Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I might as well just dump this question in this thread:

Would this be easy to combine with openvpn? Basically what I'd like is to hook (say) my Apple TV into my pi by ethernet and then use the pi's wifi to connect to my router. Finally I'd like to be able to connect the pi to a VPN and have the Apple TV transparently use that connection. Is this straight-forward to achieve?



Yep, rather straight-forward. Little bit of iptables forwarding and you're all set:

  echo 1 > /proc/sys/net/ipv4/ip_forward
  iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
  iptables -A FORWARD -i wlan0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
I'd recommend wireguard[0] in preference to openvpn.

refs: [0]https://www.wireguard.com/


May I ask where I might start learning things like this?


The tutorials provided by VPS providers like Digital Ocean are a pretty good way to learn how to setup a VPN or any other common webservice yourself. They have a pretty well maintained library:

https://www.digitalocean.com/community/tutorials/how-to-crea...

etc. I'd also second a recommendation of wireguard over OpenVPN - it's far simpler to configure too.


Stand up a few useful services around the home and harden them. Stuff like Plex/Emby, Paperless-ng, *arr's, etc. Self hosting is addicting and one of the best teachers.


Great thanks for the info!


Yes, but a better approach would be to enable forwarding on the pi and using the pi as a gateway.

Performance is probably the only reason you'd favor bridging over routing. A segmented network is a safer network.


Some routers support acting as a transparent vpn client as well, particularly those with open linux firmwares.


Has anyone tried this and successfully blocked ads from services like YouTube and Hulu? uBlock works on my computer but I've always had a hard time with pihole. It'll work for like a day then go back to serving ads.


Make sure nothing is changing your DNS. You may need to set your router to push the pihole as your DNS and tell any programs to use system DNS.


I've checked that my router continues to point to the pihole (no fallbacks, though I've tried with fallbacks and no difference). I also setup the pihole with cloudflare. I'm just always confused because it seems like some people have absolutely no problem and there's others in my camp and the former just stop after "just follow the directions." I even remember the LTT video mentioned this specific problem.


I went down a similar rabbit hole recently with unbound as a caching resolver, where it appeared to work on my real computers but didn't on phones. I took a pcap and found that my Android 10+ devices were refusing to use the good-old port 53 DNS my unbound jail was serving because it wasn't DoT. Once I set up unbound with real certs _and_ set it as each device's "Private DNS", it worked as expected.

Your issue might be different but I suggest taking a pcap to make sure your assumptions about what is answering a given DNS query are true.


Oh I didn't realise anyone had that work. I just assumed it wasn't possible (i.e. ads served from same domain as content) and uBO was able to do it by 'content blocking' (i.e. DOM manipulation) rather than XHR blocking.

So, you're not alone, me too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: