带有Wireguard + Linode的自托管VPN！

47 comments

1. 69? Nice…

2. great video! can you make a video about securing the ssh connection to the box?
   I fear that many people who want to run this don't know how to change ports, set up ssh keys, etc. and will have their vpn box added to a botnet in no time.

3. Why would you use /24 and not /32 for the interface?

4. I triggered Ryan 🙂 lolz

5. "Linode is committed to social justice and equality". Yeah, thanks, but no thanks.

6. I've been running wireguard for the last 3 weeks on some raspberry pis and my PCs, but Ubuntu is making me pull my hair off and I don't want Manjaro or anything Arch based on the Pi 4s, because I won't update them frequently (probably once a month or so), so I don't want my systems to come crashing down when I don't have physical access to them (wireguard went down on one of them when I was adding keys remotely, and now I need to go restore it). I can barely wait for a Void image for the Pi 4, because I'm too dumb and lazy to install it any other way.

   Edit: wireguard itself is great though. Easier to maintain and faster than openvpn.

7. First video like this I have watchd – what is the app Ryan is using for SSH acces to the Linode server?

8. Using chrome/chromium on Windows 10 while creating a privacy focused video… ?

   Edit: Lol… I am also using google chrome right now, but this is not my personal computer.

9. Thanks again guys for the patient and thorough walkthroughs!

10. First thing todo it sudo apt update && sudo apt upgrade. Also do it after adding a repo

11. Does this really solve anything it's still a 1to1 thing just would protect from isp snooping

12. Im a noob, and i feel like ryan is talking directly to me. Ryan is good, we need more ryan on level 1 techs. No slight to Wendell, hes a beast, but ryan breaks it down, for a dipshit noob,like no other

13. Will this be blocked by HBO/Netflix etc

14. I have a big problem with the whole concept of self hosted VPNs / Search services (like Searx). The whole concept of VPNs as I understand it is that you connect to a website through another IP (the IP of the VPN). The website sees the VPNs IP and not yours. That's fine does it matter if you're the only one using that VPN. They might not get your location. Who cares. For me the power of VPN is that you connect through an IP that is used by 1000s of other people and basically the info the websites collect for this IP is useless. The same with search engines like Searx. If I'm the only one using the Searx instance it's basically the same as using google directly. The only way self hosted VPN or search engine being useful is if you share that instance with rest of the world so other people start using it along with you.
    This ignores that most website don't even rely anymore on IP for tracking and use browser fingerprinting instead.
    The only use i see for a VPN is location spoofing for websites like Netflix that have Location locked content. And for preventing ISP tracking to some degree.

15. Engagement challenge: comments 'n stuf

16. For those in Europe: Hetzner "cloud", a vps with 2GB of RAM and 20TB of traffic for less that 3€ a month, they bill by the hour so it can be even cheaper.

17. You just need to remember that using a VPN just moved your trust from ISP to the VPS’ provider’s ISP. It won’t make you anonymous as it can still be traced back to your node’s IP.

18. I'd love to see a WG on PFSense with all traffic routed video! Please please please!

19. I like the idea but how does it protect against fingerprinting my browser? just unique tested mine 99,998% unique (9 out of nearly 600k finger prints.) …. urgh …..

20. hhhhhhhhhhhhh
    great picture

21. Wireguard client implementation sucks (the last time I tested it). If only allows to create VPN connection on administrative account aka. root. I dont quite get , why folks who claim to be security experts, force Windows users to run in such a mode. Also,mthis wideo clearly indicates that this guy either runs Windows like a novice in root mode (and later bashes Windows for being less secure), or didn't test it at all. Disappointing. This killed it for me, as I try to practice safe computing.

22. “Because the first time didn’t record” oh god lol.

23. You don't need to reboot for the sysctl.conf thing: "echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward". You should also enable/configure unattended (security) upgrades.

24. So the moral to the story is……don't log into accounts that log your IP because that associate it with your information….Banks, logging into YouTube, and so on. This is just to surf the net anonymously or have a "AI" log in scrub the entire internet for the day to have other advanced AI go through that data to figure out how a investment firm can be on top of making money based under correlation processing practices…..something like that…..keep as much integrity within corporate in house network as possible. For personal use setup at the external router not the one provided by the ISP or use the ISPs provided router….that is the question because some will gain access to your inforamtion or know its you because you'll have no choice but to go through their services ..

25. wonderful video

26. ENGAGEMENT

27. I will try this during the weekend 😀

28. I also think like John Kaye and also add my share of engagement goodness.

29. Im imagining a solution where you'd use a chain of vpn proxies where each hop is to a different cloud provider. Something like AWS 1 => Azure 1 => GCP 1 => AWS 2 => Azure 2 => GCP 2 => Target. You could automate that with Pulumi/Ansible and tear it down when you're not using it. Keeping the cost down. Or just use TOR I guess 😉

30. Not #AMD

31. Linode + Wireguard + TOR
    Any reason it would not work?

32. I expected this to be a video on Algo ( https://github.com/trailofbits/algo ) since they just merged support for Linode. That's another option if anyone wants an automated process for setting up WireGuard on a VPS.

33. ProtonVPN is great

34. I want to create a literal virtual network consisting of several linux, macOS and Windows boxes that are all in different locations. For now, it's fine if they use their existing connection but I would love to be able to use services like the iPhone's Remote app to listen to iTunes content on my old Mac Mini server or even have NGINX rev-proxy to a website it is hosting. There are a couple of ideas I have but so far, no idea how to make them happen. Can I use Wireguard for this scenario? Thanks!

35. Ryan, don't worry about it. Ubunthu as in pronounced in RSA(atleast in the north of Pretoria) is U-boon-too.

36. This is basically useless for most things, your VPNs IP is static and your VPN host will rat you out in the blink of an eye. No other users means that none of the fuzzing benefits of having multiple users on one IP can be used. This will only be useful if you want an encrypted tunnel to a different region, for example if you're a journalist who wants to safely extract data through a government controlled network to a safe country.

37. RIP the poor Linode user that everyone attacked just in case it really was still Ryan.

38. You can also restrict all of the traffic to your client PC except for IP address of Linode. (on your local router) So no traffic escapes bypassing VPN.(things like Window Kernel)

    iptables -I FORWARD 1 -m mac –mac-source 00:xx:xx:xx:xx:xx -d 123.123.123.123 -j ACCEPT
    iptables -I FORWARD 2 -m mac –mac-source 00:xx:xx:xx:xx:xx -j DROP

    This is what I used to have on my router. 123.123.123.123 is your VPN IP and 00:xx:xx:xx:x is the mac address of your vpn client machine.

39. engagement challenge, embarrassing things you do on the internet with your new wireguard vpn

40. Imagine being sad enough to try and attack temporary details in a tutorial video lmao, surely these people are merely urban legends? Like the chupacabra, or the ankle slasher? Made up to scare misbehaving sysadmins, right? RIGHT?

41. Still lobbying for tipsy Ryan doing Level099 where he explains things to us stupids 🙂

42. ? LEVEL ? ONE ? LINUX ?

43. I actually did this recently. Really enjoying wireguard because I can get pretty close to my full gigabit speeds over it instead of like 200mb/s with openvpn.

44. Just because you don't keep your own logs it doesn't mean that Linode doesn't keep theirs. IP addresses that you get from them point directly to you and you don't have any option of deniability. Moreover Linode not so great option for EU citizens due to EU-US Privacy Shield invalidation.

45. Engagement challenge:

    Here is a comment.

46. Please consider creating a "Self-Hosted DNS Server with (insert your recommended DNS server here) + Linode" video. We really need both this VPN video and a DNS video. Bonus points if you think there is value in DNS-SEC integration, or it's secure alternatives. DOUBLE bonus points if both the VPN and DNS server can work in a Linux distribution or *BSD OS with a small enough memory footprint to work within Linode's smallest $5 VM pricing tier. TRIPLE bonus points if you can integrate DNS / host level ad-blocking. Thank you! (and realize that if you do this, you will be a lower case "g" god among us mere mortals.

47. I've been using Pritunl. It's pretty easy and straight forward to set up other family (since Ive appointed "the computer guy"). Do you see any advantages of using wireguard over openvpn? Thanks, Ryan ?

Comments are closed.