Low-end Hardware VPN Router
Routing your Exit-Node traffic through VPN
In Skywire’s current implementation you can only provide service, and therefore receive rewards, by acting as an exit node. This might cause legal implications depending on your country’s laws. For Germany, for example, running an exit node is currently not necessarily forbidden but you might still get targeted by the authorities when your IP is involved in illegal activities. To avoid this, and still be eligible for testnet rewards, a solution is to route all your node’s traffic through an anonymous VPN server.
This could be done through your manager pi for example as described here. Following this guide needs a profound knowledge of routing under linux with iptables.
A much more convenient way is using a consumer VPN router as your VPN gateway which I will describe in this article. It’s neither super performant nor a professional solution, but will do for now and is fast to set up and cheap! I chose the ASUS AC51U which you can get for around €10.- on eBay.
When choosing a different VPN router from Asus, or other manufacturers, make sure it supports OpenVPN client standard:
Network Setup
Most private households will have a setup similar to this:
Internet -> easybox/Fritzbox router -> ASUS AC51 U
In my case, it’s an Easybox804 which I am bound to from provide side. Ideally, you would switch the Easybox to act in “Bridge mode” meaning it’s only working as a DSL modem, but leave the routing to your ASUS device. Unfortunately, that’s not possible for some devices and we need to run multiple routers, called a router cascading.
For security reasons I will run separate subnets for my Skyminer and my other private devices which will look like this:
Internal private network: 192.168.2.XX
Skyminer Nodes: 192.168.1.151–192.168.1.158 (8 Nodes)
OpenVPN Zugang
When choosing a VPN provider we will for now focus on finding a provider that offers a free version. I chose ProtonVPN which is located in Switzerland and claims not to log any traffic ( here ). Another option would be VPNbook claiming to delete all logs after one week ( here ). Both free solutions are not exactly speedy resulting in up and downstream speeds of around 6Mbps, using a 50Mbps line. You might consider using a paid service, which isn’t costly at all, once main net launches. Make sure to use a provider accepting Bitcoin orders, Monero payments for additional privacy!
For the sake of the tutorial I will focus on ProtonVPN — other providers will be very similar!
ProtonVPN:
Create an account using your mail address only and log in to the platform.
Under Downloads choose Router as “Platform” and TCP as “Protocol,” then download the server config file.
Choose a country that offers a free server like e.g. the Netherlands.
Click the arrow down to load the config file which should look like this:
nl-free-01.protonvpn.com.tcp.ovpn
This file will be needed in the router interface to properly set up the VPN connection.
Under “Account” look up the user and password which you need to login on to the VPN server. This is not the credentials you use to login to the ProtonVPN web interface:
That’s all you need for the router setup from the ProtonVPN side.
Cabling:
Based on my network setup above the cables should be connected as follows:
Easybox LAN-Port (yellow) -> Asus Router WAN Port (blue)
Asus Router LAN Port (yellow)-> Skyminer Switch LAN Port
You could also connect from LAN to LAN but won’t end up with different subnets then and your IP configurations will differ as well!
Easybox:
In case you are running a DHCP server on the Easybox make sure it leaves the 192.168.2.2 free for the ASUS router. So make sure to define the DHCP range on the Easybox e.g. 192.168.2.50–192.168.2.100 which will allow for 50 devices!
I have the DHCP shut off completely because the TP-Link handles the DHCP for my private devices and it’s in a different subnet anyways — so no conflicts there!
ASUS router:
Connect your laptop to the ASUS router and it should get an address assigned through DHCP by default. Connect to the ASUS router web interface by using 192.168.1.1 in a browser and log in using admin/admin.
WAN:
First, we need to define the WAN side of the router, meaning the route it’s using towards the Easybox.
Assign a static IP 192.168.2.2 and set the gateway to point to your Easybox at 192.168.2.1.
DNS servers can be defined here as well to avoid DNS leaks. I chose the servers from OpenDNS but it might also be a good idea to use anonymous DNS servers like the ones from the CCC ( here ).
LAN:
On the LAN side, you want the ASUS to use a different subnet, in our case 192.168.1.x
That’s all you need to do here. You will lose connection to the ASUS router and need to reconnect after the changes have been made with a new IP assigned by it’s DHCP.
VPN:
Setting up the VPN connection is straight forward by navigating to VPN and choosing VPN-Client, then creating a new connection.
Use the credentials obtained earlier and the ovpn file you downloaded from ProtonVPN.
Save the connection, then activate it:
If everything went well it will show a blue checkbox on the left!
Check if it worked by opening https://www.iplocation.net/ with your laptop. It should now show you a location in the Netherlands (assuming you used the same server as I did).
Skyminer
On the Skyminer nodes, all you have to do is change your IP settings and gateway to reflect the changes.
sudo nano /etc/dhcpcd.confAt the very bottom of the file change the router and DNS entry as follows:
interface eth0static ip_address=192.168.1.151/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
This will make your node use the ASUS as the router and the DNS servers we entered earlier. Do this for all of your Skyminer nodes and reboot them:
sudo rebootMake sure your nodes return the external IP address different from the one your ISP assigned to you. In our case it should be an IP from the Netherlands:
curl https://ipinfo.io/ipThat’s it — enjoy your increased privacy!
