trinib / AdGuard-WireGuard-Unbound-DNScrypt

Linux ultimate self-hosted network security guide ║ Linux 终极自托管网络安全指南 ║ Guía definitiva de seguridad de red autohospedada de Linux ║ लिनक्स परम स्व-होस्टेड नेटवर्क सुरक्षा गाइड ║ Окончательное руководство по безопасности собственной сети Linux
MIT License
772 stars 60 forks source link

Alternative with OpenVPN #1

Closed oijkn closed 3 years ago

oijkn commented 3 years ago

Hi,

This is not really a issue but could you update your tutorial if we want to use OpenVPN instead of Wireguard, please?

Thank you in advance for your help.

trinib commented 3 years ago

sure

trinib commented 3 years ago

I think it's safe to say that I finished tutorial to make much sense as possible and made some fixes.. so if anyone reading this and followed instructions from month ago please read over and reinstall.. if anyone see something that is wrong let me know thanks

oijkn commented 3 years ago

Thanks for all this useful information, as soon as you have written the steps to use OpenVPN, I'll be sure to point out the problems (if any).

trinib commented 3 years ago

Thanks for all this useful information, as soon as you have written the steps to use OpenVPN, I'll be sure to point out the problems (if any).

but let me ask why not wireguard? I would like to hear your opinion or you just testing?

basedgod1 commented 3 years ago

I'm doing this via linux and get stuck at the "Now go to https://1.1.1.1/help" part, some times it'll pass, most times not but I'm using my router as the dhcp server

trinib commented 3 years ago

I'm doing this via linux and get stuck at the "Now go to https://1.1.1.1/help" part, some times it'll pass, most times not but I'm using my router as the dhcp server

on pc or phone?, it's a browser thing.. and which browser you use?

basedgod1 commented 3 years ago

I'm doing this via linux and get stuck at the "Now go to https://1.1.1.1/help" part, some times it'll pass, most times not but I'm using my router as the dhcp server

on pc or phone?, it's a browser thing.. and which browser you use?

Tried on pc via Firefox, Chrome on phone did pass but eventually failed, usually fails for DoH. Now I'm thinking it might be an FF issue

trinib commented 3 years ago

I'm doing this via linux and get stuck at the "Now go to https://1.1.1.1/help" part, some times it'll pass, most times not but I'm using my router as the dhcp server

on pc or phone?, it's a browser thing.. and which browser you use?

Tried on pc via Firefox, Chrome on phone did pass but eventually failed, usually fails for DoH. Now I'm thinking it might be an FF issue

OK for Firefox go in dns settings and select custom and enter pi ipv4 address and then in proxy setting select auto detect for this network

for chrome set dns to automatic and for proxy if you are on windows it will take you windows proxy setting and turn off automatically detect settings (should turn off this to if using Firefox as well I suppose)

then go in powershell and enter command:

  ipconfig /flushdns

Now restart pc and check it you get hit and miss with DoH. I had that issue at first and configured dns and proxy in browser and it was more stable.. only very rarely I get a miss which could be the site or browser.. let me know

PS and I'm going to make instructions to add backup quad9 dns (with DoH / Dot / malware blocking.. I dont think I ever got a hit and miss again

basedgod1 commented 3 years ago

@trinib Thank you, man. I'll give it a shot.

trinib commented 3 years ago

Thanks for all this useful information, as soon as you have written the steps to use OpenVPN, I'll be sure to point out the problems (if any).

hi i made instructions on openvpn https://github.com/trinib/Adguard-Wireguard-Unbound-Cloudflare/blob/main/OpenVPN-Setup.md

trinib commented 3 years ago

@trinib Thank you, man. I'll give it a shot.

did it work out for you ..do get still get a miss ?

oijkn commented 3 years ago

Thanks for all this useful information, as soon as you have written the steps to use OpenVPN, I'll be sure to point out the problems (if any).

hi i made instructions on openvpn https://github.com/trinib/Adguard-Wireguard-Unbound-Cloudflare/blob/main/OpenVPN-Setup.md

Hi, thank you for the guide. But why don't you use Pivpn to install and configure OpenVPN?

trinib commented 3 years ago

Thanks for all this useful information, as soon as you have written the steps to use OpenVPN, I'll be sure to point out the problems (if any).

hi i made instructions on openvpn https://github.com/trinib/Adguard-Wireguard-Unbound-Cloudflare/blob/main/OpenVPN-Setup.md

Hi, thank you for the guide. But why don't you use Pivpn to install and configure OpenVPN?

it is just a script installs openvpn and its requirements.. you can use either , same basic installation

oijkn commented 3 years ago

Do you have problems of slowness with OpenVPN compared to Wireguard? Because on my side the speed is not great. Do you have some optimization tips, please?

trinib commented 3 years ago

Do you have problems of slowness with OpenVPN compared to Wireguard? Because on my side the speed is not great. Do you have some optimization tips, please?

i tried searching around but openvpn will always be slow due to its way of encrypting things .. openvpen has better security but wireguard is faster .. but wireguard security is good enough

trinib commented 3 years ago

Do you have problems of slowness with OpenVPN compared to Wireguard? Because on my side the speed is not great. Do you have some optimization tips, please?

if you do find something let me know

trinib commented 3 years ago

@oijkn try this https://haydenjames.io/improving-openvpn-performance-and-throughput/ .. kinda a busy to test openvpn

oijkn commented 3 years ago

@trinib I just finished configuring my rasp running under an ESXi ARM environment and everything seems to be working fine, I want to thank you for your very useful guide :)

If I may, here are my comments :

1\ "You can search Google for different blocklist.Here is my custom blocklist with my urls."

We can't add an HTML list, it must be a plain text

https://github.com/trinib/AdGuard-WireGuard-UnBound-Cloudflare/blob/main/My-Blocklist.txt --> https://raw.githubusercontent.com/trinib/Adguard-Wireguard-Unbound-Cloudflare/main/My-Blocklist.txt

2\ "Cloudflare Install"

In my case the binary file doesn't work, so I downloaded it directly from source.

wget https://github.com/cloudflare/cloudflared/releases (choose release arm64) sudo chmod +x cloudflared-linux-arm64 sudo mv cloudflared-linux-arm64 /usr/local/bin/cloudflared

3\ Auto Update Pi

In your script you make a log file each time the script is called by crontab so I recommend you to configure logrotate :) And my personal feeling, is not good to reboot the Pi with the update script.

4\ "Install & Configure unattended-upgrades"

For more security I have installed this package perhaps you can add it to your guide

Otherwise I tried to tweak the configuration with the link you gave me, it's a little better in terms of bandwidth but nothing transcendent. With my home connection I can get up to 300Mbps in download. With OpenVPN, I can barely reach 20Mbps.

trinib commented 3 years ago

@trinib I just finished configuring my rasp running under an ESXi ARM environment and everything seems to be working fine, I want to thank you for your very useful guide :)

If I may, here are my comments :

1\ "You can search Google for different blocklist.Here is my custom blocklist with my urls."

We can't add an HTML list, it must be a plain text

https://github.com/trinib/AdGuard-WireGuard-UnBound-Cloudflare/blob/main/My-Blocklist.txt --> https://raw.githubusercontent.com/trinib/Adguard-Wireguard-Unbound-Cloudflare/main/My-Blocklist.txt

2\ "Cloudflare Install"

In my case the binary file doesn't work, so I downloaded it directly from source.

wget https://github.com/cloudflare/cloudflared/releases (choose release arm64) sudo chmod +x cloudflared-linux-arm64 sudo mv cloudflared-linux-arm64 /usr/local/bin/cloudflared

3\ Auto Update Pi

In your script you make a log file each time the script is called by crontab so I recommend you to configure logrotate :) And my personal feeling, is not good to reboot the Pi with the update script.

4\ "Install & Configure unattended-upgrades"

For more security I have installed this package perhaps you can add it to your guide

Otherwise I tried to tweak the configuration with the link you gave me, it's a little better in terms of bandwidth but nothing transcendent. With my home connection I can get up to 300Mbps in download. With OpenVPN, I can barely reach 20Mbps.

thanks ill implement in guide logrotate and unattended-upgrades instead of sh script 👊 and switch blocklist file to raw view if that what you mean . and you said cloudflare binary file doesn't work cause i think of the 32 and 64 bit os and i have a 32bit guide, maybe ill make a 64bit guide.