Aktivix VPN user guide

These notes will help you to use the new aktivix wireguard VPN. Read them carefully and ask for help if you don't understand anything, to vpn.admin@aktivix.org

* * *

Overview

Aktivix are testing a new personal VPN solution based on wireguard technology. As of April 2020 our server is working and we are recruiting testers to help give feedback as we make adjustments.

Purpose

This service will give some degree of privacy for internet traffic between your computer (/phone) and our server. This may be useful to circumvent censorship, snooping by ISPs / public wifi hotspots, or fool internet services that only track you by using your IP address.

Because of the nature of any VPN, we don’t recommend reliance on this alone to acheive anonymity. Because of the limited resources we have, some of the more advanced features of commercial VPNs may be missing. If you need anonymity, we would advise using TAILS.

Getting access

Because testing this system needs people we trust, this is only open to friends we invite directly. If you’ve just stumbled across this page on the internet, sorry.

Please send a PGP-encrypted email to vpn.admin@aktivix.org letting us know that you’ve read this document, understand what’s going on, and that you’d like to enrol as a tester. Please attach your PGP public key so that we can reply.

We will then set up VPN access for you. All the information you need is within the configuration file, which will be sent to you by PGP-encrypted email. The PNG file attached contains the same info as the config file, it’s just to make it easier to set up on a smartphone/tablet.

Here is the PGP public key you must use to encrypt mail to vpn.admin@aktivix.org:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEYFCZ/hYJKwYBBAHaRw8BAQdABOYKSnerMsYVEHthSUJHKcCA5V6H5c5i3ZkpFyaijh/NKUFr
dGl2aXggVlBOIGFkbWluIDx2cG4uYWRtaW5AYWt0aXZpeC5vcmc+wpEEExYIADkWIQRZzUOhVlSf
uy+y6gdKXSF4xaukBQUCYFCZ/gUJBaOagAIbAwULCQgHAgYVCAkKCwIFFgIDAQAACgkQSl0heMWr
pAUhugEArP6TP5qageHsHmIOjAa3IMGIABj/5xPTHLkxmtz9th8A/0LyhlqFcUiXRIXUp/OrnAdL
Vme1In3n9ALI8+XciXMOzjgEYFCZ/hIKKwYBBAGXVQEFAQEHQEtfW0AgTE/T6rufjXQXuWrsun1p
ENRB2MZLaF11Ba0pAwEIB8J+BBgWCAAmFiEEWc1DoVZUn7svsuoHSl0heMWrpAUFAmBQmf4FCQWj
moACGwwACgkQSl0heMWrpAU2xgEA1fALQ8uXSSAL7ozAIyz0gCizDtIb4TSQzUlb32pctlIBAMYw
Qq48sobx72oF8/7I0BT9+fXw3ZZa2NFpY3FIsWYL
=PVEt
-----END PGP PUBLIC KEY BLOCK-----

Installing client software

Follow the instructions on this page

Configuring client software

On Linux:

Install the config file we emailed you on your client as /etc/wireguard/wg0.conf (all as root, or preceed with ‘sudo’):

> install -o root -g root -m 600 <username>.conf /etc/wireguard/wg0.conf

Now start WireGuard:

> systemctl start wg-quick@wg0

Optionally, configure the connection to start automatically on each boot:

> systemctl enable wg-quick@wg0

If your Linux distribution does not use systemd you can bring up WireGuard with sudo wg-quick up wg0.

On Android:

  • On your PC/laptop, open the PNG file we sent you. It’s a QR code containing all the information your client needs.
  • On your phone/tablet, open the wireguard app
  • Tap the big “+” to add a new tunnel
  • Tap “Scan from QR code”
  • Point camera at PC/laptop screen

Other OS / more help needed

Read this page

DNS options

The configuration file supplied is human-editable – have a look.

All of your DNS requests should be routed through the wireguard tunnel, but you can specify where they should be resolved. By default, you should see this line:

DNS =  216.66.22.34,216.66.15.28,162.247.75.207

The above is a list of DNS resolvers provided by our hosting provider, mayfirst.org, and we trust them to respect your privacy. However, you might want to use a different DNS provider, for example if you want to block adverts & trackers. To use the popular “adguard” DNS server (who we don’t know much about and can’t be sure if they respect your privacy) you could change the DNS line to:
DNS = 176.103.130.130, 176.103.130.131

Coming soon in v0.3 – resolve filtered DNS on clyde for trusted adblocking

Testing

General considerations for use

All traffic over the VPN will appear to the outside world that it comes from the same IP, which is the address of our server. This means that if you do something over the VPN that causes offence to someone (e.g. by breaking their laws, yawn…), that someone will know that we are collectively to blame. Therefore, we all have to take collective responsibility for not doing anything that’s likely to get us shut down. Specifically, please don’t use the aktivix VPN for these things:

  1. copyright infringements, especially by using bit torrent
  2. breaking in to anywhere, regardless of what colour hat you’re wearing
  3. publicising any shady activity on services that log IP addresses

How to test it

When we open the VPN to a larger group of users, we will ask you to only use it for activist purposes. However during testing, we are relaxing this requirement in order to get the broadest possible feedback of how it works in different situations. The caveats about not getting us into trouble still apply though.

After installing and configuring your client, please try to do everything you usually would do online, through the wireguard tunnel EXCEPT for accessing services you would not like to know that you are an aktivix tester. All the services you use will know that you are one of us, so if you want (for example) to log in to a website that has your real identity details, you would be letting them know that you’re one of the early adopters of this activist-provided service. Similarly, if you access a website without the VPN then access it again using the VPN, your browser may let that website know that you’ve visited it before from a different IP address, so you may actually be giving out more information about yourself rather than gaining anonymity.

After you’ve been using it for a week or so, please send us a brief report with some comments on as many of these questions as you can, and any more info you think might be useful:

  1. Did you notice any change in the speed of your internet connection, without using a speed-tester?
  2. Did you experience any DNS leaks?
  3. Did you use webRTC and did that reveal your real IP?
    (there are DNS/webRTC leak-testing services that you can find with a web-search – we’re not recommending which to use as we’d rather get a diverse set of results)
  4. Did you try changing the DNS resolver from the defaults? To what? How was it for you?
  5. Did you access tor through the VPN, or access the VPN through tor? Please share you method & observations.
  6. Did you encounter any blacklisting of our server?

Please sent reports back to the email address from which your configuration was provided, using openPGP encryption. If you run into problems later, please report again. Please keep reading any mails on the aktivix-vpn-announce mailing list.

Roadmap

Targets:

Nov 2019 0.1 – complete
initial deployment, testing of VM capabilities, network config etc.

Jan 2020 0.2 – complete
second deployment, using algoVPN scripts, expand testing crew, increase storage

June 2020 0.3 – in progress
complete documentation and admin workflows, refine DNS setup, expand testing crew

August 2020 launch service 1.0
we can hope…

 
markr
2020-04-23

I’ve just seen a mail from riseup saying that their VPN is at full capacity… time to get to work!
 
 
markr
2021-09-18

updated public key, because the old one got lost due to thunderbird PGP shennanigans
 
 
fushi20
2023-07-04

Thanks for detailed guide. Maybe I should check my PC again.
 
 
harry8283
2023-11-15 2023-11-15

In an era where online security and privacy are of paramount importance, virtual private networks (VPNs) have become indispensable tools for individuals seeking to safeguard their digital lives. Aktivix VPN stands out as a reliable and user-friendly solution, offering robust encryption and anonymous browsing capabilities.
look at this web-site
their explanation
internet
 
   
chiuchiu
2023-12-15 2023-12-15

Unblocked Games Premium for Android
unblocked games premium