pi and WireGuard
- Videos
- The Beginner's Guide to PiVPN
- How To Install PiVPN On Ubuntu 20.04 LTS
PiVPN + Pi-hole
- Installing Pi-hole with PiVPN. It is now possible to connect, from an OpenVPN client, to a computer or a phone, to benefit from the filtering of Pi-hole.
- Build your OWN VPN! Here's how (and why you NEED to).
- Choose whether clients use a static IP or DNS name to connect to VPN server
- PiVPN offers to set up automated updates on your computer.
- Running Ansible security playbook to secure servers. Ansible 101 - Episode 9 - First 5 min server security with Ansible.
- Router needs to forward the port 51820 with the protocol UDP.
- Use pivpn add to generate a configuration file - naming the client by some rules. Copy the configuration file to your client or use pivpn -qr to generate a QR code from a configuration file in a list on screen.
- If you are stuck in CG-NAT , you can't run PiVPN.
wg-easy
sudo ufw allow 51820/udp
- Steps
- Add wg.taichimd.us to cloudflare.
- Update ddclient.conf (recall I use my domain name instead of IP in the WG_HOST)
- Open 51820/UDP port on router
- sudo ufw allow 51820/udp; docker-compose up -d
- Go to http://IP:51821 & add a new client
- scan QR on Android wireguard app
- Disable wifi and connect http://neverssl.com to test the connection
- Extra steps:
- In cloudflare, disable DNS Proxy
- Include WG_ALLOWED_IPS=0.0.0.0/0 (not sure if this is necessary)
- sudo rm wg0.* (for some reason, the conf file was not changed after I modify docker-compose.yml file)
- docker-compose up -d
- Re-log in and re-create a new client tunnel, etc.
- In the http://IP:51821 client page, you should see a red dot showing a client is connected and some network activity (up/down).
- Any benefit to changing default WireGuard port?
OpenVPN
- https://hub.docker.com/r/kylemanna/openvpn/ OpenVPN server in a Docker container complete with an EasyRSA PKI CA
- Tutorial from nordvpn (free 3-day trial)
- How To Set Up an OpenVPN Server on Ubuntu 20.04
- Configure Ubuntu Pi-hole for Cloudflare DNS over HTTPS Ubuntu 18.04 LTS.
- How to Build An OpenVPN Access Point by Hak5 in Youtube.
- Secure you server administration with multiplatform VPN connection by howtoforge.
- Ubuntu 18.04 Set up OpenVPN server in 5 minutes
- Set up OpenVPN server on Ubuntu 18.04
- Basic Ubuntu 22.04 OpenVPN Client/Server connection setup, Ubuntu 22.04 LTS Set Up OpenVPN Server In 5 Minutes
Proton
- https://protonvpn.com/support/linux-vpn-setup/, ProtonVPN now offers the most advanced free Linux VPN app. To set up the connection, we need to log into our account and get the username/password.
- The free account from ProtonVPN does not allow to use torrent.
- Using ProtonVPN on Ubuntu 18.04
Fedora
How to Setup OpenVPN on Fedora 24+
List of free and fast VPNs
- 7 Best VPN Services For 2019
- The 7 Best VPNs for Linux Oct 2018
- 5 Great Free VPN Services Compared: Which Is Fastest?
- How to Choose the Best (and Fastest) Alternative DNS Server
- Windscribe, mentioned by Sick of NBC's vapid Olympics coverage? Use a VPN and you can watch the BBC's coverage instead
- Can I Watch Hulu Outside the US? The Best VPNs for Streaming Hulu. Free: Hide.me, Windscribe.
- The 7 Best Free VPNs for Your Chromebook 2021
- What Is the Best Free VPN for Your PC? 2022.
- Windscribe VPN (allow torrenting but with 2G/per month cap)
- ProtonVPN
- Betternet VPN
- ZenMate
- The Best Free VPNs of 2023, The best free VPN of 2023
- Proton
- PrivadoVPN Free
- Windscribe Free
- Atlas VPN Free
- Hide.me Free VPN
- Hotspot Shield Basic VPN
- TunnelBear Free
- Urban VPN 免費 VPN 服務提供 80+ 國家節點,支援各種平台無流量限制
- What Is the Best Free VPN for Your iPhone and iPad?
- 022年最佳免费VPN推荐!安全加密,速度快,秒开4K、8K!
- Everything You Need to Know About the Encryption on Zoog's Free VPN
Windscribe
5 Free Privacy Tools You Can Use on Any Device. Windscribe has 10GB/month for free
Torrent
5 Best Free VPNs for Torrenting and P2P — Updated in 2022, The Best Free VPN for Torrenting (April 2022 Updated)
How to Set Up a VPN on Your Router
https://www.makeuseof.com/tag/setup-vpn-router/