Messages

Hi all
I have a basic linode VPS with pihole, openvpn server & nginx reverse proxy.
The purpose is  to access resources over the vpn in my home network, most important for me is jellyfin streaming.
Also to block ads & tracking through pihole.

So I connect the phone to the vpn, connect through it to  my virtual machine on a server at home (with jellyfin installed)
It works just fine, but with some public wifi, it seems to block VPNs.

So what I was looking to do. Setup a dynamic DNS domain name through one of the free providers for my router at home.
Open a port*, specifically 433 TCP as blocking that in any public wifi is likely a big problem.
Setup the appropriate certificates, and connect & stream.

Doing what I described above it nothing exceptional.

The next part is to setup another domain name for my phone, again with a free DDNS service..
It is possible with this:
https://apkpure.com/dynamic-dns-client/org.l6n.dyndns

*Once done, I want the port open ONLY to the IP of my phone.
So how do I periodically lookup the IP of my phone domain name, and open up the port (433) for the IP of the phone only.
If the IP changes, then obviously the old one is re-blocked.

The purpose of this is to save money on my phone data usage.   I am not interested in having a VPN server hosted at home, as the ISP can be flakey sometimes, oh and my upload speeds suck.


Edit:  I am not interested in using anything like cloudflare tunnels . It is not useful for streaming. Oh as for say streaming with plex, I do not wish to sue it as you require an account and dubious privacy.

Pointers appreciated.

Thanks


The purpose of this is to save money on my phone data.

Yes I have been running OPNsense on Hetzner cloud (CPX11 instance) for over a year now.
I'm also using it as for personal VPN exit node to my home OPNsense via wireguard.
Hetzner provide OPNsense ISO image right out of the box, so installation is super easy.
Not sure about Linode I have never used it before.

Hi.
I llooked into it, linode it seems is necessary for me.
I need a VPS in my country for various reasons - specifically Australia.
Not much more choice  it seems.

I should have been more clear.
The opnsense vps will replace the present one (linux with  pihole & openvpn)

My motivation is primarily economic & also related to privacy & security.

So presently I have  my own internet connection with modem & virtualized router.
That my not always be the case.
If in a situation with internet access & no control over the router, will need to use a vpn if privacy & security is an issue.
It presently saves me money when connecting to the internet on my phone through data usage.

The linode basic server is $5 US/month.

Electricity prices pretty much everywhere is crazy, so maybe no home server. I still want the benefits of using opsense though.

I have NO trust for any commercial vpn service.

I  am looking for input from those who have managed to setup opnsense on a server.

Hi all
Is anyone doing this?
I have a basic linode server.
It has ubuntu 2204 with , openvpn & pihole for ad blocking and such.
It is limited but does what I want it for now.
I did find this:
https://www.youtube.com/watch?v=GjlfVoRxkvU
It is for installing pfsense on a linode server. I expexct it is a matter of using the opnsense one instead.

Another idea idea was to install opnsense on virtualbox, setup with 2 lans using a linux viirtual machine to setup using the web browser.
So I would use install opnvpn  & setup the appropriate clients.
Then have both virtual machines on a NAT network to test  then vpn access. Then opnsense would have a single  WAN network.
Then attach  the virtual drive to the linux machine.
Then use ssh to using  linux DD to the linode server (in  a special mode allowing raw access to the lindode drive).


I I guess I would need to change he IP addesses in the ovpn files created to that of the lindoe server.

So has anyone done anything similar?

It will have  a single WAN, with openvpn access to a non standard port (not 1194).

Useful info appreciated!

Hello all
I have recently started using opnsesne, and are fairly impressed.
It is virtualised on proxmox for now, with hardware passthrough to a quad port NIC. I may get a low power dedicated machine for it soon.
I have managed to replace various containers within proxmox with opnsense plugins.
It is mainly tor &multiple pihole instances, for network adblocking and the other for IOT (in my case my TV).
A mixture of mutliple dns servers, like dnscrypt & adguard helped with this.

Also I have a lancache container on my proxmox server. I hope  to place it in the router if practical.
It has two parts as I understand:

A DNS server, which downloads from published lists to modify dns entries (just like in adguard , unbound & dnscrypt).
Instead of blocking, would redirect the appropriate DNS to the second part, which is a caching proxy server.

So neither of these are exceptional.
From here: https://lancache.net/docs/containers/monolithic/
"Some publishers, including Origin, use the same hostnames we're replacing for HTTPS content as well as HTTP content. We can't cache HTTPS traffic however the container is setup to proxy any traffic received on 443 to the destination uncached."

So it is caching proxy server for unencrypted downloads.

From their site, it is debain based docker container, so not appropriate to install directly on opnsense.

Is someone working on a plugin for this?
If so, well we would all need a fair sized SSD.

Another option may be just redirecting port 80 to the server. there is already a proxy server in opnsense that can do this, but are unsure if it is suitable.
If it is practical, opsense would likely become very popular among the gaming community.

Pointers appreciated.

Thanks

Thanks. I will look into it.

Hi all
I have recently started using opnsense instead of pfsense.
It seems more straight forward to setup.

It is virtuaised in proxmox.
A couple of containers i was using have been replaced, like pihole & tor. Now their functionality is in opnsense.
I have another pihole container on proxmox which is a special case for my android TV.
Typically phole downloads blocklists and filters using them.
In this case I have EVERYTHING blocked by default using DNS . I allow traffic for particular apps based on regular expressions. No blocklists are used.

It was a little tricky so setup, but now it works as I wish.
In case anyone is curious smart TVs are spying on you a lot. The pihole the TV uses has a block rate of 95%. It is constantly trying to call home.

So my TV will be on its own LAN. I need a method of blocking/allowing traffic based on regular expressions.
I have tried  to set the tv proxy to the web proxy and block all other traffic from it. Most apps would not work.

I need a way of using regualr expressions to block/allow traffic.
A web proxy is no good there as some apps on the it seems do not use standerd web traffic.

I wish to buy a low lower PC to use as a opnsense router and use ther present server as a NAS & maybe jellyfin.
Before that I need the proxmox  containers I have with tor, pihole end others to be have their function replaced in the router instead.

Useful info is appreciated.

Thanks

Hi there.
I have an old machine. i7-3770 32GB.
It has proxmox with OPNsense viirtualised with a quad port gigabit nic attached using IOMMU.
It has various virtual machines & obviously OPNsense.

I used to have pfsense but are glad a transitioned over.

Some proxmox containers I am using could now be redundant due to plugins.
The idea is to maybe buy a low power machine as a router only and use the present one just as a NAS.

I have setup dnscrypt setup and a pihole pointing to it. It works just fine.
Now I wish to replace pihole & a container with tor.

So for DNS I want ad & tracker blocking. There is an option in unbound it seems to set this up.
I want unbound to then use dnscrypt. DoH queries only.
Then dnscrypt to do DNS queries over tor. I think this is possible.

So DNS queries would go to unbound -> dnscrypt -> tor. I am aware it may have lag.
The purpose is for privacy & security is anyone has not already guessed.

I think tor initially requires DNS to start up & configure its routes.

Is this practical?

I have some networking knowledge, but have just started using opnsense. I am defintely not an expert.

I have basic linode VPS. It has ubuntu, pihole & openvpn installed.
I wish to install opnsense instead. It is tricky but doable.
So use openvpn server & the plugins I mentioned.

On proxmox I also have a lancache server. It is to cache game downloads.  Is that available as a plugin?

Pointers appreciated.

Thanks