Fli
07-05-2020, 01:47 PM
This tutorial should help You to
a) protect your internet communication by encryption
b) use different IP so you hide your real IP
You will need
a) Linux server - a VPS (starts at less than $2/month (https://internetlifeforum.com/vps-hosting/20060-cheapest-linux-vpss-under-%242-monthly/)) and you can use it for many other tasks (https://internetlifeforum.com/dedicated-server-hosting/2436-how-use-unused-linux-server/) like website hosting server
b) to install VPN software on that server and on your own home computer and/or on the phone
ALTERNATIVE to Wireguard is OpenVPN (https://internetlifeforum.com/security/4675-how-setup-private-openvpn-linux-server-windows-android-client/) which is a bit older SW.
Most recent version of this tutorial is available when you run ZeroNet (https://github.com/ZeroNetX/ZeroNet/#how-to-join) and then open this page (http://127.0.0.1:43110/1LfvE91ZF18jdG3wW62Dw7NtfTZh737KPL/?Topic:1548340010_1L4dZcDF2maSKHDy788yhxpYnBWnXadU tS/How+to+setup+private+OpenVPN+on+a+Linux+server+and +Windows+Android+client).
The server should be dedicated or kvm/xen virtualized yet openvz and lxc will work too but using different setup script: method 1 (https://github.com/Nyr/wireguard-install) or method2 (https://web.archive.org/web/20211006101419/https://d.sb/2019/07/wireguard-on-openvz-lxc).
Wireguard server (meaning OS of your VPS you have rented as mentioned above) supported distributions: Ubuntu 16+, Debian, Fedora, CentOS, Arch Linux
You should first update, upgrade and restart your Linux server:
yum update;yum upgrade 2>/dev/null||apt update;apt upgrade 2>/dev/null
reboot
now the installation of the WG server:
yum install curl 2>/dev/null || apt install curl 2>/dev/null;curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh;chmod +x wireguard-install.sh;./wireguard-install.sh
Hit enter on prompts. I only customized nameservers using ones from a opennic project (note that outdated not reliable nameservers may cause dropped packets, downtimes with hard to discover cause).
If any errors, search these on search engine and if not reported yet, report it to above mentioned Github project page.
Then i am presented with a .conf file which i list and copy its contents to my client. Example:
cat /root/wg0-client-abcd1234.conf
To exclude neighbor LAN computers IPs from forcing through Wireguard tunnel (to nowhere) you can edit AllowedIPs variable in the resulting client .conf file according to output of this bash script (https://pastebin.com/raw/knzVgQ40). Example:
COMMAND:
./allowedips.sh +0.0.0.0/0 -192.168.1.1:192.168.1.27 -10.8.8.0/32
RESULT:
0.0.0.0/5, 8.0.0.0/7, 10.0.0.0/13, 10.8.0.0/21, 192.168.1.28/30, 192.168.1.32/27, 192.168.1.64/26, 192.168.1.128/25, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3, 10.8.8.1/32, 10.8.8.2/31, 10.8.8.4/30, 10.8.8.8/29, 10.8.8.16/28, 10.8.8.32/27, 10.8.8.64/26, 10.8.8.128/25, 10.8.9.0/24, 10.8.10.0/23, 10.8.12.0/22, 10.8.16.0/20, 10.8.32.0/19, 10.8.64.0/18, 10.8.128.0/17, 10.9.0.0/16, 10.10.0.0/15, 10.12.0.0/14, 10.16.0.0/12, 10.32.0.0/11, 10.64.0.0/10, 10.128.0.0/9, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.1.0/32
wireguard-install.sh script that you have downloaded can be ran (./wireguard-install.sh) to add more clients/peers to the server, remove user or uninstall Wireguard.
More:
port forwarding / opening port on Wireguard (https://internetlifeforum.com/internet/13673-wireguard-linux-vpn-server-port-forwarding-firewalled-client-open-port/)
How to setup Linux firewall (iptables,UFW) to prevent leaking non VPN connections (https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/) (VPN killswitch)
increase number of simultaneous connections:
echo "net.netfilter.nf_conntrack_max=99000" > /etc/sysctl.d/10-conntrack-max.conf;sysctl -p /etc/sysctl.d/10-conntrack-max.conf
a) protect your internet communication by encryption
b) use different IP so you hide your real IP
You will need
a) Linux server - a VPS (starts at less than $2/month (https://internetlifeforum.com/vps-hosting/20060-cheapest-linux-vpss-under-%242-monthly/)) and you can use it for many other tasks (https://internetlifeforum.com/dedicated-server-hosting/2436-how-use-unused-linux-server/) like website hosting server
b) to install VPN software on that server and on your own home computer and/or on the phone
ALTERNATIVE to Wireguard is OpenVPN (https://internetlifeforum.com/security/4675-how-setup-private-openvpn-linux-server-windows-android-client/) which is a bit older SW.
Most recent version of this tutorial is available when you run ZeroNet (https://github.com/ZeroNetX/ZeroNet/#how-to-join) and then open this page (http://127.0.0.1:43110/1LfvE91ZF18jdG3wW62Dw7NtfTZh737KPL/?Topic:1548340010_1L4dZcDF2maSKHDy788yhxpYnBWnXadU tS/How+to+setup+private+OpenVPN+on+a+Linux+server+and +Windows+Android+client).
The server should be dedicated or kvm/xen virtualized yet openvz and lxc will work too but using different setup script: method 1 (https://github.com/Nyr/wireguard-install) or method2 (https://web.archive.org/web/20211006101419/https://d.sb/2019/07/wireguard-on-openvz-lxc).
Wireguard server (meaning OS of your VPS you have rented as mentioned above) supported distributions: Ubuntu 16+, Debian, Fedora, CentOS, Arch Linux
You should first update, upgrade and restart your Linux server:
yum update;yum upgrade 2>/dev/null||apt update;apt upgrade 2>/dev/null
reboot
now the installation of the WG server:
yum install curl 2>/dev/null || apt install curl 2>/dev/null;curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh;chmod +x wireguard-install.sh;./wireguard-install.sh
Hit enter on prompts. I only customized nameservers using ones from a opennic project (note that outdated not reliable nameservers may cause dropped packets, downtimes with hard to discover cause).
If any errors, search these on search engine and if not reported yet, report it to above mentioned Github project page.
Then i am presented with a .conf file which i list and copy its contents to my client. Example:
cat /root/wg0-client-abcd1234.conf
To exclude neighbor LAN computers IPs from forcing through Wireguard tunnel (to nowhere) you can edit AllowedIPs variable in the resulting client .conf file according to output of this bash script (https://pastebin.com/raw/knzVgQ40). Example:
COMMAND:
./allowedips.sh +0.0.0.0/0 -192.168.1.1:192.168.1.27 -10.8.8.0/32
RESULT:
0.0.0.0/5, 8.0.0.0/7, 10.0.0.0/13, 10.8.0.0/21, 192.168.1.28/30, 192.168.1.32/27, 192.168.1.64/26, 192.168.1.128/25, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3, 10.8.8.1/32, 10.8.8.2/31, 10.8.8.4/30, 10.8.8.8/29, 10.8.8.16/28, 10.8.8.32/27, 10.8.8.64/26, 10.8.8.128/25, 10.8.9.0/24, 10.8.10.0/23, 10.8.12.0/22, 10.8.16.0/20, 10.8.32.0/19, 10.8.64.0/18, 10.8.128.0/17, 10.9.0.0/16, 10.10.0.0/15, 10.12.0.0/14, 10.16.0.0/12, 10.32.0.0/11, 10.64.0.0/10, 10.128.0.0/9, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.1.0/32
wireguard-install.sh script that you have downloaded can be ran (./wireguard-install.sh) to add more clients/peers to the server, remove user or uninstall Wireguard.
More:
port forwarding / opening port on Wireguard (https://internetlifeforum.com/internet/13673-wireguard-linux-vpn-server-port-forwarding-firewalled-client-open-port/)
How to setup Linux firewall (iptables,UFW) to prevent leaking non VPN connections (https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/) (VPN killswitch)
increase number of simultaneous connections:
echo "net.netfilter.nf_conntrack_max=99000" > /etc/sysctl.d/10-conntrack-max.conf;sysctl -p /etc/sysctl.d/10-conntrack-max.conf