Please consider creating a "Self-Hosted DNS Server with (insert your recommended DNS server here) + Linode" video. We really need both this VPN video and a DNS video. Bonus points if you think there is value in DNS-SEC integration, or it's secure alternatives. DOUBLE bonus points if both the VPN and DNS server can work in a Linux distribution or *BSD OS with a small enough memory footprint to work within Linode's smallest $5 VM pricing tier. TRIPLE bonus points if you can integrate DNS / host level ad-blocking. Thank you! (and realize that if you do this, you will be a lower case "g" god among us mere mortals.

This isn't complete without Wendell sitting beside him, and muttering "Oh, no" and then whimper-chuckling, after Ryan said everyone is tracking you.

RIP the poor Linode user that everyone attacked just in case it really was still Ryan.

I’ve done this before with wireguard and a rpi4. As long as you keep the configuration simple it’s a superb solution.

Engagement challenge: Here is a comment.

Thanks again guys for the patient and thorough walkthroughs!

You just need to remember that using a VPN just moved your trust from ISP to the VPS’ provider’s ISP. It won’t make you anonymous as it can still be traced back to your node’s IP.

I actually did this recently. Really enjoying wireguard because I can get pretty close to my full gigabit speeds over it instead of like 200mb/s with openvpn.

Just because you don't keep your own logs it doesn't mean that Linode doesn't keep theirs. IP addresses that you get from them point directly to you and you don't have any option of deniability. Moreover Linode not so great option for EU citizens due to EU-US Privacy Shield invalidation.

You can also restrict all of the traffic to your client PC except for IP address of Linode. (on your local router) So no traffic escapes bypassing VPN.(things like Window Kernel) iptables -I FORWARD 1 -m mac --mac-source 00:xx:xx:xx:xx:xx -d 123.123.123.123 -j ACCEPT iptables -I FORWARD 2 -m mac --mac-source 00:xx:xx:xx:xx:xx -j DROP This is what I used to have on my router. 123.123.123.123 is your VPN IP and 00:xx:xx:xx:x is the mac address of your vpn client machine.

👏 LEVEL 👏 ONE 👏 LINUX 👏

Your haircut looks great. First video I’ve watched in a while

Just finished every video in backlog now I’m ready.

I don't even have anything to hide from anyone! But I pause before I do a Google search and ask myself do I really want to see advertisements about this search for the next two weeks.

I'd love to see a WG on PFSense with all traffic routed video! Please please please!

Still lobbying for tipsy Ryan doing Level099 where he explains things to us stupids :)

I switched to ZeroTier because setting up individual peers was getting to be a nightmare. But my usecase was more to connect to my different machines from anywhere on the internet, rather than privacy (although it should also be possible to tunnel all traffic)

First video like this I have watchd - what is the app Ryan is using for SSH acces to the Linode server?

Great tutorial! Thanks very much! Protip: If you have meticulously followed this guide and still have issues connecting to the internet, then try re-running the: wg set wg0 peer ... allowed-ips x.x.x.x Command again. I spent far to long trying to figure this one out. I'm not a wiregaurd expert but I think it fucked me when I rebooted the server. Protip2 as others have pointed out, sysctl -p negates the need for a server reboot.

You don't need to reboot for the sysctl.conf thing: "echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward". You should also enable/configure unattended (security) upgrades.

great video! can you make a video about securing the ssh connection to the box? I fear that many people who want to run this don't know how to change ports, set up ssh keys, etc. and will have their vpn box added to a botnet in no time.

Nice tutorial. Pritunel with wireguard makes life easier as well . Wireguard flies compared to open vpn.

Ryan, don't worry about it. Ubunthu as in pronounced in RSA(atleast in the north of Pretoria) is U-boon-too.

Can you also do a video on connecting via the NetworkManager GUI?

Had to do following to get wireguard installed: (1) apt-add-repository universe (2) apt-get update (3) apt-get install wireguard

Is there a specific reason for doing direct over using a self-hosted solution like Algo

Nice work!... Now a Q (or two?) Can I set up WG and Linode such that my EdgeRouter4 (which supports WG internally now) is connected to Linode... AND THEN use my laptop to connect to that connection point (@ Linode) such that I can be connected into my router (a VPN there, BTW)? The context here is that MY ISP BLOCKS ALL INBOUND TRAFFIC to my router. So, If I establish a connection from my laptop on-the-road to some external point (ie . Linode) and then connect there, I can get into my home network. And the second question is. If I leave my Edgerouter running with WG connected to Linode, if there is no traffic (other than whatever connection-keep-alive's are needed), is there [significant?] USAGE CHARGES other than the monthly?

WeVPN has built in wireguard as an option, can be paid with crypto, has no logging and is very affordable. I switched to them after PIA sale and am very satisfied.

awesome video !

Need more vids from this channel 🤠

I've been running wireguard for the last 3 weeks on some raspberry pis and my PCs, but Ubuntu is making me pull my hair off and I don't want Manjaro or anything Arch based on the Pi 4s, because I won't update them frequently (probably once a month or so), so I don't want my systems to come crashing down when I don't have physical access to them (wireguard went down on one of them when I was adding keys remotely, and now I need to go restore it). I can barely wait for a Void image for the Pi 4, because I'm too dumb and lazy to install it any other way. Edit: wireguard itself is great though. Easier to maintain and faster than openvpn.

I will try this during the weekend :D

I also think like John Kaye and also add my share of engagement goodness.

stupid question: Under allowed ip adresses. Enter a subnet ip. How do i know what my subnet ip is.

First thing todo it sudo apt update && sudo apt upgrade. Also do it after adding a repo

engagement challenge, embarrassing things you do on the internet with your new wireguard vpn

I want to create a literal virtual network consisting of several linux, macOS and Windows boxes that are all in different locations. For now, it's fine if they use their existing connection but I would love to be able to use services like the iPhone's Remote app to listen to iTunes content on my old Mac Mini server or even have NGINX rev-proxy to a website it is hosting. There are a couple of ideas I have but so far, no idea how to make them happen. Can I use Wireguard for this scenario? Thanks!

Is a unlimited traffic hosting provider necessary?

Tried this with like 4 different distos on linode, most dont even have a repository for it the ones that do it never worked even after following all the steps, it connects but the server won't send anything back to the client.

Wasn't aware pia was bought out, YIKES. I may be trying this out then

wonderful video

If you made your own server, how can you get an external IP address for it ?

The kill-switch is nice to block other programs because Windows itself will not respect that, it will still communicate outside of the VPN, just be aware of that.

Ryan #1 Tenshi Muyo fan confirmed

I love Linode and Digital Ocean.

Every single time

I expected this to be a video on Algo ( github.com/trailofbits/algo ) since they just merged support for Linode. That's another option if anyone wants an automated process for setting up WireGuard on a VPS.

I've been using Pritunl. It's pretty easy and straight forward to set up other family (since Ive appointed "the computer guy"). Do you see any advantages of using wireguard over openvpn? Thanks, Ryan 😊

Im imagining a solution where you'd use a chain of vpn proxies where each hop is to a different cloud provider. Something like AWS 1 => Azure 1 => GCP 1 => AWS 2 => Azure 2 => GCP 2 => Target. You could automate that with Pulumi/Ansible and tear it down when you're not using it. Keeping the cost down. Or just use TOR I guess ;)

“Because the first time didn’t record” oh god lol.

Why would you use /24 and not /32 for the interface?

Imagine being sad enough to try and attack temporary details in a tutorial video lmao, surely these people are merely urban legends? Like the chupacabra, or the ankle slasher? Made up to scare misbehaving sysadmins, right? _RIGHT?_

Does this really solve anything it's still a 1to1 thing just would protect from isp snooping

Cool Stuff

what happens when your client ip changes? do you have to tell the wireguard server about the new external ip your client has?

I highly recommend not torrenting if you decide to go with linode as your private VPN. Trust me on that.

Excellent tutorial, but there are some mistakes. 1. You need not have to open ssh. As you can also connect to Lish using a web browser. This is far more secured one. 2. You need not have to reboot your Linux instance so often. Example, when you edit sysctl.cfg file just a command "sysctl -p" [ without inverted comma] the job is done. 3. If you have your own domain, consider adding A record pointing out to your Linode giving something like myvpn.yourhost.com instead of ip. With Let's encrypt, things can be made more secured.

I have used OpenVPN to do this before, is Wireguard better? If so, how?

Hello! Apparently it is working for me. I can ssh from both peers (using that virtual ip) but my client has no internet- which is a Ubuntu server- can't update nor ping. What do I do?

Why use Google's DNS instead of OpenDNS or Cloudflare?

At least get hosting from somewhere that is not under US laws. That's such a basic information security mistake.

Usefull part start at 5:34

Now do this for openVPN... Because all other tutorials I try I fail.

Using chrome/chromium on Windows 10 while creating a privacy focused video... ? Edit: Lol... I am also using google chrome right now, but this is not my personal computer.

I dont know much about VPN, but i do know that one+ face hair is distracting 0.0

Welcomed content. Tried this and worked. Ryan, not to piggyback your content or information, but using this script is much more faster, easier and simpler. github.com/angristan/wireguard-install Sign in in your favourite cloud provider (Linode, Vultr Digital Ocean) , enable a VPS with Ubuntu 20.04 LTS , SSH into it, run the script and Bob is your uncle. Managed to get Wireguard VPN working both phone and laptop in 10 minutes top.

Ubuntu PPas better than Debian Backports? ROTFL!

Not quite simple enough to be a normy solution, but good for the rest of us :)

ENGAGEMENT

Engagement challenge: _comments 'n stuf_

"Just go to *etcetera* slash wireguard" (Distant reeing)

Will this be blocked by HBO/Netflix etc

Sux...not a how to.

This is basically useless for most things, your VPNs IP is static and your VPN host will rat you out in the blink of an eye. No other users means that none of the fuzzing benefits of having multiple users on one IP can be used. This will only be useful if you want an encrypted tunnel to a different region, for example if you're a journalist who wants to safely extract data through a government controlled network to a safe country.

Video quality is pretty bad, can't read his screen. Looking elsewhere ...

5:35 Haha, I don't think I'll be using Linode.

Not everyone need a gaming motherboard. Some people do lot more than play game.

Linode + Wireguard + TOR Any reason it would not work?

Jesus Christ... shame on you if you missed putting [Interface] at the top of the config file like I did. Holy shit.

15:37

I have a big problem with the whole concept of self hosted VPNs / Search services (like Searx). The whole concept of VPNs as I understand it is that you connect to a website through another IP (the IP of the VPN). The website sees the VPNs IP and not yours. That's fine does it matter if you're the only one using that VPN. They might not get your location. Who cares. For me the power of VPN is that you connect through an IP that is used by 1000s of other people and basically the info the websites collect for this IP is useless. The same with search engines like Searx. If I'm the only one using the Searx instance it's basically the same as using google directly. The only way self hosted VPN or search engine being useful is if you share that instance with rest of the world so other people start using it along with you. This ignores that most website don't even rely anymore on IP for tracking and use browser fingerprinting instead. The only use i see for a VPN is location spoofing for websites like Netflix that have Location locked content. And for preventing ISP tracking to some degree.

DOOD!

Wireguard works great, but openvpn is better integrated with networkmanager

just use algo bro

I triggered Ryan :) lolz

hhhhhhhhhhhhh great picture

F linode for SJ

You can't trust anyone! *Proceeds to trust Wireguard and Linode*

ProtonVPN is great

Not #AMD