18
F1973
22d

Finally a dream hardware project forming shape.

I am not sure about the feasibility of this project and also lack the technical skills, but am excited to see myself take the first step towards a more private presence on the internet.

I am even willing to hire someone who can help me set this up.

For now, I have the architecture and requirement document coming along well.

Most of my identity on internet (except LinkedIn which is for work purpose) is anonymous.

Need to contact Google remove myself from the search results.

I see myself 99% anonymous on internet in next 6 months.

Is Pi-VPN or OpenVPN FOSS? And can I setup VPN and Pi-Hole on same Rasp Pi?

Comments
  • 1
    @Condor @Linuxxx what do you guys think about this?
  • 1
    Hardware vpn tunnel router thing?
  • 0
    @N00bPancakes yes. Something like that.

    Basically I host my own VPN which goes via my home ISP and I can connect to it from anywhere in the world and that further routes via Pi-Hole so I get ad free and secure experience because my ISP is decent with very little to no down time and doesn't give a fuck about logging as long as I am paying them.

    I can pay them extra to not log me at all.
  • 3
    @F1973 ubiquiti already has this, but ubiquiti is trash that calls home. You’re cooler than them. Good luck!
  • 2
    @N00bPancakes @kiki thanks guys. Any tips or references where I can look to get started?

    You are awesome too Kiki 😉
  • 3
    I have pi vpn and adguard home running on a pi b3+ and pivpn is just a wrapper for openvpn or wireguard
  • 2
    @ScribeOfGoD all the right answers
  • 1
    Raspi is not open hardware if that means anything to you.
  • 2
    @F1973 It looks good! But @Condor help me out here mate, your networking skills are tons higher than mine
  • 1
    @F1973 But, as long as you can't prove your ISP isn't logging, take it with a fucking truck of salt!
  • 1
    @RocketSurgeon How about Pine64 boards?
  • 1
    But @F1973, Google is a huge part in anti-privacy/surveillance world so how'd you go about that without Google Meet and such?
  • 1
    @linuxxx that looks fine and even has comparable specs
  • 1
    When looking at VPN solutions, OpenVPN and WireGuard are the most common in the open source world. I would go OpenVPN though, as WireGuard falls flat on its face quite quickly when you start doing more with it than simply making a connection from A to B, but is easier to set up.

    There are 2 methods you may want to consider - one is connecting back to your home from abroad, while the other is renting a VPS at a hosting provider somewhere (I'm using Hetzner) and making a VPN connection to that from your home. Both have their purposes but the latter is probably what you're looking for.

    If you want a network-wide VPN solution, you can make one host on the network connect to this VPN server and make it the advertised default gateway (while only the VPN client uses the "real" gateway). There's some iptables rules that need to be made to allow packet forwarding and NAT, you can find these online (I'm running out of characters...)

    @linuxxx that comment just made my day, thanks :D
  • 1
    For WireGuard I can recommend this tutorial https://stavros.io/posts/... while for OpenVPN I can recommend https://github.com/angristan/....

    As far as Pi-Hole goes, I'm not using it myself but I don't see why both wouldn't be able to run on the same device. Pi-Hole runs a DNS service to block ads and trackers and whatnot (same for AdGuard Home etc), while a VPN gateway is.. essentially a router with some extra bits and bobs.
  • 1
    Don't forget to remove yourself from here too:

    https://archive.org/web/

    And all the other search engines /etc...
  • 1
    I'm running Wireguard, OpenVPN, and Pi-Hole on the same VPS, so it definitely can be done. It's just a matter of setting things up right.

    In my experience, Wireguard is much easier to set up and manage (add/remove clients) than OpenVPN (which requires setting up your own Certificate Authority if you wanna avoid passwords), though it lacks certain features (like selectively pushing or blocking routes for individual clients).

    WG is also faster and drains less battery on mobile devices.
  • 2
    @ScribeOfGoD So adguard is an alternative that you are using for Pi-Hole, right? Got the wrapper thing. Thanks.

    @RocketSurgeon Ofc I know Rasp Pi is not an open hardware but it is community recommended and widely used. I am talking about FOSS and not FOSH (if that is a thing) :P

    @Linuxxx networking in hardware sense or social sense? :P Hah! in both cases you are champ my man, I am still learning from all of you :)

    Hahaha yes, agreed. There is no way to prove that my ISP isn't logging me so I am aware but I find my ISP a little reliable as I have been with them for past 7+ years and all they care about timely renewals (money baby). How about I setup an external VPN?

    Well, that's a good point on Google. In my defense, I would say I am looking for a more private presence than an anonymous presence. I don't want humans to figure my identity unless I reveal it to them voluntarily. I am fine with machines tracking me. At the end, they will show ads which are blocked by Pi-Hole so am good
  • 2
    @Condor You are my hero dude.

    While I was looking for former, you gave a great insight and got my problem really well.

    Now I am thinking to avoid the manual hardware hassle to set up and maintain things at home, it would be easier to rent a server for couple of €€ and setup VPN and Pi-Hole both on that and map my internet via that server.

    This would also help me bypass my ISP and also give me global access to VPN and Pi-Hole. Is this feasible?

    I saw some YT and they mentioned that one has to configure the DNS manually. I am little confused on architecture now but I am sure following those links and reading/watching more contents will give me some clarity on this.

    Let me figure out something and get back.

    @Nanos oh yes, that's another good one. Let me do that as well. Have you removed yourself in past? Any links where to get started? I once saw a Google DMCA link somewhere on Reddit but now unable to find.

    @endor Awesome. Battery is another parameter to keep in mind. Thanks.
  • 1
    @F1973 you're welcome! :)

    As far as setting up a server at home goes, this is perfectly possible and allows you to use your home network connection from anywhere. If your ISP is not suspected to snoop on your traffic, this is perfectly possible (with some caveats). In that case you'd run a VPN server internally and port forward it to the internet. You may also want to set up Dynamic DNS if your public IP is dynamic. Other than that, there's not much more to it.

    In the case of using a third-party server, you can indeed also connect back to your internal network through it, and without the aforementioned caveats (the VPS will have a direct internet connection and a static IP). This is generally referred to as "pushing a route" and is often done in offices for "road warriors" i.e. remote workers that need to connect back from abroad. This is possible in both configurations.
  • 1
    As far as DNS settings go, there isn't all that much to it. In a physical network the DHCP server(s) would tell the devices what DNS servers to use, but in a VPN that isn't present. So the VPN server itself can do this instead for its network. The clients can choose whether to accept these settings or not (though normally they should). This allows you to configure different internal DNS servers for each network, though this isn't always necessary.
  • 1
    @Condor. Which one? 😄
  • 1
    @Condor After going through your comments and what @Linuxxx suggested on ISP privacy, I read a bit and found bunch of articles.

    https://marketplace.digitalocean.com/...

    https://github.com/Simonwep/...

    I came with a new design which gives a bit more privacy and also allows me ad/tracking free experience from anywhere.

    What do you think about this? Can I point my router to VPN on some remote server like DigitalOcean so that I get network wide VPN access and not have to deal with client on each device?
  • 1
    Also a Droplet on DO costs $5/Month which is I think pretty reasonable.

    And I hope DO does not log my activities.

    I might have to hire someone since I don't understand those complex commands to get started with. But for now I think I am good with validation of the idea/concept.
  • 2
    @linuxxx better on networking.. which after 2 beers and tons of fuckery with networking in nested LXC I have to disagree with - my hosts in one network are taking DHCP configuration from a server on another, despite firewall rules blocking 67/udp and 68/udp on the routers in between! Either LXC is acting up or I am shit at networking :')

    @F1973 everything in that diagram should work, provided that each network segment (so outside and something at home) has VPN configuration available. DigitalOcean is pretty expensive though and after Hacktoberfest 2020 (and other stuff that happened between me and one of their employees / acquaintance of mine), I would recommend against them. Overpriced and zero fucks given about their customers. There are better hosting providers (Hetzner, Scaleway, ...) for a lot less.
  • 0
    @Condor Really? Can you point me to something more reliable/better/economical?
  • 1
    @F1973 Well Hetzner and Scaleway are other such hosting providers, both offer the same levels of service that hosting providers usually do. To DO's defense, their community tutorials are really good. But DigitalOcean doesn't make those, they only distribute them. So that's also only doing so much... As far as that acquaintance goes, that's personal issues more or less... It's not about their service in general. Hacktoberfest 2020 however.. "- an amazing clusterfuck!"
  • 1
    @Condor Wow!! checked both of those and they are dirt cheap. Almost free.

    Haha can understand personal clashes. I hope things everything turns out well between you guys.

    Let me study and research. I will HMU in case I need help. Hope you don't mind :)
  • 3
    Can I just say how much it sucks that anyone has to go through all this trouble to maintain one’s privacy? Why isn’t this the default, anyways. So much about identity theft and security threats could be mitigated up front.
  • 2
    @F1973 @Condor I'm personally a huge OneProvider and Contabo user!
  • 2
    @linuxxx Interesting. Keep sending in those suggestions so I can try and experiment.

    Meanwhile, any provider where I can run the trial setup?
  • 2
    @F1973 I'd go with what @Condor recommended or Contabo!
  • 2
    @linuxxx Awesome thanks.
Add Comment