Hello comrades, I recently started to selfhost my own VPN. I thought of using a regular VPN provider but I don’t trust the cheap ones and the good ones are too costly for my needs. So I started to rent a cheap one core VPS (DMCA ignored of course) for 2,5€/month. Before that I tried some seedboxes from some cheap providers, but the amount of control you have there was absolutely terrible. If they have SSH access, you have no sudo permission.
One of those providers I tried just deploys docker containers and then using some fancy marketing they make a good amount of cash from something that one can do oneself with a little bit of technical knowledge. And then when something doesn’t work; good luck my friend.
So that’s why I choose a VPS where you have maximum control. Setting it all up including security measures and a custom OS is very fun. My distro of choice is Devuan. I’m running a Debian based distro myself and having no systemd not only boosts the startup time, but saves some system resources, which is especially important on a server with 1 GB RAM.
Installing Devuan was quite an adventure. Navigating their website to find the right download is like cruising a wild jungle. After choosing a mirror to downloaded from, one has to check the name of the latest release. After that I selected “installer-iso”. In there I grabed the netinstall. From there the real adventure began. Among the “standard stuff” I had to specify the DNS and netmask, nothing wild. I didn’t installed a desktop environment of course, just the ssh-server components.
I then followed Wolgangs guide to setup SSH. Managing a computer without a desktop environment is something I never had done before and while on a desktop PC this can be a horrifying experience, it’s really fun to operate a remote system via command line. For enhanced security I activated and configured ufw. Many distros comes preinstalled with gufw, so setting up ufw wasn’t a big deal.
Without systemd many Wireguard install script doesn’t work, so I installed Wireguard via docker-compose with the help of Christian Lempas wonderful guide. Amazing guy. I had to enter the DNS servers manually so that the actual DNS addresses of the server are used.
I tried to route IPv6 traffic through the VPN by entering the IPv6 address in brackets into the docker-compose.yaml, adding ::/0 in the AllowedIPs, but it all didn’t worked. So I had to deactivate IPv6 on my system and in the network manager. This stopped all IPv6 leaks.
As killswitch I found this easy method. I tested it and it works. No IP-leaks anymore.
To prevent DNS leaks I found these commands: sudo iptables -A OUTPUT -p udp --dport 53 -j DROP, sudo iptables -A OUTPUT -p tcp --dport 53 -j DROP.
I tried the ufw equivalent sudo ufw deny out 53/udp, sudo ufw deny out 53/tcp, but it blocks internet access.
I make the iptables persistent with iptables-save since iptables-persistent conflicts with gufw and ufw.
With this setup I started my torrent client and saw that I’m barely seeding. That’s not cool. I tried to set up port forwarding with a lot of iptables and routing tables like this one but when checking the port it’s always closed.
So what now? My goal is to torrent over the I2P. I see a lot of potential in the I2P. It is basically what people envisioned the internet to be in the 90s. Since the internet is a military technology, freedom was never implicated, so even with a lot of obfuscation and circumvention, there is always some trouble when using clearnet. My intention with the VPN is to port over clearnet torrents to I2P. Thus the reliance on VPNs can be decreased.
Again, you’re making what reads like an incredibly stupid decision.
You have a computer with your name on it, the vps you set up, in a country where your actions are legal and another with your name on it in a country where you reside and your actions aren’t legal.
You connect to the vps using a protocol that authenticates your identity.
Let me just walk through the steps to prosecute you for piracy or a different crime with much more serious consequences:
Through leaky dns, a tipoff, some transformer or just the usual 24/7 isp traffic analysis someone realizes you’re doing a piracy.
They get logs from the isp and if your bad dns doesn’t give you up immediately then they see the outlier ip of the vps. ISPs always cooperate, often the special relationship between companies that are allowed to operate critical infrastructure and law enforcement is enshrined in law.
Whois points them at the vps company, whose policies may require them to get a warrant or equivalent in order to allow law enforcement into your actual running vps but will absolutely comply with kyc aligned requests and laws.
As an aside, you may think that the vps provider could stand up against the cops for you, but they’re not doing that. No one is keeping their mouth shut for $3/mo unless that’s their literal whole business model. They’ll just find new tenants.
Anyway so now they know it’s you on each end and have an airtight piracy case. If that seems like a lot of work to do through for someone whose downloading SpongeBob, it is! Piracy investigations are often not worthwhile as crimes in and of themselves.
The cops will have a strong incentive to get you on other charges, so when they search your house they’ll be looking not only for the computer with your name on it but for anything that could be misconstrued as illegal or prohibited. Hope you’re clean.
But assuming you don’t have an unregistered firearm and pile of illicit drugs next to your computer they’ll still take the computer in for a snoopin. Assuming again that nothing is found but wholesome episodes of SpongeBob on your computer they will without any doubt find your /etc/WireGuard folder with all the config files. Oh, they go to the vps you rented. Imagine that!
In America the crime of setting up a telecommunications system for the purpose of doing something illegal is prosecuted as wire fraud. It might be called different things in different countries but the basic conditions for the creation of law around those actions were about the same everywhere: big money stealin’ using new telegraph technology. The specific technology may have changed but the law inevitably didn’t, so they’ll pile the wire fraud equivalent charge onto you.
I don’t know your country but piracy is probably a low level crime there compared to wire fraud. So instead of facing a fine or a few months for downloading a soccer game now you’re facing a big monetary penalty and many years in jail for creating a system of wire fraud.
Even the often times not very smart police can figure out how to do this. You can check this out by looking in your own countries cop arrest records and see what they’re jamming people up for when it comes to computer crimes. It’s usually the local equivalent of wire fraud when they can get it because the newer, computer specific laws are harder to convict under or have more lenient penalties proscribed.
So anyway, instead of literally building an illegal crime tunnel which is a much worse crime than piracy, spend the money on air or one of the other piracy vpns. You’ll be saving yourself a lot of headache and protecting yourself much better than you did with a home built system.
I took the time to write this out much more explicitly after being told to fuck off because you’re making an incredibly stupid decision. I don’t want you to feel stupid, but I want you to recognize that you’re pursuing a more difficult path that opens you up to much more serious charges and which you are not even capable of getting up and running at the moment.
Just think on that for a second.
You can’t get your illegal crime tunnel working right and you’re asking for help with it on a public forum.
It’s good to try things for the sake of learning. I would strongly advise against trying to learn by doing illegal things and asking for help in public in the strongest possible terms.
Go get a piracy vpn service instead. It accomplishes your goals and keeps you safer than your home grown would if it were working.
I understand. But why do you call yourself “stupid_asshole69” if you’re not some kind of troll?