Resource

• The Biggest Misconceptions About VPNs
• Why Is Everyone Talking About VPNs?
• The Laziest, Cheapest Way to Circumvent Your Snooping ISP
• remoteaccessvpn.nih.gov for NIH. Download and unzip the profile and place the profile (.xml)in “/opt/cisco/anyconnect/profile/” directory

Blocked, ports

My self hosted VPN does not work in school, what is an alternative? WireGuard defaults to listening on port 51820.

VPN vs Tor

• VPNs vs. Tor: Which Should You Use?
• Here’s When You Should Use Tor Instead of a VPN

Misunderstanding

10 Common VPN Mistakes People Make

VPN split vs full tunnel

VPN Split vs. Full Tunneling: Which One Should You Use?

How to Check if Your VPN Is Working

How to Check if Your VPN Is Working

How You Can Host Your Own VPN: VPS

• Here’s How You Can Host Your Own VPN for Less Than $1 a Month
• How to Create and Use Your Own Cloud-Based VPN Server
• RackNerd 多机房美国VPS速度和性能综合评测

VPN Protocols Compared

6 VPN Protocols Compared: Which Is Best?

Diskless VPN

Why You Should Choose a VPN With Diskless Servers

Wireguard

WireGuard is a fairly new VPN protocol which is much more secure and faster than OpenVPN or IPsec.

• Wirguard
• Ubuntu 20.04 set up WireGuard VPN server
• How to Set Up WireGuard VPN on Ubuntu 20.04
• How to Set Up WireGuard VPN Server on Ubuntu 20.04
• How to Set Up WireGuard VPN on Ubuntu 20.04
• How to get started with WireGuard VPN
• WireGuard installation and configuration - on Linux (video)

Android part:

• How to Connect to Algo VPN From Android, iOS, Linux, and Windows
• Wireguard Android Client Setup (2022) – Simple and Secure VPN
• Setup Wireguard VPN for Mobile Clients (video)
• Setting Up WireGuard Client On Android (video)

Use in Ubuntu client

• Note that the operations on the server's side is very similar to the client's side. See the table below for a comparison of the configuration file.
• Install wireguard

sudo apt update
sudo apt install wireguard

• Generate Public and Private Keys on the server:

cd /etc/wireguard 
umask 077
wg genkey | tee privatekey | wg pubkey > publickey

This will create two files privatekey (I think this is for server) and publickey (for client/peer?) in the current directory. We need to repeat this step of generating keys on each client you want to connect to the server.

• Create a configuration file (based on the keys obtained from the server):
  • <server IP> with the IP address of the WireGuard server. ou can find the public IP address of your server by running the command curl ifconfig.me in the terminal of the server.
  • <server port> with the port number of the server. By default, WireGuard uses UDP port 51820 for communication. However, it is possible that the WireGuard server is configured to use a different port.
  • The roles of Interface & Peer are flipped to the client's machine from server's machine

[Interface]
PrivateKey = <private key>
Address = 10.0.0.2/32

[Peer]
PublicKey = <public key>
AllowedIPs = 0.0.0.0/0
Endpoint = <server IP>:<server port>
PersistentKeepalive = 21

• Start the WireGuard interface

sudo wg-quick up /path/to/configuration/file

• Check the status of the interface:

sudo wg show

• For a new client, the server side should do

echo "[Peer]" >> /etc/wireguard/wg0.conf
echo "PublicKey = <client_public_key>" >> /etc/wireguard/wg0.conf
echo "AllowedIPs = <client_ip_address>/32" >> /etc/wireguard/wg0.conf

• About the keys. To generate keys in WireGuard server for a client, you can use the wg genkey command to generate a private key for the client and then use the wg pubkey command to generate a public key from that private key. You can then add the public key to the WireGuard server configuration file on the server side and use the private key on the client side.

(umask 077 && wg genkey > wg-private-client.key)
wg pubkey < wg-private-client.key > wg-public-client.key

• Do I need to pass the server's public key to clients in wireguard?
  • Yes, you need to exchange public keys between the server and each client for secure communication both ways.
  • Each party needs to have their own private and public keys as each pair only enables one-way messaging.
  • For the use in WireGuard, the server and each client must generate their own key pair and then exchange public keys.
• What does /24 and /32 mean in ip address?
  • In IP addresses, the number after the slash (/) represents the number of bits used for the network portion of the address.
  • For example, in 10.0.0.1/24, /24 means that 24 bits are used for the network portion of the address and 8 bits are used for the host portion of the address.
  • How can we explain CIDR notation with /24 and /32 to a manager?
• Here is a summary of the structure of the configuration file

Server side	Client side
[Interface] PrivateKey = <server-privatekey> Address = 10.0.0.1/24 ListenPort = 51820 ... [Peer] PublicKey = <client-publickey> AllowedIPs = 10.0.0.2/32	[Interface] Address = 10.0.0.2/32 PrivateKey = <client-privatekey> DNS = 1.1.1.1 [Peer] PublicKey = <server-publickey> Endpoint = <server-public-ip>:51820 AllowedIPs = 0.0.0.0/0, ::/0

Usage with commercial VPNs

To use WireGuard with Windscribe VPN, you need to follow these steps:

• Sign up for Windscribe VPN
• Enable the WireGuard protocol: Open the Windscribe app and go to the "Preferences" section. Under the "Connection" tab, select "WireGuard" as the protocol.
• Generate a WireGuard configuration file: Go to the Windscribe website and sign in to your account. Under the "My Account" section, click on "Generate OpenVPN/WireGuard Config". Select "WireGuard" as the protocol and choose the server location you want to connect to. Click on "Generate" to download the configuration file.
• Install WireGuard on Ubuntu
• Import the Windscribe configuration file: Move the downloaded Windscribe configuration file to a directory of your choice on your Ubuntu machine. Open the terminal and run the following command to import the configuration file:

sudo wg-quick up /path/to/windscribe-config-file

• Verify the connection:

sudo wg show

PiVPN

• https://pivpn.io/,
  • https://docs.pivpn.io/
  • PiVPN Releases Final Version and Announces Project Shutdown 2024/4/8
• Build Your Own VPN With Raspberry Pi and WireGuard
• Videos
  • OpenVPN Server raspberry pi /w PiVPN
  • Build your OWN VPN! Here's how (and why you NEED to)
• The Beginner's Guide to PiVPN
• How To Install PiVPN On Ubuntu 20.04 LTS

PiVPN + Pi-hole

• Installing Pi-hole with PiVPN. It is now possible to connect, from an OpenVPN client, to a computer or a phone, to benefit from the filtering of Pi-hole.
• Build your OWN VPN! Here's how (and why you NEED to).
  • Choose whether clients use a static IP or DNS name to connect to VPN server
  • PiVPN offers to set up automated updates on your computer.
  • Running Ansible security playbook to secure servers. Ansible 101 - Episode 9 - First 5 min server security with Ansible.
  • Router needs to forward the port 51820 with the protocol UDP.
  • Use pivpn add to generate a configuration file - naming the client by some rules. Copy the configuration file to your client or use pivpn -qr to generate a QR code from a configuration file in a list on screen.
  • If you are stuck in CG-NAT , you can't run PiVPN.

wg-easy

• wg-easy
• WG Easy - open source, self hosted Wireguard server setup tool with a simple, intuitive web UI!
• Self Hosted EASY Wireguard Server

sudo ufw allow 51820/udp

• Steps
  1. Add wg.taichimd.us to cloudflare.
  2. Update ddclient.conf (recall I use my domain name instead of IP in the WG_HOST)
  3. Open 51820/UDP port on router
  4. sudo ufw allow 51820/udp; docker-compose up -d
  5. Go to http://IP:51821 & add a new client
  6. scan QR on Android wireguard app
  7. Disable wifi and connect http://neverssl.com to test the connection
• Extra steps:
  1. In cloudflare, disable DNS Proxy
  2. Include WG_ALLOWED_IPS=0.0.0.0/0 (not sure if this is necessary)
  3. sudo rm wg0.* (for some reason, the conf file was not changed after I modify docker-compose.yml file)
  4. docker-compose up -d
  5. Re-log in and re-create a new client tunnel, etc.
  6. In the http://IP:51821 client page, you should see a red dot showing a client is connected and some network activity (up/down).
• Any benefit to changing default WireGuard port?

Netmaker

https://github.com/gravitl/netmaker

Tailscale

• https://tailscale.com/ Zero config VPN.
  • How Tailscale works
  • How-to Guides
  • Download
  • Quickly switch between Tailscale accounts
• https://hub.docker.com/r/tailscale/tailscale
• How to Set Up Remote Access to Your Local Network Using Tailscale VPN
• Tailscale in LXC containers. Running tailscale inside of a proxmox container. Tip: change the LXC ID 102 below.

  root@proxmox:~# echo 'lxc.cgroup.devices.allow: c 10:200 rwm' >> /etc/pve/lxc/102.conf
  root@proxmox:~# echo 'lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file' >> /etc/pve/lxc/102.conf
  root@proxmox:~# reboot
  root@proxmox:~# tailscale up
  

• Manual install. How to install Tailscale on LibreELEC for kodi?

  cd ~/Downloads/tailscale_1.50.1_arm64
  sudo ./tailscaled --state=tailscaled.state  > /dev/null 2>&1  &
  sudo ./tailscale up  # cp & open browser, the authentication was kept after reboot
  ./tailscale status
  # ssh to the other machines using ip4 from tailscale

• Key Expiry
• Exit node.
  • Think of an exit node as a kind of gateway in the Tailscale network. Normally, when you use Tailscale, it’s like having a private network where only your devices can talk to each other. But what if you want to use this private network to access the internet?
  • That’s where an exit node comes in. You can choose one device in your Tailscale network and set it up as an exit node. This device will act like a door from your private network to the public internet.
  • So, if you’re in a coffee shop and you don’t trust the Wi-Fi, you can use Tailscale and your exit node to safely browse the internet. All your internet traffic will go through your private network and out through the exit node, just like going through a secure door.
  • On Linux, see https://headscale.net/exit-node/

  echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
  echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
  sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
  
  sudo tailscale up --advertise-exit-node
  

  • On Android client, click 3 dots on top-right corner. In the list of Use exit node... (cf: "Run exit node"), choose the one you like to use. Now Android client will the 'exit node' to route all traffic. Use ipchicken to test.
  • The exit node is still different wireguard where we can use any local IPs to access home machines.
• Subnet routers and traffic relay nodes
  • It is useful if you want to connect to devices you can’t install Tailscale on.
  • If you want to grant your remote users access to your whole office network or want to connect two networks, you can configure subnet routing.
  • "tailscale up ..." statement will automatically start when the machine reboot.

  # Connect to Tailscale as a subnet router
  sudo tailscale up --advertise-routes=192.168.1.0/24 --advertise-exit-node
  
  # Enable subnet routes from the admin console (web)
  # Click "..." -> Edit route setting. Check the subset routes '192.168.1.0/24'.
  # Also check the 'Exit node' -> "Use as exit node" option.
  
  # On the client machine (eg Android), click "Use exit node..." and select
  #   the machine serving as an exit node.

• Free plan. 3 users in a single Tailscale network. A tailnet can only have users in the same domain. To have multiple users in a tailnet, you need to have a custom domain that is not shared with other unaffiliated users, unlike Gmail (which has the @gmail.com domain that is used by unaffiliated users).
• Headscale - Open Source, Self Hosted Wireguard Control Server for your Tailscale Network!
• Contain your excitement: A deep dive into using Tailscale with Docker
• Enabling HTTPS - How-to Guide.
• How to Make Netflix Think You’re Watching From Home

Zerotier

• https://www.zerotier.com/
• The biggest plus for ZT is its multi-network ability, for example home and school network.

OpenVPN

• https://hub.docker.com/r/kylemanna/openvpn/ OpenVPN server in a Docker container complete with an EasyRSA PKI CA
  • Set Up a VPN Server With Docker In 5 Minutes
• Tutorial from nordvpn (free 3-day trial)
• How To Set Up an OpenVPN Server on Ubuntu 20.04
• Configure Ubuntu Pi-hole for Cloudflare DNS over HTTPS Ubuntu 18.04 LTS.
• How to Build An OpenVPN Access Point by Hak5 in Youtube.
• Secure you server administration with multiplatform VPN connection by howtoforge.
• Ubuntu 18.04 Set up OpenVPN server in 5 minutes
• Set up OpenVPN server on Ubuntu 18.04
• Basic Ubuntu 22.04 OpenVPN Client/Server connection setup, Ubuntu 22.04 LTS Set Up OpenVPN Server In 5 Minutes

Proton

• https://protonvpn.com/support/linux-vpn-setup/, ProtonVPN now offers the most advanced free Linux VPN app. To set up the connection, we need to log into our account and get the username/password.
• The free account from ProtonVPN does not allow to use torrent.
• Using ProtonVPN on Ubuntu 18.04

Fedora

How to Setup OpenVPN on Fedora 24+

List of free and fast VPNs

• 7 Best VPN Services For 2019
• The 7 Best VPNs for Linux Oct 2018
• 5 Great Free VPN Services Compared: Which Is Fastest?
• How to Choose the Best (and Fastest) Alternative DNS Server
• Windscribe, mentioned by Sick of NBC's vapid Olympics coverage? Use a VPN and you can watch the BBC's coverage instead
• Can I Watch Hulu Outside the US? The Best VPNs for Streaming Hulu. Free: Hide.me, Windscribe.
• The 7 Best Free VPNs for Your Chromebook 2021
• What Is the Best Free VPN for Your PC? 2022.
  • Windscribe VPN (allow torrenting but with 2G/per month cap)
  • ProtonVPN
  • Betternet VPN
  • ZenMate
• The Best Free VPNs of 2023, The best free VPN of 2023
  • Proton
  • PrivadoVPN Free
  • Windscribe Free
  • Atlas VPN Free
  • Hide.me Free VPN
  • Hotspot Shield Basic VPN
  • TunnelBear Free
• Urban VPN 免費 VPN 服務提供 80+ 國家節點，支援各種平台無流量限制
• What Is the Best Free VPN for Your iPhone and iPad?
• 022年最佳免费VPN推荐！安全加密，速度快，秒开4K、8K！
• Everything You Need to Know About the Encryption on Zoog's Free VPN

Windscribe

• It can be integrated into a browser (Chrome, Firefox, MS Edge, Opera). How To Windscribe: Beginner's Edition. Getting Started with Windscribe on Firefox.
• 5 Free Privacy Tools You Can Use on Any Device. Windscribe has 10GB/month for free

ProtonVPN

• Proton VPN's Free Tier Is the Best You'll Find. There are two big limitations though. The free account is limited to one device (although you can create another account to use with another device to get around that). And second, the free tier lets you connect to only three regions. In the U.S., it randomly connects you to a different state; in Europe, you connect to the Netherlands, and in Asia, you’re connecting to servers in Japan.
• To use the Proton VPN browser extension, you must have a paid Proton VPN plan. Introducing the Proton VPN browser extension.

PrivadoVPN

10GB per month.

Torrent

• 5 Best Free VPNs for Torrenting and P2P — Updated in 2022,
• The Best Free VPN for Torrenting (April 2022 Updated)
• 9 Best eBook Torrent Sites in 2023

How to Set Up a VPN on Your Router

https://www.makeuseof.com/tag/setup-vpn-router/

dVPN

How Does a Decentralized VPN (dVPN) Work?