-
Not sure if this is for this thread or the Raspberry thread
I have set up a pihole (so inside my network) as a recursive DNS server
I'd like to set up a perm VPN for all external traffic on the network (rather than per device) as i would like things like the tv and so on to use it too.
I have managed to install ExpressVPN on the pi, but im assuming its now acting on behalf the pi rather than the whole network?
How do i get all the traffic to route through the pi vpn but also to use the pihole ? is there an easy way? Does it open the pi to online threats? Do i need to secure it?
-
I can't answer the pi question, but I have one of these that is running a VPN full time. Things like my streaming box connect to that instead of my normal router.
-
Quite like the look of the Brume 2 (GL-MT2500A) VPN Security Gateway
interesting - kind of what i want to do with the pi while also running a pihole
-
just a note, the cpu on the a raspberry pi isn't great and your vpn through put will be quite low. No AES-NI support in the cpu.
Ages ago (2018) I rolled my own distro (it's a hack job) to get hardware support on a RK3328 chip
https://github.com/Kyrth/rk3328-ubuntu-jeos
It was for this single board: https://libre.computer/products/roc-rk3328-cc/
Don't use it any more as I just got hardware from work that will easily do this.
-
That device does have hardware AES
https://www.mediatek.com/products/home-networking/mt7628k-n-a
-
If you want to route through the pi, you'd have to set it up as a router, I'd have thought. Openwrt or similar.
Or you could set up your clients to tunnel to the Pi acting as a NPN server, and the Pi forwards the traffic as a VPN client. Ick.
Currently, your clients are sending port 53 traffic to the Pi, (or your router is redirecting all requests. Or it should be.), and probably little else.
A router that could forward all traffic would be probably be the best setup.
Obvs I'm waybout of my depth here.
-
you can make a linux machine route, just easier to use a pre-rolled image
# Enable IP Forwarding echo -e '\n#Enable IP Routing\nnet.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf sudo sysctl -p # NET for VPN Tunnel sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT systemctl enable netfilter-persistentis what I used in my ubuntu os above.
note: there's probably a billion times better way to do this, I was just fucking around when I made htis thing.
-
i didnt think about the fact that it might not be big enough... Fair point.
Is the Gl.inet Brume to the best for under £100 for a home security/vpn gateway?
(I dont need wifi as it would be an added on to my existing wifi network.)
-
looks great, but its an expensive, powerful wifi router with all the bells and whistles when i have a perfectly good wifi6 mesh seems a bit overkill for a London flat. All i want to do is secure what i have so i think only a home security/vpn gateway is necessary?
-
I've put NordVPN back on my phone after Alastair and Rory going on about it.
How do the people on here deal the impact of vpns and private dns. It's seems like I'm forever now turning it off/on.
Classic case is my Google Hub Mini speaker. If I want to cast I have to pause NordVPN. Loads of websites behave funny.
A random eg is Schuh thinking I'm trying to attack it:
Do people just not use anything that doesn't work? Or does it impact you day-to-day?
1 Attachment
-
-
Cheers.
I've sort of got into the habit of pausing the vpn. But equally Idk if it's relevant for 99.9% of my use.
NextDNS is great. My free beta address still works and over Xmas it was often off so I could use the Google link things, and whenever I forgot to switch it on so much of the Web is unbearable.
I watch YouTube so much less now Vanced is broken just because it's so fucking dreadful. Why do I gaf about a defect most modern new cars have which prevents you escaping under water? Fuck off.
-
I watch YouTube so much less now Vanced is broken just because it's so fucking dreadful. Why do I gaf about a defect most modern new cars have which prevents you escaping under water? Fuck off.
Watching Youtube in a browser like Brave (and possibly Firefox with a bit of adblocking) gets rid of ads.
-
Not sure if this is the right place but…
I have an old YouTube Channel
I have forgotten the password, the recover email address is no longer a thing (the domain ceased to exist several years ago)
The laptop that was probably still logged in keeled over.What route to login do I have?
-
I got this message today from HIBP
“ In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.‘
The problem is, I have no idea which service/password was compromised so the notification seems inactionable.
Anyone have any ideas?
-
https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/
Looks like a bunch of services. You can read more about it and see if anything rings a bell or try and get hold of it and check which details of yours were found.
-
Thanks, that link was very helpful.
ChainBreaker
eskay
Kirth
NotThamesWater
hippy
hugo7
aggi
JonD
Alf0nse
Greenbank
marcomarcos-
Post a reply
About
Encrypt all the things!
Posted by
@Velocio
Cheers, I'll have a look at it.
Now, encryption problem:
I found an old hard-drive that I'm pretty sure I encrypted using Truecrypt (whole volume). I can't remember the password but can probably easily generate a list of 500 or so possible passwords on what I guess it is.
Obviously I don't want to try those all manually, any suggestions on software to quickly plug in passwords from a list?
I tried John the ripper (wouldn't work with volumes) and Truecrack (wouldn't install). Any other ideas?