burn the bridge Profile picture
Dec 8, 2021 24 tweets 21 min read Read on X
1/24 Mining #Bitcoin from home on a private network is an essential part of maintaining a permissionless operation.

A thread on using @pfsense, @WireGuardVPN, & @mullvadnet to build a robust home network & route mining traffic through multiple VPN tunnels without added latency.
2/24 This thread is the short version of a more detailed article which can be found on the @BitcoinMagazine website here: bitcoinmagazine.com/guides/how-to-…
3/24 The full guide can help you:
-Get rid of your ISP's router & build your own firewall
-Configure multiple LANs on your network
-Route your traffic through a VPN
-Configure ad blockers

Special thank you to @_k3tan for helping me with this.
k3tan.com/pfsense
4/24 You can buy a plug & play firewall with @pfsense pre-installed from shop.netgate.com/products/1100-…

I chose to use a Dell Optiplex 9020 SFF by flashing it with pfSense & adding an Intel i350 network card. This gave be a powerful firewall with a WAN port and multiple LAN ports.
5/24 The @pfsense image can be downloaded from: pfsense.org/download/

I was then able to verify the file, flash it to a USB drive with BelenaEtcher, & then boot from the USB drive with my Dell Optiplex.
6/24 After a couple very basic configuration settings on the freshly flashed Dell, I was able to disconnect the keyboard & monitor then log in to @pfsense from the web interface on my standard desktop. This @TomLawrenceTech video helped me immensely.
7/24 The first few steps were to go through the initial setup wizard, then @pfsense was up & routing traffic. This included changing the login password, choosing a time server, & choosing an IP range for the home network,
8/24 Then I was able to assign interfaces to the auxiliary Ethernet ports on my network card. This is how I was able to dedicate separate LANs for my #Bitcoin mining and my family's WiFi access point for example. With some firewall rules, I was able to sequester these LANs.
9/24 With no devices able to communicate across LANs or log into the firewall, I still wanted to ensure my family could connect to WiFi with their devices & reach the wide open internet. I used a NetGear Mesh WiFi router & configured it as an Access Point. netgear.com/home/wifi/mesh…
10/24 To ensure internet traffic on all my LANs was being encrypted & routed through VPN tunnels & concealing my real IP address to the outside world; I installed the @WireGuardVPN package in @pfsense. WireGuard is a lightweight VPN protocol.
11/24 This Christian McDonald video was instrumental in teaching me how to configure @WireGuardVPN in @pfsense
12/24 In order to configure @WireGuardVPN correctly I would first need to signup with a VPN server provider to get the necessary configuration information. I chose @mullvadnet. They collect zero personal info, they don't log IPs, & they accept #bitcoin
13/24 From the @mullvadnet website I was able to generate 5 key pairs which I would use to configure my VPN tunnels and peers in @WireGuardVPN. It is important to use a separate key pair for each tunnel (each VPN server).
14/24 With these downloaded configuration files, I was able to add tunnels in @WireGuardVPN with the private key and then confirm the generated public key on @mullvadnet. I nuked all key pairs in this demo ;)
15/24 After each tunnel was added, I made a peer for each tunnel using the public keys and endpoints from the @mullvadnet configuration files. Then I could see hand shakes taking place.
16/24 Then I assigned the interfaces to the new tunnels using the host IP address from the configuration files & also added gateways for each new interface. By changing the public DNS server to monitor in each gateway I could now monitor latency for each tunnel.
17/24 Then I mapped outbound NAT connections in @pfsense so my tunnel interfaces could see my LANs. Then I could add firewall rules on each LAN to direct traffic through my VPN gateways.
18/24 To test that everything worked, I connected my laptop to each LAN port on my network card and pinged "ifconfig.co" from a web browser. Each LAN had a different IP address & geographic location.
19/24 With that verified, I then added multiple VPN tunnels to Gateway Groups in @pfsense. Then updated my firewall rules on each LAN to direct traffic through these Gateway Groups.
20/24 In the Gateway Groups I left each VPN tunnel as "tier 1" & set the trigger level to "Packet Loss or High Latency". This is how traffic on a single LAN could be automatically diverted to multiple tunnels thus avoiding increased latency, which effects mining rewards.
21/24 Then I set up an ASIC in my basement and commenced a 5 day VPN latency test. 2-1/2 day on a VPN failover gateway group and 2-1/2 days with no VPN.

22/24 The results were calculated by taking my rejected packets and dividing them by my accepted packets for each 60-hour period.

The VPN had a slightly lower ratio of rejected work.

VPN on for 60 hours = 0.201%
VPN off for 60 hours = 0.226%
23/24 This is one way a #Bitcoin home miner can use a VPN to guard their privacy without reducing mining rewards due to added latency. If you do this be mindful of the proximity between your geographic location and the VPN servers and the mining pool.
24/24 @slush_pool & @braiins_systems are working on Stratum v2 connections for mining which address these issues and more. But in the mean-time and especially for those using Whatsminers, this was a solution that I thought could help. To learn more: braiins.com/blog/data-priv…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with burn the bridge

burn the bridge Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @econoalchemist

Dec 28, 2022
1/12 Secure your #Bitcoin backups in stainless steel to protect against environmental hazards like fire & flood.

The Kiboruto from @Crazyk_031 & @stackbitme is a letter stamp style backup tailor made for @SamouraiWallet. Full guide on @BitcoinMagazine

bitcoinmagazine.com/guides/guide-f…
2/12 There are 3 key pieces of info you need for your backup. #1 is seed words. They always need to be in order and in the case of @SamouraiWallet, you get 12 of them. Kiboruto features etched numbered boxes to keep these words in order. Never share them with anyone!
3/12 Key piece of info #2 is your passphrase. The wallet requires one but doesn't generate it for you nor does it know if your passphrase is correct upon recovery. Every passphrase generates a valid wallet. Kiboruto has a dedicated passphrase plate so you can store it separately.
Read 12 tweets
Nov 2, 2022
1/16 Secure a #Bitcoin seed phrase with corrosion & fire resistant titanium; a thread on the @hodlrswiss One Titanium seed backup.

Full guide published with @BitcoinMagazine

bitcoinmagazine.com/guides/using-a…
2/16 Self-custody means you have the radical responsibility of securing your #Bitcoin backup. Geographically distributed water & fire proof backups are a good starting point. The @hodlrswiss One Titanium backup makes that pretty easy.

hodlr.swiss/products/one-t…
3/16 The One Titanium supports both BIP39 (github.com/bitcoin/bips/b…) & SLIP39 (slip39.com). This product involves converting standardized seed words into a corresponding numbered index. Exercise caution when making such conversions.
Read 16 tweets
Aug 10, 2022
15/19 Side note, while waiting for that transaction, if you're interested in building your own #Bitcoin full node on a @Raspberry_Pi, here is how I built mine:

econoalchemist.com/post/build-you…
16/19 Once received in the Bitcoin Core wallet, send some #BTC to @COLDCARDwallet. You can export a list of receiving addresses to a .txt file & transfer via microSD to the Raspi node then copy/paste. Bech32 addresses seem to work best for PSBT, FYI. Verify address on the CC. ImageImageImageImage
17/19 In conclusion, showed how to set up @COLDCARDwallet, generate WIF for mobile @bluewalletio & Bitcoin Core, & moved some #BTC to all 3 wallets. I hope you found some useful information here.
Read 5 tweets
Jul 25, 2022
1/24 Preserve the anonymity gained in Whirlpool by making every spend a CoinJoin.

My latest article with @BitcoinMagazine covers how to use the spending tools found in @SamouraiWallet & @SparrowWallet step-by-step.

bitcoinmagazine.com/guides/how-to-…
2/24 Whirlpool is a zero-link CoinJoin implementation that can be found in both @SamouraiWallet for mobile Android users as well as @SparrowWallet for desktop users. For the best privacy practices don't trust someone else's node, run your own @RoninDojoNode
3/24 Whirlpool breaks deterministic links that exist on the Bitcoin blockchain. These links are often exploited by law enforcement working with exchanges & chain analysis companies to invade your privacy & track your transactions. Even people you transact with might snoop around.
Read 25 tweets
May 16, 2022
1/18 Bear market mining, what can home miners do to survive? In this first part of a series on survival tips, I suggest setting expectations based on BTC price & hashrate so miners can be better prepared to make good decisions in stressful situations.

2/18 Miners face a lot of variables, the volatility of BTC price and hashrate specifically though can quickly change a miner's outlook. Setting some operating bands can help you remain calm and avoid making costly mistakes.
3/18 Setting these operating bands involves 3 steps:

1) Where do you stand today?
2) How high can hashrate go if the price stays flat?
3) How low can the price go if hashrate stays flat?

To help find these thresholds, this is a great tool:

insights.braiins.com/en/cost-to-min…
Read 18 tweets
Apr 29, 2022
1/32 Whirlpool your #bitcoin from desktop with @SparrowWallet and mix straight to cold storage with @COLDCARDwallet or @FOUNDATIONdvcs

A great solution for iPhone users who don't have @SamouraiWallet or a @RoninDojoNode

Full article @BitcoinMagazine:
bitcoinmagazine.com/technical/how-…
2/32 All #Bitcoin transactions are public & anyone can see them with a block explorer. Whirlpool breaks deterministic links and diminishes on-chain heuristics to weak subjective interpretations. Gain forward looking anonymity & transact without the privacy invasion.
3/32 Navigate to bitcoincore.org/en/download/ and follow the instructions to download the latest version of Bitcoin Core to your PC. It takes a few days to sync the whole blockchain and it takes up a lot of space, have at least 500GB of disk space available.
Read 32 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(