Like many of my most (and least) productive days at work, there comes a time when solitaire just doesn't cut it anymore and I sit there in frustration and think to yourself: "I'm a man, dammit. I should be playing REAL videogames on the clock!" If you're in a similar situation as me, however, your place of work has foul content blockers stopping the wonderful and gracious steam store from even opening. A guy can't even check discord on the wifi here. What's the point of 2gbps internet if you can't send lightning fast reaction gifs? What bullshit. Thanks Obama…

If you REALLY think about it, this is probably unconstitutional or something, so like the true American patriot I am, I have to take it upon myself to do something about this. The easiest solution would be to get a VPN, so why not start there?

For those who may be unaware, a VPN or Virtual Private Network is a service that aims at obfuscating your web traffic by rerouting that traffic to a central location and then back to you. This means that all the users of the VPN all look like they are in one place while actually being anywhere else in the world. This extends a normal private network over the internet via tunnels and hides some date like your internet service provider and IP address. This also means that things like ads, clocks, and other things online that use your geographic location are tricked into using the VPN’s data for delivering that content instead of yours. If you connect to a VPN based in New Zealand, you will see targeted ads for new Zealanders, and certain websites that have clocks on them (not mine) will actually show a time that doesn’t match your actual time, and will show you the New Zealand time instead!

I hopped around the major providers you see on youtube ads like Nord and Surfshark to no avail. Then I paid about 12 dollars for a small vpn service based in Switzerland thinking it would be too under the radar for a big organization to block the servers associated with it, but I was wrong. Initially, I thought that network admins simply block specific servers, but that’s not entirely true. While they CAN do that, the wily net admin employs other tactics as well. Commonly, VPN usage is blocked by restricting specific protocols over certain ports known to be used by the VPN. For example, blocking UDP traffic from port 1194 will stop the greater majority of OpenVPN based connections, as sending UDP traffic through port 1194 is the default for that service. They can also use a method of blocking everything by default and specifically allowing greenlit IPs to go through. OpenVPN would have been my next choice but I know the swiss company used that, and setting up a custom config for OpenVPN is a MASSIVE pain in the ass to do. I might not be a genius, but I am smart enough to know that if OpenVPN isn’t the only option, I should look elsewhere first.

There’s a saying that if you give the hardest task to the biggest slacker, they’ll find the fastest way to do it. Let’s just say that the idea of setting up OpenVPN again was a little outside my sphere of willingness, so it was time to think as lazily as possible. I remoted in to one of my home computers to browse the web when I realized that I had accessed the company sites and stuff before when I work from home, which means that while they might block known vpn servers and restrict protocols on specific ports, they do NOT block everything by default. This means that if I could make it so that my traffic is sent to a home server and then back, I could potentially receive unblocked traffic from things like discord, reddit, and steam while also still being able to access resources needed for work.

Wireguard is a protocol that is designed to be both extremely lightweight and secure. Using just a few lines of code and very sophisticated encryption algorithms, wireguard can provide a user a direct connection to a host system quickly while also still allowing for modularity. Since we want to connect to a low-ish powered home server, this is perfect for our use case. In theory, we simply set up a connection, my traffic is directed to my server, and it sends back the unblocked data since I’m not using a company IP.

Installing wireguard via command line is very simple as well. Using a linux based system (as you should) you can have a custom config up and running in no time. Start by opening up terminal in inputting:

sudo apt install wireguard

Next, we will install qrencode so that we can create qr codes of our configs for devices like cell phones to scan and join if you want to join on such a device. The code for that is:

apt install net-tools qrencode -y

Next, we are going to use a quick installation script to get everything up and running as fast as possible. The script is below. BUT!!! Do not just copy and paste this into your terminal, ok! You need to make sure that "your name" is whatever you want to name your first tunnel. This is important, because the client name is used for formatting the config (tunnel) file for when you want to add new users, and also so that you can better organize the client files.

wget https://raw.githubusercontent.com/Nyr/wireguard-install/master/wireguard-install.sh -O Your-Name.sh

As you can see, this script references a github page that you are free to audit on your own. I used it myself and my computer did not explode or nothin, so just trust this stranger behind your screen and run the code @~@

After running it, you have to run "bash yourname.sh" Once again, repalcing yourname with whatever you JUST typed in before. This will then prompt you to choose a port you'd like your server to listen from. The default port for this is 51820, and that is fine so just press enter unless you know what you're doing, in that case, change it to your desired port. You could change this if you know that port is already in use, you have all ports blocked except a specific few, or would like to transport traffic on a specific port that is not the default. You'll then need to enter a name for your first client. For the sake of instruction, I'm going to pretend that this first client will be a cell phone or tablet, which is why we downloaded qrencode. We'll scan the qr code to easily and quickly get the info for our tunnel.

With our client named and whatnot, we'll pick our default DNS servers. Google is good. Hit "2" and press enter unless you have some other preference. Wait for the terminal to finish talking it up, then press enter again, and our qr code will pop magically appear. You can scan that with your device to access your brand new VPN server! I reccomend downloading the wireguard mobile app and importing a tunnle from that same qr code, as it will also provide you with important data and logs for monitoring the status of your connection as well as easily troubleshooting issues that may arise. For folks on debian, Wireguird is a wonderful gui for wireguard if you're scared of terminal or something. This also has logs and stats and stuff for the nerdily inclined. To create a new client, just enter "bash yourname.sh" and follow the same steps as the first time.

Now that we have our vpn set up, we can really stick it to the man and get unproductive.

OUTRO!