Privacy

37991 readers

559 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

VPN's recommendations? (lemm.ee)

submitted 3 weeks ago by [email protected] to c/[email protected]

41 comments fedilink hide all child comments

Hello, all

I'm sorry if there is an FAQ somewhere. My VPN is about enter it's yearly billing cycle and I thought I would come over here and see if anyone had a better suggestion. I've been using IPvanish for the last 10 years and have been pretty satisfied. I picked it by going into the darkweb and seeing what the criminals recommended to each other.

If anyone has other suggestions or tales before I renew, I would love to check it out.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I love Mullvad but for some reason they refuse to add reverse split tunneling, so imo the only options are IVPN or Proton.

Reverse split tunneling gives you the ability of using the VPN only in the apps/programs you select.

[–] [email protected] 8 points 3 weeks ago (1 children)

You can set up split tunneling yourself if you run the wireguard/OpenVPN daemon manually and move the "mouth" of the tunnel to a separate Linux network namespace.

[–] [email protected] 1 points 3 weeks ago (1 children)

Last time I researched it I didn't found easy answers. Do you have an easy script?

[–] [email protected] 2 points 3 weeks ago* (last edited 3 weeks ago)

The exact script would depend on the use case; you'd use commands something like this:

mkdir -p /etc/netns/VPN
sh -c 'echo nameserver 1.1.1.1 > /etc/netns/VPN/resolv.conf'
ip netns add VPN
ip link add tun1 type wireguard
ip link set tun1 netns VPN

Because the wireguard device was created in the default namespace, it will "magically" remember its birthplace, even after you move its mouth (the tun1 device) to a separate namespace. The envelope VPN packets will keep going in/out in the default namespace.

ip netns exec VPN wg setconf tun1 /etc/wireguard/vpn.conf
ip netns exec VPN wg set tun1 private-key /etc/wireguard/vpn-key.private
ip -n VPN addr add 192.my.peer.ip/32 dev tun1

Get the wireguard config file from the VPN website, both mullvad and OVPN have a wizard to generate them. Your assigned private network ip is in the config file. Also get and save your device key.

ip -n VPN link set tun1 mtu 1420
ip -n VPN link set tun1 up
ip -n VPN route add default dev tun1
ip netns exec VPN su myuser -c 'firefox --no-remote'

Now all firefox (and only that firefox) traffic will go through the tunnel. Firefox has its own DNS, if you run another app it will use 1.1.1.1.

I actually do the reverse of this - I create a namespace ETH and move my eth0 device in there and attach dhcpcd to it. Then I create the wireguard tun1 device inside ETH namespace, and move tun1 to the default namespace. Then any software I run can only use the tunnel, because the ethernet device doesn't even exist there. This keeps the routing table simple and avoids a whole class of issues and potential deanonymization exploits with the split routing table used in traditional single-namespace VPN configurations.