hey everyone! I’m back after taking some time off from certain things. before I start losing my mind from not having anything to do, I decided that I’m going to start being more “involved” in the online world. even if It’ll take away some of my privacy a bit, also because I want to practice being less paranoid, I’m sure some of you know how this feels very well. and so far there’s no clear answer to how you could become truly invisible. by the way, I now finally have my own fediverse social media account and my own website. there’s no such thing as ‘blogger’ type fediverse platform so I chose something else for now.
moreover, here’s the actual reason I came back online; can anyone tell me how I can make my own hosted vpn?
From my experience wireguard is pretty easy to setup. For what purpose do you want to setup your own vpn though? If it is for privacy reasons this is probably a bad idea because most likely the server that will run the vpn software will be linked to you. And if you are the only person using your selfhosted vpn, it is trivial to identify you.
Can confirm that it’s easy to set up. Also very fast.
I just set it up and it works. one more thing, I’m using TOR and wireguard seems to route all traffic through the vpn. is it possible to use it like a proxy?
You can adjust what traffic you wish to send over wireguard by adjusting
allowed-ipspeer attribute (assuming you’re usingwg-quick), e.g. if you only wish to send yourlemmy.mltraffic over wireguard tunnel, then get the IP address(es) associated withlemmy.mlDNS name, and add them toallowed-ipsattribute of your wireguard peer (in your local configuration), while removing the default route from there. With this reconfiguration tunnel, you will now have route(s) tolemmy.mlgoing over wireguard while rest of the traffic going via the default route. You can keep appending more routes toallowed-ipsover time, and reloading tunnel configuration.HTH
thanks. so pretty much I can’t just like use certain programs with wireguard then. maybe I’ll use this as an alternative though this is pretty complicated for certain apps like matrix. I’ll just use up and down switch for now.
For more flexibility, you can try with OS’s support for that, e.g. Linux network namespaces, or
setfib(1)in FreeBSD. AFAIK, there is nothing in Wireguard to do that other than what’s possible with routing.
I did bought the server anonymously, does that help?
Yes, that does help a little. But how much depends on your threat scenario: If you just don’t want your ISP to know what you are doing or hide your true IP from some web site you are probably good but if you want to avoid online tracking the situation with a selfhosted vpn may even be worse as your server probably has a static IP address and makes you easy to identify. Also note that once you login into some website with and without vpn it is easy to connect you to your server.
maybe https://tinc-vpn.org/
“Colloquially, the term VPN may be used to refer, albeit improperly, to a proxy service that uses VPN technology (such as OpenVPN) as opposed to higher-level proxy server protocols (such as SOCKS) as it does not require configuration of individual applications to tunnel their traffic through the proxy server, instead employing routing to redirect traffic.”
“tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet”
tinc probably won’t do what you want right out the box but you could possibly configure it to work like the vpn services if you have a network of addresses.
