Tomsbox

Current Linux Desktop

Fri, 23 Aug 2024 15:00:00 +0000

So this is how it looks:

To see the original size just right click ad “Open i new tab”

This is using hyprland which is a Wayland compositor.

The configs for the desktop and status bar can be found here:

hyprland.conf:
https://gist.github.com/t0m5k1/fc6ee522bef837abe9237a89d6072e78

binds.conf:
https://gist.github.com/t0m5k1/6bf141cf03efb20fa1ce833369e0e1f9

windowrules.conf:
https://gist.github.com/t0m5k1/ee0f4f2c09f1ab81b1851c5b9c6bcf8c

waybar config:
https://gist.github.com/t0m5k1/6dd3984ca6a66d69fbc3cd345439e8c6

waybar style.css:
https://gist.github.com/t0m5k1/9fd15f19de038593264a1410f8d10419

For this all to work you’ll need to install the relevant parts and their dependencies, I use Archlinux so I’ll only be providing necessary commands to get it working on there, any other distro is up to you but these configs should still function.

Run the following command:
(NOTE: As always with Arch ensure you’ve already upgraded prior to installing these)

sudo pacman -S hyprland hyprcursor hyprutils hyprwayland-scanner xdg-desktop-portal-hyprland waybar kitty

Now if you find that the workspace icons are not bein displayed correctly this will be due to missing fonts, I use the nerd font version of liberation family. To get it run the following:

sudo pacman -S ttf-liberation-mono-nerd

You may also need to make some further adjustments to the waybar config to get it working as you need.
I also use for a launcher so you may need to get that too or change it to something you prefer.

sudo pacman -S rofi

Once that is installed clone this git repo and the Archlinux Icon should trigger the menu.

Hope you like this.
See ya

Life Updates

Sat, 03 Aug 2024 16:00:00 +0000

So much has happened since my last post 2023-01-23

So I got divorced!
It really is not as bad as it sounds, My ex-wife is still my best friend and we both had a heart to heart over 2 days. Both of us were in tears and a lot of things were brought to the surface and dealt with.
Essentially we rely on each other so much that we couldn’t possibly fully leave each other. So we still share the same house and just have different rooms on different floors.
We’re unsure if we’ll ever get back together but all our kids still speak to each other and refer to each party as mum/dad. So there is still al lot of love being given on both sides and we both hope it remains this way and we can get a fair court case should the need arise in future because in truth neither of us have a bad word to say and neither of us have acted in bad faith through this.

I still work at the same place (check linkdin for more on that) I’ve gained more certificates and am currently working towards getting MS AZ104, 500, 700. It’s a long path but enjoyable.
Additionally my department is moving towards a Security Operation Center (SOC) where as previously we were a Network Operations Center (NOC). So really interesting things there.

Had a few changes to my home LAN with a few addittions and some changes. Lots have been going on and now this site is functional on the backend again I’ll be posting more.

Catch you all soon.

Youtube Channels

Sat, 03 Aug 2024 00:00:00 +0000

So I recently decided to drop you all a list of the YouTube channels I find my self watching.
This list will get big and will be updated to list all the channels I like

Tech

JaysTwoCents
What can be said for Jay, Nick and Phil !
This is where you go for all the indepth builds and water cooling info.

LTT
I’ve been watching Linus for quite sumoetime and I’ve come to appreciate the whole effort he has put in to growing and providing Tech news and reviews that I’ve come to almost rely on.

Level 1
Wendell is an institution by himself, I value every statement he makes and the information he provides is top notch.
The NEws/Link with friends is a must watch for me too.

Some Ordinary Gamers
Mutahar is a stallwart in all things current regarding tech, games, deep web and other shenanigans that may or may not ocur on the ‘tinter tubes!.

Linux

Chris Titus (Alt channel:ctt)
We can’t not mention Chris Titus here.
The guy is the creator of his tweak tool WinUtil that I link to in my sidebar.
His videos are always knee deep in tech be it linux or his app and what he’s doing. What makes this good is that you can learn from his videos even though they are very light hearted and he’s learning this with us!’

Broadie
When we talk about Linux we can’t leave out Broadie Robertson.
The guy seems to always have his finger on the pulse and is only ever a few hours off the mark lol.
Good content.

Security

HAK5
Threatwire with Ali.
Sec news can’t get better, She’s the girl all the geeks want to know for very obvious reason too and she’s happy with that.
Very active coder, loves defcon and streams nearly all the time on twitch.
You gotta see the dimples!

David Bombal
David is just excellent, The community section is his way to test us all.
His content is so in depth you learn and he actually provides many training courses via his website.
You need this man in your subs list.

DefCon
The DefCon what can really be said other than I will go here one day.
It’s a tech/Hacking conference where nearly anything goes, You’ll find all manner of types here from black,white,grey hat hackers, Tech nerds, sec nerd, exploiters and more.

BlackHat Con
BlackHat Con, They want to be good and sometimes they’ll have a demo or talk from someone/thing that is good, I check in every now and then but yeah.

General

Content Creators & Teams

MoistKritical
Charlie just hits the nail on the head with his takes on the recent funny shit

Asmongold
Asmongold well fuk me what a rep lol
Head of the wild OTK crew and part founder of Starforge PCs

Steak & Eggs
Tectone, Emiru and Asmongold hang out and do shit together

Camomo
The uber Rust Admin who takes no shit, doles out the bans and fuks with cheaters in rust, his Admin skill are sought after by cheater so they can avoid him but nobody has managed to yet.

Oompavile
Oompavile has some good takes on current affairs and is a funny fuka.
He’s also the other half ok Kris Collins KMK

KallmeKris
Cute Kris Colins provides us with KallMeKris.
Funny takes on current affairs, regular crime posts and stories too.

Paranormal

Ghosts / Debunking

I like the paranormal as I am a believer but at the same time I’m not here to watch blatant bullshit and lies being punted off as truth.
I’ve been interested in all things paranormal from a young age as my mother used to go to a medium and had the sessions recorded, I’d wait in the front room of the lady’s house!
We had hundreds of books on the subject and these were the first books I ever read as a kid. I might make an article about my experiences one day.

Beardo Gets Scared
Dale/Beardo Is a great debunker who’s learn from the greats like Jason Hawes, Kenny Biddle and Parple.
This is from his channel page: Join me as I fearlessly debunk mysteries, engage in heart-pounding live streams, and navigate the darkest corners of horror gaming.
Brace yourself for a journey where skepticism meets the supernatural, and let’s unravel the mysteries together! Subscribe now for a hair-raising blend of investigation, live thrills, and gaming scares that will keep you on the edge of your seat.
Are you ready to face the unknown?

Kenny Biddle
Kenny Biddle is the de-bunkers debunker!
He pulls apart any and all claims and applies science and logic to all. I’d highly recommend him.

Jason Hawes (TAPS)
Not much needs to be said about Mr Hawes.
His reputation in Ghost Hunters is testament to his contribution in this field and yes He does debunk too but the channel producers he was working with didn’t want that boring stuff!
So he left and went independent, Glad he did too.

Mythos Paranormal
Mythos is another top choice for debunking and investigations.

Parple
Recently his content has become quite random but it is funny! His older content is more paranormal and he’s a very good investigator and debunker.

Paranormal Mokey Podcast
Justin Cowell has worked on a few shows and has his own reputation, yes another big name.
This podcast of his features some real big names in the paranormal and recently had Dave Schrader on as a guest!

UAP/UFO/Aliens

Jeremy Corbell
In his own words:
an American contemporary artist and investigative filmmaker with movies on Netflix and Hulu.
He is known for his documentary work exploring mysteries in the fields of UFOs, advanced technology and the dark space where science confronts the abnormal.
Corbell’s films reveal how ideas, held by credible individuals, can alter the way we experience reality and help us to reconsider the fabric of our own beliefs.
This is where you’ll find the weaponized Podcast he does with George Knapp.

George Knapp
Veteran newsman George Knapp has been bringing great stories to the KLAS-TV audience in Las Vegas since 1981, establishing a national reputation for treating unusual topics with serious journalism.
We’ve only scratched the surface on our archive of stories that originally aired in Las Vegas on KLAS-TV Channel 8, and will be uploading more every week, along with new investigations.

I've not neglected you

Sat, 03 Aug 2024 00:00:00 +0000

I’ve had some issues and changed my PC so I’ve not been on here for a while.
Hopefully this post will update however I’m no sure as I’ve also had issues rebuilding my website dev environment.
This is partly due to jeykll and ruby giving me issues.

I do have a few life updates and some potential how to’s and other content, I’m also considering moving away from Jeykll/Ruby to another system.

Let’s see how this goes.
Fingers crossed.

Browser Privacy Part 4

Thu, 01 Aug 2024 00:00:00 +0000

Catch up

In part 3 I covered my choice of the best browser for privacy, PI-Hole deployment and a good addon to create browser based containers for firefox.

Latest

Things in browser land have gone totally gaga!
We have a few forks of chromium. One of these is Edge (no links) this is M$ default browser choice and it is chock full of traking that adds to googles default tracking and ties into Win11 telemetry.
In the first days we thought it was gonna be bad but what it is now is just annoying. I’ll stop it there and just suggest you use Chris Titus Winutil to either remove Edge or hoble it !

I still use and recommend Brave however I no longer use the BAT tipping system as I don’t use/support crypto.

Another choice is an interesting one.
The Mullvad Browser is developed – in collaboration between Mullvad VPN and the Tor Project – to minimize tracking and fingerprinting. It is a fork of FireFox.
This cheeky little browser has Tor and the mulvad VPN built in along with their other changes to secure it further.

If you want another chromium based browser I’d suggest ungoogled-chromium but I will not be linking to it.

Further developments

There are other changes afoot in browser land and this is Manifest V3.
Essentially Manifest V3 is a fundamental change in how extensions work in chromium based browsers. In that Google is really fed up with uBlockOrigin stopping most of their wonderful advert tracking and decided to end the game for the extension and others like it.
It is basically limiting what can be externally loaded in size and volume, uBlockOrigin loaded block lists from github and blocked the elements on page load, All that has come to a grinding halt and also due to the infinate wisdom of Mozilla this will also potentially affect FireFox browser, How I’m not exacly sure but there we go.

As a brave user I know their efforts will not be stopped as they’ve patched there system so damn deep that it’s essentially not an extension! Brave have also said that specfic V2 extensions will be available in brave and you will have the ability to load them from a zip or folder in dev mode.

How long this all stays in play and what happens when it all comes into effect in 2025 is anyones guess. I’m kinda hoping a totally new browser pops up but I’m also hoping a 3rd party extension store pops up too.

So that concludes this article.

Arma2 and Dayz-Epochmod

Tue, 24 Jan 2023 15:00:00 +0000

The first time I ever came across Dayzmod was browsing Youtube and happened to land on the wonderful FrankieonPCin1080p. I’m not gonna go into what has happened but will just tell you find his channel and watch the fantastic vids he has put up and then go look for others.

The bulk of this guide came from RobbieW69, I’ve edited and changed a few parts but the bulk of it came from his repo and video on youtube Star, Subscribe and follow him.

Assumptions

You have ESXi installed on a host.
You have already installed Windows (any version) into a Virtual Machine.
You have administraitive rights.
The virtual machine is reachable by remote desktop and has file sharing enabled and working.
You have Arma2, Arma2 Operation Arrowhead and have all the DLC.
You know how to add a mod to Arma2

Preparing Arma & Epoch

Verify Integrity of the Game Files (Right Click on the Game(s) in your Library -> Properties -> Local Files -> Verify integrity of game files). Run Arma 2 until the main menu, then close it, and run OA till main menu then close it. Locate your steam library, Find the common folder within steamapps Right click and Share this folder. Now log on to the VM and ensure you can browse to this share.

From here onwards everything will be done in the virtual machine.

Download and install DayZ Launcher, After DayZ Launcher has installed, Launch it and Open the Settings Panel (Top Right). Set the Mods/Downloads Path to your Arma 2 OA Install Directory (Example. C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead). And Set the Arma 2 Path to your Arma 2 (Base Game, NOT OA!) Install Directory (Example. C:\Program Files (x86)\Steam\steamapps\common\Arma 2).Scroll down and hit Save then close the Settings Panel, and Navigate to the Mods Tab in DayZ Launcher. Find DayZ Epoch 1.0.7 In the Mods List, and Click Download. Once the Mod has finished downloading, be sure to Verify the Install by Clicking the Verify Button
Download Epoch 1.0.7 Server Files

Installing MySQL Server & Workbench (Database)

Download MySQL Server. Download the one that has the smallest size, once it has downloaded, run the Installer. Select the Server only Setup Type, Click Next and then Execute, you might have to install some Redistributables during this process. Follow the Installer Process until you reach the Product Configuration Section, Press Next Once, and you should come to the Type and Networking Page.
Installing MySQL Server & Workbench can be confusing to those with little to no experience, particularly this next Section, so please read carefully.
The Config Type Option: If you are planning to Host this Server on a Home Machine, you can leave the Settings on this Page as they are and click Next. If you are Hosting from a (relatively decent) Dedicated Server Machine, select Server Computer, and leave the rest of the options as they are and click Next. Authentication Method: Set this to Use Legacy Authentication Method
Accounts and Roles: MySQL has a “root” User Account, which is a user that has full priviledges on the Server, so be sure to set the Root Password to be strong and secure, keep a note of it if you need to. You May Add & Configure MySQL Users on this Page if you wish to do so, for the sake of simplicity for this Guide, we will not run over this. Click Next. The Windows Service Page: Leave this Page as it is, and click Next, and Click Execute on the Next Page, the Finish the Installation.
Download MySQL Workbench here and run the Installer. Follow the Installer, select the Complete Setup Type, press Next, then Install, once the Install has Completed, Launch MySQL Workbench. Click on the Local instance MySQL80 Box, enter your Root Account password you set earlier. You should now be presented with a fairly confusing looking screen, if that is the case, then you can Minimize MySQL Workbench for now, we will continue here in a little while.
Download and Install PBO Manager, to make sure your PBO Manager was installed correctly go to Windows Settings -> type “defaults” -> Default Apps -> Choose default apps by file type -> Scroll down to ‘.pbo’ on the left and make sure PBO Manager is the application assigned to it. You should see the icon next to PBO files now.
Download and install WinRAR or 7 Zip
Download and install Visual Studio Code and Notepad++ we will be using both!
Download the Setup Guide Files folder from the google drive to follow along with.

Server Install and Setup

I’m having you name files and folders certain things only so you can follow along easier, you can name them whatever you want please just remember when editing Directory names to change them to what you make them.

Steps

1: Open File Explorer -> Make a folder anywhere call it DayZ_Server.
2: Open Arma2:OA directory via the file share you made earlier -> Copy everything in there into DayZ_Server.
3: Open Arma2 Directory via the file share you made earlier -> Copy AddOns folder only to DayZ_Server.
4: Open File Explorer -> Make another folder not in the same Drive called DayZ_Server_Config.
5: Open Epoch Server Files -> Move the DZE_Server_Config into the DayZ_Server_Config folder you made.
6: Move all other Epoch Server Files into the DayZ_Server folder we made. arma2oaserver.exe should be in this folder.
7: Open HeidiSQL -> Make a new Session, call it DayZServer.
- Sign into the ‘root’ with the password you made on MySQL 5.7 -> right click on DayZServer at the top -> Create new -> database ->name it like dayz_db -> for Collation find the one called utf8_general_ci -> Create.
- Now a database named dayz_db should have popped up inside the drop down next to like mysql and information_schema. Click on it -> Over on the right side toward the top you’ll see a blue button that says Query, click it -> a new empty window popped up -> Open DayZ_Server folder -> find SQL folder -> open it, now drag epoch.sql into that area where the Query opened. Next to the Query tab it will say ‘Database:dayz_db’, ABOVE that there is a blue Play button, click it after putting the ‘epoch.sql’ file into the Query.
- Now a dialog should have popped up saying produced 1 warning, ignore it.Now that next to where that Query tab was -> Click on that little gray window with the little green plus sign -> This opens a new Query tab -> Drop the ‘add_recommended_mysql_events.sql’ in that one and run it as well.Now a dialog should have popped up saying produced 7 warnings, ignore it.
- Click on ‘dayz_db’ while in Heidi, click on the people icon, now under User Management click the green Add button, it will prompt you to make a new user I would name it something like “newServer” or whatever you want, make a good password, then toward the bottom of that same dialog it says “Allow access to”, click the green ‘Add object’ button, click on ‘dayz_db’, then when it goes into the list below, click on the checkbox next to it, do not click on checkbox next to ‘global privileges’ only the one next to ‘dayz_db’.
- Now navigate to the HiveExt.ini located in your DZE_Server_Config folder, go down to line 36, change the database = to database = dayz_db then below that change Username equal to newServer, then below that change the password to the password you set.
8: Open Visual Studio Code -> Navigate to the top left -> blocks icon called ‘Extensions’ -> type SQF -> Install SQF Language by Vladislav and SQFLint by Skace.
- Open File Explorer -> Open DayZ_Server\@DayZ_Epoch_Server\addons -> Right click on dayz_server.pbo -> PBO Manager -> Extract to dayz_server\.
- Now drag the dayz_server folder into the Workspace as well -> Trust -> Add to workspace.
- Now go back to DayZ_Server\MPMissions -> right click on DayZ_Epoch_11.Chernarus -> PBO Manager -> Pack into DayZ_Epoch_11.Chernarus.pbo.
- Now drag the DayZ_Epoch_11.Chernarus folder into VS Code on left side under Workspace -> Trust -> Add folder to workspace.
- Now find the DayZ_Server_Config you made -> open it -> drag the DZE_Server_Config folder into the workspace as well.
- Now at the top click File -> Save Workspace As -> Name it something like DayZ Code -> Save it to your desktop. Now click File again and click on Auto Save. You are now done setting up the text editor. (remember to drag the folders not the .pbo files into VS code)
9: In VS Code -> In the worksapce -> click on DZE_Server_Config -> Click the arrow to open it -> go to 11_chernarus.bat.
- Change the Directories to yours. (ie: ‘-config=C:\DZE_Server_Config\11_chernarus.cfg’ will change to ‘-config=YourDrive\DayZ_Server_Config\DZE_Server_Config\11_chernarus.cfg’).
- Now open the 11_chernarus.cfg -> change ‘hostname = ;’ to whatever you want to name it, this will be what pops up on the server list, below that you can also have a server password.
10: Open -> DZE_Server_Config -> put the ‘start.bat’ inside.Change the directories in the Start.bat before you start it.
- In VS Code -> Top left click ‘Terminal’ -> New Terminal -> a drop down menu will pop up -> click on DZE_Server_Config -> the new terminal window will have opened up at the bottom -> type start start.
- Your server should start up. If you make changes in VS Code while the server is up, once you are ready to restart -> close the server -> then click on the Terminal window toward the bottom -> You should be able to just hit the Up arrow key or type ‘start start’ again.

Debugging: If you have any problems with the server -> go to DZE_Server_Config -> arma2oaserver.RPT is where your logs and errors will be 90% of the time. If you have problems on the Client side -> Open File Explorer -> At the top in the address bar type %appdata% -> Go back one folder and click ‘Local’ -> Arma 2 OA -> ‘ArmA2OA.RPT’.
If it has an error that says Include file z\addons\dayz_code\gui\description.hpp not found -> go to the 11_chernarus.cfg and change the name to something like TEST -> then go to 11_chernarus.bat then check all your spelling and directory changes, this error is typically due to the server not actually being directed to the Mission folder, the other possible problem is that you do no have a $PREFIX$ file in your @DayZ_Epoch_Server\addons\dayz_server folder. After putting TEST in the name, restart the server and see if the server name changes, if not, go to 11_chernarus.cfg and check the line that says template = “DayZ_Epoch_11.Chernarus”; and make sure it is directed to the correct folder.

Your server should run and not have any problems now, if it does not start please refer to ++Debugging++, if you are ready we will move on to editing your server, click below to return to the ReadMe.

Editing your new Epoch Server

If you’ve made it this far and succesfully loaded into your own server, congrats! Now it’s time to start modding it to fit what you want.But before you do that I HIGHLY recommend making backups of your “@DayZ_Epoch_Server” and your “MPMissions” folder regularly. I’m going to add some simple mods to get you started.

Making Edits

Before adding mods, you should go navigate to DZE_Server_Config\BattleEye\scripts.txtand change all the 5s to 1, this where Notepad++ comes in handy.
Open the scripts.txt in VS Code, Ctrl + A, then Ctrl + C, now open up Notepad++ and hit Ctrl + V, everything in scripts.txt should be pasted into Notepad++.
Now, In Notepad++ at the top there will be a bunch of icons, all the way to the right there is a Circle icon, it says start recording when you hover over it, go ahead and click it, once you do it will become unclickable.
Now go to line 2 -> begins with 5 addAction, click anywhere on that line, now hit the Home key on your keyboard, now hit the Right arrow key, Backspace, type 1, then Down arrow key. Once you’ve done this go back to the top and hit the Square button right next to the Circle button we pressed earlier to Stop Recording.
Now to the right of them there is a Triangle Play button, you can click this 83 times, or you can click the double triangle play button, a dialog will come up asking how many time you want to run the macro you just created, I believe its 83, type 83 into the box, click run.
Scroll down and make sure all of them were set to 1, if any were missed go ahead and change them.
Now go ahead and Ctrl + A, Ctrl + C, then navigate back to VS Code, and Ctrl + V (unless you closed it then you will need to highlight everything in the scripts.txt file that you have open in VS Code again before pasting into it.
After making edits or addings mods to the server, remember in order to start server you type the ‘start start’ command in the terminal in VS Code, as the ‘Start.bat’ will repack your PBO’s for you.
If this is going to be a private server and you don’t need the security -> go to ‘11_chernarus.cfg’ -> find line ‘BattlEye = 1;’ then set to 0, also find the line password = “”; and make a good one!, if so you don’t need to follow the Battle Eye Filters, after installing the Admin Tools you are good to go!

Value Edits

Open File Explorer -> DayZ_Server\@DayZ_Epoch\addons -> right click dayz_code.pbo -> PBO Manager -> Extract to dayz_code\ -> drag the dayz_code folder into the VS Workspace -> Add to Workspace.
Open it in the workspace -> find configVariables.sqf -> right click -> Copy.
Navigate to your DayZ_Epoch_11.Chernarus folder in the workspace -> if you don’t already have a folder there called dayz_code, make it then ->right click -> Paste (or Ctrl + V).
Now, while in that folder still -> right click on it -> New Folder -> name it init. Now go back to the dayz_code folder -> init -> find variables.sqf -> right click -> Copy.
Navigate back to the DayZ_Epoch_11.Chernarus folder and go to the empty init folder you made -> Right click -> Paste. Right click on the dayz_code folder in the workspace -> Remove folder from workspace.

Now go back to DayZ_Epoch_11.Chernarus folder and click on init.SQF. Find this:

call compile preprocessFileLineNumbers "\z\addons\dayz_code\init\variables.sqf";

and right BELOW it put:

call compile preprocessFileLineNumbers "dayz_code\init\variables.sqf";
call compile preprocessFileLineNumbers "dayz_code\configVariables.sqf";

Now to make the value edits you would like, you’ll be editing init.sqf, configVariables.sqf, and variables.sqf.
If you want ZSC single currency for example, enable it in the configVariables.sqf by changing:
```
Z_SingleCurrency = false;
```
to
```
Z_SingleCurrency = true;
```

Go to Description.ext in your mission folder -> at the bottom find:

#include "\z\addons\dayz_code\Configs\CfgServerTrader\CfgServerTrader.hpp" // Normal traders
//#include "\z\addons\dayz_code\Configs\CfgServerTraderZSC\CfgServerTrader.hpp" // Single currency traders

and change to:

//#include "\z\addons\dayz_code\Configs\CfgServerTrader\CfgServerTrader.hpp" // Normal traders
#include "\z\addons\dayz_code\Configs\CfgServerTraderZSC\CfgServerTrader.hpp" // Single currency traders

Map Addons

We’re going to add custom map addons server side, watch my video on how to make your map edits.
Navigate to dayz_server in your workspace -> Right click -> Add new File -> name it build.sqf -> Add New Folder -> Name it custom_buildings -> grab your mission.sqf file from the map edit you did -> rename it to like BalotaAddons.sqf for example if you made changes to Balota -> now place that file in the custom_buildings folder.

Navigate to dayz_server\init\server_functions.sqf -> find:

call compile preprocessFileLineNumbers "\z\addons\dayz_code\loot\init.sqf";

then right BELOW it add:

#include "\z\addons\dayz_server\build.sqf";//build custom map addons before player setup

Now go to the build.sqf script and type:
```
execVM "\z\addons\dayz_server\custom_buildings\BalotaAddons.sqf";
```
Restart your server and the map edits you made will work.

Third Party Mods

I use the following mods
Wicked AI The Install guide is on the main repo page, just scroll down.
DZAI Use this guide to get things going.
DZMS The install guide is on the main repo page.

To begin with I’d advise you just go with WAI, For the most part this will be all you need. I use the others to just compliment things in that the missons from DZMS are slightly basic but enables you to have more activity on the server. If you do end up making a public server ensure that you check over things regularly and if having multiple AI causes your bill to increase then drop DZAI and just have WAI and DZMS.

Most 3rd party mods from github have a readme.md that you can follow, the good ones give you the battleye exceptions you need as well, but if you add a mod that doesn’t give you the battleye exceptions you will want to run ‘BE_AEG.exe’ if the kicks are due to ‘script restriction’ and any other filter .txt file restrictions you will have to add manually, this gets covered later in the Battle Eye Filters section.

Installing the Admin Tools

BigEgg made some great Anti Hack Admin Tools for the community to use and they work on Epoch 1.0.7! They let admins fly, teleport, and overall do what they need to do.

You will want to follow the readme.md on the github for the installation of the admin tools until you get to Step 11: Drag all the BattlEye filters from the BattlEye folder into your server's BattlEye folder., do not do that, instead come back and continue.

You are now done learning how to edit your server.

Making Battle Eye Exceptions

BattleEye reads filters from the .txt files inside the folder, it then reads everything after the function name, for example in DZE_Server_Config\BattleEye\scripts.txt line 40 says 1 execVM , 1 being the filter style and execVM being the function, everything after are the Exceptions. Exceptions allow someone to execute that function in a certain way without being kicked by BattleEye. Please read the Battle Eye Filters Guide to get a better understanding then come back.

Generating Restrictions

If you followed the ‘Making Edits’ in this then you should have all of your filters inside the DZE_Server_Config\BattleEye\scripts.txtset to 1’s.

Go ahead and launch theserver and the game and join the server and when you get in, press F2 and do everything the admin menu allows you to. This will generate the restrictions(kicks) that would normally happen.
Once you are done testing every admin tool available, close the server. (which means spawn everything, teleport, ect. everything)
If you navigate to DZE_Server_Config\Battle you will notice a new file called scripts.log , this is filled with all the restrictions we’ve just generated. When a mod tries to call one of the Functions but does not have an Exception for it, BattleEye will kick the user. It will then note this in scripts.log with the exact code that tried to call the function in quotes, along with the filter number.

Generating Exceptions for Restrictions

First let’s open the Setup Guide Files folder we downloaded -> copy the BE_AEG.exe and the with console debug.bat into your BattleEye folder.
Now, we need to generate Exceptions for the restrictions that were created by the Admin Tools (because flying and teleporting ect, do not have exceptions by default). But when we look at scripts.log we only need to look at the Restrictions that contain a random line(variable) of letters and numbers, for example
```
#79 "] call BQ1vBKUInpSNuc;
          };
      };

      if (-1 > -1) then {setViewDistance -1};
      if (25 > -1) then {setTerrainGrid 25};
      if (true"
```
with BQ1vBKUInpSNuc being the random variable and setViewDistance being the function.
The reason we are only looking at and making exceptions for them is because the Admin Tools generates new variables every time the server starts again, so we have to add manual exceptions that will cover the code around them. All of the other restrictions should be fixed when we run the BE_AEG.exe by double clicking the with console debug.bat file.
In order to fix this we need to make an exception that gets as much of the code as possible but also removing the variable. If you followed the Battle Eye Filters Guide you know we need to break this down so let’s do it.
```
 "] call BQ1vBKUInpSNuc;
```

Contains the problem variable. So let’s start making the exception after it. Like this:

  !"};\n };\n\n if (-1 > -1) then {setViewDistance -1};\n if (25 > -1) then {setTerrainGrid 25};\n if (true"

So we head to scripts.txt and find line 79, we then go up two to line 81 because the filters don’t start on line 1, it says //new2 and the first filter 1 addAction is 0, in programming numbers don’t start at 1, they start at 0.
So now line 81 says 1 setViewDistance and since that is the Function being called in the code, we know we are right, click on the line, hit the End key on your keyboard, and copy the exception to the end of the line.
Now we know how to make exceptions for the Admin Tools random variable restrictions. Please continue to find as many as you can with the random variables and fix them. Once you are done fixing them, navigate to your Battle Eye folder and double click on with console debug.bat and it will then auto generate the exceptions needed for all of the other scripts.txt restrictions. Then you should be good to go!

Restart your game and Server and rejoin, then leave, and check scripts.log, if it is not there, you are done.

If you want more how about you consider upgrading to Epoch 1.7.0.1, it really is a simple import of SQL but I’ll let you figure it out.

If you need help, please join the Epoch discord server: https://discord.gg/0k4ynDDCsnMzkxk7

Share this guide with whoever you like.

PLEASE NOTE I CANNOT GUARANTEE THE ABOVE GUIDE WORKS IN FULL AS THINGS CHANGE, AT THE TIME I WROTE THIS IT WORKED FOR ME

Pihole in Oracle

Tue, 24 Jan 2023 00:00:00 +0000

I know there are many sites that produce these guides but I like to have my own. Additionally I also like to use unbound as a local forwarder that is configured to use root hints, This means you’re not sharing more data with others and look up DNS directly.

Additonally I use the wireguard part of openVPN and only have 2 tunnels connected to my cloud: 1 my phone 2 my local DNS server.
Why do I have a local DNS server you might ask, Well it allows me to offload the actual blocking to the cloud and keeps the gui cleaner additionally it means less traffic going to the cloud so then there is less chance of hitting a fee for the compute instance

Only change configuration mentioned here, leave the rest as default.

Platform Setup

Create an account with Oracle Cloud free tier: https://www.oracle.com/cloud/free

Setup a VM instance

Switch the OS from Oracle Linux to Ubuntu

Upload your own public key (this key can be generated via PuTTY)

Note down Public IP and Private IP

OS Setup

sudo su - root

Change root password:

 passwd root

[Note: The common practice is not to do this. Here the use case is security vs. convenience, where this approach is convenient but may be risky to permit remote access via root.]

Update the system:

apt-get update && apt-get upgrade -y

Install pivpn, pihole text editor

Install and configure pivpn:

curl -L https://install.pivpn.io | bash

Select Port: 1194

Create a default client after installation and download it [Step 25]

Install and configure Pi-Hole:

curl -sSL https://install.pi-hole.net | bash

Select interface: tun0

Change the Pi-Hole password:

sudo pihole -a -p

Install nano text editor (or your favourite alternative):

sudo apt install nano -y

Setup SSH access

Edit the SSH config file:

sudo nano /etc/ssh/sshd_config

It is upto you if you want to allow root to be able to login, Personally I do not and suffice with using sudo from a normal user.

Change following entries

PasswordAuthentication no > PasswordAuthentication yes

PermitRootLogin prohibit-password > PermitRootLogin yes

[Note: As mentioned earlier, do this at your own risk - this method allows you to easily connect to VM and grab any file from anywhere but this may pose a security risk]

Restart sshd:

sudo systemctl restart sshd

Setup PiVPN

Edit the server config:

nano /etc/openvpn/server.conf

Change push “dhcp-option DNS "

Comment out the line which reads push "redirect-gateway def1" so it reads as follows:

 # push "redirect-gateway def1"

The longer the keep-alive interval the longer it will take either end of the openvpn connection to detect whether the connection is no longer alive. Because mobile devices often lose connectivity and regain it, lower values are desirable.

Comment out keepalive 1800 3600 and add keepalive 10 60 below it, so it appears as follows:

 # keepalive 1800 3600
 keepalive 10 60

Comment out the line which reads cipher AES-256-CBC and add cipher AES-128-GCM below it, so it reads as follows:

 # cipher AES-256-CBC
 cipher AES-128-GCM

At the bottom of the file add the following lines:

 # performance stuff
 fast-io
 compress lz4-v2
 push "compress lz4-v2"

Press CTRL O to bring up the save prompt at the bottom of Nano, press Enter to save. Then press CTRL X to exit

Setup Oracle firewall

Search Internet on Oracle web GUI

Navigate to > Internet Gateway vcn-XXXXXXXX-XXXX

Left column > Navigate to > Security Lists

Navigate to > Default Security List for vcn-XXXXXXXX-XXXX

Add Ingress Rules

Source CIDR: 0.0.0.0/0

IP Protocol: UDP

Destination Port Range: 1194

Restart the VM from the Console

Managing the PiVPN

set up an OpenVPN Client Profile. (You do not need to have elevated root privileges to do this.)

pivpn add nopass

Give your client profile a name. I like to use an alphanumeric string composed of the user’s first name, and their device’s make and model (no spaces and no special characters).

Make a new client profile for every device. DO NOT share a client profile between two different devices.

This command will output a success message which looks like this:

   ========================================================
   Done! mypixel3xl.ovpn successfully created!
   mypixel3xl.ovpn was copied to:
     /home/myusername/ovpns
   for easy transfer. Please use this profile only on one
   device and create additional profiles for other devices.
   ========================================================

To get the mypixel3xl.ovpn file to your phone it is easiest to maximize your SSH window and print the file to the terminal window, to copy & paste the output:

cat ~/ovpns/mypixel3xl.ovpn

Press CTRL - until the screen zooms out to a point where you can see the entire ovpn file printed on the screen. The first line will have the word client and the last line is </tls-crypt>. Highlighting this entire chunk with a mouse will cause a scissor icon to appear in the middle of your SSH window, this means this selection has been copied to your clipboard.

Moving Forwards

Suggested Block lists: I could list out all the lists I like to use but whether they’re valid to you is a totally different matter. So to make it simple andd get you going I’ll suggest 1 list

Configure the OISD block list, which covers almost every sub-list known to humankind: https://oisd.nl/ [follow instructions on the website and pick on need basis]

For extra configuration of other features on pihole please refer to their documentation and community.

Use following commands for periodic updates

Ubuntu:

apt update && apt upgrade && apt dist-upgrade

Pi-Hole:

pihole -up

Pi-Hole Gravity (adblock lists):

pihole -g

Restart after update:

reboot

Share this guide with whoever you like

PLEASE NOTE i CANNOT GUARANTEE THE ABOVE GUIDE WORKS IN FULL AS THINGS CHANGE, AT THE TIME I WROTE THIS IT WORKED FOR ME

Updates

Mon, 23 Jan 2023 16:00:00 +0000

So much has happened since my last post 31 Jul 2019.
Moved house again, Still in the same borough just moved closer to town center and work. The landlady was very underhanded with us, We used to rent a small 2 bed and at the time her husband was alive. He was an amazing guy and we’d spend quite a bit of time talking and he offered me £200 to redec if I wanted to, His statement in email was take it or leave it. As I don’t like to accept discounts from rent I decided to decline.
Fast forward a couple of years and the Landlord passed away due to cancer, we moved to another of his properties which was a 4 Bed with garage. Lovely place wonderful neighbours and all went well for about 3 years, I get a call from the Landlady telling me she’s decided to sell up and if we want we can have first dibs. Great!
My wife and I went to the bank to see if this was possible, No rent payments are not taken into account, If they did they’d see we could afford to pay but alas they said no.
So we informed the landlady that we couldn’t take it on and asked for time to find another place, all good.
On the moveout day I ask for deposit …BOOM she dropped the clanger of no because I didn’t re-dec the old palce and left it in bad shaped blah blah blah!
I made my points, provided all the emails yet still she declined the deposit, during this I discovered the deposit was not in an escroe account! So told her “You’ll hear from my lawyers and you better make sure you followed ALL landlord/renting laws as this will be no win/no-fee for me, She wnet white.
So I engage a lawyer and hand over the details for them, A week later and I get an email telling me to provide bank details as she will pay the deposit and anything left of the rent we didn’t use. Agreed and got the payout also Lawyer didn’t bother to take a payment as all he did was inform the landlady she’d lose the case and her lawyer agreed lmfao.

COVID

What can I say other than never trust a Tory MP!
Their actions on the response was typical, all their mate got hundreds of millions and all we got was unusable PPE.

WAR

Putin you true numbskull!
What are you doing. Did you really think the world would not turn against you!

Thanks for reading this far.
I have a few more guides to come soon and will look to expand to different topis and maybe add a page for my spleen vents LOL

How to set up Pi-Hole with Pi-VPN and some extras

Wed, 31 Jul 2019 00:00:00 +0000

This is the guide I followed and have encorporated it here.

Set up a Pi-Hole Ad Blocking VPN Server with a static Anycast IP on Google Cloud’s Always Free Usage Tier

Configure Full Tunnel or Split Tunnel OpenVPN connections from your Android, iOS, Linux, macOS, & Windows devices

The goal of this guide is to enable you to safely and privately use the Internet on your phones, tablets, and computers with a self-run VPN Server in the cloud. It can be run at no cost to you; shields you from intrusive advertisements; and blocks your ISP, cell phone company, public WiFi hotspot provider, and apps/websites from gaining insight into your usage activity.

Run your own privacy-first ad blocking service within the Free Usage Tier on Google Cloud. This guide gets you set up with a Google Cloud account, and walks you through setting up a full tunnel (all traffic) or split tunnel (DNS traffic only) VPN connection on your Android & iOS devices, and computers.

Both Full Tunnel and Split Tunnel VPN connections provide DNS based ad-blocking over an encrypted connection to the cloud. The differences are:

A Split Tunnel VPN allows you to interact with devices on your Local Network (such as a Chromecast or Roku).
A Full Tunnel VPN can help bypass misconfigured proxies on corporate WiFi networks, and protects you from Man-In-The-Middle SSL proxies.

Tunnel Type	Data Usage	Server CPU Load	Security	Ad Blocking
full	+10% overhead for vpn	moderate	100% encryption	yes
split	just kilobytes per day	very low	dns encryption only	yes

Platform Setup

Go to https://cloud.google.com and click Console at the top right if you have previously used Google’s Cloud Services, or click Try Free if it’s your first time.

Account Creation

Step 1 of 2
Agree to the terms and continue.
Step 2 of 2
Set up a payments profile and continue

Project & Compute Engine Creation

Click the Hamburger Menu at the top left:
Click Compute Engine:
Select VM instances:
Create a Project if you don’t already have one:
Enable billing for this Project if you haven’t already:
- Compute Engine will begin initializing:

Compute Engine Virtual Machine Setup

Create a Virtual Machine instance on Compute Engine:
Customize the instance:
Name your Virtual Machine pi-hole.
Your Region selection should be any US region only (excluding Northern Virginia [us-east4]).
I have used us-east1 and the us-east1-b zone because it is closest to me.
Choose a micro Machine Type in the dropdown.
Change the Boot Disk to be 30GB if you plan on keeping your DNS lookup records for any reason, otherwise the default 10GB disk allocation is adequate.
Allow HTTP traffic in the Firewall (add a checkmark).
Allow HTTPS traffic in the Firewall (add a checkmark).
Expand Management, Security, disks, networking, sole tenancy and click the Network tab. Click the Pencil icon under Network Interfaces.
The External IP Address should not be Ephemeral. Choose Create IP Address to Reserve a New Static IP Address
You can log into your Virtual Machine via SSH in a Browser by clicking the SSH button. Make note of your External IP (it will be different from the screenshot below).
Click the Hamburger Menu at the top left, click VPC Network and click Firewall Rules.

1) Click Create Firewall Rule at the top center of the page.
2) The name of your rule should be allow-openvpn,
3) change the Targets dropdown to All instances in the network.
4) The Source IP Ranges should be 0.0.0.0/0.
5) The udp checkbox should be selected, and the port number next to it should be changed from all to 1194.
6) Then click the Create button.
7) You can disable the default-allow-rdp rule which Google set up with a default action of Allow, but because our server does not run any service on Port 3389 it is harmless to leave this rule alone.

Do not disable the default-allow-ssh firewall rule, or you will disable the browser-based SSH from within the Google Cloud Console.

OS

After finishing the previous steps Google Cloud will have provisioned a fresh virtual machine running Debian Stretch and a default install of the Google Cloud SDK, This amognst other things will give you acces to the gcloud command from within the virtual machine. These will give you the power to make changes to the public facing firewall that you briefly configured by allowing HTTP, HTTPS, SSH and OpenVPN into your virtual machine.
We now need to ensure the OS is up to date.

Debian Update & Upgrade

Once you log into your Virtual Machine via SSH, you want to update and upgrade it.

Ensure you have elevated root privileges by running this command in the bash shell:

sudo su

Update and upgrade by running this command in the bash shell:

apt-get update && apt-get upgrade -y

Pi-Hole Installation

Pi-Hole is a DNS based adblocker.

Ensure you have elevated root privileges by running this command in the bash shell:

sudo su

Install Pi-Hole by running this command in the bash shell:

curl -sSL https://install.pi-hole.net | bash

You will flow into a series of prompts in a blue screen.

Choose OK or answer positively for all the prompts until the “Select Protocols” question appears. IPv6 needs to be deselected as shown below:
Choose OK or answer positively for all the other prompts.

Set a strong password that you will remember for the Web Interface

pihole -a -p

Log into the web interface using the External IP that you noted down earlier at
http://your-external-ip/admin/settings.php?tab=dns
Click Settings, and navigate to DNS.
Set your Interface Listening Behavior to Listen on All Interfaces on this page:
Click the Save Button at the bottom of the page.

PiVPN Installation

PiVPN is an OpenVPN setup and configuration tool.

Ensure you have elevated root privileges by running this command in the bash shell:

sudo su

Install PiVPN by running this command in the bash shell:

curl -L https://install.pivpn.io | bash

You will flow into a series of prompts in a blue screen. All of the default values are appropriate.

Choose OK or answer positively for all the prompts until you have to choose an upstream DNS provider. The default answer is Google. Choose Custom and set an IP Address of 10.8.0.1

The default answer to reboot is No at the end of the installer. It is fine to say No, we have a few more things to edit while we’re logged in as root.

OpenVPN Configuration

Ensure you have elevated root privileges by running this command in the bash shell:

sudo su

Get into the openvpn directory by running this command in the bash shell:

cd /etc/openvpn

Server Configuration for VPN over UDP on Port 1194

Edit server.conf. I use nano to edit by running this command in the bash shell:

nano server.conf

Comment out the line which reads push "redirect-gateway def1" so it reads as follows:

 # push "redirect-gateway def1"

Comment out keepalive 1800 3600 and add keepalive 10 60 below it, so it appears as follows:

 # keepalive 1800 3600
 keepalive 10 60

Comment out the line which reads cipher AES-256-CBC and add cipher AES-128-GCM below it, so it reads as follows:

 # cipher AES-256-CBC
 cipher AES-128-GCM

At the bottom of the file add the following lines:

 # performance stuff
 fast-io
 compress lz4-v2
 push "compress lz4-v2"

Press CTRL O to bring up the save prompt at the bottom of Nano, press Enter to save. Then press CTRL X to exit

Server Configuration for VPN over TCP on Port 443

Ensure you have elevated root privileges by running this command in the bash shell:

sudo su

Get into the openvpn directory by running this command in the bash shell:

cd /etc/openvpn

To accept incoming OpenVPN connections over TCP on port 443 we need a separate configuration file. We can clone our existing configuration as a starting point, by running this command in the bash shell:

cp server.conf server_tcp443.conf

Edit /etc/iptables/rules.v4. I use nano to edit by running this command in the bash shell:

nano /etc/iptables/rules.v4

Below the line which reads -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE, add the following on a new line:

 -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE

Press CTRL O to bring up the save prompt at the bottom of Nano, press Enter to save. Then press CTRL X to exit

Edit server_tcp443.conf. I use nano to edit by running this command in the bash shell:

nano server_tcp443.conf

Replace the proto udp and port 1194 lines with:

 proto tcp
 port 443

Edit the server 10.8.0.0 255.255.255.0 line to reflect an IP address of 10.9.0.0, so it reads as follows:

 server 10.9.0.0 255.255.255.0

Edit the push "dhcp-option DNS 10.8.0.1" line to reflect an IP address of 10.9.0.1, so it reads as follows:

 push "dhcp-option DNS 10.9.0.1"

Comment out keepalive 10 60 and add keepalive 10 120 below it, so it appears as follows:

 # keepalive 10 60
 keepalive 10 120

Comment out fast-io so it looks like this:

 # fast-io

Press CTRL O to bring up the save prompt at the bottom of Nano, press Enter to save. Then press CTRL X to exit

Add the OpenVPN service on Port 443 by running this command in your bash shell:

systemctl enable openvpn@server_tcp443.service

Finalize VPN Confgurations on Server

Reboot the server by running this command in your bash shell:

shutdown -r now

Managing the PiVPN

Connect to the Pi-Hole server and set up an OpenVPN Client Profile. (You do not need to have elevated root privileges to do this.)

pivpn add nopass

Give your client profile a name. I like to use an alphanumeric string composed of the user’s first name, and their device’s make and model (no spaces and no special characters).

Make a new client profile for every device. DO NOT share a client profile between two different devices.

This command will output a success message which looks like this:

   ========================================================
   Done! mypixel3xl.ovpn successfully created!
   mypixel3xl.ovpn was copied to:
     /home/myusername/ovpns
   for easy transfer. Please use this profile only on one
   device and create additional profiles for other devices.
   ========================================================

To get the mypixel3xl.ovpn file to your phone it is easiest to maximize your SSH window and print the file to the terminal window, to copy & paste the output:

cat ~/ovpns/mypixel3xl.ovpn

Saving a Split Tunnel VPN Client Profile for UDP VPN Connections on Port 1194

Paste this into your favorite Text Editor and save the file with a name that is clear: mypixel3xl-udp-1194-split-tunnel.ovpn

Around Line 12, edit the line which reads cipher AES-256-CBC and change it to read:

 cipher AES-128-GCM

Saving a Full Tunnel VPN Client Profile for UDP VPN Connections on Port 1194

Copy the contents of mypixel3xl-udp-1194-split-tunnel.ovpn and paste it into your favorite Text Editor, save the file with a name that is clear: mypixel3xl-udp-1194-full-tunnel.ovpn

Below cipher AES-128-GCM add this line:

 redirect-gateway def1

Saving a Split Tunnel VPN Client Profile for TCP VPN Connections on Port 443

Copy the contents of mypixel3xl-udp-1194-split-tunnel.ovpn and paste it into your favorite Text Editor, save the file with a name that is clear: mypixel3xl-tcp-443-split-tunnel.ovpn

Change proto udp on Line 3 to proto tcp

 proto tcp

Change the 1194 at the end of Line 4 to 443, do not change the IP address on this line (it is your Google Compute Engine Virtual Machine’s external IP address):

 remote YOUR-EXTERNAL-IP-IS-HERE-LEAVE-THIS-AS-IT-IS 443

Saving a Full Tunnel VPN Client Profile for TCP VPN Connections on Port 443

Copy the contents of mypixel3xl-tcp-443-split-tunnel.ovpn and paste it into your favorite Text Editor, save the file with a name that is clear: mypixel3xl-tcp-443-full-tunnel.ovpn

Below cipher AES-128-GCM add this line:

 redirect-gateway def1

Make these .ovpn files available on your phone or tablet

E-mail these files to yourself, upload in Google Drive, or use whatever secure method you prefer to transfer this file to your device. It is safe to download this file to your device.

## WARNING
Anyone that gets one of these .ovpn files can connect to your server.

Full & Split Tunnel VPN on Android & iOS Devices

“OpenVPN for Android” on Android for Split Tunnel VPN

This is open source software.

Install the “OpenVPN for Android” application on your Android device.

When the “OpenVPN for Android” opens you are in the Profiles Tab. You will have to perform the following steps for mypixel3xl-udp-1194-split-tunnel.ovpn, and again for mypixel3xl-tcp-443-split-tunnel.ovpn

Import your Profile, click the + at the top right.
Then click Import at the bottom left of the modal that appears.
Click the Hamburger Menu at the top left to choose Google Drive, or your Downloads folder, depending on what method you used to get the .ovpn file to your phone.
Click the pencil icon next to the VPN profile you imported.
- Click the Server List Tab.
  - Connect Timeout should be 60 for UDP VPN Profiles and 120 for TCP VPN Profiles.
- Click the IP AND DNS Tab.
  - No local binding should be enabled
  - Override DNS Settings by Server should be enabled
    - searchDomain should be empty
    - DNS Server should be 10.8.0.1
    - Backup DNS Server should be empty
- Click the Routing Tab.
  - Bypass VPN for local networks should be enabled.
  - Block IPv6 (or IPv4) if not used by the VPN should be enabled.
  - Click Excluded Networks under IPv4 and add this:
    10.0.0.8/8 172.16.0.0/12 192.168.0.0/16
- Under the Authentication/Encryption Tab
  - The Encryption Cipher should be AES-128-GCM
- Under the Allowed Apps Tab
  - The first Toggle should be disabled, and will read VPN is used for only for selected apps.
  - the Android System WebView, your preferred web browser, and any other apps you wish to block ads in, should have a checkmark.
Click the back button a couple times until you are at the Profiles Tab again.

Click the Settings Tab:

OpenVPN 3 Core should have a checkmark
click Default VPN and choose the VPN you have imported
Connect on Boot should have a checkmark
Pause VPN connection after screen off should be enabled if you wish to save your battery and reduce data usage, and only want to block things while you’re actively using your phone.

Click the back button a couple times until you are at the Profiles Tab again.

Clicking the name of the VPN profile you imported should trigger a connection.

“OpenVPN Connect” on Android for Full Tunnel VPN

This is open source software.

Install the “OpenVPN Connect” application on your Android device.

Download the mypixel3xl-udp-1194-full-tunnel.ovpn and mypixel3xl-tcp-443-full-tunnel.ovpn files from your E-mail or your Google Drive to your Android Phone or Tablet. These files will be saved to your device’s “Download” folder by default.

When the “OpenVPN Connect” application opens up, in its home screen you will see 3 options, Private Tunnel, Access Server, and OVPN Profile. Click on OVPN Profile.

Import and Add an .ovpn client profile by tapping your .ovpn filename, and then tapping Import on the top right, and then tapping Add. If you have already imported a client profile already, you can import more client profiles by pressing the + button at the bottom right.

Click the Hamburger Menu at the top left and click Settings

Under IPv6, the IPv4 Only Tunnel button should be selected. (The default selection is No Preference)
Under Connection Timeout, the Continuously Retry option should be selected. (The default selection is 1 Min)
Under Compression, the Downlink Only button should be selected. (The default selection is Full)
Under DNS Fallback the checkbox should be deselected/empty. (By default the checkbox is ticked)

Click Save at the top right.

“OpenVPN Connect” on iOS for Full & Split Tunnel VPN

This is open source software.

Install the “OpenVPN Connect” application on your iOS device.

Import and Add all of your .ovpn files using one of the following two methods:

Using iTunes Sync, select your device, go to OpenVPN under the apps tab, and drop your .ovpn files into the file sharing window.
Using Google Drive or your e-mail you can open the .ovpn files with OpenVPN.

Click the Hamburger Menu at the top left and click Settings

Under Connection Timeout, the Continuously Retry option should be selected. (The default selection is 30 Sec)
Under Compression, the Downlink Only button should be selected. (The default selection is No)
Under DNS Fallback the checkbox should be deselected/empty. (By default the checkbox is ticked)

Full & Split Tunnel VPN on Computers

Due to the amount of bandwidth a computer could use, it is recommended to use the Split Tunnel .ovpn profiles on computers, and not Full Tunnel.

“Viscosity VPN” on macOS or Windows

This is commercial software.

Import the Split Tunnel .ovpn files once Viscosity VPN is installed and running.

To enable Split Tunnel VPN with Viscosity on Windows, once you import the connection to Viscosity, Edit Connection and click the Networking Tab. Under the DNS Mode dropdown, choose Full DNS (Use VPN DNS for all traffic).

“OpenVPN GUI” on Windows

This is open source software.

Import the Split Tunnel .ovpn files once the OpenVPN GUI is installed and running.

“Tunnelblick” on macOS

This is open source software.

You can install Tunnelblick with Homebrew:

brew cask install tunnelblick

If you don’t have Homebrew, you can get alternate installation instructions on the Tunnelblick website.

Import the Split Tunnel .ovpn files once Tunnelblick is installed and running.

“gnome-manager” on Ubuntu (and its variants)

This open source software is baked into Ubuntu’s OS

Enable the option which reads Use this connection only for resources on its network in the IPv4 Tab

Split Tunnel VPN on Routers with AsusWRT & AsusWRT-Merlin Firmware

Activate the OpenVPN Client Profile

Go to http://<AsusWRT Router IP>/Advanced_OpenVPNClient_Content.asp
Select an unused client instance (usually Client 1).
Beside Import .ovpn File, click Browse
Browse to your OpenVPN Client Profile (e.g. asuswrt-udp-1194-split-tunnel.ovpn)
Click Upload
Set Accept DNS Configuration to STRICT
Click the Service State toggle to activate the client
Scroll to the bottom and click Apply

Set Pi-Hole as the DNS provider

Go to http:///Advanced_WAN_Content.asp
Under WAN DNS Setting, set Connect to DNS Server automatically to NO.
Set DNS Server1 to 10.8.0.1
Scroll to the bottom and click Apply

Use AsusWRT Firewall to force all DNS traffic to Pi-Hole

Go to http://<AsusWRT Router IP>/Advanced_Firewall_Content.asp
Set Enable Network Services Filter to YES
Add the following rules to the Network Services Filter Table
- Port Range = 53, Protocol = UDP
- Port Range = 53, Protocol = TCP
- Destination IP = 10.8.0.1, Port Range = 53, Protocol = UDP
- Destination IP = 10.8.0.1, Port Range = 53, Protocol = TCP
Scroll to the bottom and click Apply

Verify Everything Works

Well done for making it this far. Now you need to carry out some basic testing to make sure all is well

Test your Full Tunnel VPN

Go here: https://duckduckgo.com/?q=my+ip

You will see your IP address displayed very prominently just below the search barwith the label: Your public IP address

If you see anything other than the External IP Address of your Google Compute Engine Virtual Machine, then you do not have a Full Tunnel VPN.

If you see an IPv6 address while connected to the VPN, then you have a big problem because with Goolge Cloud Virtual Machines you do not get IPv6 just yet.

Example of an IPv6 address:

You can do some further troubleshooting by visiting: https://www.whatismyip.com

If you see no IPv4 address, and a public IPv6 address identical to the one from the Google search result earlier, it means your tunnel is not processing any IPv4 traffic, and you are going out to the Internet over IPv6 directly.

This typically means you have a problem with your server configuration and client configuration files.

Test for a DNS Leak

If DNS lookups are not happening exclusively over the VPN connection to the Pi-Hole server, then you have a DNS leak. A DNS leak will result in ads appearing.

In the Pi-Hole Web Interface at http://your-external-ip/admin/settings.php?tab=dns choose just one DNS provider. The two Google IPv4 DNS servers will give you the highest performance. For our test, we will deselect the Google IPv4 DNS servers and choose the 2 Cloudflare DNS servers.

On your device, go to https://www.dnsleaktest.com/ and click the Extended test button. On the table in the next page, every single row must say “Cloudflare”. If you see any IPs that do not belong to Cloudflare, you have a DNS leak. This typically means you have a problem with your server configuration and client configuration files.

Turn your VPN off and try the Extended test again, you will see your default DNS servers as defined by your Internet provider or your Router.

Once you are done testing, only use the Google IPv4 Upstream DNS Servers if you want the fastest DNS resolvers for your Pi-Hole. You can use any of the other Upstream DNS servers if speed is not your number one requirement.

Test the Ad-blocking

A quick test page to verify if your ad blocking is working: https://blockads.fivefilters.org/?pihole

The Pi-Hole project also maintains a list of excellent advertising-littered pages that you can test:
https://pi-hole.net/pages-to-test-ad-blocking-performance/

Firewall

You may not be comfortable leaving the Pi-Hole web interface accessible on a Public IP

If you do not wish for the Pi-Hole web interface to be accessible publicly, disable Port 80 in your Google Cloud Firewall.

Log into Google Cloud Console: https://console.cloud.google.com/
Ensure your Project is selected in the blue bar at the top (next to the words “Google Cloud Console); by default it should be
Click the Hamburger Menu at the top left, click VPC Network and click Firewall Rules
Click default-allow-http in the table
Click Edit at the top of the page
Click Disable Rule above the “Save” button to reveal a radio button group
Select Disabled
Click the Save button

To access your Pi-Hole web interface once you do this, you will have to connect via VPN, and then go to http://10.8.0.1 if you are using a UDP profile (desirable), or http://10.9.0.1 if you are using the TCP profile (less desirable).

Other Firewall rules you can safely disable:

default-allow-rdp is not necessary, because your Pi-Hole is not running on a Windows server and there is no service running on Port 3389

Firewall rules that are inconvenient to disable:

default-allow-ssh should really only be open to Google’s private network, alas they leave it open to the whole world by default. Nobody can successfully brute force their way into your server on Port 22, because it’s not secured with passwords. It is secured with keys. If you disable this rule, you will not be able to use the browser based SSH interface in the Google Cloud Console until you re-enable this rule.

In an upcoming article I intend to intorduce another firewall into the mix here for other reasons which will prove to be not only controversial but very cool.

Configure automated Pi-Hole updates and scheduled reboots

PiVpn enables automated security updates of your Pi-Hole, but it won’t restart the VM if the update requires it. Restarting the VM would require SSH’ing into it and restarting it if required. To remove that step, let’s use a daily cron job to check to see if a restart is required and restart the VM as necessary.

To do that, let’s add a new file to /etc/cron.daily/ called zz-restart-if-required using the following command sudo nano /etc/cron.daily/zz-restart-if-required. In nano, add the following lines of code which check to see if the reboot-required token file is present, restarting the VM if so:

#!/bin/sh
if [ -f /var/run/reboot-required ]; then
  /sbin/shutdown -r now
fi

Files stored in /etc/cron.daily/ will only run if the permissions are configured to allow that, so we need to change the permissions to allow that file to run. To do that, execute sudo chmod 755 /etc/cron.daily/zz-restart-if-required.

Similarly, Pi-Hole gets updated from time to time. Let’s automate installing those updates as well. To do that, let’s create a file using sudo nano /etc/cron.daily/update-pi-hole and add in this one line of code pihole -up. We need to change its permissions so it is executible sudo chmod 755 /etc/cron.daily/update-pi-hole.

If you’re curious when they will run, Stack Exchange has a great Q&A for you.

Cloud Console Mobile App

Install the “Cloud Console” app on your Android or iOS device.

Manage and monitor Google Cloud Platform services from your Android or iOS device.

Please thank the author and provide feedback in Issues Please also use if you are in a position to help others, or participate in improving this project.

Hosting Changed ...again!

Tue, 30 Jul 2019 11:07:00 +0000

Well on the 4th July I noticed the following in my inbox:

Dear Thomas Rand,

Due to changes in license fees by cPanel, which will charge a fee for each user and not more per server, all free hosting will be terminated in 30 days.

If you wish to continue with your hosting, you will need to upgrade to a paid plan before 08/may/2019, when free hosting will be terminated, with files and data permanently deleted from our servers.

We apologize for any inconvenience and thank you for the time you enjoy our free hosting services.

Best Regards,

https://freehosting.host/

So I then decided to embark on a trip into markdown, ruby and Jekyll via the wonderful place that is Github.
And here we are!

I hope you like the new home for this humble site of mine.
New features to come and some old ones may change but on the whole I’m liking this new site and the static nature of it lol

Tomsbox

Current Linux Desktop

Life Updates

Youtube Channels

Tech

Linux

Security

General

Content Creators & Teams

Paranormal

Ghosts / Debunking

UAP/UFO/Aliens

I've not neglected you

Browser Privacy Part 4

Catch up

Latest

Further developments

Arma2 and Dayz-Epochmod

Assumptions

Preparing Arma & Epoch

Installing MySQL Server & Workbench (Database)

Server Install and Setup

Steps

Editing your new Epoch Server

Making Edits

Value Edits

Map Addons

Third Party Mods

Installing the Admin Tools

Making Battle Eye Exceptions

Generating Restrictions

Generating Exceptions for Restrictions

Pihole in Oracle

Platform Setup

OS Setup

Install pivpn, pihole text editor

Setup SSH access

Setup PiVPN

Setup Oracle firewall

Managing the PiVPN

Moving Forwards

Updates

How to set up Pi-Hole with Pi-VPN and some extras

Platform Setup

Google Cloud Login and Account Creation

Account Creation

Project & Compute Engine Creation

Compute Engine Virtual Machine Setup

OS

Debian Update & Upgrade

Pi-Hole Installation

PiVPN Installation

OpenVPN Configuration

Server Configuration for VPN over UDP on Port 1194

Server Configuration for VPN over TCP on Port 443

Finalize VPN Confgurations on Server

Managing the PiVPN

Saving a Split Tunnel VPN Client Profile for UDP VPN Connections on Port 1194

Saving a Full Tunnel VPN Client Profile for UDP VPN Connections on Port 1194

Saving a Split Tunnel VPN Client Profile for TCP VPN Connections on Port 443

Saving a Full Tunnel VPN Client Profile for TCP VPN Connections on Port 443

Make these .ovpn files available on your phone or tablet

Full & Split Tunnel VPN on Android & iOS Devices

“OpenVPN for Android” on Android for Split Tunnel VPN

“OpenVPN Connect” on Android for Full Tunnel VPN

“OpenVPN Connect” on iOS for Full & Split Tunnel VPN

Full & Split Tunnel VPN on Computers

“Viscosity VPN” on macOS or Windows

“OpenVPN GUI” on Windows

“Tunnelblick” on macOS

“gnome-manager” on Ubuntu (and its variants)

Split Tunnel VPN on Routers with AsusWRT & AsusWRT-Merlin Firmware

Activate the OpenVPN Client Profile

Set Pi-Hole as the DNS provider

Use AsusWRT Firewall to force all DNS traffic to Pi-Hole

Verify Everything Works

Test your Full Tunnel VPN

Test for a DNS Leak

Test the Ad-blocking

Firewall