Wireguard VPN
see also: “Smart Home » ZeroTier VPN.md”
- kako radi file sharing na wireguard (? ne razumem)
- proveri wireguard na buha desktop računaru (kao proba)
Podešavanje mreže računara za proxy
- treba mi VPN client na svakom računaru kod ljudi (Wireguard) koji se povezuje na jedan Wireguard server
- treba mi proxy na tim računarima (3proxy ili FreeProxy)
Problem: kako da saznam IP tih računara? … preko wireguard imam interni IP ili Marcs Updater ili DirectUpdate http://www.directupdate.net/index.php/dns-services
Kako da prosledim port do tog računara kroz ruter? Nerešivo u ovom obliku…
- Linux server će normalno da radi preko tih proxy-ja
- Windows će takođe normalno da radi.
Wireguard Split Tunneling
How do I achieve something like a “split” tunnel? When the tunnel is established, I can reach my home network 192.168.178.1/8 but all other traffic is NOT routed over the tunnel?
It’s “AllowedIPs” that decide what should be routed over the tunnel.
Split Tunnel in WireGuard? : selfhosted
Wireguard vs Zerotier
-
5x faster: OpenVPN is VPN like you tend to think of it, but quite slow and heavy. IPSec is typically used for this when you want speed. They operate more or less the same, but one is lighter. WireGuard is lighter than those, and implemented in the Linux kernel. The VPN portion might be 5x faster.
-
ZeroTier uses VPN technology, but approaches it as a layer and is intended to be used as a SD-LAN (Software-defined LAN). But SD-LAN and VPN are interchangeable concepts. Keep an SD-LAN simple, and it’s a VPN, make a VPN complex, and it’s an SD-LAN.
Wireguard vs Zerotier throughput performance
https://golb.hplar.ch/2019/07/wireguard-windows.html
Ubuntu Wireguard Server
Ubuntu 20.04 set up WireGuard VPN server Set Up WireGuard VPN on Ubuntu | Linode
Za linux: savršeno complexorganizations/wireguard-manager maybe GUI? https://github.com/subspacecommunity/subspace
sudo apt install wireguard
sudo -i cd /etc/wireguard/
generate private key
umask 077 wg genkey > privatekey
derive your public key from your private key
wg pubkey < privatekey > publickey
ls -l privatekey publickey cat privatekey cat publickey
sudo nano /etc/wireguard/wg0.conf
[Interface]
Address = 10.10.10.1/24
ListenPort = 55555
PrivateKey = THAT_ONE
firewall
sudo ufw allow 55555/udp
service
sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0
NEBULOZA! Client-to-client Wireguard
https://www.reddit.com/r/WireGuard/comments/g6op5z/clienttoclient_communication/
Accessing a subnet that is behind a WireGuard client using a site-to-site setup Route traffic for Wireguard subnet through connected client (peer) on local LAN? : WireGuard
What if I don’t want multiple interfaces? If all you want to do is pass traffic from one client to the next, you don’t need two interfaces on the server, and you don’t need PostUp and PostDown route commands, either. The trick is that you do need to make sure that AllowedIPs on each client is set to a range that includes the other client, and you do need the PostUp ping -c1 server-ip-addresscommand on each client as well. Without that PostUp ping, you’re going to get frustrated by connectivity that “sometimes works and sometimes doesn’t”. https://jrs-s.net/2018/08/05/routing-between-wg-interfaces-with-wireguard/ Maybe? PostUp = ping -c1 10.10.10.1
DONT FUCKING SET DNS in windows client!
Nisam uspeo SOCKS5 proxy a ni HTTP proxy
Wireguard u WIndows ide normalno kao service https://www.henrychang.ca/how-to-setup-wireguard-vpn-server-on-windows/
Da razumem? Everyone is a peer - https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#everyone-is-a-peer https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#scenario-2-two-peers-behind-nat-and-one-peer-with-a-public-ip
file sharing? https://mikkel.hoegh.org/2019/11/01/home-vpn-server-wireguard
SaveConfig = true will rewrite the config when you turn off the device and will delete comments (like # Android Device)
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE SaveConfig = true
How to run Wireguard client and server simultaneously on one host? : WireGuard How To Create a Point-To-Point VPN with WireGuard on Ubuntu 16.04 | DigitalOcean Building Wireguard Networks
WireGuard VPN review: A new type of VPN offers serious advantages
BoringTun, a userspace WireGuard implementation in Rust
-
Tailscale · Best VPN Service for Secure Networks juanfont/headscale: An open source, self-hosted implementation of the Tailscale control server
-
tonarino/innernet: A private network system that uses WireGuard under the hood. Introducing ‘innernet’ | tonari blog
-
juanfont/headscale: An open source, self-hosted implementation of the Tailscale control server
Tailscale applied to Hass.io
Proxying
proxy_buffering off;
#update the proxy_pass ip address, unless HA and NGINX are on same server
location / {
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
How to Fix Unknown “connection_upgrade” Variable
“Unable to connect …” via nginx reverse proxy
Add trusted networks to configuration.yaml in Hass.io
http: use_x_forwarded_for: true trusted_proxies: - 192.168.0.111 - 100.64.0.0/10
Tailcale uses “100.64.0.0/10” subnet as explained here.
… we assign addresses in the 100.64.0.0/10 subnet (from 100.64.0.0 to 100.127.255.255). This is called the “Carrier Grade NAT” (CGNAT) address space.