Wireguard VPN

Wireguard VPN

see also: “Smart Home » ZeroTier VPN.md”

  • kako radi file sharing na wireguard (? ne razumem)
  • proveri wireguard na buha desktop računaru (kao proba)

Podešavanje mreže računara za proxy

  1. treba mi VPN client na svakom računaru kod ljudi (Wireguard) koji se povezuje na jedan Wireguard server
  2. treba mi proxy na tim računarima (3proxy ili FreeProxy)

Problem: kako da saznam IP tih računara? … preko wireguard imam interni IP ili Marcs Updater ili DirectUpdate http://www.directupdate.net/index.php/dns-services

Kako da prosledim port do tog računara kroz ruter? Nerešivo u ovom obliku…


  1. Linux server će normalno da radi preko tih proxy-ja
  2. Windows će takođe normalno da radi.

Wireguard Split Tunneling

How do I achieve something like a “split” tunnel? When the tunnel is established, I can reach my home network 192.168.178.1/8 but all other traffic is NOT routed over the tunnel?

It’s “AllowedIPs” that decide what should be routed over the tunnel.

Split Tunnel in WireGuard? : selfhosted

Wireguard vs Zerotier

  • 5x faster: OpenVPN is VPN like you tend to think of it, but quite slow and heavy. IPSec is typically used for this when you want speed. They operate more or less the same, but one is lighter. WireGuard is lighter than those, and implemented in the Linux kernel. The VPN portion might be 5x faster.

  • ZeroTier uses VPN technology, but approaches it as a layer and is intended to be used as a SD-LAN (Software-defined LAN). But SD-LAN and VPN are interchangeable concepts. Keep an SD-LAN simple, and it’s a VPN, make a VPN complex, and it’s an SD-LAN.

Wireguard vs Zerotier throughput performance

https://golb.hplar.ch/2019/07/wireguard-windows.html

Ubuntu Wireguard Server

Ubuntu 20.04 set up WireGuard VPN server Set Up WireGuard VPN on Ubuntu | Linode

Za linux: savršeno complexorganizations/wireguard-manager maybe GUI? https://github.com/subspacecommunity/subspace

sudo apt install wireguard

sudo -i cd /etc/wireguard/

generate private key

umask 077 wg genkey > privatekey

derive your public key from your private key

wg pubkey < privatekey > publickey

ls -l privatekey publickey cat privatekey cat publickey

sudo nano /etc/wireguard/wg0.conf

[Interface]
Address = 10.10.10.1/24
ListenPort = 55555
PrivateKey = THAT_ONE

firewall

sudo ufw allow 55555/udp

service

sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0

NEBULOZA! Client-to-client Wireguard

https://www.reddit.com/r/WireGuard/comments/g6op5z/clienttoclient_communication/

Accessing a subnet that is behind a WireGuard client using a site-to-site setup Route traffic for Wireguard subnet through connected client (peer) on local LAN? : WireGuard

What if I don’t want multiple interfaces? If all you want to do is pass traffic from one client to the next, you don’t need two interfaces on the server, and you don’t need PostUp and PostDown route commands, either. The trick is that you do need to make sure that AllowedIPs on each client is set to a range that includes the other client, and you do need the PostUp ping -c1 server-ip-addresscommand on each client as well. Without that PostUp ping, you’re going to get frustrated by connectivity that “sometimes works and sometimes doesn’t”. https://jrs-s.net/2018/08/05/routing-between-wg-interfaces-with-wireguard/ Maybe? PostUp = ping -c1 10.10.10.1


DONT FUCKING SET DNS in windows client!


Nisam uspeo SOCKS5 proxy a ni HTTP proxy


Wireguard u WIndows ide normalno kao service https://www.henrychang.ca/how-to-setup-wireguard-vpn-server-on-windows/


Da razumem? Everyone is a peer - https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#everyone-is-a-peer https://www.zahradnik.io/wireguard-a-vpn-with-real-world-usage-in-mind?#scenario-2-two-peers-behind-nat-and-one-peer-with-a-public-ip


file sharing? https://mikkel.hoegh.org/2019/11/01/home-vpn-server-wireguard


SaveConfig = true will rewrite the config when you turn off the device and will delete comments (like # Android Device)


PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE SaveConfig = true


How to run Wireguard client and server simultaneously on one host? : WireGuard How To Create a Point-To-Point VPN with WireGuard on Ubuntu 16.04 | DigitalOcean Building Wireguard Networks


WireGuard VPN review: A new type of VPN offers serious advantages

BoringTun, a userspace WireGuard implementation in Rust



Tailscale applied to Hass.io

Proxying

proxy_buffering off;

#update the proxy_pass ip address, unless HA and NGINX are on same server
location / {
    proxy_pass http://127.0.0.1:8123;  
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
}

How to Fix Unknown “connection_upgrade” Variable

“Unable to connect …” via nginx reverse proxy

Add trusted networks to configuration.yaml in Hass.io

http: use_x_forwarded_for: true trusted_proxies: - 192.168.0.111 - 100.64.0.0/10

Tailcale uses “100.64.0.0/10” subnet as explained here.

… we assign addresses in the 100.64.0.0/10 subnet (from 100.64.0.0 to 100.127.255.255). This is called the “Carrier Grade NAT” (CGNAT) address space.

date 30. Oct 2020 | modified 17. Jan 2023
filename: Wireguard VPN