Encrypt all the things!

Posted on
of 108
  • I'm a 1password and Keepass person. 1password for everything non-financial/governmental, keepass for things i really want to keep as secure as possible. Obv. I use yubikey + 2FA everywhere as well.

    I occasionally still use a VPN but mostly that's because I'm testing work stuff or wish to change my geolocation. I keep wondering about moving from Chome/Google but man, I know I've sold my soul for the damn connivence of how well all their stuff works together. (And also working in high volume data, I do understand how hard it is to isolate out one specific thing (after the fact, you can set it up to do it going forward))

  • Thanks for that info, I've deleted my PIA account.

  • Interesting to hear peoples password apps and VPN choices
    I'd be interested in a deep dive into suggested android and home internet security settings.
    Currently myself and partner are running Android phones, with an iPad and occasional Microsoft laptop at home. We had PIA running on all devices until I found out about the above.

  • W10 laptop. Updated some updates - mainly Office I thought. Restarted and while skiving reading news sites wondered why I was seeing so many ads.

    Now when I try to Enable NextDNS I get this message:

    An error append while trying to communicate with NextDNS Windows service.

    Haven't yet tried uninstall/reinstall but thought I'd first ask if anyone else had something similar?


    EDIT: Uninstalled and reinstalled. Seems to be working now.

  • That’s an interesting app.
    Noob question:
    Would that work in conjunction with a vpn or does it only work to use one or the other?

  • I'm the wrong person to answer, but I'll try anyway.

    It's a different thing. Having a DNS server like NextDNS or a pi-hole helps to block ads and tracking.

    Other than having to turn it off on my phone to cast 4OD and the issue above I've been pretty happy with it. Obviously much faster and easier than making your own pi-hole.

    I still haven't got round to sorting my VPN out as it (Nord) kept switching my Internet off on my laptop, so parked it.

  • Excellent, thanks for the info!

  • I want to run a VPN for a variety of programs on a Windows machine but not system wide (it will be my plex server and plex through VPN seems to be a huge ballache).

    Any suggestions on the best way to do this?

  • Run VPN software on Windows but add exlcusions for certain stuff? I'd expect most apps to allow this.

    Does Plex use specific ports? You could also look into excluding those from the VPN.

  • I looked at doing this previously but couldn't work it out. Plex is a specific port but I couldn't find options to exclude them.

    Would also be happy to switch to a VPN that made this easy.

  • Maybe I imagined it. Looks like ivpn client won't do it without messing with its openvpn config.

  • A lot of VPNs will allow you to tunnel to a specific address & port over ssh, which you can do with putty (with some jiggery with puttygen and public private keys)

    You can then use that as a socks5 proxy and point applications at that.

  • Cheers. I recognise all the words but not quite them all put together. Is this to direct certain programs to the VPN or around the VPN?

    Thinking back one of the issues is that plex uses multiple addresses so you can't go down the route of directing any calls to Plex outside of the VPN. That's where I ran into issues last time.

  • You can normally direct traffic to specific IP ranges around a VPN - it's called split-tunneling. How you'd do it for your VPN I couldn't say, but it should be possible. Corporate VPNs do this all the time so they don't have to deal with stuff they're not interested in.

  • I'll try to explain (if I can't do that, it probably means I don't understand it well enough myself)

    Off the peg VPNs tend to, as far as I know, use OpenVPN, or similar OpenSSL-based applications, to allow your PC to connect to their service with traffic encrypted by certificates

    OpenSSH allows connections between PC & server through encrypted tunnels

    The reason I use OpenSSH is that, once the client has been installed on my PC, and the server has my public certificate (to allow connection without needing to use usernames & passwords), it's a simple one line command to open a tunnel.

    ssh -fND localhost:12345 username@server.ip.address

    The any application I want to have using using the tunnel, I set the proxy address to localhost:12345 (as a socks5 proxy)

    (Including DNS lookups, so that doesn't leak)

    OpenVPN is probably more user-friendly, but I don;t have much experience of it, as it didn't play well on one of my desktops, and messed with a whole bunch of ssh connections that I rely on

  • Cheers, that's something to look into. It's a variety of services and standalone programs that I want to redirect so I suspect I may have to do some testing.

    Cheers @TW I think I see how that works but a bit of googling doesn't throw up how to make it work with a commercial VPN provider. Is this only an option if it's a VPN server you've set up yourself?

    I may just go back to my old plan of using a Raspberry Pi with the software and a VPN installed on it for what I need.

  • Cheers @TW I think I see how that works but a bit of googling doesn't throw up how to make it work with a commercial VPN provider. Is this only an option if it's a VPN server you've set up yourself?

    Googling "openssh vpn support" throws up few providers

  • I just signed up to Mozilla VPN. It's lightning fast. Normally get 290Mbps down using Fast.com. Getting 280Mbps with VPN enabled.

    Latency to Google.com is the same regardless of whether the VPN is enabled. Ranging between 14-52ms.

  • Now when I try to Enable NextDNS I get this message:

    An error append while trying to communicate with NextDNS Windows service.

    Pretty much every few days NextDNS stops working and I get the above error. Uninstall/reinstall solves it. Which is a pain.

    idk if it makes a difference, but my Windows account is my work one.

    Anyone got any ideas what the solution is, or any ideas on how I go about finding out the problem?


  • You can just point Windows directly at the DNS server so you don't need to install anything (the setup page on NextDNS tells you how).

  • Cheers. I'll give that a go.

  • So on the question of pi-holes, am i right in assuming you need a raspberry pi in order to set it up?

    Also, anyone set up it up with Hyperoptic? Do i need to get into the router? If i do, how?

  • Just use nextdns.io

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

Encrypt all the things!

Posted by Avatar for Velocio @Velocio