pyrocufflink-dns: Cloudflare over ProtonVPN
This commit adds a new playbook, `protonvpn.yml`, and its supporting roles *strongswan-swanctl* and *protonvpn*. This playbook configures strongSwan to connect to ProtonVPN using IPsec/IKEv2. With this playbook, we configure the name servers on the Pyrocufflink network to route all DNS requests through the Cloudflare public DNS recursive servers at 1.1.1.1/1.0.0.1 over ProtonVPN. Using this setup, we have the benefit of the speed of using a public DNS server (which is *significantly* faster than running our own recursive server, usually by 1-2 seconds per request), and the benefit of anonymity from ProtonVPN. Using the public DNS server alone is great for performance, but allows the server operator (in this case Cloudflare) to track and analyze usage patterns. Using ProtonVPN gives us anonymity (assuming we trust ProtonVPN not to do the very same tracking), but can have a negative performance impact if its used for all Internet traffic. By combining these solutions, we can get the benefits of both!
This commit is contained in:
15
roles/strongswan-swanctl/tasks/main.yml
Normal file
15
roles/strongswan-swanctl/tasks/main.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
- name: ensure strongswan is installed
|
||||
package:
|
||||
name: strongswan
|
||||
state: present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure strongswan starts at boot
|
||||
service:
|
||||
name: strongswan
|
||||
enabled: true
|
||||
- name: ensure strongswan is running
|
||||
service:
|
||||
name: strongswan
|
||||
state: started
|
||||
Reference in New Issue
Block a user