How to build a home network that prevents your ISP from seeing your data, isolates ASICs and allows you to mine Bitcoin without permission.
A privacy-focused guide on building a secure home network with a pfSense firewall, explaining how to set up dedicated home networks to separate your family’s WiFi web browsing from your Bitcoin mining traffic; how to configure a VPN with WireGuard; and how to send all your internet traffic through Mullvad VPN tunnels with automatic load balancing to switch between tunnels during times of high latency; as well as how to configure an ad blocker at the firewall level.
Every Bitcoin home miner is going to need a home network. Building a secure and private network to mine from is an essential part of maintaining a permissionless operation. By following this guide, you will see how to build a robust and customizable home mining network that features the following benefits and more:
- Virtual private network (VPN) tunneling to secure and encrypt your internet traffic
- Enhanced privacy from the prying eyes of your internet service provider (ISP)
- Mitigation of the potential risk of IP address logging from your mining pool
- Configuration of a pfSense firewall
- Creation of sequestered home networks to keep your ASICs separate from your guest WiFi network, etc.
- Set up of a mesh WiFi network access point
- Configuration of an ad-blocker at the firewall level.
V tem priročniku boste videli nekaj brezplačne odprtokodne programske opreme, kot je pfSense in WireGuard, pa tudi nekaj plačljive odprtokodne programske opreme, kot je Mullvad VPN.
Undertaking this task started for me when my wife and I decided to sell our house in the city and move to the country. I had visions of setting up new mining infrastructure from scratch and I wanted to take this opportunity to build the ultimate home network that I always wanted — a home network that prevented my ISP from seeing my data and where it was going, a home network that isolated my ASICs from other network connected devices, a home network that wasn’t constantly tracking me and selling my browsing information to advertisers.
Takrat sem začel pozorno gledati a blog post na temo od k3tan. In their pfSense article, k3tan laid out many of the attributes of a home network that I wanted to build for myself and pointed to several additional resources that made me think I could do this myself if I really tried.
Preden sem skočil v to, nisem imel nobenih izkušenj z mreženjem in čeprav je veliko korakov, je res zelo enostavno uporabljati brezplačna in odprtokodna orodja, da začnete delati skoke pri varovanju vaše zasebnosti.
Obrnil sem se na k3tan in podprli so moja prizadevanja in mi pomagali premagati nekatere ovire, na katere sem naletel — res cenim to in se želim zahvaliti, k3tan.
All together for this guide I spent $360 to build my home network. $160 on a network card and $200 on a mesh WiFi kit (which, honestly, could have been done with a $40 router but YOLO!).
Some limitations you should be aware of: I literally had zero networking experience prior to this guide. It is very possible that I made some unforeseen mistake. I highly recommend that you use this as a guide but also incorporate your own research and due diligence into your own home network setup. VPNs are a great tool in guarding your privacy but they are not a silver bullet. There are several other ways that you can leak data and diminish your privacy. The good news is that it is easy to start taking steps in developing good, privacy-focused best practices.
Priporočam branje ta vodnik iz Mullvada, poslušam ta podcast od SethForPrivacy, in preverjanje dodatnih virov iz Teklore.
Let’s get right to it and get your home mining network set up in a way that makes your family happy and keeps your ASICs secure and private.
Izdelava požarnega zidu pfSense iz starega namiznega računalnika
In 10 steps below, I will show you how I used an old desktop computer to build a pfSense firewall and how I configured my home network.
Če izberete to možnost, namesto da bi zgradili svojo, lahko preskočite na četrti korak spodaj.
Prvi korak: Kako namestiti novo omrežno kartico
Najprej boste potrebovali star namizni računalnik. Uporabil sem Dell Optiplex 9020 Small Form Factor (SFF). To je močan kos strojne opreme za požarni zid; ima procesor Intel i7-4790 3.6 GHz, 16 GB RAM-a in trdi disk 250 GB.
By default, this computer only has one RJ45 Ethernet port. However, if this is going to serve as a firewall, it will need at least two Ethernet ports. To achieve this, I purchased an Intel i350 network card which comes equipped with four Ethernet ports. The i350 network card is designed to be used in the four-lane PCIe slot on the desktop’s motherboard.
Za to ohišje SFF sem moral zamenjati kovinski nosilec polne velikosti s priloženim manjšim nosilcem na omrežni kartici. Nato preprosto odprite ohišje in odprite zunanjo sponko, ki pokriva prazne reže PCI. Z izvijačem lahko odstranite prazen vložek kovinskega nosilca pred štiripasovno režo PCI in vstavite omrežno kartico. Nato zaprite sponko in nazaj namestite stranski pokrov ohišja.
Once installed, it is important to note which Ethernet port is for the wide area network (WAN) and which ports are for the local area network (LAN). WAN is what faces out to the wide open public internet and LAN is what faces in to your local home network.
Ko je nameščen, lahko namizni računalnik za zdaj postavite na stran. Če želite prenesti in preveriti sliko pfSense in jo prenesti na pogon USB, boste želeli uporabiti računalnik, povezan z omrežjem.
Drugi korak: Kako prenesti in preveriti slikovno datoteko pfSense in jo prenesti na pogon USB
Najprej se pomaknite do tega stran za prenos pfSense in enkrat tam:
- Select the “AMD64” architecture
- Then “USB Memstick installer”
- Then “VGA” console
- Then select whichever mirror is closest to your geographic location, such as demonstrated in the screenshot below, and click on “Download”
Nato lahko izračunate kontrolno vsoto SHA-256 za stisnjeno datoteko, ki ste jo prenesli, in jo preverite glede na kontrolno vsoto, prikazano na strani za prenos pfSense.
Rad uporabljam brezplačni šestnajstiški urejevalnik, imenovan HxD for calculating checksums. Just open the file you are interested in, navigate to “Tools” then “Checksums” and select “SHA256” from the menu. If the hash values don’t match, do not run the executable file.
Najlažji način, ki sem ga našel, da prenesem slikovno datoteko na pogon USB, je uporaba programa z imenom balenaetcher.
Once installed, launch the application, click on “Flash from file,” then navigate to the folder where you have the compressed pfSense image file.
Next, select your blank USB drive and then click on “Flash.” BalenaEtcher will begin the flashing process and automatically decompress the pfSense image file. This process will take a few minutes.
Ko je utripanje končano, bi morali dobiti zeleno kljukico, ki označuje, da je vse izvedeno. Če dobite napako od balenaEtcherja, boste morda morali poskusiti utripati na drug pogon USB.
Zdaj lahko varno izvržete prepleteni USB-pogon iz računalnika in pripravljeni ste za preklop drugega namiznega računalnika.
Tretji korak: kako preklopiti namizje in namestiti pfSense
Connect a keyboard, monitor, power cable and the flashed USB drive to your desktop computer that you installed the network card in. The monitor needs to be connected via VGA connections — DisplayPort connections won’t work in my experience. Eternetnih kablov še ne priključujte.
Once everything is connected, power on your desktop. Some computers will automatically detect that there is a bootable USB drive inserted and they will ask you which drive you want to boot from. In my case, the computer just defaulted to booting from the “C:” drive and launched Windows automatically. If this happens to you, shutdown the computer and then hold down “F12” on the keyboard and turn it back on. This will launch the BIOS, where you can tell the computer which drive you want to boot from.
Tu je na primer moje okolje BIOS-a, kjer sem lahko izbral pogon USB SanDisk, na katerega sem prestavil sliko pfSense. Ko izberete to možnost, se bo za kratek čas zagnal skript, nato pa se bo zagnal namestitveni program pfSense:
First, accept the terms and conditions. Then select “Install pfSense,” then choose the keymap appropriate for you. If you speak English and live in the U.S., you will probably just want to use the default.
Next, I just chose the “Auto ZettaByte File System” (ZFS) option because I’m using a hardware platform that is way over spec’d for a home firewall. The ZFS option has more features and is more reliable than the Unix File System (UFS) option, but ZFS can be more memory hungry, which I’m not really concerned with given that I have 16 GB of RAM in this desktop.
Then, you will have some partitioning and redundancy options, which I just kept as simple as possible, e.g., no redundancy and the default configuration options. Then, select “Install.”
Nato boste videli nekaj potrdil, da je bila namestitev pfSense uspešna. Poziv vas bo vprašal, ali želite ročno narediti končne spremembe, česar nisem storil. Nato vas bo vprašal, ali želite znova zagnati, izberite da. Immediately remove the USB drive at this time before the reboot kicks back on because otherwise it will drop you at the beginning of the installation wizard again. Ko je ponovni zagon končan, bi morali priti v glavni meni terminala.
Now you are ready to connect your new firewall to your home network.
Step Four: How To Connect The pfSense In A Home Network
Naslednji koraki bodo izvedeni na tipkovnici in monitorju, povezanim z novim požarnim zidom:
- First, power off your ISP-provided router, power off your modem and disconnect the Ethernet cables from your modem and router.
- Next, power on your new firewall and let pfSense load. Then, power on your modem and wait for it to link to the internet.
- In the pfSense menu, select option one, “Assign Interfaces.” It will ask you if you want to set up VLANs now, enter “n” for no. Then it will ask you to enter the WAN interface name, enter “a” for auto-detect.
- Connect an Ethernet cable from your modem output to your new firewall network card interface. Remember, the port on the far-right side if the RJ45 release tabs are facing up is your WAN port, or the far-left side if the RJ45 release tabs are facing down.
- Once connected, hit “enter.” It should detect link-up on interface port igb0. If it is igb3, then switch the Ethernet cable to the opposite side and try again.
- Then it will ask you to enter the LAN interface name, enter “a” for auto-detect. Connect an Ethernet cable from the next available port on the new firewall network card to your Ethernet switch or other access point. Keep in mind that if you intend on running a Virtual Local Area Network (VLAN), you will need to use a managed switch.
- Once connected, hit enter. It should detect link-up on interface port igb1.
- Then, hit enter again for “nothing” as no other network connections are configured at this time.
- Then it will inform you that the interfaces will be assigned as follows: WAN = igb0 and LAN = igb1.
- Enter “y” for yes and pfSense will write the configuration and bring you back to the main menu with your WAN IP v4 and IP v6 addresses displayed on top.
Samo za ponazoritev primera konfiguracije signalne poti lahko naredite takšno nastavitev:
At this point, you should be able to enter “192.168.1.1” into your web browser on your regular desktop and launch the pfSense web interface. It is a self-signed certificate, so accept the risk when prompted and continue. Poverilnice za prijavo so admin/pfsense.
Zdaj lahko odklopite tipkovnico in monitor z novega požarnega zidu. Preostali koraki bodo izvedeni prek spletnega vmesnika na običajnem namizju.
Peti korak: Kako konfigurirati osnovne nastavitve pfSense
V tem koraku boste videli, kako konfigurirate osnovne nastavitve, kot je čarovnik za namestitev, spremenite vrata TCP, omogočite Secure Shell SSH in privzeto nastavite pripenjanje. Velika večina informacij, predstavljenih tukaj in v šestem koraku spodaj, je nastala zaradi gledanja tega Video Tom Lawrence na pfSense — Zelo priporočam ogled tega videoposnetka, je dolg, a poln dragocenih informacij in vsebuje veliko več podrobnosti, kot jih predstavljam v tem priročniku.
Najprej kliknite rdeče opozorilno pogovorno okno na vrhu strani, da spremenite geslo, ki se uporablja za prijavo v vaš novi požarni zid. Osebno priporočam gesla z visoko entropijo za enkratno uporabo s priloženim upravljalnikom gesel. Nato se odjavite in se znova prijavite, da preizkusite svoje spremembe.
Once logged back in, open the “Setup Wizard” from the “System” tab:
Nato vas bo čarovnik vodil skozi devet osnovnih korakov za konfiguracijo novega požarnega zidu pfSense.
Click “Next” on the first step.
Then, on the second step, you can configure the hostname, domain and primary/secondary DNS servers. You can leave “Hostname” and “Domain” as their defaults or set them to whatever you want. I chose “100.64.0.3” for the primary DNS server for getting out to the internet and unchecked the “Override DNS” box to avoid having DHCP override the DNS servers. I’ll go over why I used “100.64.0.3” in step 10 of this guide.
Nato lahko v tretjem koraku nastavite svoj časovni pas:
On the fourth step, you can select “DHCP” for the WAN interface and leave all of the other fields as their defaults. If you want to spoof your MAC address, you can do so in this step. For the last two fields, ensure the “Block RFC1918 Private Networks” box and the “Block bogon networks” box are checked, this will automatically add the appropriate rules to your firewall.
In step five, you can change your firewall’s IP address. Most home local networks will either use 192.168.0.1 or 192.168.1.1 to access the router or firewall. The reason you may want to change this to a non-default local IP address is because if you are on someone else’s network and you are trying to VPN back into your home network, then you may run into an issue where you have the same address on both ends and the system won’t know if you are trying to connect to the local or remote address. For example, I changed my local IP address to “192.168.69.1.”
V šestem koraku lahko nastavite skrbniško geslo. Bil sem nekoliko zmeden, ko sem videl, da je ta korak vstavljen tukaj, saj sem na začetku spremenil skrbniško geslo, zato sem uporabil isto geslo z visoko entropijo kot prej, ob predpostavki, da je zahtevalo isto geslo, ki bo uporabljeno za prijavo v usmerjevalnik.
Then, in step seven, you can click the “Reload” button. As this is reloading, unplug the power cable from your switch. Since the router local IP address was changed to “192.168.69.1” (or whatever you chose), all the devices on the network will now have their IP addresses updated to that IP range.
Torej, če imate na primer PuTTY ali druge seje SSH konfigurirane za vaše vozlišče Raspberry Pi, boste morali zdaj posodobiti te konfiguracije povezave. Če izključite napajanje iz stikala in ga znova vključite po ponovnem zagonu usmerjevalnika, lahko vse vaše naprave ponovno dodelite.
To figure out the IP addresses for the devices on your local network, you can navigate to the “Status” tab and select “DHCP Leases” to see everything listed out:
After the reload in step seven, the wizard just skipped over steps eight and nine, so I’m not sure what happens in those steps, but we will move on and address things as necessary.
A couple of other basic settings worth noting are found under “System>Advanced>Admin Access.” Here, I updated the TCP port to “10443” because I run some services that will access the same default ports like 80 or 443 and I want to minimize congestion.
Also, I enabled SSH. Then, you can choose how SSH is secured, either with a password, or keys, or both or keys only. Upon saving, give the interface a minute to update to the new port. You may need to reload the page using the local IP address and the new port, e.g., “192.168.69.1:10443.” Make sure to save your changes at the bottom of the page.
The last basic setting I’ll cover here is hairpinning, which means that, for example, you can have your network setup so that you can open a port to a security camera system with a public IP address. This public IP address can also be used inside your network too, which is convenient if you are at home accessing the camera system from your mobile phone on your LAN then you don’t have to manually change where it connects to, because hairpinning will see that you are just trying to access a local IP and it will loop you back around by default with this setting enabled.
- Under the “System” tab, navigate to “Advanced>Firewall & NAT”
- Scroll down to the “Network Address Translator” section
- From the “NAT Reflection Mode” drop-down menu, select “Pure NAT”
- Click “Save” at the bottom of the page and “Apply Changes” at the top of the page
That is it for the basic settings. The good news is that pfSense is rather secure in it’s default installation so there is not a whole lot you need to change to have a great basic foundation. Generally, the position of the pfSense developers is that if there is a more secure way to roll out pfSense, then they will just make that the default setting.
One other thing to note is that by default, pfSense enables WAN IPv6 network address translation (NAT) mapping. I chose to disable this, so I’m not opening up an IPv6 gateway to the wide-open internet.
You can do this by going to “Interfaces>Assignments” and then clicking on the “WAN” hyperlink on the first assignment. This will open up the configuration page, then just make sure that the “IPv6 Configuration Type” is set to “None.” Then save and apply those changes.
Then you can navigate to “Firewall>NAT” and scroll down to the “WAN” interface with an IPv6 source and delete it.
Šesti korak: Kako konfigurirati napredne nastavitve pfSense
In this section I will go over some advanced features that you may be interested in for your home network. Here, you will see how to set up separate networks from your pfSense router so that, for example, guests can access the wide-open internet from a WiFi access point in your home but they cannot access your ASICs from that network.
Če ste kot jaz uporabljali omrežno kartico i350, imate na voljo štiri ethernetna vrata, in če ste uporabljali Dell Optiplex, kot sem jaz, potem imate tudi peta vrata Ethernet na matični plošči. Kar pomeni, da imam pet vmesnikov, ki jih lahko konfiguriram, od katerih so štirje lahko sekundarna lokalna omrežja.
What I am going to do here is keep my work desktop and my dedicated Bitcoin desktop on one network (LANwork). Then, I will configure a secondary LAN that my home’s WiFi access point will be on (LANhome). This way, I can keep traffic from my family’s web browsing totally separate from my work and Bitcoin-related activities.
Then, I will set up another LAN which will be dedicated for my ASICs (LANminers), separate from the other two networks. Finally I’ll create a test network (LANtest) which I will use to integrate new ASICs and ensure there is no malicious firmware on them before exposing my other ASICs to them. You could also add a security camera network on one of the interfaces, the possibilities are endless.
If you navigate to the “Interfaces” tab, then “Interface Assignments,” you will see all of your available network card RJ45 ports. They should be labeled “igb0,” “igb1,” “igb2,” etc. Now, simply add the one you are interested in by selecting it from the drop-down menu and clicking on the green “Add” box.
Then, click on the hyperlink on the left-hand side of the interface you just added to open up the “General Configuration” page for that interface.
- Click the “Enable Interface” box
- Then, change the “Description” to something that helps identify its function, like “LANhome,” for example
- Then, set the “IPv4 Configuration” type to “Static IPv4” and assign a new IP range. I used “192.168.69.1/24” for my first LAN so for this one, I will use the next sequential IP range, “192.168.70.1/24.”
You can leave all of the other settings on their defaults, click “Save” at the bottom of the page and then “Apply Changes” at the top of the page.
Now, you need to set up some firewall rules for this new LAN. Navigate to the “Firewall” tab, then “Rules.” Click on your newly-added network, “LANhome,” for example. Then, click on the green box with the up arrow and the word “Add.”
Na naslednji strani:
- Make sure the “Action” is set to “Pass”
- The “Interface” is set to “LANhome” (or whatever your secondary LAN is called)
- Be sure to set the “Protocol” to “Any” otherwise this network will restrict the type of traffic that can be passed on it
- Next, you can add a short note to help indicate what this rule is for, such as “Allow All Traffic”
- Then all other settings can remain in their defaults and click “Save” at the bottom of the page and “Apply Changes” at the top of the page
Preden lahko preizkusite svoje novo omrežje, morate v njem nastaviti naslov IP:
- Navigate to “Services,” then “DHCP Server”
- Then click on the tab for your new LAN
- Click on the “Enable” box and then add your IP address range in the two “Range” boxes. For example, I used the range from “192.168.70.1 to 192.168.70.254.” Then, click on “Save” at the bottom of the page and “Apply Changes” at the top of the page.
Zdaj lahko preizkusite svoje novo omrežje tako, da fizično povežete računalnik z ustreznimi vrati RJ45 na omrežni kartici in nato poskusite dostopati do interneta. Če je vse delovalo, bi morali imeti možnost brskati po široko odprtem spletu.
However, you may notice that if you are on your secondary LAN and you try to log into your firewall, you will be able to do so using the “192.168.70.1” IP address. Personally, I only want my firewall accessible from my “LANwork” network. I do not want my wife and kids or guests to be able to log into the firewall from their designated “LANhome” network. Even though I have a high-entropy password to get into the firewall, I am still going to configure the other LANs so that they cannot talk to the router.
One area of concern I have, that this kind of configuration will help alleviate, is if I plug an ASIC into my network with some malicious firmware installed on it, I can keep that device isolated and prevent that security concern from affecting other devices and information that I have, which is why one of the LANs I am setting up is called “LANtest,” which will be dedicated to keeping new ASICs totally isolated so I can test them in safety without allowing a potential attack to occur on my other ASICs or other devices on my home’s networks.
To set up a rule so that port 10443 cannot be accessed from your other LAN networks, navigate to “Firewall>Rules” and then select the tab for your corresponding network of interest. Click on the green box with the up arrow and word “Add” in it.
- Make sure “Action” is set to “Block”
- Then, under the “Destination” section, set the “Destination” to “This Firewall (self)” and then the “Destination Port Range” to “10443” using the “Custom” boxes for the “From” and “To” fields
- You can add a description to help you remember what this rule is for. Then click on “Save” at the bottom of the page and then “Apply Changes” at the top of the page.
Imeti visoko entropijsko geslo za prijavo v usmerjevalnik in zaklepanje vrat je odličen začetek, vendar lahko še dodatno omejite svoja omrežja LAN in zagotovite, da naprave v enem omrežju sploh ne morejo priti v nobeno drugo omrežje, tako da nastavite vzdevek za vaš primarni LAN.
Navigate to “Firewall>Aliases,” then under the “IP” tab click on the “Add” button.
- Then, I named this alias “SequesteredNetworks0”
- I entered a description to remind me of what it’s function is
- Since I will be adding a firewall rule to my “LANhome” network referencing this alias, I added the other LANs to the “Network” list. This way, “LANhome” cannot talk to “LANwork,” “LANminers” or “LANtest.”
- Click on “Save” at the bottom of the page and then “Apply Changes” at the top of the page
Now I can add additional aliases that will be referenced in firewall rules on the other LANs to prevent “LANminers” from talking to “LANwork,” “LANhome,” and “LANtest” — so on and so forth until all my networks are sequestered in a way that only my firewall can see what is connected on the other networks.
Z ustvarjenim vzdevkom se lahko uporabi novo pravilo požarnega zidu, ki se sklicuje na ta vzdevek v sekundarnem LAN.
- Navigate to “Firewall>Rules,” select the LAN you want to apply the rule to, e.g, “LANhome”
- Then for “Action” set it to “Block. For “Protocol” set it to “Any.”
- For “Destination” set it to “Single host or alias”
- Then enter your alias name
- Click on “Save” at the bottom of the page and then “Apply Changes” at the top of the page.
Once I created the aliases and set the firewall rules, I was then able to connect my laptop to each network card RJ45 interface port and attempt to ping each of the other networks. I could get out to the wide-open internet from each LAN but I was not able to communicate with any of the other LANs or the firewall. Now I know any devices on any of my LANs will not have access to devices on any of my other LANs. Only from my primary “LANwork” network am I able to see what is connected on all of the other LANs.
That takes care of the advanced features that I wanted to share with you. You should now have some firewall rules set up and multiple networks sequestered. Next, we’ll get into setting up a WiFi access point on one of the secondary LANs.
Sedmi korak: Kako nastaviti in konfigurirati dostopno točko WiFi
In this section I’ll show you how I configured my home’s mesh WiFi using the secondary “LANhome” network. The key points to keep in mind here is that I made this a dedicated LAN specifically for a WiFi access point for my family and guests to link to without giving them access to my pfSense firewall or any other LANs. But they still have unrestricted access to the wide-open web. I will add a VPN tunnel for this LAN later in this guide.
Da zagotovim ustrezen signal WiFi za celotno hišo, sem se odločil za a NetGear Nighthawk AX1800 komplet.
Inside this kit is a WiFi router and a repeater satellite. The basic idea is that the WiFi router gets connected to the pfSense firewall directly with an Ethernet cable on the igb2 “LANhome” port. Then, the WiFi router broadcasts the signal to the repeater satellite in another area of the house. Like this, I can increase the WiFi signal coverage to a wider area.
Da bi to dosegel, sem preprosto sledil tem korakom:
- 1. Plug the WiFi router in the pfSense firewall on port igb2 “LANhome” using an Ethernet cable to the port labeled “Internet” on the back of the WiFi router.
- 2. Plug a laptop into the port labeled “Ethernet” on the back of the WiFi router with an Ethernet cable.
- 3. Plug the WiFi router into power using the supplied power adapter.
- 4. Wait for the light to turn solid blue on the front of the WiFi router.
- 5. Open a web browser on the laptop and type in the IP address for the WiFi router. I found the IP address next to the “MR60” device in my pfSense dashboard under “Status>DHCP Leases.”
- 6. Immediately, I was prompted to change the password. Again, I used a high-entropy, random password with an accompanying password manager. I don’t want my family or guests to be able to access this WiFi access point administrative settings, so placing a strong password here is recommended. You may also be prompted to update the firmware as well, which will result in a reboot.
- 7. Then, you can log back in with your new admin password and change the default network name to whatever you want and add a WiFi password to access the WiFi network; this is the password shared with family and guests so this one I made pretty easy to remember and share. Even if a nefarious actor cracks the password and gains access to the WiFi network, it is totally sequestered from everything else and the WiFi router itself has a high-entropy password.
- 8. Then, navigate to “Advanced>Wireless AP” and enable “AP Mode.” “AP” stands for access point. Then, apply the changes.
- 9. The router will reboot again. At this point, the local IP address will be updated, this change can be monitored in the “DHCP Leases” status page. Now, the laptop can be unplugged from the WiFi router and the WiFi router can be logged into from the same machine as the pfSense interface is running.
- 10. Once logged in again, click on “Add Device” and you will be prompted to set the satellite repeater in place and connect it to power. Then follow the prompts on the interface to sync the satellite.
Now my family, guests and I can browse the wide-open web from our devices via WiFi with no dropouts in the whole house and I don’t have to be concerned with anyone accessing my sensitive work network, or my ASIC network or my test network.
Next, we’ll get into adding VPN tunnels to the networks we’ve created so far.
Osmi korak: Kako namestiti in konfigurirati paket WireGuard z Mullvad
WireGuard je programski protokol VPN, ki ga je mogoče namestiti na vaš požarni zid pfSense, nato pa lahko s tem protokolom določite, kako boste zgradili svoje tunele pri ponudniku VPN.
VPNs create a secure and encrypted tunnel from your computer to your VPN provider’s server. This prevents your ISP from seeing your data or where it’s final destination is. There are several types of VPN protocols, such as OpenVPN, IKEv2 / IPSec, L2TP / IPSec in WireGuard, vendar imajo vsi v bistvu isti cilj, da začrtajo navodila za ustvarjanje varnega tunela za šifriranje vaših podatkov za pošiljanje po javnih omrežjih.
WireGuard is a recent addition to the lineup of VPN protocols, it is open-source, and comparatively “light,” with less code and faster speeds than some others. The speed part was key for me considering that added latency can decrease an ASICs efficiency.
Another benefit of VPNs is that your geographic location can be spoofed, meaning that if you are in one part of the world, you can use a VPN tunnel to a VPN provider’s server in another part of the world and it will appear as though your internet traffic is coming from that server. This is beneficial for people who live in authoritative countries where access to certain websites and services is restricted.
Keep in mind that you have to trust that your VPN provider is not logging your IP address or that it could or would turn this information over to authorities if pressed. Mullvad collects no personal information about you, not even an email address. Plus, it accepts bitcoin or cash so you can pay for the service without the risk of linking your banking details. Mullvad also has a “no-logging” policy, which you can read tukaj.
For my specific use case here, I will be using a VPN to ensure my ISP does not see that I am mining Bitcoin and to also prevent my mining pool, Slush Pool, da bi videl svoj pravi naslov IP – ne zato, ker delam karkoli nezakonitega ali ker mislim, da Slush Pool beleži moj naslov IP, ampak preprosto zato, ker so to burni časi s hitro spreminjajočim se političnim okoljem in stvari, ki jih danes počnem zakonito, bi lahko zelo naj bo jutri prepovedan.
Or, if some legislation was passed making it illegal for a person to operate a Bitcoin miner in the United States without a money transmitter’s license, for example, then I could spoof my location so that if Slush Pool’s hand were forced to block IP addresses coming from the United States, I could continue mining as it would appear my hash rate was originating from outside the United States.
Glede na to, da je blockchain za vedno in da je prihodnost negotova, menim, da si je vredno vzeti čas in ugotoviti, kako zaščititi svojo zasebnost. Z današnjim ukrepanjem za povečanje svoje zasebnosti in varnosti lahko zagotovim varovanje moje svobode in mojega prizadevanja za srečo.
Velika večina informacij, predstavljenih v tem razdelku, izvira iz gledanja videoposnetkov Christian McDonald na YouTubu. Najdete lahko vse njegove videoposnetke WireGuard & Mullvad VPN tukaj.
Rad bi posebej poudaril Ta video njegovega o uporabi paketa WireGuard v pfSense za nastavitev Mullvada na način, da ima več tunelov, ki omogočajo nemoteno uravnavanje obremenitve vašega prometa:
Mullvad is a paid VPN subscription, the fee is €5 per month. However, Mullvad does accept bitcoin and does not require any identifying information. Before I show you how to set up your Mullvad subscription, we’ll get the WireGuard package installed to your pfSense firewall. Then, we’ll set up a Mullvad account and generate the configuration files. Then, we can get multiple tunnels set up and do some fancy configurations in pfSense.
In pfSense, navigate to “System>Package Manager>Available Packages” then scroll down to the WireGuard link and click on “Install.” On the next page, click on “Confirm.” The installer will run and let you know when it has successfully completed.
Now, you can navigate to “VPN>WireGuard” and see that the package has been installed but nothing is configured yet. Now that the firewall has WireGuard ready, we will work on getting the VPN client installed.
Pomaknite se na https://mullvad.net/en/ and click on “Generate Account.”
Mullvad od vas ne zbira nobenih podatkov, kot so ime, telefonska številka, e-pošta itd. Mullvad ustvari edinstveno številko računa in to je edini identifikacijski del podatkov, ki ga dobite v zvezi s svojim računom, zato ga zapišite in zaščitite.
Next, select your payment method. You get a 10% discount for using bitcoin. The subscription works for as long as you want to pay for (up to 12 months) at the rate of €5 per month. So, a one-year subscription for example would be €60 or about 0.001 BTC at today’s rate (as of November 2021). You will be presented with a Bitcoin address QR code to send your payment to.
Prijava mempool to see when your Bitcoin transaction gets confirmed. You may need to wait a while depending on network congestion.
After confirmation on chain, the Mullvad account is topped off and should show that you have time remaining. Make considerations about selecting a server location from Mullvad’s long list of servers. If you’re planning on running ASICs behind your VPN, then I recommend connecting to a server relatively close to your actual geographic location to try and help reduce any latency as much as possible.
The way Mullvad works is with configuration files that assign a unique public/private key pair for each tunnel address. The basic idea here is that I want to have a primary tunnel set up for the ASICs, but I also want a secondary tunnel setup with another server in a different geographic location just in case the primary tunnel connection goes offline. This way, my mining internet traffic will automatically switch over to the other tunnel and there will be no interruption in concealing my public IP address or encrypting my traffic data. I’m also going to set up other tunnels specifically for my WiFi network and my “LANwork” network.
Za to bom potreboval toliko parov ključev, kolikor želim tunelov. Ena naročnina na Mullvad vključuje do pet parov ključev. Pomaknite se do https://mullvad.net/en/account/#/wireguard-config/ and select your platform, e.g, Windows. Then click on “Generate Keys” for as many key pairs as you want, up to five keys. Then click on “Manage Keys” below that to see your list.
*Vsi ključi in občutljivi podatki, predstavljeni v tem priročniku, so bili pred objavo uničeni. Bodite previdni pri delitvi teh informacij s komer koli, saj želite, da vaši ključi Mullvad ostanejo zasebni.
You can see that I generated four keys for this guide, which I will destroy after I’m finished using them as examples. Each configuration file needs to be set up with a specific Mullvad server of your choosing.
- Select the “Public Key” you are interested in creating a configuration file for by selecting the circle under the “Use” column next to the appropriate public key.
- Select the country, city and server you want to configure with this public key.
- Click on “Download File.”
- Save the configuration file in a convenient place because you will need to open it in a moment.
*Ne pozabite, da boste morali za vsak predor do novega strežnika, ki ga želite konfigurirati, uporabiti ločen javni ključ. Če poskusite istemu ključu dodeliti dva tunela, bo pfSense naletel na težave z vašim VPN.
Ta postopek ponovite za toliko ključev, kot ste jih ustvarili, pri čemer izberete drug strežnik za vsak edinstven ključ in ustvarite konfiguracijsko datoteko. Zdelo se mi je v pomoč, če konfiguracijsko datoteko poimenujemo kot mesto in strežnik, ki se uporabljata.
Now, navigate back to pfSense and go to “VPN>WireGuard>Settings” and click on “Enable WireGuard” and then “Save.”
- Navigate to the “Tunnels” tab and select “Add Tunnel.”
- Open your first Mullvad configuration file with a text editor like Notepad and keep it to the side.
- In WireGuard, add a “Description” for your tunnel that describes what it is, like “Mullvad Atlanta US167.”
- Copy/paste the “PrivateKey” from the Mullvad configuration file and add it to the “Interface Keys” dialog box.
- Click on “Save Tunnel,” then “Apply Changes” at the top of the page.
WireGuard will automatically generate the public key when you paste the private key and hit the “tab” key on your keyboard. You can verify that the public key was correctly generated by comparing it to the key on the Mullvad website that you generated earlier.
Ta postopek ponovite za toliko tunelov, kolikor želite. Prepričajte se, da za vsako uporabite pravilno konfiguracijsko datoteko Mullvad, saj vse vsebujejo različne pare javnih/zasebnih ključev, naslove IP in končne točke.
Each tunnel will get its own peer. You can add a “Peer” by first navigating to the “Peer” tab next to the “Tunnels” tab that you were just on. Then click on “Add Peer.”
- Select the appropriate tunnel from the drop-down menu for this peer.
- Add a “Description” for your tunnel that describes what it is, like “Mullvad Atlanta US167.”
- Uncheck the “Dynamic Endpoint” box.
- Copy/paste the “Endpoint” IP address and port from the Mullvad configuration file into the “Endpoint” fields in WireGuard.
- You can give 30 seconds to the “Keep Alive” field.
- Copy/paste the “PublicKey” from the Mullvad configuration file into the “Public Key” field in WireGuard.
- Change the “Allowed IPs” to “0.0.0.0/0” for IPv4. You can also add a descriptor like “Allow All IPs” if you want.
- Click on “Save,” then select “Apply Changes” at the top of the page.
Ta postopek ponovite za toliko vrstnikov, kolikor imate tunelov. Prepričajte se, da uporabljate pravilno konfiguracijsko datoteko Mullvad za vsako, saj vse vsebujejo različne pare javnih/zasebnih ključev, naslove IP in končne točke.
At this point, you should be able to navigate to the “Status” tab and observe the handshakes taking place by clicking on “Show Peers” in the lower right-hand corner.
Nato je treba za vsak predor dodeliti vmesnike.
- Navigate to “Interfaces>Interface Assignments”
- Select each tunnel from the drop-down menu and add it to your list.
Ko so vsi vaši predori dodani, kliknite modro hiperpovezavo poleg vsakega dodanega tunela, da konfigurirate vmesnik.
- Click on the “Enable Interface” box
- Enter your description — I just used the VPN server name for example: “Mullvad_Atlanta_US167”
- Select “Static PIv4”
- Type “1420” in the “MTU & MSS” boxes
- Now, copy/paste the host IP address from your Mullvad configuration file in the “IPv4 Address” dialog box.
- Then, click on “Add A New Gateway”
After clicking on “Add A New Gateway,” you will be presented with the below pop-up dialog. Enter a name for your new gateway, something easy like the name of your tunnel appended with “GW” for “GateWay.” Then, enter the same host IP address from the Mullvad configuration file. You can also add a description if you want, such as “Mullvad Atlanta US167 Gateway.” Then click on “Add.”
Once you are back at the interface configuration page, click on “Save” at the bottom of the page. Then click on “Apply Changes” at the top of the page.
Ponovite ta postopek, da ustvarite prehod za vsak vmesnik tunela, ki ste ga dodali. Prepričajte se, da uporabljate pravilno konfiguracijsko datoteko Mullvad za vsako, saj vse vsebujejo različne naslove IP gostitelja.
At this point, you can navigate to your dashboard and monitor the status of your gateways. If you have not done so already, you can customize your dashboard to monitor several stats in pfSense. Click on the “+” sign in the upper right-hand corner of your dashboard and then a list of available stat monitors will drop down and you can select the ones you want.
On my dashboard, for example, I have three columns, starting with the “System Information.” In the second column, I have the “Installed Packages” summary, “WireGuard” status, and a list of my interfaces. In the third column, I have the “Gateway” status and “Services” status. This way, I can quickly check and monitor the status of all sorts of things.
What I want to point out about the dashboard is that in the “Gateways” section, you will notice that all of the gateways are online. The gateways will be online so long as the tunnel is active, even if the remote side is not responding. This is because they are the local interface, so right now they are useless since even if the remote side goes down, they will still show as online. In order to enable the ability to monitor latency so that these gateways can provide some useful stats, I need to give these gateways a public domain name system (DNS) address to monitor.
You’ll notice that all the tunnel ping times are zero milliseconds. That’s because I’m not sending any data out through these tunnels. By pinging a public DNS server, pfSense can get some useful metrics and make decisions about which tunnel will provide the least latency or if a remote server goes down to reroute traffic.
Najdete lahko javni strežnik DNS za spremljanje ta spletne strani ali številnih drugih javnih seznamov strežnikov DNS. Pazi na zabeleženi odstotek delovanja, več kot je, bolje. Želite poiskati javne DNS IPv4 naslove IP za spremljanje na vaših prehodih IPv4. Vsak prehod bo za spremljanje potreboval ločen naslov DNS.
Once you have your public DNS addresses, navigate to “System>Routing>Gateways” in pfSense. Click on the pencil icon next to your gateway. You can see that the “Gateway Address” and the “Monitor IP” address are the same on all the gateways. That is why the ping time is zero milliseconds and this is also why pfSense will think the gateway is always up.
Enter the public DNS IP address that you want to monitor in the “Monitor IP” field and then click on “Save” at the bottom of the screen. Then click on “Apply Changes” at the top of the screen. Remember, gateways cannot share the same DNS monitor address so use a different public DNS server for each gateway to monitor.
Now, if you go back to your dashboard and look at your gateway monitor, you should see that there are some actual latency metrics to observe. With this information, you can set up your gateways in order of priority based on which ones have the lowest latency for your internet traffic. So, for example, if you are mining Bitcoin, then you will want to prioritize your ASICs to go through the tunnel with the lowest latency first. Then if that tunnel fails, the firewall can automatically switch them to the next tier gateway with the second to smallest latency and so on.
Zaenkrat je vse videti dobro, tuneli so aktivni in podatki gredo skozi prehode. Nato moramo na požarnem zidu definirati nekaj preslikav izhodnega omrežnega naslova (NAT).
- Navigate to the “Firewall” tab, then “NATm” then the “Outbound” tab. This will pull up a list of all your network mappings from your WANs to your LANs. Since we have some new interfaces defined, we want to add these mapping to the list.
- Click on “Hybrid Outbound NAT Rule Generation” under the “Outbound NAT Mode” section.
- Scroll to the bottom of the page and click on “Add”
- Choose your interface from the drop-down menu
- Select “IPv4” for the “Address Family”
- Select “any” for the “Protocol”
- Make sure “Source” is on “Network” and then enter the local IP address range for the LAN you want going down this tunnel. For example, I want my “LANwork” going through this tunnel to Atlanta, so I entered “192.168.69.1/24.”
- Then, enter a description if you want, such as “Outbound NAT for LANwork to Mullvad Atlanta US167.”
- Then, click on “Save” at the bottom of the page and “Apply Changes” at the top of the page.
Repeat this process for each of the tunnel interfaces. You will notice that I have my “LANwork” network going to the Atlanta tunnel, my “LANhome” network going to the New York tunnel, and I have “LANminers” network set up for both the Miami and Seattle tunnels. You can set a mapping for your mining LAN to all five of your tunnels if you want. You can also have multiple LANs mapped to the same tunnel if you want, there is a lot of flexibility.
With the mappings all in place, we can add firewall rules. Navigate to “Firewall>LAN,” then click on “Add,” “LAN” being whichever LAN you want to add a rule to. For example, I’m setting up my “LANwork” network in this screenshot:
- Set “Action” to “Pass”
- Set “Address Family” to “IPv4”
- Set “Protocol” to “Any”
- Then click on “Display Advanced”
- Scroll down to “Gateway” and select the gateway you have set up for this LAN
- Click on “Save” at the bottom of the screen, then click on “Apply Changes” at the top of the screen
Then, do the same thing with your next LAN until you have all of your LANs set up with a gateway rule. Here is a snapshot of my LAN gateway rules, you’ll notice that I added two gateway rules to my “LANminers” network. In a later step, I will show you how to set up the automatic load balancing between tunnels for the mining LAN which will replace the two rules I just added to “LANminers,” but I want to make sure everything is set up and working correctly first.
Da bi še enkrat preveril, ali vse do zdaj deluje in ali vsak od mojih LAN-jev dobiva različne javne IP-je, bom vnesel “ifconfig.co” v spletni brskalnik iz vsakega LAN. Če vse deluje pravilno, bi moral imeti različne lokacije za vsak LAN, v katerega se priključim in iz katerega pingam:
Vse je delovalo po načrtih, prvi poskus. Medtem ko sem bil povezan z vsakim LAN-om, sem lahko onemogočil ustrezno pravilo požarnega zidu in osvežil stran ter opazoval, kako se moj naslov IP spreminja nazaj na moje dejansko grobo geografsko območje.
If you recall, I had set up two tunnels for my “LANminers” network. When I disabled the one firewall rule corresponding to the Miami tunnel and refresh my browser, it immediately switched to an IP address in Seattle.
So, each LAN is sending traffic through a different tunnel and all of my tunnels are working as expected. However, in regards to my “LANminers” network, I want pfSense to automatically switch between the Miami and Seattle tunnels based on latency or downed servers. With a couple more steps, I can get this configured to switch automatically and replace the two firewalls rules with a new single rule.
Navigate to “System>Routing” and then the “Gateway Groups” tab.
- Enter a group name like “Mullvad_LB_LANMiners.” The “LB” is for “Load Balance.”
- Set all of the other gateway priorities to “Never,” except the two gateways you are interested in for your miners. In this case, I’m using my Miami and Seattle gateways. I have those priorities both set to “Tier 1,” or you could use all five of your tunnels if you wanted.
- Set the trigger level to “Packet Loss or High Latency”
- Add a description if you want, such as “Load Balance LANminers Mullvad Tunnels”
- Click on “Save” at the bottom of the screen, then “Apply Changes” at the top of the screen
If you navigate to “Status>Gateways” and then the “Gateway Groups” tab, you should be able to see your new gateway group online. In theory, if you route traffic to “Mullvad_LB_LANminers” then it should balance traffic between the two gateways based on latency.
Now, this gateway group can be used in a firewall rule to policy route that traffic accordingly. Navigate to “Firewall>Rules” and then the “LANminers” tab or whatever your mining LAN is named.
Go ahead and disable the two rules you set up previously for testing the VPN tunnels by clicking on the crossed out circle next to the rule. Click on “Apply Changes,” then click on “Add” at the bottom.
- Set the protocol to “Any”
- Click on “Display Advanced”
- Scroll down to “Gateway” and select the load balance gateway group you created
- Click on “Save” at the bottom of the page and click on “Apply Changes” at the top of the page
That should be all that is needed to get your ASICs to switch from one VPN tunnel to another VPN tunnel automatically based on latency or downed servers. To test this, plug a laptop into your dedicated Ethernet port on your network card for your mining LAN. This is “igb3” in my case.
Make sure your WiFi is off. Open a web browser and type “ifconfig.co” in the URL bar. The results should put you in the location of one of your VPN tunnels. In my case, it was Miami.
Then, back in pfSense, navigate to “Interfaces>Assignments” and click on the hyperlink for that tunnel interface. In my case, it is the “Mullvad_Miami_US155” interface.
At the very top of that configuration page, uncheck the box for “Enable Interface.” Then, click on “Save” at the bottom of the screen and then click on “Apply Changes” at the top of the screen. This has just disabled the Miami tunnel that my LANminers was sending traffic through.
Nazaj na prenosniku osvežite brskalnik s stranjo ifconfig.co. Zdaj bi morala biti vaša lokacija v Seattlu ali kamor koli je bil nastavljen vaš sekundarni predor. Včasih moram popolnoma zapreti brskalnik in ga znova odpreti, da izbrišem predpomnilnik.
Make sure you go back to your Miami interface and re-check the box to enable that interface, then save, and apply. Then, you can navigate back to “Firewall>Rules,” then your mining LAN and delete the two rules you had disabled.
That’s it, you should be good to go. Keep in mind that firewall rules work in a top-down fashion. Next, I’ll get into how to help prevent ad tracking.
Deveti korak: Kako konfigurirati zmogljivosti za blokiranje oglasov
Oglaševalska podjetja se zelo zanimajo za vas in čim več informacij o vas dobijo. Na žalost, ko brskate po internetu, zlahka razkrijete te iskane informacije.
This information is monetized to target specific audiences with products and services with surgical-like precision. You may have experienced doing an online search for something and then later noticed advertisements popping up in your social media feed that match your recent searches. This is made possible by gathering as much information about your internet searches, which websites you visit, which pictures you look at, what you download, what you listen to, your location, what’s in your shopping cart, what payment methods you use, the time and date of all this activity, then linking that information to uniquely-identifiable constants like the specific web browser you are using and on which device you are using it.
Združite te podatke s svojim naslovom IP, računom ponudnika internetnih storitev in profilom v družbenih medijih in lahko začnete videti, kako obstaja zbirka informacij o vas, za katere morda ne želite, da so tako na voljo korporacijam, organom pregona, tujcem ali hekerjem. vmes piškotki, prstni odtis brskalnika in vedenjsko sledenje lahko se zdi, da so možnosti naložene proti vam. Toda obstajajo preprosti koraki, ki jih lahko storite, da začnete varovati svojo zasebnost zdaj. Škoda bi bilo, če bi dovolili, da je popoln sovražnik dobrega in vas ovira pri začetku.
In this section, you will see how to incorporate ad-blocking capabilities by modifying the DNS server and DHCP server settings in your firewall. At a high level, you type a website name into your web browser, that gets sent to a DNS server (usually your ISP’s DNS server), and that server translates the human-readable text into an IP address and sends that back to your browser so it knows which web server you are trying to reach. Additionally, targeted ads are also sent to you this way.
Priporočam, da to vajo začnete z obiskom https://mullvad.net/en/.
Then, click on the “Check for leaks” link to see where you could improve.
Če opazite puščanje DNS, odvisno od tega, kateri brskalnik uporabljate, boste morda našli koristna navodila pri Mullvadu tukaj za utrjevanje brskalnika in preprečevanje oglasov in sledenja na ravni brskalnika. Nato poskusite znova.
Če imate težave z blokiranjem oglasov v želenem brskalniku, razmislite o uporabi brskalnika, ki je bolj osredotočen na zasebnost, kot je NeGoogle Chromium:
- Select your operating system and the latest version
- Download the installer .exe
- Verify the hash value
- Run the installer and then configure your basic settings like default search engine
tor je še en brskalnik, ki bi ga priporočal za čim večjo uporabo, samo na splošno.
Mullvad ponuja nekaj različnih strežnikov za reševanje DNS, ki jih lahko najdete na seznamu ta Mullvad article. For this example, I will use the “100.64.0.3” server for the ad-tracker blocking. Make sure to refer to the Mullvad website for the latest updated DNS server IP addresses as these may change occasionally.
In pfSense, navigate to “System>General” then scroll down to the “DNS Server Settings” section and type “100.64.0.3” into the DNS Server field with your WAN gateway selected. If you used my recommendation from the beginning of the guide, then this should already be set but you will need to follow the DHCP instructions below.
Click on “Save” at the bottom of the page.
Next, navigate to “Services>DHCP Server” and scroll down to “Servers.” In the field for “DNS Servers,” enter “100.64.0.3” and click on “Save” at the bottom of the page. Repeat this step for all of your LANs if you have multiple networks setup.
Zdaj bi morali imeti strežnik DNS, ki blokira sledenje oglasov, konfiguriran na ravni požarnega zidu, da bi zaščitil vse vaše brskanje po internetu. Potem, če ste sprejeli dodatne ukrepe za konfiguracijo spletnega brskalnika ali nadgradnjo na spletni brskalnik, ki je osredotočen na zasebnost, ste naredili velik korak naprej pri varovanju zasebnosti na namiznih napravah.
Priporočam tudi, da razmislite o uporabi UnGoogled Chromium oz Bromit na mobilnem telefonu. Če vas zanima več ukrepov glede zasebnosti mobilnih naprav, si oglejte moj vodnik o CalyxOS tukaj.
10. korak: Kako preveriti zamudo, ki jo povzroča VPN
Obstaja utemeljena zaskrbljenost, da lahko uporaba VPN povzroči zamudo v vašem rudarskem prometu. Težava pri tem je, da boste dobili manj nagrad.
When there is latency present, your ASIC may continue hashing a block header that is no longer valid. The longer your ASIC spends hashing an invalid block header, the more “stale” hash rate you will send to the pool. When the pool sees hashes coming in for a block header that is no longer valid, the pool rejects that work. This means that your ASIC just wasted some computing power for nothing, although this is on the scale of milliseconds, when an ASIC is calculating trillions of hashes every second, it can add up fast.
Običajno je to zelo majhno razmerje v primerjavi s količino dela, ki jo sprejme bazen. Lahko pa začnete videti, kako pomembna in stalna zamuda bi lahko vplivala na vaše nagrade za rudarjenje.
Generally speaking, the closer two servers are to each other, the less latency there will be. With a VPN, I have to send my mining traffic to the VPN’s server and then from there it goes to the pool’s server. In an effort to try and mitigate latency by geographic proximity, I used three VPN servers that were between my location and the pool’s server. I also wanted to be cognizant of the risk in having a regional internet outage, so I also added two VPN servers that were not between the pool and me. With my “LANminers” network configured to load balance traffic between five different tunnels, I started a five-day test.
Prva dva dneva in pol (60 ur) smo rudarili z vklopljenim VPN. Drugih dva dni in pol smo rudarili z izklopljenim VPN. Evo, kar sem našel:
V prvih 60 urah je imel moj ASIC 43,263 sprejetih in 87 zavrnjenih paketov. To je enako 0.201 % ali z drugimi besedami 0.201 % mojih porabljenih virov, ki niso nagrajeni.
Po 120 urah je imel moj ASIC 87,330 sprejetih in 187 zavrnjenih paketov. Z odštevanjem začetnih 60-urnih odčitkov mi je ostalo 44,067 sprejetih paketov in 100 zavrnjenih paketov, medtem ko je bil VPN izklopljen. To je enako 0.226%. Presenetljivo je, da je to nekoliko večje razmerje zavrnitve brez prednosti zasebnosti VPN-ja ob enakem času.
Skratka, z uravnoteženjem rudarskega prometa med petimi tuneli VPN sem lahko pridobil prednosti zasebnosti VPN, ne da bi zmanjšal učinkovitost mojega rudarjenja. Pravzaprav je v smislu zavrnjenega razmerja moj rudar bolje uporabil VPN kot ne uporabljal VPN.
Če vas zanima več o temah, obravnavanih v tem priročniku, si oglejte te dodatne vire:
Hvala za branje! Upam, da vam je ta članek pomagal razumeti osnove uporabe starega namizja za namestitev omrežja in flash s pfSense za ustvarjanje vsestranskega požarnega zidu, kako konfigurirati ločena LAN omrežja, kako nastaviti mrežni usmerjevalnik WiFi, kako ustvariti Mullvad VPN račun in kako uporabljati WireGuard za konfiguriranje preklopov VPN, da zmanjšate zamudo pri rudarjenju.
To je gostujoča objava Ekonoalkemika. Izražena mnenja so v celoti njihova in ne odražajo nujno mnenj družbe BTC Inc. Bitcoin Magazine.
Source: https://bitcoinmagazine.com/guides/how-to-mine-bitcoin-privately-at-home
- "
- &
- 100
- dostop
- Račun
- Ukrep
- aktivna
- dejavnosti
- Ad
- Dodatne
- admin
- oglasi
- vsi
- Dovoli
- uporaba
- OBMOČJE
- okoli
- članek
- ASIC
- avto
- Bančništvo
- Osnove
- BEST
- najboljše prakse
- Bitcoin
- Bitcoin mining
- blockchain
- Blog
- Pasovi
- brskalnik
- BTC
- BTC Inc.
- izgradnjo
- Building
- ki
- Denar
- povzročilo
- potrdilo
- spremenite
- preverjanje
- Pregledi
- krom
- Krog
- mesto
- bližje
- Koda
- Stolpec
- prihajajo
- Podjetja
- računalniki
- računalništvo
- računalniška moč
- konfiguracija
- povezava
- povezave
- naprej
- Korporacije
- države
- par
- Ustvarjanje
- Mandatno
- Armaturna plošča
- datum
- uniči
- Razvijalci
- naprave
- DID
- skrbnosti
- Popust
- zaslon
- dns
- Ime domene
- Drop
- urednik
- učinkovitosti
- E-naslov
- Končna točka
- konča
- Angleščina
- okolje
- Vaja
- izkušnje
- obrazi
- s katerimi se sooča
- družina
- Moda
- FAST
- Lastnosti
- Področja
- Slika
- končno
- prva
- Flash
- prilagodljivost
- sledi
- obrazec
- Naprej
- Fundacija
- brezplačno
- Svoboda
- polno
- funkcija
- Prihodnost
- splošno
- GitHub
- Giving
- dobro
- veliko
- Zelen
- skupina
- Gost
- Gost Prispevek
- vodi
- hekerji
- strojna oprema
- hash
- hitrost hash
- mešanje
- tukaj
- visoka
- držite
- Domov
- Hiša
- Kako
- Kako
- HTTPS
- človeško berljivo
- Lačni
- Hybrid
- ICON
- Ideja
- identificirati
- nezakonito
- slika
- vpliv
- Povečajte
- Podatki
- Infrastruktura
- Intel
- obresti
- vmesnik
- Internet
- IP
- IP naslov
- IP naslovi
- IT
- vzdrževanje
- Ključne
- tipke
- otroci
- laptop
- Zadnji
- kosilo
- zakon
- kazenskega pregona
- uhajanje
- puščanje
- učenje
- Zakonodaja
- Stopnja
- Licenca
- light
- LINK
- Seznam
- Navedeno
- Poslušanje
- oglasi
- obremenitev
- lokalna
- kraj aktivnosti
- Long
- mac
- Večina
- Izdelava
- znamka
- Stave
- mediji
- Spomin
- kovinski
- Meritve
- Rudarji
- Rudarstvo
- ogledalo
- Mobilni
- mobilne naprave
- mobilni telefon
- Denar
- mesecev
- premikanje
- mreža
- mreženje
- omrežij
- NY
- novice
- na spletu
- odprite
- deluje
- operacijski sistem
- Komentarji
- Priložnost
- Možnost
- možnosti
- Da
- Ostalo
- Prekinitev
- Geslo
- gesla
- Plačajte
- Plačilo
- ljudje
- ping
- načrtovanje
- platforma
- Podcast
- politika
- bazen
- moč
- predstaviti
- zasebnost
- Zasebnost in varnost
- zasebna
- zasebni ključ
- Izdelki
- profil
- Program
- zaščito
- protokol
- javnega
- javni ključ
- Založništvo
- QR koda
- RAM
- območje
- RE
- zmanjša
- Raziskave
- viri
- REST
- Rezultati
- Nagrade
- Tveganje
- Roll
- Pot
- pravila
- Run
- tek
- Varnost
- shranjevanje
- Lestvica
- Zaslon
- Iskalnik
- sekundarno
- varnost
- vidi
- izbran
- prodaja
- Storitve
- nastavite
- nastavitev
- Delite s prijatelji, znanci, družino in partnerji :-)
- deli
- Shell
- Nakupovalna
- Kratke Hlače
- shutdown
- Silver
- Enostavno
- SIX
- majhna
- Posnetek
- So
- socialna
- družbeni mediji
- Software
- hitrost
- Začetek
- začel
- Države
- statistika
- Status
- naročnina
- uspešno
- Preklop
- sistem
- pogovor
- ciljna
- terminal
- Splošni pogoji poslovanja
- Test
- Testiranje
- Osnove
- svet
- čas
- orodja
- vrh
- Teme
- Sledenje
- Prometa
- transakcija
- prevod
- trillions
- Zaupajte
- nas
- Velika
- Združene države Amerike
- Nadgradnja
- usb
- Video
- Video posnetki
- Virtual
- VPN
- VPN
- Počakaj
- Watch
- web
- spletni brskalnik
- spletni strežnik
- Spletna stran
- spletne strani
- Kaj je
- WHO
- Wifi
- Wikipedia
- veter
- okna
- brezžična
- besede
- delo
- deluje
- svet
- vredno
- youtube
- nič