1/24 Mining #Bitcoin from home on a private network is an essential part of maintaining a permissionless operation.
A thread on using @pfsense, @WireGuardVPN, & @mullvadnet to build a robust home network & route mining traffic through multiple VPN tunnels without added latency.
A thread on using @pfsense, @WireGuardVPN, & @mullvadnet to build a robust home network & route mining traffic through multiple VPN tunnels without added latency.
2/24 This thread is the short version of a more detailed article which can be found on the @BitcoinMagazine website here: bitcoinmagazine.com/guides/how-to-…
3/24 The full guide can help you:
-Get rid of your ISP's router & build your own firewall
-Configure multiple LANs on your network
-Route your traffic through a VPN
-Configure ad blockers
Special thank you to @_k3tan for helping me with this.
k3tan.com/pfsense
-Get rid of your ISP's router & build your own firewall
-Configure multiple LANs on your network
-Route your traffic through a VPN
-Configure ad blockers
Special thank you to @_k3tan for helping me with this.
k3tan.com/pfsense
4/24 You can buy a plug & play firewall with @pfsense pre-installed from shop.netgate.com/products/1100-…
I chose to use a Dell Optiplex 9020 SFF by flashing it with pfSense & adding an Intel i350 network card. This gave be a powerful firewall with a WAN port and multiple LAN ports.
I chose to use a Dell Optiplex 9020 SFF by flashing it with pfSense & adding an Intel i350 network card. This gave be a powerful firewall with a WAN port and multiple LAN ports.
5/24 The @pfsense image can be downloaded from: pfsense.org/download/
I was then able to verify the file, flash it to a USB drive with BelenaEtcher, & then boot from the USB drive with my Dell Optiplex.
I was then able to verify the file, flash it to a USB drive with BelenaEtcher, & then boot from the USB drive with my Dell Optiplex.
6/24 After a couple very basic configuration settings on the freshly flashed Dell, I was able to disconnect the keyboard & monitor then log in to @pfsense from the web interface on my standard desktop. This @TomLawrenceTech video helped me immensely.
7/24 The first few steps were to go through the initial setup wizard, then @pfsense was up & routing traffic. This included changing the login password, choosing a time server, & choosing an IP range for the home network,
8/24 Then I was able to assign interfaces to the auxiliary Ethernet ports on my network card. This is how I was able to dedicate separate LANs for my #Bitcoin mining and my family's WiFi access point for example. With some firewall rules, I was able to sequester these LANs.
9/24 With no devices able to communicate across LANs or log into the firewall, I still wanted to ensure my family could connect to WiFi with their devices & reach the wide open internet. I used a NetGear Mesh WiFi router & configured it as an Access Point. netgear.com/home/wifi/mesh…
10/24 To ensure internet traffic on all my LANs was being encrypted & routed through VPN tunnels & concealing my real IP address to the outside world; I installed the @WireGuardVPN package in @pfsense. WireGuard is a lightweight VPN protocol.
11/24 This Christian McDonald video was instrumental in teaching me how to configure @WireGuardVPN in @pfsense
12/24 In order to configure @WireGuardVPN correctly I would first need to signup with a VPN server provider to get the necessary configuration information. I chose @mullvadnet. They collect zero personal info, they don't log IPs, & they accept #bitcoin
13/24 From the @mullvadnet website I was able to generate 5 key pairs which I would use to configure my VPN tunnels and peers in @WireGuardVPN. It is important to use a separate key pair for each tunnel (each VPN server).
14/24 With these downloaded configuration files, I was able to add tunnels in @WireGuardVPN with the private key and then confirm the generated public key on @mullvadnet. I nuked all key pairs in this demo ;)
15/24 After each tunnel was added, I made a peer for each tunnel using the public keys and endpoints from the @mullvadnet configuration files. Then I could see hand shakes taking place.
16/24 Then I assigned the interfaces to the new tunnels using the host IP address from the configuration files & also added gateways for each new interface. By changing the public DNS server to monitor in each gateway I could now monitor latency for each tunnel.
17/24 Then I mapped outbound NAT connections in @pfsense so my tunnel interfaces could see my LANs. Then I could add firewall rules on each LAN to direct traffic through my VPN gateways.
18/24 To test that everything worked, I connected my laptop to each LAN port on my network card and pinged "ifconfig.co" from a web browser. Each LAN had a different IP address & geographic location.
19/24 With that verified, I then added multiple VPN tunnels to Gateway Groups in @pfsense. Then updated my firewall rules on each LAN to direct traffic through these Gateway Groups.
20/24 In the Gateway Groups I left each VPN tunnel as "tier 1" & set the trigger level to "Packet Loss or High Latency". This is how traffic on a single LAN could be automatically diverted to multiple tunnels thus avoiding increased latency, which effects mining rewards.
21/24 Then I set up an ASIC in my basement and commenced a 5 day VPN latency test. 2-1/2 day on a VPN failover gateway group and 2-1/2 days with no VPN.
https://twitter.com/econoalchemist/status/1465543159228862467?s=20
22/24 The results were calculated by taking my rejected packets and dividing them by my accepted packets for each 60-hour period.
The VPN had a slightly lower ratio of rejected work.
VPN on for 60 hours = 0.201%
VPN off for 60 hours = 0.226%
The VPN had a slightly lower ratio of rejected work.
VPN on for 60 hours = 0.201%
VPN off for 60 hours = 0.226%
23/24 This is one way a #Bitcoin home miner can use a VPN to guard their privacy without reducing mining rewards due to added latency. If you do this be mindful of the proximity between your geographic location and the VPN servers and the mining pool.
24/24 @slush_pool & @braiins_systems are working on Stratum v2 connections for mining which address these issues and more. But in the mean-time and especially for those using Whatsminers, this was a solution that I thought could help. To learn more: braiins.com/blog/data-priv…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
