search

paramdeo / utteranc.es

0 stars 0 forks source link

blog/setup-an-adblocking-vpn-using-wireguard-and-nextdns #1

Open utterances-bot opened 3 years ago

utterances-bot commented 3 years ago

Setup an Adblocking VPN using WireGuard and NextDNS - Paramdeo Singh

Host your own VPN server with powerful adblocking that works across devices.

https://paramdeo.com/blog/setup-an-adblocking-vpn-using-wireguard-and-nextdns

ghost commented 3 years ago

Hi ! Thanks for the article. Any way to tweak this to use encrypted DNS? How much latency is incurred compared to splitting DNS traffic (straight from the device to nextdns) from other traffic routed via the vpn ?

paramdeo commented 3 years ago

Hey @clavelc,

Once the DNS servers are set in your .conf file, most of those requests should be encapsulated within the tunnel itself. But outside of that, other software and utilities will indeed try to use the system's DNS resolver, so you would have to configure DoH/DoT as provided by NextDNS, and set them up for your Web Browser and Operating System individually.

NextDNS has instructions on their dashboard to configure encrypted DNS for most browsers. In terms of your OS, sometimes encrypted DNS support is built-in, but if not then NextDNS also provides such tools you can download along with instructions for configuration.

I use my VPN daily for everything from streaming to downloading to remote work, and I don't have any latency issues; the difference isn't noticeable and you can do a speed test to confirm this. I would say to just ensure the location of the VPS is as close as possible to your actual location in order to minimize any latency, but the WireGuard protocol is known for having a tiny overhead in this regard.

That being said, the only thing I had to update since writing the article is to switch from DigitalOcean to using AWS Lightail simply because the IP ranges in AWS are "cleaner" — with DigitalOcean's IP addresses I ran into too many CAPTCHA's and website blocks; so a good strategy is to test your assigned IP address against known SPAM databases before committing to it (you can always re-deploy a VPS or re-assign an IP address easily).

ghost commented 3 years ago

Hi

what I meant was something like this : secure-wireguard-implementation

have a good day

paramdeo commented 3 years ago

what I meant was something like this : secure-wireguard-implementation

That seems like an overly complex way to go about it; but it's definitely an option if your threat model requires such an intricate setup.