A simple way to make web stuff on Raspberry Pi.
Raspberry Pi: Ad Blocking
Корпус Rainbow Pibow для Raspberry Pi Model B -> подробнее: https://raspberry.com.ua/p/rainbow-pibow-enclosure-for-raspberry-pi-model-b/#!prettyPhoto
IoT on Raspberry Pi
Pi - The Personal Assistant - Speech Recognition (Raspberry Pi + IBM® Watson)
________________________________________________________________
http://www.pivpn.io
https://gist.github.com/superjamie/ac55b6d2c080582a3e64
https://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing/
_____________________________________________________________
Как с Raspberry Pi сделать маршрутизатор Wi-Fi
Wifi роутер на Raspberry Pi 2/3
Raspberry Pi VPN Router
How to turn your Raspberry Pi into a Home VPN Server using PiVPN
Setting up a Home VPN Server Using Your Raspberry Pi
Raspberry Pi VPN Server: Build Your Own Virtual Private Network
Browse Anonymously with a DIY Raspberry Pi VPN/TOR Router
Installing a PPTP-VPN server on a Raspberry Pi
How to set up your own Raspberry Pi powered VPN
Raspberry Pi VPN Gateway
_____________________________________________________________________________
Best Modern Lightweight Web Browsers for Linux Raspberry Pi Slower Computer
https://mycomputerhelp.net/2015/09/23/best-modern-lightweight-web-browsers-for-linux-raspberry-pi-slower-computer/
https://mycomputerhelp.net/2015/09/23/best-modern-lightweight-web-browsers-for-linux-raspberry-pi-slower-computer/
How to build your own VPN if you’re (rightfully) wary of commercial options
In the wake of this spring’s Senate ruling nixing FCC privacy regulations imposed on ISPs, you may be (even more) worried about how your data is used, misused, and abused. There have been a lot of opinions on this topic since, ranging from “the sky is falling” to “move along, citizen, nothing to see here.” The fact is, ISPs tend to be pretty unscrupulous, sometimes even ruthless, about how they gather and use their customers’ data. You may not be sure how it’s a problem if your ISP gives advertisers more info to serve ads you’d like to see–but what about when your ISP literally edits your HTTP traffic, inserting more ads and possibly breaking webpages?
With a Congress that has demonstrated its lack of interest in protecting you from your ISP, and ISPs that have repeatedly demonstrated a “whatever-we-can-get-away-with” attitude toward customers’ data privacy and integrity, it may be time to look into how to get your data out from under your ISP’s prying eyes and grubby fingers intact. To do that, you’ll need a VPN.
The scope of the problem (and of the solution)
Before you can fix this problem, you need to understand it. That means knowing what your ISP can (and cannot) detect (and modify) in your traffic. HTTPS traffic is already relatively secure–or, at least, its content is. Your ISP can’t actually read the encrypted traffic that goes between you and an HTTPS website (at least, they can’t unless they convince you to install a MITM certificate, like Lenovo did to unsuspecting users of its consumer laptops in 2015). However, ISPs do know that you visited that website, when you visited it, how long you stayed there, and how much data went back and forth.
They know this a couple of ways. First, if your website uses Server Name Indication (SNI) to allow multiple HTTPS sites to be served from a single IP address, the hostname is sent in the clear so that the server knows which certificate to use for the connection. Second, and more importantly, your DNS traffic gives you away. Whether you’re going to Amazon.com or BobsEmporiumOfDiscountFurryMemorabilia.com, your computer needs to resolve that domain name to an IP address. That’s done in the clear, meaning it’s easily intercepted (and even changeable in flight!) by your ISP (or any other MITM) whether you’re actually using your ISP’s DNS servers or not.
This is already enough to build a valuable profile on you for advertising purposes. Depending on your level of paranoia, it’s also enough to build a profile on you for blackmail purposes or to completely compromise your Web traffic if you aren’t incredibly careful and observant. Imagine an attacker has the use of a Certificate Authority to generate their own (valid!) certificates; with both that and DNS, they can easily redirect you to a server of their own choosing, which uses a certificate your browser trusts to set up an invisible proxy between you and the site you’re trying to securely access. Even without the use of a rogue CA, control of your DNS makes it easier for an attacker to use punycode domain names and similar tricks to slide under your radar.
Beyond that, any unencrypted traffic–including but not limited to HTTP (plain old port 80 Web traffic), much peer-to-peer traffic, and more–can be simply edited on-the-fly directly. Which, may I remind you, ISPs have repeatedly demonstrated themselves as perfectly willing to do.
You can’t protect yourself from all potential attackers. Unfortunately, an awful lot of the critical infrastructure of your access to the Web is unencrypted and really cannot be secured. As a person with limited resources who can’t afford to consider personal security more than a part-time job, you (and I) are unfortunately closer to Secret Squirrel than to James Bond. You can, however, move your vulnerable, unencrypted transmissions out of your ISP’s reach. So that’s what we’ll aim to do here.
A problem of trust
We’ve already established–actually, your ISP has already established–that your ISP cannot be trusted. The obvious solution, then, is a VPN, a Virtual Private Network, that tunnels all of your vulnerable, unencrypted data outside the ISP’s reach. The problem is, that data will be just as vulnerable when it exits the endpoint. Essentially, you’ve traded one set of vulnerabilities for another, hopefully less-troublesome set.
Imagine you’ve got a particularly pesky evil genius of a little brother who has learned how to tap the network traffic coming out of your room and who delights in embarrassing you at school with the gossip you shared privately (or so you thought) with your friends. One of those friends says, “Hey, how about you just setup a VPN between your house and mine? Then everything coming out of your room will be encrypted, and your little brother can’t mess with it.” So far, so good, but then it turns out that friend has a pesky evil genius of a little sister, and now she’s reading your IMs and passing the juicy bits back to your little brother. In the end, you’re no better than you started off.
This is the situation you’re in today when you start looking at VPN providers: perhaps they’re trustworthy, perhaps they’re not. Unfortunately, the very same characteristics that make them attractive (claims not to log your traffic, no good relationships with authorities, presence in a lot of countries, inexpensive plans) make them… dubious. How do you know the company with the offices in Moldova that is charging you $2/mo for all the bandwidth you can eat isn’t actually monetizing your data just like your ISP did, or maybe even worse? Has anybody audited their facilities to independently verify any claims of zero logging? Probably not.
Now, a VPN called Private Internet Access recently made a few waves by standing up to an FBI subpoena to some degree. In a case surrounding a possible bomb threat hoax (PDF), Private Internet Access appears to have made good on its no logging claims. According to the criminal complaint, “a subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.”
Does this mean everyone can trust VPNs in general? Of course not. And as for Private Internet Access specifically, one public success doesn’t necessarily remove all doubt–prosecutors in the case didn’t push any further given they had plenty of other evidence to support their argument. So if you can’t trust your ISP and you can’t trust a VPN provider either, what’s the plan then? Well, you’re left with an option possibly not suitable for your average Internet user: roll your own VPN at an inexpensive cloud hosting provider like Linode or Digital Ocean.
There are no absolute guarantees with this avenue, either, But while you probably can’t avoid your local ISP (few of us have more than two choices, if that), the Internet is full of hosting providers. It’s a much bigger deal if one of them generates a lot of customer anger for messing around with customer data. These companies are also less likely to roll over quickly for improperly tendered law enforcement requests than a typical ISP (although, again, there are no guarantees). Getting your data safely away from a predatory ISP is one thing; getting it away from a nation-state adversary or APT that truly wants it is something else entirely and probably beyond our scope.
For easy ipv6 (in addition to ipv4) support, modify the openvpn’s server.conf: ;proto udp proto udp6tun-ipv6tun-mtu 1500fragment 1300mssfixserver-ipv6 2600:????:????:????::/64And the following to the openvpn’s client.conf (I do this on a homebrew ubuntu router):;remote your.server.ip.address 1194;proto udptun-ipv6tun-mtu 1500fragment 1300mssfixand then use the client connection command:openvpn –daemon –config /etc/openvpn/client.conf –remote $vpn_public_ip 1194 udp –writepid /run/openvpn.pidYou still have to setup ipv6 routes and rules, but it is pretty much analogous to doing so with ipv4, just use sudo ip -6 [rule | route] add.
this will save a lot of headache: https://github.com/trailofbits/algo>Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices. See our release announcement for more information.>Features>Supports only IKEv2 with strong crypto: AES-GCM, SHA2, and P-256>Generates Apple profiles to auto-configure iOS and macOS devices>Includes a helper script to add and remove users>Blocks ads with a local DNS resolver (optional)>Sets up limited SSH users for tunneling traffic (optional)>Based on current versions of Ubuntu and strongSwan>Installs to DigitalOcean, Amazon EC2, Microsoft Azure, Google Compute Engine, or your own server>Anti-features>Does not support legacy cipher suites or protocols like L2TP, IKEv1, or RSA>Does not install Tor, OpenVPN, or other risky servers>Does not depend on the security of TLS>Does not require client software on most platforms>Does not claim to provide anonymity or censorship avoidance>Does not claim to protect you from the FSB, MSS, DGSE, or FSMor, if you use linux or macos, my personal favorite: https://github.com/apenwarr/sshuttle>Transparent proxy server that works as a poor man’s VPN. Forwards over ssh. Doesn’t require admin. Works with Linux and MacOS. Supports DNS tunneling.it’s much easier than a full fledged vpn with comparable speed, but fyi — on ubuntu, the first attempt to connect after a reboot always dies immediately, but any thereafter will work like butter.
Some notes from somebody that has tried a lot of this:- Any cloud provider I’ve tried couldn’t deliver more than a few Mb/s performance. My location in the south may be to blame. Although, I tried a couple in Dallas.-I’ve never tried the manual setup process described here. I used Streisand which makes it all very easy. Maybe that’s effecting my performance? -The policy based routing does allow you to use your streaming service of choice on your streaming device of choice. However, any mix use devices like iPads or computers will now be unable to use those streaming services. Which can be very frustrating depending on your use case. -The faster your home internet connection the more powerful router you’ll need if you want to run the OpenVPN client on the router and still get full use of your paid internet service. For example, a pfSense SG-2220 was fine on 50/10 service. Once I got 150/25 it could no longer keep up.-This can all get pretty expensive if you don’t have spare gear to repurpose. I’ve tried a few different things for running my router. VM on my home server, former home server Intel C2750 board in a rack mount case, SG-2220, and an old 2009 MacBook pro. The more purpose built the hardware, the smaller and more efficient it is…. and the more expensive it is. If you don’t have an old consumer grade router running DD-Wrt of Tomato in order to configure it as a WAP, you’re going to need a WAP. And you’re either going to pay for a VPN provider or a cloud server. You’ll never guess which is more expensive….. the cloud provider. -Don’t virtualize your router. It’s a pain in the neck and probably not as secure. You really want a discrete router. My current setup is a SG-2220, UniFi AC Pro, smart managed switch, unmanaged switch, and a combination of PIA and ProtonVPN. At the moment I’m running VPN clients on the clients. My next attempt will be to sell the SG-2220 and build/buy as small a computer as I can with two Ethernet ports. I may just get a used desktop with a desktop class x86 and stop playing around with Atom chips. At least a decent low power Celeron. I’ll try cloud hosted servers again but manually set them up and see how it goes. Once I’ve replaced the SG-2220, I’ll go back to running the client on router. But I’ll get a streaming device to plug into one of my desktop monitors or put a cheap TV with a streaming device above the monitors so I can Netflix at my desk. None of that is to say it isn’t a worthwhile project. For a lot of people it’ll be cheaper and easier to do. They aren’t as persnickety as I am. I’ve actually enjoyed messing around with it. But at some point I got tired of tinkering and I’m really ready for it all to “just work”. I want my privacy and convenience too. And you aren’t likely to ever get both.
WireGuard
StrongSwan
Это сэкономит много головной боли: https://github.com/trailofbits/algo>Algo VPN - это набор сценариев Ansible, которые упрощают настройку личной IPSEC VPN. Он использует наиболее безопасные значения по умолчанию, работает с общими облачными провайдерами и не требует клиентского программного обеспечения на большинстве устройств. Подробнее> Поддержка> Поддерживает только IKEv2 с сильным криптографическим алгоритмом: AES-GCM, SHA2 и P-256> Создает профили Apple для автоматической настройки устройств iOS и macOS> Включает вспомогательный скрипт для добавления и удаления пользователей > Блокирует объявления с помощью локального DNS-преобразователя (необязательно)> Устанавливает ограниченных пользователей SSH для туннелирования трафика (необязательно)> На основе текущих версий Ubuntu и strongSwan> Устанавливается на DigitalOcean, Amazon EC2, Microsoft Azure, Google Compute Engine или ваши собственные сервер> Anti-features> Не поддерживает устаревшие комплекты шифрования или протоколы, такие как L2TP, IKEv1 или RSA> Не устанавливает Tor, OpenVPN или другие опасные серверы> Не зависит от безопасности TLS> Не требует клиентского программного обеспечения на большинстве платформ> Не претендует на предоставление анонимности или недопущения цензуры> Не требует защиты от FSB, MSS, DGSE или FSMor, если вы используете linux или macos, мой личный фаворит: https://github.com/apenwarr/sshuttle> Прозрачный прокси-сервер, который работает как VPN для бедных людей. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Не поддерживает устаревшие комплекты шифрования или протоколы, такие как L2TP, IKEv1 или RSA> Не устанавливает Tor, OpenVPN или другие опасные серверы> Не зависит от безопасности TLS> Не требует клиентского программного обеспечения на большинстве платформ> Не претендует на Обеспечить анонимность или уклонение от цензуры> Не требует защиты от FSB, MSS, DGSE или FSMor, если вы используете linux или macos, мой личный фаворит: https://github.com/apenwarr/sshuttle>Прозрачный прокси-сервер, который Работает как VPN для бедных людей. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Не поддерживает устаревшие комплекты шифрования или протоколы, такие как L2TP, IKEv1 или RSA> Не устанавливает Tor, OpenVPN или другие опасные серверы> Не зависит от безопасности TLS> Не требует клиентского программного обеспечения на большинстве платформ> Не претендует на Обеспечить анонимность или уклонение от цензуры> Не требует защиты от FSB, MSS, DGSE или FSMor, если вы используете linux или macos, мой личный фаворит: https://github.com/apenwarr/sshuttle> Прозрачный прокси-сервер, который Работает как VPN для бедных людей. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Или другие рискованные серверы> Не зависит от безопасности TLS> Не требует клиентского программного обеспечения на большинстве платформ> Не претендует на предоставление анонимности или недопущения цензуры> Не претендует на то, чтобы защитить вас от FSB, MSS, DGSE или FSMor, Если вы используете linux или macos, мой личный фаворит: https://github.com/apenwarr/sshuttle> Прозрачный прокси-сервер, который работает как VPN для бедных людей. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Или другие рискованные серверы> Не зависит от безопасности TLS> Не требует клиентского программного обеспечения на большинстве платформ> Не претендует на предоставление анонимности или недопущения цензуры> Не претендует на то, чтобы защитить вас от FSB, MSS, DGSE или FSMor, Если вы используете linux или macos, мой личный фаворит: https://github.com/apenwarr/sshuttle>Прозрачный прокси-сервер, который работает как VPN для бедных людей. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Не претендует на предоставление анонимности или недопущения цензуры> Не требует защиты от FSB, MSS, DGSE или FSMor, если вы используете linux или macos, мой личный фаворит: https://github.com/apenwarr/sshuttle> Прозрачный прокси-сервер, который работает как VPN для бедных людей. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Не претендует на предоставление анонимности или недопущения цензуры> Не требует защиты от FSB, MSS, DGSE или FSMor, если вы используете linux или macos, мой личный фаворит: https://github.com/apenwarr/sshuttle> Прозрачный прокси-сервер, который работает как VPN для бедных людей. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло. Вперед по ssh. Не требует администратора. Работает с Linux и MacOS. Поддержка DNS tunneling.it намного проще, чем полноценный vpn со сравнимой скоростью, но fyi - на ubuntu, первая попытка подключения после перезагрузки всегда сразу же умирает, но после этого будет работать как масло.
Немає коментарів:
Дописати коментар