Stealth mining

[MrMik]

I'm looking at getting a miner, but I want to connect it via a VPN.

Or rather, I want it to stay unknown that I am mining, so I suppose I should not post this! ROTFLMAO



How does one connect miners which are supposed to be connected via an ethernet cable to internet router but through a VPN (and/or TOR)?

Get a new router that is programmed to only connect via a VPN and use that for mining?

Or use a SBC or other computer (connected to VPN) and plug the ethernet into that?

[kano]

Be aware that using TOR is a REALLY bad idea coz it means your connection to the pool is delayed.
That delay means stale work and stale (lost) blocks.
This is also usually true of using a VPN.

[BitMaxz]

You can do that there are some routers that can able to set up a VPN or are compatible with OpenVPN or you can make a server with PFsense that includes OpenVPN this one only need extra PC with memory and HDD.

But take note of what kano said above, however, you can do some tests just make sure that the IP of the VPN you are trying to connect must be near your country to get a lesser ping and most of the pools have 3 different ports and pool server US, EU and ASIA you can test them one by one until you found a pool server with better ping. Most recommended latency is below 150ms if above on that you will get a high pool rejection rate.

[MrMik]

Thank kano and BitMaxz!

I'm currently mining via VPN, so I did some pinging tests:

The ping times seem to be reasonably good for some pools, but slow for others:

Code:

--- www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 76.905/81.004/85.238/3.403 ms

I can ping Antpool:

Code:

~$ ping -c3 www.antpool.com
PING www.antpool.com.cdn.cloudflare.net (104.18.4.189) 56(84) bytes of data.
64 bytes from 104.18.4.189 (104.18.4.189): icmp_seq=1 ttl=55 time=78.3 ms
64 bytes from 104.18.4.189 (104.18.4.189): icmp_seq=2 ttl=55 time=69.7 ms
64 bytes from 104.18.4.189 (104.18.4.189): icmp_seq=3 ttl=55 time=69.8 ms

--- www.antpool.com.cdn.cloudflare.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 69.658/72.574/78.263/4.022 ms

I can ping F2Pool:

Code:

$ ping -c3 www.f2pool.com
PING www.f2pool.com.cdn.cloudflare.net (104.18.41.93) 56(84) bytes of data.
64 bytes from 104.18.41.93 (104.18.41.93): icmp_seq=1 ttl=59 time=64.3 ms
64 bytes from 104.18.41.93 (104.18.41.93): icmp_seq=2 ttl=59 time=73.1 ms
64 bytes from 104.18.41.93 (104.18.41.93): icmp_seq=3 ttl=59 time=50.7 ms

--- www.f2pool.com.cdn.cloudflare.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 50.660/62.681/73.096/9.229 ms

But Braiins seems to be slow for some reason:

Code:

--- sg.stratum.braiins.com ping statistics ---
20 packets transmitted, 19 received, 5% packet loss, time 19030ms
rtt min/avg/max/mdev = 179.710/254.925/395.309/57.380 ms

Any idea why Braiins is so much slower than others?

[MrMik]

You can do that there are some routers that can able to set up a VPN or are compatible with OpenVPN or you can make a server with PFsense that includes OpenVPN this one only need extra PC with memory and HDD.

But take note of what kano said above, however, you can do some tests just make sure that the IP of the VPN you are trying to connect must be near your country to get a lesser ping and most of the pools have 3 different ports and pool server US, EU and ASIA you can test them one by one until you found a pool server with better ping. Most recommended latency is below 150ms if above on that you will get a high pool rejection rate.

I'm not sure how to tell from my pool stats if there is any problem due to VPN delays.

Do I interpret the numbers below correctly when I say there are about 0.2% stale shares? And if so, is that an acceptable number?

[kano]

Well you'd need a pool that reports some sort of average for that.
e.g. on my pool the average is currently 0.08%


If your miner itself is also dropping shares (which is a really bad idea) then your 0.2% number is even worse.
I can't really tell from that info.

[hZti]

Maybe its better to mine in a different location (like a hosting provider) if it is not possible to mine in your place? If you get a bad connection this could greatly affect your mining results as it was said above and there are great hosting services around.

[MrMik]

Is more data flow required when your hash rate is higher?

I'm just hashing at about 10TH/s and I cannot spot a difference when I connect to a slower vs a faster ping-response pool address.

Could it be that a fast connection is much more important when hashing at high rates?

[kano]

Stratum mining (not braiins) is about 15Mbytes a day per pool connection.

It's not bandwidth, it's latency that matters from you to the pool or you to the rest of the world if you aren't using a pool.

[hZti]

I'm just hashing at about 10TH/s and I cannot spot a difference when I connect to a slower vs a faster ping-response pool address.

The question is, what will happen if you find a block with your miner. Do you have the proper connection to get it fast enough to the nodes, so the block will not be orphaned?

[MrMik]

I'm just hashing at about 10TH/s and I cannot spot a difference when I connect to a slower vs a faster ping-response pool address.

The question is, what will happen if you find a block with your miner. Do you have the proper connection to get it fast enough to the nodes, so the block will not be orphaned?

This only applies to solo mining, correct?

I obviously have much more to learn about mining and networking etc.

To how many other nodes do I need to send a found block if I were solo mining?

Assuming I only have to send it once, and a block size of 1Mb , while measuring my upload speed as 11Mbps, does that mean it would take less than 100ms to upload one block?

And if so, then I figure that I would have to be rather unlucky for someone else to find a block during this 1/10th of a second.

1 block every 10min on average would mean the chance is about 10min * 60s * 10deciseconds => a 1 in 6000 chance that my block will get orphaned.

The above math may be entirely wrong, happy to be told how badly wrong I understand it all!

[kano]

When solo mining at home:
First, your miner has to send the full block to your bitcoin.
Then you bitcoin has to process that block completely (if you don't have a fast CPU that can take a while - a lot more than 100ms)
and then send it out to the network nodes it's connected to.
Then every node you send it to, has to process that block before sending it off to the other nodes they're connected to.
Then somewhere in those multiple steps it must get to the work generators of the large pools, so they will process that block and switch to your new block.

This entire process is not 100ms unless you spend a lot of money on hardware, network and world wide connectivity.

Of course there's also the issue that the block you were working on could already have been stale, if your bitcoin is slow to get, and process, block changes from the large pools ...

[mikeywith]

Get a new router that is programmed to only connect via a VPN and use that for mining?

Yes, any router that has VPS support will work, and the whole network will be running under VPN, or get a proper router like Mikrotik and rent a VPS somewhere close to you and route all your packets encrypted through that VPS, and your ISP will see that you are connecting to a server in (Germany, Norway) but they won't know exactly what you are doing, the process won't be simple, you will need to have some networking background and use a bit of googling, it's a matter of setting up some L2TP / IPSEC tunnel with some encryption like AES256, some of those algos are weak but then keep in mind the stronger the slower, so you want to find a sweet spot.

If you don't feel like going all that, just get a VPS router, many TPlinks come with easy-to-set-up VPN interfaces, and no skills are required, but the downside is, your ISP will know that you are using a VPN, they just won't know what those packets have in them unless they want to spend the money and time to decrypt them, which is unlikely.

I can't tell for Solo mining, but with pool mining, connected to a VPS in a different continent, using both SHA1 and AES256, there is exactly 0 issues, no rejected/stale shares, and everything works exactly the same when the connection to the VPS or not, my VPS is in EU which is probably pretty close to the pool's server so that's some info to keep in mind, I would assume if the VPS was in Japan and the pool server was in the U.S, with all the delay I am adding, that would probably trigger some lost shares along the way.

I have also tested the same router with Nord VPN, with almost the exact same results.

Use a mining proxy like Antproxy, connect your miners to that proxy, and install VPN on the PC, and the problem is solved, of course, the downside is that you will need the PC to run 24/7, the proxy isn't 100% stable (I have yet to find a dead stable mining proxy) so you are going to write some scripts to watch it and restart it in case something goes wrong.

[BitMaxz]

I'm currently mining via VPN, so I did some pinging tests:

The ping times seem to be reasonably good for some pools, but slow for others:
~snip~

That's not the way how to ping the stratum server/pool Kano has its own guide before I don't know where it is right now but you can try to check my guide below on how to ping stratum pools or a pool with ports, not just the website itself because you are directly pinging 80/443 HTTP/HTTPS ports.

- https://bitcointalk.org/index.php?topic=5172514.msg52084230#msg52084230

[MrMik]

I'm currently mining via VPN, so I did some pinging tests:

The ping times seem to be reasonably good for some pools, but slow for others:
~snip~

That's not the way how to ping the stratum server/pool Kano has its own guide before I don't know where it is right now but you can try to check my guide below on how to ping stratum pools or a pool with ports, not just the website itself because you are directly pinging 80/443 HTTP/HTTPS ports.

- https://bitcointalk.org/index.php?topic=5172514.msg52084230#msg52084230

I don't understand what the difference would be.

Braiins gives this address to connect miners at the Singapore pool location:  stratum+tcp://sg.stratum.braiins.com:3333
 
But the miner wants sg.stratum.braiins.com:3333 to actually connect and work.

And I'm pinging this exact same address that is used for mining.

Code:

--- sg.stratum.braiins.com ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19033ms
rtt min/avg/max/mdev = 145.907/173.786/466.150/71.413 ms

When I use the full address provided by Braiins in their instructions, then the pinging does not work, just like the mining does not work:

Code:

ping -c20 stratum+tcp://sg.stratum.braiins.com:3333
ping: stratum+tcp://sg.stratum.braiins.com:3333: Name or service not known

Code:

ping -c20 stratum+tcp://sg.stratum.braiins.com
ping: stratum+tcp://sg.stratum.braiins.com: Name or service not known

[kano]

Brains doesn't just connect to the pool you use.
If you mine to somewhere else, it will also connect to them and fail if it can't connect to them.
It also sends encrypted non-stratum data about your miner.

If you want to stealth mine, then you can't use any third party firmware, they all connect elsewhere or wont work.

[MrMik]

Brains doesn't just connect to the pool you use.
If you mine to somewhere else, it will also connect to them and fail if it can't connect to them.
It also sends encrypted non-stratum data about your miner.

If you want to stealth mine, then you can't use any third party firmware, they all connect elsewhere or wont work.

I'm very unsure if I understand what you mean.

Do you mean that this applies only if I use Braiins OS to operate my miners?

And in any case, if all my traffic goes through a VPN, does it still matter if it connects elsewhere?

[MrMik]

When solo mining at home:
First, your miner has to send the full block to your bitcoin.
Then you bitcoin has to process that block completely (if you don't have a fast CPU that can take a while - a lot more than 100ms)
and then send it out to the network nodes it's connected to.
Then every node you send it to, has to process that block before sending it off to the other nodes they're connected to.
Then somewhere in those multiple steps it must get to the work generators of the large pools, so they will process that block and switch to your new block.

This entire process is not 100ms unless you spend a lot of money on hardware, network and world wide connectivity.

Of course there's also the issue that the block you were working on could already have been stale, if your bitcoin is slow to get, and process, block changes from the large pools ...

So for solo mining, you must run your own node on a fast and well connected computer.

Compared to the time needed to process the found block repeatedly, does the ping time matter much?

[kano]

Brains doesn't just connect to the pool you use.
If you mine to somewhere else, it will also connect to them and fail if it can't connect to them.
It also sends encrypted non-stratum data about your miner.

If you want to stealth mine, then you can't use any third party firmware, they all connect elsewhere or wont work.

I'm very unsure if I understand what you mean.

Do you mean that this applies only if I use Braiins OS to operate my miners?

And in any case, if all my traffic goes through a VPN, does it still matter if it connects elsewhere?

Well what's the point of stealth mining, if the miner is connecting to other places you don't know,
and sending other encrypted data you don't know,
coz it's closed source and you can't tell even what else it's doing.

Seems a bit of an oxymoron.

[Artemis3]

Are you sure the vpn server is closest to Singapore?

Kano seems to be confusing pool with firmware again...

If you trust Braiins you just need to use V2 (only) and its encrypted, instead of clear text v1 which tells everyone what you mine and where.
Of course you also want to obfuscate your DNS queries, so install dnscrypt-proxy in your lan and use that as your DNS.

Remember that the VPN server knows who you are, and with V1 everything between that and the pool is in the clear for anyone to see.

Don't worry, i can tell you where else the miner is connecting (drumroll): it connects to Braiins Pool using V2 for the dev fee. We can provide you a list of domain names for whitelisting in case you need (pm), you can block everything else.

Now if Kano added V2 to kanominer and kanopool, his comments would be moot. There is an independent (Not Braiins) open source reference implementation and all...