Hide.me VPN in Linux einstellen

Hi,

kurz vorweg: Bin Linux Mint Neuling, bisher kenne ich nur Klickibunti.

Wie stelle ich einen funktionierenden Hide.me VPN bei Linux Mint (Aktuell) ein?

Mein Kopf raucht, hab diverse Anleitungen gegoogelt und versucht anzuwenden.

Hide.me hat eigene Apps und anderem auch fĂĽr Linux. Log dich auf deren Webseite ein und schau in der App Sektion.

Hallo Deathrow, so wie ich es gesehen habe gibt es nur eine App via Kommandozeile. heisst „Linux CLI“. Über Kommandozeile zu bedienen, nicht installieren, finde ich umbequem

Hab es jetzt via OpenVPN zum laufen gebracht. Alluah Akbar.

1 Like

Das funktioniert natürlich. Allerdings bietet dir der hide.me Linux CLI den besseren Datendurchsatz netto, da er auf dem Wireguard-Protokoll basiert. Den Linux CLI kann man so konfigurieren, dass er bei jedem Gerätestart autom. ausgeführt wird.

Gibt es dafĂĽr eine DAU-Anleitung fĂĽr den DAU in mir? Hab es probiert aber iwie nicht funktioniert. username + PW eingeben war noch ok, dann wurde ein Token erzeugt.
Dann stand da was mit(sinngemäss):
cprxxxxx Server enable
cprxxxxx Server start

Und immer habe ich eine Antwort bekommen, aus der ich nicht schlieĂźen konnte ob ich es jetzt richtig oder falsch gemacht habe.

Wenn ich schon sowas lese:

Summary

Usage instructions may be printed by running hide.me CLI without any parameters.

Usage:
  ./hide.me [options...] <command> [host]
...

Commands

hide.me CLI user interface is quite simple. There are just three commands available:

command:
  token - request an Access-Token (required for connect)
  connect - connect to a vpn server
  conf - generate a configuration file to be used with the -c option
  categories - fetch and dump filtering category list
  service - run in remotely controlled service mode

In order to connect to a VPN server an Access-Token must be requested from a VPN server. An Access-Token request is issued by the token command. An Access-Token issued by any server may be used, for authentication purposes, with any other hide.me VPN server. When a server issues an Access-Token that token must be stored in a file. Default filename for an Access-Token is „accessToken.txt“.

Once an Access-Token is in place it may be used for connect requests. Stale access tokens get updated automatically.

hide.me CLI does not necessarily have to be invoked with a bunch of command line parameters. Instead, a YAML formatted configuration file may be used to specify all the options. To generate such a configuration file the conf command may be used.

For the purposes of DNS filtering (SmartGuard), a list of filtering categories can be obtained with categories command

hide.me CLI can be run in service mode. When started in service mode, hide.me CLI just exposes a REST interface for control. The controller is responsible for configuring connections, activation of the kill-switch or any other operation. REST interface listen address is configurable through -caddr option.

Note that there are a few options which are configurable only through the configuration file. Such options are:

  • Password - DANGEROUS, do not use this option unless you’re aware of the security implications
  • ConnectTimeout
  • AccessTokenUpdateDelay
host:
  fqdn, short name or an IP address of a hide.me server
  Required when the configuration file does not contain it

The hostname of a hide.me REST endpoint may be specified as a fully qualified domain name (nl.hide.me), short name (nl) or an IP address. There’s no guarantee that the REST endpoint will match a WireGuard endpoint.

Options

  -4    Use IPv4 tunneling only

Limit all IP protocol operations to IPv4. Even though the server will provide IPv4 and IPv6 addressing only IPv4 addresses, IPv4 rules and IPv4 routes get installed. Leak protection/kill-switch works for IPv4 traffic only. IPv6 traffic flow remains unsecured.

WARNING: This option degrades security and should be used only when it’s safe to do so, e.g. when the client machine has it’s IPv6 stack disabled. Please, do not use it otherwise because IPv6 leaks may happen.

  -6   	Use IPv6 tunneling only

Limit all IP protocol operations to IPv6. Even though the server will provide IPv4 and IPv6 addressing only IPv6 addresses, IPv6 rules and IPv6 routes get installed. Leak protection/kill-switch works for IPv6 traffic only. IPv4 traffic flow remains unsecured.

WARNING: This option degrades security and should not be used unless the client wishes to tunnel the IPv6 traffic only.

  -b filename
    	resolv.conf backup filename (default "")

Hide.me CLI keeps a backup of /etc/resolv.conf in memory. In addition to that backup hide.me CLI may back up /etc/resolv.conf to a file specified by this option.

  -c filename
    	Configuration filename

Use a configuration file named „filename“.

  -ca string
    	CA certificate bundle (default "CA.pem")

During TLS negotiation the VPN server’s certificate needs to be verified. This option makes it possible to specify an alternate CA certificate bundle file.

  -caddr address
    	Control interface listen address (default "@hide.me")

Set the service mode control interface listen address. hide.me CLI, by default, listens on an abstract UNIX socket hide.me

  -ccert certificate
    	Control interface certificate file

Set the service mode control interface X509 certificate in PEM format

  -ckey key
    	Control interface key file

Set the service mode control interface private key in PEM format

  -d DNS servers
    	comma separated list of DNS servers used for client requests (default "209.250.251.37:53,217.182.206.81:53")

By default, Hide.me CLI uses hide.me operated DNS servers to resolve VPN server names when requesting a token or during connect requests. The set of DNS servers used for these purposes may be customized with this option.

  -dpd duration
    	DPD timeout (default 1m0s)

In order to detect if a connection has stalled, usually due to networking issues, hide.me CLI periodically checks the connection state. The checking period can be changed with this option, but can’t be higher than a minute.

  -i interface
    	network interface name (default "vpn")

Use this option to specify the name of the networking interface to create or use.

  -l port
    	listen port

Specify a listen port for encrypted WireGuard traffic.

  -m mark
    	firewall mark for wireguard traffic (default 0 - no packet marks)

Set the firewall mark the WireGuard kernel module will mark its packets with.

  -p port
    	remote port (default 432)

Remote REST endpoint port may be changed with this option.

  -pf
    	enable dynamic port-forwarding technologies (uPnP and NAT-PMP)

Dynamic port-forwarding is, by default, disabled. Use this option to turn it on for a particular connection attempt. Alternatively, port-forwarding may be enabled by adding a @pf suffix to the username when requesting a token. Such tokens activate port-forwarding on each connection attempt, and you should not use this option when using them.

  -r table
    	routing table to use (default 55555)

Set the routing table to use for general traffic and leak protection mechanism.

  -R priority
    	RPDB rule priority (default 10)

Set the priority of installed RPDB rules. Hide.me CLI takes advantage of policy routing by installing a RPDB rule (one per IP protocol) in order to drive traffic to a chosen routing table and ensure IP leak protection.

  -s networks
    	comma separated list of networks (CIDRs) for which to bypass the VPN

List of split-tunneled networks, i.e. the networks for which the traffic should not be tunneled over the VPN.

  -t string
    	access token filename (default "accessToken.txt")

Name of the file which contains an Access-Token.

  -u username
    	hide.me username

Set hide.me username.

DNS Filter (SmartGuard)

Hide.me CLI supports DNS based filtering (SmartGuard). The following options control DNS filtering:

  -forceDns
    	force tunneled DNS handling on hide.me servers

Activate DNS redirection on a Hide.me VPN server such that each UDP or TCP DNS request will be handled by that Hide.me VPN server

  -whitelist dns names
    	comma separated list of allowed dns names

DNS suffixes which will bypass any filtering engine ( wildcards accepted )

  -blacklist dns names
    	comma separated list of filtered dns names

DNS names which will be filtered

  -noAds
    	filter ads

Activates SmartGuard based ad filtering

  -noCategories categories
    	comma separated list of filtered content categories

Activates fine-grained SmartGuard filtering. Fetch category list with categories command

  -noIllegal kind
    	filter illegal kind (content, warez, spyware, copyright)

Activates coarse level filtering of illegal content, warez, spyware and copyrighted material

  -noMalicious
    	filter malicious destinations

Activates filtering of malicious hosts, websites or domains

  -noMalware
    	filter malware

Activates a malware filter. Any site hosting or distributing malware should be filtered out

  -noRisk level
    	filter content according to risk level (possible, medium, high)

Activates a risk filter

  -noTrackers
    	filter trackers

Activates a tracking filter

  -pg age
    	apply a parental guidance style age filter (12, 18)

Activates a parental guidance style filter according to given age limit. Inappropriate content will be filtered out

  -safeSearch
    	force safe search with search engines

Enforces SafeSearch mode with supported search engines (Google, Bing)

Mit Server enable wird die Verbindung etabliert. Mit Server start wird diese aktiviert. Mit Server stop wieder deaktiviert.
Ob deine Konfiguration überhaupt funktioniert, testest du am Besten über einen Browser mit einer Seite wie z.B. ipleak.net, um zu sehen, ob sich die IP nach dem Befehl Server start auch ändert.
Kontrollieren kann man dies auch im Terminal mit dem Befehl ifconfig /all.
Wenn du Probleme mit dem Linux CLI hast, helfen dir Seiten, wie beispielsweise → https://blog.acmecollinsschool.com/guide-linux-command-line-interface/
Denn wenn du dich mit der Linux-Befehlszeile nicht auskennst, dann vergesse meinen Vorschlag, dann hat es keinen Zweck! Ist nicht bös gemeint… :wink:

Ist null böse ankommen, einfach nur die Wahrheit. ^^

1 Like

Bei meinem POP OS! läuft hide.me über die Konfiguration des Betriebssystems. Eine App dafür gibt es für diese Linux Distribution nämlich gar nicht.