Backstory

So, on my day job, they have a tight grip on network restrictions, like sending Facebook into a DNS Blackhole, where I would need access to it because I do their Social Media and Advertisement in the agency. Also, sometimes, I need to access my home’s local network for stuff like my Ubiquiti Unifi Controller, Home Assistant, and other Docker containers that I would not be able to access outside my network without port forwarding or through Nabu Casa service.

Plus, since I could not install any programs on my computer without Administrator rights, how does one accomplish this? Better yet, how can I make it dual purpose?

Why didn’t you ask your employer to unblock it for you?

They outsource their IT to a separate company, and putting in a ticket costs them money, and to do a simple job like that would be a waste of money on their part. Plus, they really didn’t see a point in me having it, but they don’t have social media profiles at all or even understand technology, so it was basically talking to a brick wall.

And yes, I tried the portable Tor Browser. However, if you are trying to sign into social media sites (especially Facebook) with Tor, get ready to reset your password a LOT. From my location to Helsinki, Norway is always going to raise a red flag with Facebook. So this was not a reliable option.

Why not

Bring your own laptop?

 

Since I was not able to get a hardware KVM, nor was I able to install Synergy on my work computer due to the same complications of not having Administration Rights. Management was not willing to do that for me for something they have no knowledge about.

So for a while, I had my laptop with me with WireGuard installed System-Wide so I could do my Social Media part of my job, but unfortunately, constantly switching computers is not the best way to maximize efficiency, so I needed to find a way to do my job with the computer in the office.

Enter the

Purpose Built Machine

Originally, I used a Raspberry Pi 3B+ using the Hass.io Operating System, installed Portainer via the Addons page, and tried to pull the docker container SOCK5 Proxy to WireGuard. Why put Home Assistant on this? We have some printers in the office that can be polled to determine Ink Levels of printers, and it also houses a hard drive for encrypted, off-site backup storage. In addition, I have a webcam installed via USB to use with the MotionEye Addon, and as of Home Assistant 2021.5.0, it is natively supported as a component.

Problem #1: Incompatible Platform

The Docker container that I was using to turn a proxy into a Wireguard tunnel to my house was not meant for ARM based CPUs, therefore I was not able to pull or run the container. So, I bought an Atomic Pi because it had an Intel Atom x86 Chip on board and swapped from there.

Problem #2: Unstable Hardware and Docker Container Weirdness

The Atomic Pi itself was NOT meant to be a mini server (in my experience with it). 2GB of RAM is just not enough to power many services at once.

And thats not the only part, the Docker container that changes a SOCKS5 Proxy to Wireguard was just not working in any capacity.

So to combat this, I bought this Terryza Mini PC with 8GB of RAM and the same Intel Atom CPU, mainly because it was small, and it had all the IO I needed. Plus it was discrete enough to use properly without alarming suspicion.

And, after watching Wolfgang’s Channel Video about Application-Based routing, I used this docker container by binhex called arch-delugevpn, and this container was just what I needed, as you’ll soon see! Plus it seems to also work on Raspberry Pi computers, but I have not tested that.

How do I use it?

The Portable Apps Platform

For those unaware, the PortableApps Suite is a collection of apps that install and run on a flash drive. I bought a 128GB Samsung Flash Drive and installed the PortableApps Platform on the flash drive, along with apps like Dia, PuTTY, FileZilla, and so on. However, I also wanted to use my settings from my personal Google Chrome and not synchronize it with the Chrome on the computer (for privacy reasons, but I guess Google has that information anyway so..) I installed Chrome on my flash drive, synchronized my settings, and was up and running. However, I also installed Mozilla Firefox on the drive too, because it has a native Proxy changer in built. So, I changed the Proxy settings to point to port 8118 on http and https on my Mini PC Server, and set up the configuration of WireGuard for the container as listed in the video. AND IT WORKED!

I was able to use my home’s local IPs to access local services at home, and I was able to bypass the DNS Blackhole for social media. I would have to use 3 Browsers (Chrome on my machine for my Customer Service additional duties, Chrome on my Flash Drive with my own personal data and sign-ins, and Firefox for access to local services at my house and Social Media sites), along with the other programs I run on it as a requirement for the Customer Service side of the job, Rest In Peace my 8GB of RAM.

BONUS: One Browser to Rule them all, along with Additional Self Hosted services.

So, recently I discovered the Brave Browser, because I have been on a journey bring privacy up in my life, and keep my personal data as close to me as possible. So, I installed Brave on my main laptop and my phone. What about my work computer?

As luck would have it, there is a Portable version of the Brave Browser that I installed on my flash drive (which is also how I am writing this post now! 🙂 Now what to do about the proxy setup?

Chrome (and Chromium and Brave by extension) have no way to change native proxy settings in the browser settings. But I found this neat Chrome Plugin called SwitchyOmega that allowed me to either go direct (say, if I needed to enter the local IP of my Home Assistant machine in the office) or Proxy (which would allow me WireGuard into my house via the Docker Container at the office and do the cool stuff). It was a definite poggers moment.

And why also include Self Hosted? I also installed BitWarden from the Community Addon Store of Home Assistant, and did the setup of the manager in the Chrome Plugin. It was a little challenging, but I managed to accomplish it. But one of the things I’m looking into is instead of Port Forwarding my router to the BitWarden port, why not use NGINX Proxy Manager? I’m still very new to NGINX, but I have been having some problems forwarding the port 80 and 443 to NGINX Proxy manager, and getting the congratulations page OUTSIDE of my network. For some reason, it’s not working the way I was hoping. MAybe I can get some help for it to add some SSL and security for my network.

by

Brett White