So in this time and age, everyone wants to hack your machine, steal your data, or spy on your traffic. How can you really, face all this so that you feel safe while browsing the internet, or having your own apps in the VPS or in your home. How do you manage and access them reliably?
Wireguard for VPN
So, first things first, you have to have a VPN so that you can do whatever you want, in private. I posted a few months ago, that I installed OpenVPN on my router and on my machines. And it worked flawlessly, until it broke in my phone. Somehow. Probably just me and my configuration.
I did try to fix it, but in the end, I also found that people want to use Wireguard for VPN, since it’s newer, faster, shinier kid in the block. It comes in docker images, and can be easily deployed in a myriad of devices (well, not as easily as OpenVPN).
So in I went, configuring Wireguard in my trusty router, and using a few nights to tinker and trying to figure out why it’s not working properly. Until, magically, everything clicked, everything worked, and I was connected.
Did anything change? Yes, everything in my home network, became available on my phone, everything was actually really fast, and I didn’t get any hickups, or anything, that I did encounter few times with OpenVPN.
And so came to the realization, I don’t have to expose my internal services (immich, etc) to the internet via Cloudflare tunnels or anything like that what people tend to do. I can just have 24/7 VPN open in my phone, and access it via VPN.
If something happens, the photos are still in my phone, and will get uploaded once I arrive home, where everything is working in my internal network.
Gluetun to hide yourself
So, you have VPN that allows you to hide yourself while on travel. But you have apps in your internal network, that when accessing outside network, tell who you are, where you’re from, and can lead to not so nice people coming and knocking on your door.
So yes, you have to hide your presence, and I chose to use Gluetun, a docker image, like everything I install, that allows me to route all my other docker images network, using the VPN configured in Gluetun.
network_mode: "container:gluetun" # run on the vpn network
That’s that. It’s the only thing you need. You configure your Gluetun image, make sure it works flawlessly (like /bin/sh into there and figure out your outside ip). And then route all your docker images network using gluetun.
Instant profit. No need to worry about someone sniffin your traffic, or where you’re from.
Mullvad
But everything will come crashing down, if you don’t use a good VPN proxy. And there are many of them out there. But the one that just clicked for me. Was Mullvad, I know, it looks like those cheap-airline websites. But the key point that won me over was that, you don’t actually register your account.
Mullvad will generate a random UID for you, and that’s that. They charge 5€/month, no questions asked, you can pay with bitcoin, or via other means if you’re less paranoid. But it was so much more nicer experience than ExpressVPN or other VPN services I’ve tried.
Flat fee, no actual account, just a number, and you get Wireguard VPN to use. And in my testing, it’s reallyreally fast. Like, so fast, I’m thinking, why not route all my home traffic using this.
Privacy
Because privacy is the same as data ownership, you want to keep yourself hidden. You want to own your own data.
And you can’t compromise on these principles. Well you can, but you shouldn’t. The internet is too nasty place nowadays for that. So you really really shouldn’t.