Wireguard VPN
see also: “Smart Home » ZeroTier VPN.md”
- kako radi file sharing na wireguard (? ne razumem)
- proveri wireguard na buha desktop računaru (kao proba)
Podešavanje mreže računara za proxy
- treba mi VPN client na svakom računaru kod ljudi (Wireguard) koji se povezuje na jedan Wireguard server
- treba mi proxy na tim računarima (3proxy ili FreeProxy)
Problem: kako da saznam IP tih računara? … preko wireguard imam interni IP ili Marcs Updater ili DirectUpdate http://www.directupdate.net/index.php/dns-services
Kako da prosledim port do tog računara kroz ruter? Nerešivo u ovom obliku…
- Linux server će normalno da radi preko tih proxy-ja
- Windows će takođe normalno da radi.
Wireguard Split Tunneling
How do I achieve something like a “split” tunnel? When the tunnel is established, I can reach my home network 192.168.178.1/8 but all other traffic is NOT routed over the tunnel?
It’s “AllowedIPs” that decide what should be routed over the tunnel.
Split Tunnel in WireGuard? : selfhosted
Wireguard vs Zerotier
-
5x faster: OpenVPN is VPN like you tend to think of it, but quite slow and heavy. IPSec is typically used for this when you want speed. They operate more or less the same, but one is lighter. WireGuard is lighter than those, and implemented in the Linux kernel. The VPN portion might be 5x faster.
-
ZeroTier uses VPN technology, but approaches it as a layer and is intended to be used as a SD-LAN (Software-defined LAN). But SD-LAN and VPN are interchangeable concepts. Keep an SD-LAN simple, and it’s a VPN, make a VPN complex, and it’s an SD-LAN.
Wireguard vs Zerotier throughput performance
https://golb.hplar.ch/2019/07/wireguard-windows.html
Ubuntu Wireguard Server
Ubuntu 20.04 set up WireGuard VPN server Set Up WireGuard VPN on Ubuntu | Linode
Za linux: savršeno complexorganizations/wireguard-manager maybe GUI? https://github.com/subspacecommunity/subspace
sudo apt install wireguard
sudo -i cd /etc/wireguard/
generate private key
umask 077 wg genkey > privatekey
derive your public key from your private key
wg pubkey < privatekey > publickey
ls -l privatekey publickey cat privatekey cat publickey
sudo nano /etc/wireguard/wg0.conf
[Interface]
Address = 10.10.10.1/24
ListenPort = 55555
PrivateKey = THAT_ONE
firewall
sudo ufw allow 55555/udp
service
sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0
NEBULOZA! Client-to-client Wireguard
https://www.reddit.com/r/WireGuard/comments/g6op5z/clienttoclient_communication/
Accessing a subnet that is behind a WireGuard client using a site-to-site setup Route traffic for Wireguard subnet through connected client (peer) on local LAN? : WireGuard
What if I don’t want multiple interfaces? If all you want to do is pass traffic from one client to the next, you don’t need two interfaces on the server, and you don’t need PostUp and PostDown route commands, either. The trick is that you do need to make sure that AllowedIPs on each client is set to a range that includes the other client, and you do need the PostUp ping -c1 server-ip-addresscommand on each client as well. Without that PostUp ping, you’re going to get frustrated by connectivity that “sometimes works and sometimes doesn’t”. https://jrs-s.net/2018/08/05/routing-between-wg-interfaces-with-wireguard/ Maybe? PostUp = ping -c1 10.10.10.1
DONT FUCKING SET DNS in windows client!
Nisam uspeo SOCKS5 proxy a ni HTTP proxy
Wireguard u WIndows ide normalno kao service https://www.henrychang.ca/how-to-setup-wireguard-vpn-server-on-windows/
Da razumem? Everyone is a peer - https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#everyone-is-a-peer https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#scenario-2-two-peers-behind-nat-and-one-peer-with-a-public-ip
file sharing? https://mikkel.hoegh.org/2019/11/01/home-vpn-server-wireguard
SaveConfig = true will rewrite the config when you turn off the device and will delete comments (like # Android Device)
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE SaveConfig = true
How to run Wireguard client and server simultaneously on one host? : WireGuard How To Create a Point-To-Point VPN with WireGuard on Ubuntu 16.04 | DigitalOcean Building Wireguard Networks
WireGuard VPN review: A new type of VPN offers serious advantages
BoringTun, a userspace WireGuard implementation in Rust
List of Tailscale alternatives: anderspitman/awesome-tunneling
-
Tailscale · Best VPN Service for Secure Networks juanfont/headscale: An open source, self-hosted implementation of the Tailscale control server
-
tonarino/innernet: A private network system that uses WireGuard under the hood. Introducing ‘innernet’ | tonari blog
WireGuard as Proxy
pufferffish/wireproxy: is a Wireguard client that exposes itself as a SOCKS5 proxy, that can be useful if you need to connect to certain sites via a wireguard peer, but can’t be bothered to setup a new network interface for whatever reasons.
This is perfect because I want to use WireGuard only on specific applications or certain websites, and this is the only way.
wireproxy --config $HOME/.config/wireproxy.conf [--configtest]
Tailscale applied to Hass.io
Proxying
proxy_buffering off;
#update the proxy_pass ip address, unless HA and NGINX are on same server
location / {
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
How to Fix Unknown “connection_upgrade” Variable
“Unable to connect …” via nginx reverse proxy
Add trusted networks to configuration.yaml in Hass.io
http: use_x_forwarded_for: true trusted_proxies: - 192.168.0.111 - 100.64.0.0/10
Tailcale uses “100.64.0.0/10” subnet as explained here.
… we assign addresses in the 100.64.0.0/10 subnet (from 100.64.0.0 to 100.127.255.255). This is called the “Carrier Grade NAT” (CGNAT) address space.
Firezone is open-source VPN server and firewall. FireZone isn’t really aiming to be a mesh networking tool like Tailscale, but more of a classic east-west VPN similar to OpenVPN Access Server.
Taildrop
Taildrop works for large files and it goes point to point rather than through the cloud.
- na Windows računaru, folder je
Downloads
- na Android telefonu, takođe je
Downloads
u pitanju - na OpenWrt ruteru, primljeni fajlovi se nalaze u folderu
/etc/tailscale/files/
, - dok se u Home Assistant-u nalaze u
/share/taildrop
To avoid going through the DERP relay server, configure in Firewall > Traffic Rules
on OpenWRT.
Setting | Value |
---|---|
Name | My-Rule-Name |
Protocol | UDP |
Source zone | wan |
Destination zone | lan |
Destination port | 41641 |
Action | accept |
To check whether the connection is Relay or direct, type tailscale status
on macOS /Applications/Tailscale.app/Contents/MacOS/Tailscale status
.
What firewall ports should I open to use Tailscale?
WireGuard Multi-Hop
This is what I need for WireGuard, which is a way for two clients to connect to a single server, and then for one client to access the internet through the server and the other client. It’s similar to a VPN, but it works behind CGNAT, so it’s not necessary to open ports on routers.
To achieve this, you can refer to the “internet gateway as a spoke” section in this blog post titled Multi-Hop WireGuard | Pro Custodibus.
This can now be achieved super easily with the help of Tailscale. However, if they stop providing this service or if it becomes too slow because it relies on their servers, then implement it like this for a super-fast connection.
WireSock – High-Performance WireGuard VPN Client for Windows with Application Split Tunneling GitHub - TunnlTo/desktop-app: TunnlTo is a lightweight, fast, Windows WireGuard VPN client built for split tunneling. TunSafe - Google претрага GitHub - pufferffish/wireproxy: Wireguard client that exposes itself as a socks5 proxy
[ 21. jul 2023. 13:18 ] https://www.wiresock.net/ [ 21. jul 2023. 13:27 ] https://www.reddit.com/r/WireGuard/comments/nmzibz/chrome_extension/ [ 21. jul 2023. 13:28 ] https://github.com/TunnlTo/desktop-app
micke/wireguide - wireguide - code.smolnet.org: Git for the smol internet WireGUIde is a free and open source graphical user interface for WireGuard