Wireguard VPN

Wireguard VPN

see also: “Smart Home » ZeroTier VPN.md”

  • kako radi file sharing na wireguard (? ne razumem)
  • proveri wireguard na buha desktop računaru (kao proba)

Podešavanje mreže računara za proxy

  1. treba mi VPN client na svakom računaru kod ljudi (Wireguard) koji se povezuje na jedan Wireguard server
  2. treba mi proxy na tim računarima (3proxy ili FreeProxy)

Problem: kako da saznam IP tih računara? … preko wireguard imam interni IP ili Marcs Updater ili DirectUpdate http://www.directupdate.net/index.php/dns-services

Kako da prosledim port do tog računara kroz ruter? Nerešivo u ovom obliku…


  1. Linux server će normalno da radi preko tih proxy-ja
  2. Windows će takođe normalno da radi.

Wireguard Split Tunneling

How do I achieve something like a “split” tunnel? When the tunnel is established, I can reach my home network 192.168.178.1/8 but all other traffic is NOT routed over the tunnel?

It’s “AllowedIPs” that decide what should be routed over the tunnel.

Split Tunnel in WireGuard? : selfhosted

Wireguard vs Zerotier

  • 5x faster: OpenVPN is VPN like you tend to think of it, but quite slow and heavy. IPSec is typically used for this when you want speed. They operate more or less the same, but one is lighter. WireGuard is lighter than those, and implemented in the Linux kernel. The VPN portion might be 5x faster.

  • ZeroTier uses VPN technology, but approaches it as a layer and is intended to be used as a SD-LAN (Software-defined LAN). But SD-LAN and VPN are interchangeable concepts. Keep an SD-LAN simple, and it’s a VPN, make a VPN complex, and it’s an SD-LAN.

Wireguard vs Zerotier throughput performance

https://golb.hplar.ch/2019/07/wireguard-windows.html

Ubuntu Wireguard Server

Ubuntu 20.04 set up WireGuard VPN server Set Up WireGuard VPN on Ubuntu | Linode

Za linux: savršeno complexorganizations/wireguard-manager maybe GUI? https://github.com/subspacecommunity/subspace

sudo apt install wireguard

sudo -i cd /etc/wireguard/

generate private key

umask 077 wg genkey > privatekey

derive your public key from your private key

wg pubkey < privatekey > publickey

ls -l privatekey publickey cat privatekey cat publickey

sudo nano /etc/wireguard/wg0.conf

[Interface]
Address = 10.10.10.1/24
ListenPort = 55555
PrivateKey = THAT_ONE

firewall

sudo ufw allow 55555/udp

service

sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0

NEBULOZA! Client-to-client Wireguard

https://www.reddit.com/r/WireGuard/comments/g6op5z/clienttoclient_communication/

Accessing a subnet that is behind a WireGuard client using a site-to-site setup Route traffic for Wireguard subnet through connected client (peer) on local LAN? : WireGuard

What if I don’t want multiple interfaces? If all you want to do is pass traffic from one client to the next, you don’t need two interfaces on the server, and you don’t need PostUp and PostDown route commands, either. The trick is that you do need to make sure that AllowedIPs on each client is set to a range that includes the other client, and you do need the PostUp ping -c1 server-ip-addresscommand on each client as well. Without that PostUp ping, you’re going to get frustrated by connectivity that “sometimes works and sometimes doesn’t”. https://jrs-s.net/2018/08/05/routing-between-wg-interfaces-with-wireguard/ Maybe? PostUp = ping -c1 10.10.10.1


DONT FUCKING SET DNS in windows client!


Nisam uspeo SOCKS5 proxy a ni HTTP proxy


Wireguard u WIndows ide normalno kao service https://www.henrychang.ca/how-to-setup-wireguard-vpn-server-on-windows/


Da razumem? Everyone is a peer - https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#everyone-is-a-peer https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#scenario-2-two-peers-behind-nat-and-one-peer-with-a-public-ip


file sharing? https://mikkel.hoegh.org/2019/11/01/home-vpn-server-wireguard


SaveConfig = true will rewrite the config when you turn off the device and will delete comments (like # Android Device)


PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE SaveConfig = true


How to run Wireguard client and server simultaneously on one host? : WireGuard How To Create a Point-To-Point VPN with WireGuard on Ubuntu 16.04 | DigitalOcean Building Wireguard Networks


WireGuard VPN review: A new type of VPN offers serious advantages

BoringTun, a userspace WireGuard implementation in Rust


List of Tailscale alternatives: anderspitman/awesome-tunneling


WireGuard as Proxy

pufferffish/wireproxy: is a Wireguard client that exposes itself as a SOCKS5 proxy, that can be useful if you need to connect to certain sites via a wireguard peer, but can’t be bothered to setup a new network interface for whatever reasons.

This is perfect because I want to use WireGuard only on specific applications or certain websites, and this is the only way.

wireproxy --config $HOME/.config/wireproxy.conf [--configtest]

Tailscale applied to Hass.io

Proxying

proxy_buffering off;

#update the proxy_pass ip address, unless HA and NGINX are on same server
location / {
    proxy_pass http://127.0.0.1:8123;  
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

How to Fix Unknown “connection_upgrade” Variable

“Unable to connect …” via nginx reverse proxy

Add trusted networks to configuration.yaml in Hass.io

http: use_x_forwarded_for: true trusted_proxies: - 192.168.0.111 - 100.64.0.0/10

Tailcale uses “100.64.0.0/10” subnet as explained here.

… we assign addresses in the 100.64.0.0/10 subnet (from 100.64.0.0 to 100.127.255.255). This is called the “Carrier Grade NAT” (CGNAT) address space.


Firezone is open-source VPN server and firewall. FireZone isn’t really aiming to be a mesh networking tool like Tailscale, but more of a classic east-west VPN similar to OpenVPN Access Server.



Taildrop

Taildrop works for large files and it goes point to point rather than through the cloud.

  • na Windows računaru, folder je Downloads
  • na Android telefonu, takođe je Downloads u pitanju
  • na OpenWrt ruteru, primljeni fajlovi se nalaze u folderu /etc/tailscale/files/,
  • dok se u Home Assistant-u nalaze u /share/taildrop

WireGuard Multi-Hop

This is what I need for WireGuard, which is a way for two clients to connect to a single server, and then for one client to access the internet through the server and the other client. It’s similar to a VPN, but it works behind CGNAT, so it’s not necessary to open ports on routers.

To achieve this, you can refer to the “internet gateway as a spoke” section in this blog post titled Multi-Hop WireGuard | Pro Custodibus.

This can now be achieved super easily with the help of Tailscale. However, if they stop providing this service or if it becomes too slow because it relies on their servers, then implement it like this for a super-fast connection.


WireSock – High-Performance WireGuard VPN Client for Windows with Application Split Tunneling GitHub - TunnlTo/desktop-app: TunnlTo is a lightweight, fast, Windows WireGuard VPN client built for split tunneling. TunSafe - Google претрага GitHub - pufferffish/wireproxy: Wireguard client that exposes itself as a socks5 proxy

[ 21. jul 2023. 13:18 ] https://www.wiresock.net/ [ 21. jul 2023. 13:27 ] https://www.reddit.com/r/WireGuard/comments/nmzibz/chrome_extension/ [ 21. jul 2023. 13:28 ] https://github.com/TunnlTo/desktop-app


micke/wireguide - wireguide - code.smolnet.org: Git for the smol internet WireGUIde is a free and open source graphical user interface for WireGuard

date 30. Oct 2020 | modified 10. Jun 2024
filename: VPN » Wireguard