Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

few VPN queries - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

few VPN queries

2»

Comments

  • matey0matey0 Member

    @totally_not_banned said:

    @matey0 said:

    @totally_not_banned said:

    @Wraithy said:

    @totally_not_banned said:

    @Wraithy said:
    I think it may be a setting that needs changing but I don't know much about this sort of stuff so it could be anything.

    Rather unlikely as to my best knowledge there really isn't anything to configure in regards to how SSH handles socks. It's actually more of a gimmick. The usual performance tweak would be to switch to some less CPU intensive encryption but that's not really making a lot of sense here as probably both the VPS and you local PC have hardware accelerated AES making a switch to chacha or similar into probably more of a downgrade than anything else.

    I'd try what @0xbkt suggested. If you don't see a noticeable difference in single connection mode chances are SSH's proxy is actually really single threaded or at least drastically limits the amount of concurrent connections. A possible workaround would be to setup Wireguard/OpenVPN between your PC and the VPS and run an actual real socks server (dante or whatever) there.

    I guess it is limited then which is unfortunate. I think it might be best to look into some self-hosted VPN solutions though trying to find one with the ability to split tunnel is going to be challenging.

    Well, as i said before you could actually run a basic VPN (as in no routing of internet traffic just a virtual network) between your PC and the VPS and install a real socks server there. It's not overly elegant but if socks would work for you in general i guess it would do. I'm not sure if there's a Wireguard client for Windows (if there is that would probably be the go to solution these days) but OpenVPN would definitely work.

    Yup, there are Wireguard clients for every platform imaginable nowadays because of the official Go userland implementation.

    My suggestion would be to first set up microsocks on the vps, which is just a socks server.
    Should be as easy as installing it via apt or whatever and running

    microsocks -p SOME_PORT -u wraithy -P hunter2

    Note that this proxy won't add addittional encryption. Just to test, configure it in your browser, run a speedtest and report your results.
    If speeds are better, set up a WireGuard tunnel to the vps for encryption.

    Sounds pretty good. Just one tiny addition: I have the vague memory of microsocks actually being written in perl, which wouldn't necessarily be that performant. I'd probably rather go for dante, which might be a bit more complicated but not that much. It's also available via apt as dante-server. OP would just have to consult the man page/google in regards to configuring it.

    Maybe you're mixing something up, microsocks is written in C.

    Thanked by 1totally_not_banned
  • totally_not_bannedtotally_not_banned Member

    @matey0 said:

    @totally_not_banned said:

    @matey0 said:

    @totally_not_banned said:

    @Wraithy said:

    @totally_not_banned said:

    @Wraithy said:
    I think it may be a setting that needs changing but I don't know much about this sort of stuff so it could be anything.

    Rather unlikely as to my best knowledge there really isn't anything to configure in regards to how SSH handles socks. It's actually more of a gimmick. The usual performance tweak would be to switch to some less CPU intensive encryption but that's not really making a lot of sense here as probably both the VPS and you local PC have hardware accelerated AES making a switch to chacha or similar into probably more of a downgrade than anything else.

    I'd try what @0xbkt suggested. If you don't see a noticeable difference in single connection mode chances are SSH's proxy is actually really single threaded or at least drastically limits the amount of concurrent connections. A possible workaround would be to setup Wireguard/OpenVPN between your PC and the VPS and run an actual real socks server (dante or whatever) there.

    I guess it is limited then which is unfortunate. I think it might be best to look into some self-hosted VPN solutions though trying to find one with the ability to split tunnel is going to be challenging.

    Well, as i said before you could actually run a basic VPN (as in no routing of internet traffic just a virtual network) between your PC and the VPS and install a real socks server there. It's not overly elegant but if socks would work for you in general i guess it would do. I'm not sure if there's a Wireguard client for Windows (if there is that would probably be the go to solution these days) but OpenVPN would definitely work.

    Yup, there are Wireguard clients for every platform imaginable nowadays because of the official Go userland implementation.

    My suggestion would be to first set up microsocks on the vps, which is just a socks server.
    Should be as easy as installing it via apt or whatever and running

    microsocks -p SOME_PORT -u wraithy -P hunter2

    Note that this proxy won't add addittional encryption. Just to test, configure it in your browser, run a speedtest and report your results.
    If speeds are better, set up a WireGuard tunnel to the vps for encryption.

    Sounds pretty good. Just one tiny addition: I have the vague memory of microsocks actually being written in perl, which wouldn't necessarily be that performant. I'd probably rather go for dante, which might be a bit more complicated but not that much. It's also available via apt as dante-server. OP would just have to consult the man page/google in regards to configuring it.

    Maybe you're mixing something up, microsocks is written in C.

    Yeah, i obviously am then. Sorry, there was some kind of minimalistic socks implementation written in perl and i could have sworn it's name would have been microsocks but i guess it must have been something else.

    OP, disregard what i just said.

  • WraithyWraithy Member

    @matey0 said:

    @totally_not_banned said:

    @Wraithy said:

    @totally_not_banned said:

    @Wraithy said:
    I think it may be a setting that needs changing but I don't know much about this sort of stuff so it could be anything.

    Rather unlikely as to my best knowledge there really isn't anything to configure in regards to how SSH handles socks. It's actually more of a gimmick. The usual performance tweak would be to switch to some less CPU intensive encryption but that's not really making a lot of sense here as probably both the VPS and you local PC have hardware accelerated AES making a switch to chacha or similar into probably more of a downgrade than anything else.

    I'd try what @0xbkt suggested. If you don't see a noticeable difference in single connection mode chances are SSH's proxy is actually really single threaded or at least drastically limits the amount of concurrent connections. A possible workaround would be to setup Wireguard/OpenVPN between your PC and the VPS and run an actual real socks server (dante or whatever) there.

    I guess it is limited then which is unfortunate. I think it might be best to look into some self-hosted VPN solutions though trying to find one with the ability to split tunnel is going to be challenging.

    Well, as i said before you could actually run a basic VPN (as in no routing of internet traffic just a virtual network) between your PC and the VPS and install a real socks server there. It's not overly elegant but if socks would work for you in general i guess it would do. I'm not sure if there's a Wireguard client for Windows (if there is that would probably be the go to solution these days) but OpenVPN would definitely work.

    Yup, there are Wireguard clients for every platform imaginable nowadays because of the official Go userland implementation.

    My suggestion would be to first set up microsocks on the vps, which is just a socks server.
    Should be as easy as installing it via apt or whatever and running

    microsocks -p SOME_PORT -u wraithy -P hunter2

    Note that this proxy won't add addittional encryption. Just to test, configure it in your browser, run a speedtest and report your results.
    If speeds are better, set up a WireGuard tunnel to the vps for encryption.

    Ok, so I set up microsocks and it runs way better! I assume I just need to setup wireguard now? I am not sure how that would work but as long as it doesn't effect any programs that aren't running through the proxy, that would be ideal.

    Here is my result from using microsocks - https://www.speedtest.net/result/16003278961

  • matey0matey0 Member

    @Wraithy said:

    @matey0 said:

    @totally_not_banned said:

    @Wraithy said:

    @totally_not_banned said:

    @Wraithy said:
    I think it may be a setting that needs changing but I don't know much about this sort of stuff so it could be anything.

    Rather unlikely as to my best knowledge there really isn't anything to configure in regards to how SSH handles socks. It's actually more of a gimmick. The usual performance tweak would be to switch to some less CPU intensive encryption but that's not really making a lot of sense here as probably both the VPS and you local PC have hardware accelerated AES making a switch to chacha or similar into probably more of a downgrade than anything else.

    I'd try what @0xbkt suggested. If you don't see a noticeable difference in single connection mode chances are SSH's proxy is actually really single threaded or at least drastically limits the amount of concurrent connections. A possible workaround would be to setup Wireguard/OpenVPN between your PC and the VPS and run an actual real socks server (dante or whatever) there.

    I guess it is limited then which is unfortunate. I think it might be best to look into some self-hosted VPN solutions though trying to find one with the ability to split tunnel is going to be challenging.

    Well, as i said before you could actually run a basic VPN (as in no routing of internet traffic just a virtual network) between your PC and the VPS and install a real socks server there. It's not overly elegant but if socks would work for you in general i guess it would do. I'm not sure if there's a Wireguard client for Windows (if there is that would probably be the go to solution these days) but OpenVPN would definitely work.

    Yup, there are Wireguard clients for every platform imaginable nowadays because of the official Go userland implementation.

    My suggestion would be to first set up microsocks on the vps, which is just a socks server.
    Should be as easy as installing it via apt or whatever and running

    microsocks -p SOME_PORT -u wraithy -P hunter2

    Note that this proxy won't add addittional encryption. Just to test, configure it in your browser, run a speedtest and report your results.
    If speeds are better, set up a WireGuard tunnel to the vps for encryption.

    Ok, so I set up microsocks and it runs way better! I assume I just need to setup wireguard now? I am not sure how that would work but as long as it doesn't effect any programs that aren't running through the proxy, that would be ideal.

    Here is my result from using microsocks - https://www.speedtest.net/result/16003278961

    Nice and interesting to see how much slower ssh proxying is!
    You want to set up a point-to-point Wireguard vpn connection. Don't have much time to help you with that today, this article seems decent https://www.marksei.com/how-to-vpn-wireguard/

    The goal is not to route all traffic through Wireguard, but just to be able to access your server under, say, 10.0.0.1. All connections to 10.0.0.1 will then be encrypted and thus if you configure your socks proxy in your browser to 10.0.0.1:SOME_PORT the socks connection will be encrypted aswell.

  • yusrayusra Member

    This can be easily done with a lowend VPS;

    If you are referring to client side application split tunneling (these appa use the VPN and those app don't), then you can install Wireguard whose official app has that feature and if you are referring to the server side tunneling (this traffic goes to route A and that one to somewhere else), then you can use sing-box which not only supports that but also supports various protocols and its app (nekobox) also has a plethora of features.

  • lowenduser1lowenduser1 Member

    @Wraithy said:

    @lowenduser1 said:

    @Wraithy said: The only apps I will be running through the VPN are Deluge (was qBittorrent prior however that was having connectivity issues) and my browser

    what about a few dockers on a little vps?

    • rutorrent web-ui for the torrents
    • jellyfin app/web-ui for streaming
    • webtop browser in a browser

    I have ~2TB of torrents seeding on my PC that I leave running in the background and then I have an old PC that I turned into a media server that has a 12TB NAS drive in it that has Jellyfin installed on it. I appreciate the thought however it makes more sense to run a VPN/proxy since it would be a lot more cost-effective.

    Oh I see. What you could do is self host these dockers and configure bridged networking. This is pretty straight forward with Portainer. In front of your dockers have OPNsene/PFsense and deploy the tunnel there. With policy based routing one can configure where the traffic needs to go, be it tunnel or regular gateway.

    Wireguard performs best here but P2P traffic will always suffer from overhead but near gigabit should be possible

  • totally_not_bannedtotally_not_banned Member
    edited March 13

    @Wraithy said:

    @matey0 said:

    @totally_not_banned said:

    @Wraithy said:

    @totally_not_banned said:

    @Wraithy said:
    I think it may be a setting that needs changing but I don't know much about this sort of stuff so it could be anything.

    Rather unlikely as to my best knowledge there really isn't anything to configure in regards to how SSH handles socks. It's actually more of a gimmick. The usual performance tweak would be to switch to some less CPU intensive encryption but that's not really making a lot of sense here as probably both the VPS and you local PC have hardware accelerated AES making a switch to chacha or similar into probably more of a downgrade than anything else.

    I'd try what @0xbkt suggested. If you don't see a noticeable difference in single connection mode chances are SSH's proxy is actually really single threaded or at least drastically limits the amount of concurrent connections. A possible workaround would be to setup Wireguard/OpenVPN between your PC and the VPS and run an actual real socks server (dante or whatever) there.

    I guess it is limited then which is unfortunate. I think it might be best to look into some self-hosted VPN solutions though trying to find one with the ability to split tunnel is going to be challenging.

    Well, as i said before you could actually run a basic VPN (as in no routing of internet traffic just a virtual network) between your PC and the VPS and install a real socks server there. It's not overly elegant but if socks would work for you in general i guess it would do. I'm not sure if there's a Wireguard client for Windows (if there is that would probably be the go to solution these days) but OpenVPN would definitely work.

    Yup, there are Wireguard clients for every platform imaginable nowadays because of the official Go userland implementation.

    My suggestion would be to first set up microsocks on the vps, which is just a socks server.
    Should be as easy as installing it via apt or whatever and running

    microsocks -p SOME_PORT -u wraithy -P hunter2

    Note that this proxy won't add addittional encryption. Just to test, configure it in your browser, run a speedtest and report your results.
    If speeds are better, set up a WireGuard tunnel to the vps for encryption.

    Ok, so I set up microsocks and it runs way better! I assume I just need to setup wireguard now? I am not sure how that would work but as long as it doesn't effect any programs that aren't running through the proxy, that would be ideal.

    Here is my result from using microsocks - https://www.speedtest.net/result/16003278961

    Nice result! Sadly i can't really help you with Wireguard either as i'm still mostly using OpenVPN but this will not perform as good as Wireguard will. The main trick is to not setup a default route going into the VPN (which really isn't the original idea behind a VPN anyways) and just create a virtual network between your PC and the VPS so you can reach it over some LAN IP though, thereby having the traffic going to your socks proxy become encrypted while going over the open internet.

  • mad_4umad_4u Member

    @Wraithy said:

    @bgpgrid said:
    You could also run socks over wireguard which works for us and our clients.

    Or you can use the WireSock client instead (if using the regular wireguard client) to specify which apps can use the vpn tunnel or not.

    Is this something that is fairly easy to setup? I am pretty comfortable with Linux however I don't know much about networking (other than simple firewall stuff) so what would you recommend? I will do my own research too but I thought I would ask and see if you have any suggestions on where I should start. Thanks for the info!

    invest on GL-inet router easy to setup and support wireguard with option to modify routing.

Sign In or Register to comment.