1/24 Mining #Bitcoin from home on a private network is an essential part of maintaining a permissionless operation.

A thread on using @pfsense, @WireGuardVPN, & @mullvadnet to build a robust home network & route mining traffic through multiple VPN tunnels without added latency.

4/24 You can buy a plug & play firewall with @pfsense pre-installed from shop.netgate.com/products/1100-…

I chose to use a Dell Optiplex 9020 SFF by flashing it with pfSense & adding an Intel i350 network card. This gave be a powerful firewall with a WAN port and multiple LAN ports.

5/24 The @pfsense image can be downloaded from: pfsense.org/download/

I was then able to verify the file, flash it to a USB drive with BelenaEtcher, & then boot from the USB drive with my Dell Optiplex.

7/24 The first few steps were to go through the initial setup wizard, then @pfsense was up & routing traffic. This included changing the login password, choosing a time server, & choosing an IP range for the home network,

8/24 Then I was able to assign interfaces to the auxiliary Ethernet ports on my network card. This is how I was able to dedicate separate LANs for my #Bitcoin mining and my family's WiFi access point for example. With some firewall rules, I was able to sequester these LANs.

9/24 With no devices able to communicate across LANs or log into the firewall, I still wanted to ensure my family could connect to WiFi with their devices & reach the wide open internet. I used a NetGear Mesh WiFi router & configured it as an Access Point. netgear.com/home/wifi/mesh…

10/24 To ensure internet traffic on all my LANs was being encrypted & routed through VPN tunnels & concealing my real IP address to the outside world; I installed the @WireGuardVPN package in @pfsense. WireGuard is a lightweight VPN protocol.

12/24 In order to configure @WireGuardVPN correctly I would first need to signup with a VPN server provider to get the necessary configuration information. I chose @mullvadnet. They collect zero personal info, they don't log IPs, & they accept #bitcoin

13/24 From the @mullvadnet website I was able to generate 5 key pairs which I would use to configure my VPN tunnels and peers in @WireGuardVPN. It is important to use a separate key pair for each tunnel (each VPN server).

14/24 With these downloaded configuration files, I was able to add tunnels in @WireGuardVPN with the private key and then confirm the generated public key on @mullvadnet. I nuked all key pairs in this demo ;)

15/24 After each tunnel was added, I made a peer for each tunnel using the public keys and endpoints from the @mullvadnet configuration files. Then I could see hand shakes taking place.

16/24 Then I assigned the interfaces to the new tunnels using the host IP address from the configuration files & also added gateways for each new interface. By changing the public DNS server to monitor in each gateway I could now monitor latency for each tunnel.

17/24 Then I mapped outbound NAT connections in @pfsense so my tunnel interfaces could see my LANs. Then I could add firewall rules on each LAN to direct traffic through my VPN gateways.

18/24 To test that everything worked, I connected my laptop to each LAN port on my network card and pinged "ifconfig.co" from a web browser. Each LAN had a different IP address & geographic location.

19/24 With that verified, I then added multiple VPN tunnels to Gateway Groups in @pfsense. Then updated my firewall rules on each LAN to direct traffic through these Gateway Groups.

20/24 In the Gateway Groups I left each VPN tunnel as "tier 1" & set the trigger level to "Packet Loss or High Latency". This is how traffic on a single LAN could be automatically diverted to multiple tunnels thus avoiding increased latency, which effects mining rewards.

22/24 The results were calculated by taking my rejected packets and dividing them by my accepted packets for each 60-hour period.

The VPN had a slightly lower ratio of rejected work.

VPN on for 60 hours = 0.201%
VPN off for 60 hours = 0.226%