Jump to content

Loki

Sign in to follow this  
  • entries
    243
  • comments
    0
  • views
    35220

15 minutes and just $3 a month: Putting the most secure voice service at your fingertips

Sign in to follow this  
Snider

28 views

Mumble is a  fantastic open-source voice chat platform known for its reliability and ease of use.

And Lokinet is a cutting-edge onion routing network that offers unparalleled security and anonymity potential.

Well what if you could run a Mumble server over Lokinet, combining Mumble’s ease of use with Lokinet’s security and anonymity to create the ultimate secure voice chat service? In this article, we’re going to cover how to do exactly that — with just 15 minutes of your time and $3 a month, you and your organisation can create one of the most secure voice chat platforms possible. 

A Mumble server running over Lokinet on a server you control gives you absolute certainty that your voice conversations, associated metadata, and other Mumble activity cannot be stored or recorded, because no computer ever knows who is talking to whom — not even the Mumble server itself. So long as you trust the device that you run the Mumble server on (which you can, because it’s yours), you can be certain that no one else on earth can eavesdrop on your conversation — or even know that you’re connected to the server at all.

If this is your first time using SSH and Linux stuff, don’t stress. We’ll walk you through every step! With that, let’s get to it. 

Step 1: Rent a VPS

The first thing you’ll want to do is rent yourself a VPS (Virtual Private Server) to host your Mumble voice chat server. You could run the Mumble server from your own computer instead, but if you want the server to stay up 24/7, without having to leave your own PC on all the time, a VPS is the way to go. Mumble’s chat server has extremely low system requirements, so a VPS with any amount of storage and at least 512MB RAM will do the trick — you can find VPSs that meet these requirements for around US$3 a month. 

Try https://www.hetzner.com/cloud, or https://evolution-host.com/vps-hosting.php if you want to pay in Loki/Oxen! When ordering, select Ubuntu 20.04 or Debian 10.

Step 2: Prepare your VPS

Once you have access to your new VPS, you’re almost ready to install Lokinet, but there’s a little bit of preparatory work to do first. Start by opening a command prompt on your local machine (Terminal on macOS, any command prompt on Linux, or PowerShell on Windows 10). SSH into your VPS with this command:

ssh root@[VPS IP address]

Replacing [VPS IP address] with the IP of your VPS.  It’ll prompt you for a password which will usually be provided to you by the VPS host. More advanced users can and should disable root password access and instead use SSH keys, but if that sounds hard, don’t worry about it for now. As you learn more about Linux, you’ll get more familiar with these best practices.

Once you’ve logged in, we’re ready to roll. First, we’ll update our package lists to make sure our VPS sees the most recent versions of all available packages. Type:

sudo apt update

You’ll see a bunch of package lists being downloaded. Once this command completes, run the following command to upgrade any outdated packages currently installed on the VPS:

sudo apt upgrade

We’ll also need to make sure the curl command is installed before we proceed. Run this command:

which curl

It should output the location of your installed curl command. If you get an error, install curl:

sudo apt install curl

Then run which curl again to make sure curl is installed. 

Success? Congrats, you’re ready to move on to the next step:  

Step 3: Install Lokinet

To install Lokinet, we need to add the Lokinet repository. Run the following command to install the public key used by the Lokinet dev team to sign Lokinet binaries:

curl -s https://deb.imaginary.stream/public.gpg | sudo apt-key add -

Then run the following command to tell apt where to find the Lokinet packages:

echo "deb https://deb.imaginary.stream $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/imaginary.stream.list

Next, update your repository package lists again with:

sudo apt update

And now, install Lokinet:

sudo apt install lokinet

Congrats, Lokinet is now installed and running in the background. We’re nearly there.

Step 4: Installing the Mumble server

Run this command:

sudo apt install mumble-server

That’s it. The Mumble server is now installed. On to Step 5:

Step 5: Setting up a persistent keyfile

This step is a bit more involved. We need to set up Lokinet to always generate a keyfile in the same directory, so it will work consistently. Linux servers don’t have a graphical interface, but they do ship with some in-terminal text editors. We need to edit a file now, so start by opening your lokinet.ini file with this command:

sudo nano /etc/loki/lokinet.ini

Using the arrow keys, move the cursor down to the [network] section of the file. Remove the # from before the “keyfile=” line, then add the following after the = symbol:

/var/lib/lokinet/mumble.private

Then hit Ctrl+X. Type “Y” (for yes) when asked if you want to save your changes, then press Enter to save and exit.

Now that you’ve exited nano, you’re back in the terminal. Restart Lokinet to generate a keyfile for Mumble:

sudo systemctl restart lokinet

Step 6: Binding the Mumble server to Lokinet

Now we need to make sure your Mumble server is using Lokinet for all traffic. Start with this command to grab the IP address we need to bind Mumble to:

dig @127.3.2.1 +short localhost.loki

This command will output 2 strings of text: a long string of random letters and numbers ending in .loki, and an IP address (a number in the format xxx.xx(x).x.x). 

Select and copy (Ctrl+C on Windows or Linux; Cmd+C on macOS) the IP address. Some SSH clients allow you to copy by highlighting the text and right-clicking on it as well.

Now, we need to point the Mumble server to that IP address. Use this command to open the configuration file for the Mumble server:

nano /etc/mumble-server.ini 

Using the arrow keys, navigate down to the line “;host=” under the section Specific IP or hostname to bind to. Delete the ; from the start of the line, then paste the IP address we copied earlier after the = symbol. Hit Ctrl+X to exit. Type “Y” when asked if you want to save your changes, then press Enter to save and exit.

Back at the command line, restart the Mumble server to apply changes:

systemctl restart mumble-server

Step 7: Done!

Congrats! A Mumble server is now up and running on your VPS, and all its traffic is being routed through Lokinet. All that’s left is to grab the Lokinet address of the Mumble server and give it to anyone you want to be able to connect. In case you missed it, run this command to find the Lokinet address of the Mumble server:

dig @127.3.2.1 +short localhost.loki

This is the same command we ran earlier, but this time, pay attention to the long string of characters ending in .loki (be sure to include the .loki part). This is the Lokinet address of your secure, onion-routed Mumble server. 

Copy this address and provide it to anyone you want to be able to connect to the server — all they have to do is paste the address into the Address field of the Add Server dialog in the Mumble client, add a username and label to identify the server, hit OK, and connect!

Mumble can be downloaded for free on all major platforms. Anyone that wants to access your secret Mumble server will also need to have Lokinet installed and running. To download and install Lokinet, just head to https://lokinet.org/. Further Lokinet guides can be found at https://docs.loki.network/Lokinet/LokinetOverview/.

And that’s it! Only 15 minutes and $3 later, you can now have completely surveillance-free conversations over the internet. We hope to integrate voice features into Session to make it even easier to access secure voice channels with this level of privacy and security. 

In the meantime, though, this Mumble/Lokinet setup is perhaps the most secure voice channel option available. This unique combination of services is just one example of the power of the Oxen tech stack — stay tuned for more guides and articles about what Oxen’s tech can do. 

Have fun!

The post 15 minutes and just $3 a month: Putting the most secure voice service at your fingertips appeared first on Loki.


View the full article

Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • HashVault Latest Blocks

  • HashVault Stats

    • Global Hashrate
      353.31 GH
    • Avg Hashrate
      195.09 MH
    • Total Miners
      1811
    • Miners Paid
      42717
    • Total Payments
      1531588
    • Total Hashes
      9.23 EX
    • Blocks Found
      1731166
  • Posts

    • А куда пул вообще пропал? Нужно было посмотреть txid своих старых выплат, а страница тупо пропала.
    • The new beta version is ready. You can download PhoenixMiner 5.5b from here: https://mega.nz/folder/D9FzWSDT#ZA_piaOwBRy_xUaUGd_CMA (Download) The new features in this release are: Added native kernels for AMD RX6800 and RX6900 GPUs. These are faster than the generic kernels and produce a lot less stale shares Updated kernels for AMD Polaris, Vega and Navi GPUs that are slightly faster and use less power than before when mining ETH. To use these updated kernels, you need to use drivers 20.5.1 or later under Win10, or 20.10.x or later under Linux The Nvidia mining cards (P106, P104, etc.) can now use straps and hardware control options (power limit, memory overclock, max temperature, etc.) under Windows Added support for AMD Linux drivers 20.45-1164792 and 20.45-1188099. Use this drivers only if you have RX6800 or RX6900 GPU. WARNING: Vega and Navi GPUs wont' work with these drivers! Automatically set -ttli instead of -tmax when the later is not supported by the driver. This will throttle down the GPUs when they reach the specified temperature to avoid overheating Notes -Fixed global problems for video cards from Nvidia/AMD -Fixed errors and crashes when the miner was running -Increased hashrate on video cards series 30xx -Increased hashrate on Ethash by an average of 15% -Increased hashrate on ETCHash by an average of 10% -Improved the work of the miner in general If you have RX6800 or RX6900 card, do not use the PhoenixMiner hardware control options (-cclock, -mclock, etc.) because there is yet another undocumented change in OverDrive and some of them will work, but some won't with weird results - we will implement them properly in the next version. Instead use the AMD control panel to set the card parameters. Good starting point are the following options: core clock 1500 MHz, mem clock 2050 MHz, core voltage 800 mV, set faster memory timings, and a custom fan curve to keep the temperature below 65-66 C. Please let us know if you have any problems or questions related to PhoenixMiner 5.5b.
    • Dear Community,   Reading the "Getting Started" section in the Pool area and some threads on the Forum, I still have a little question.  Whom do you recommend mining solo?  The hash rate seems to be the same whether I do SOLO mining or not.  Thanks! Bee *** My machine is a simple workstation with a slim linux running: * ABOUT XMRig/6.7.0 gcc/9.3.0 * LIBS libuv/1.38.1 OpenSSL/1.1.1i hwloc/2.2.0 * HUGE PAGES supported * 1GB PAGES unavailable * CPU Intel(R) Xeon(R) CPU E3-1280 V2 @ 3.60GHz (1) 64-bit AES L2:1.0 MB L3:8.0 MB 4C/8T NUMA:1 * MEMORY 1.1/15.6 GB (7%) * DONATE 1% * ASSEMBLY auto:intel * POOL #1 pool.hashvault.pro:3333 algo auto * COMMANDS hashrate, pause, resume, results, connection * OPENCL disabled * CUDA disabled  
    • Update: Having applied the Script from the thread linked to above, I get another outcome. Is that as it is supposed to be?? Thanks again Bee alpinehost:/home/alp# chown root /usr/share/hugepages.sh alpinehost:/home/alp# /usr/share/./hugepages.sh enable Huge pages enabled alpinehost:/home/alp# sysctl -a | grep hugep sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error vm.nr_hugepages = 9 vm.nr_hugepages_mempolicy = 9 vm.nr_overcommit_hugepages = 0 alpinehost:/home/alp# The vm.nr_hugepages changed dramatically. What does it mean anyways?
    • Dear Community,    I would like to have these Hugepages supported now :-) I am thus referring to this thread here, which seems to be closed. I have tried the following to enable hugepages AND get them working until 1 GB.  See me output: Thanks so far! Bee *** Question: Why is HUGEpages 1 GIg not available?  How do I set the value correct? My output: sysctl -a | grep hugep sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error vm.nr_hugepages = 2349 vm.nr_hugepages_mempolicy = 2349 vm.nr_overcommit_hugepages = 0 *** and in xmrig *** ABOUT XMRig/6.7.0 gcc/9.3.0 * LIBS libuv/1.38.1 OpenSSL/1.1.1i hwloc/2.2.0 * HUGE PAGES supported * 1GB PAGES unavailable * CPU Intel(R) Xeon(R) CPU E3-1280 V2 @ 3.60GHz (1) 64-bit AES L2:1.0 MB L3:8.0 MB 4C/8T NUMA:1 * MEMORY 3.2/15.6 GB (21%) * DONATE 1% * ASSEMBLY auto:intel * POOL #1 pool.hashvault.pro:3333 algo auto * COMMANDS hashrate, pause, resume, results, connection * OPENCL disabled * CUDA disabled  
×
×
  • Create New...