Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
If I want to set up a vpn tunnel in a network to securely transfer files between android devices connected to the network , what can i do ?
A kali os is responsible for destributing public, private keys.
Tried to use wireguard for that but the apk wont support file transfer.
Thanks3 -
Wireguard reminds me of ssh. You exchange keys and start using the thing.
You protect client by limiting IPs that can access it and you protect server by listing IPs that can connect + iptables for more advanced access rules.
And the whole thing runs on UDP and in kernelspace, so it's fast AF
iperf3 tests compared to OpenVPN look amazing: x20 times faster than OpenVPN :D
https://reddit.com/r/linux/...
I freaking love Linux! -
Hey peoples,
Have a look at my new project.
https://github.com/thosebeans/...
It's a docker container to deploy a wireguard interface.
Why would you do something like this you ask, well there's actually 2 main reasons.
1. Distributing wireguard configuration over k8s/swarm/whatever.
2. Bringing up wireguard Interfaces automatically, on systems that don't support that normally, eg. Alpinelinux.2 -
I'm currently planning to set myselv up with some vps/dedicated server's for a project. What i plan to do to secure these servers is.
*Use centos 7
* Setup Wireguard and join all of the servers +1 client (my pc) to that network
*Disable SSH Access from outside that VPN
*Only allow RSA Key login to the Servers
*Install Cockpit for monitoring
*Intall docker/kubernetes for the applications i plan to run
What do you guys think of that as a baseline? Im not sure if my lower powered VPS (VPS M SSD from Contabo) will work as Kubernetes Nodes, does anyone have experience with that?
In general these Servers will be used for my projects and other fooling around.
If you guys have other suggestions for Securing/monitoring or other software i could put on to have more control without eating up to much of the Servers power, let me know :D12 -
whenever I suspend my laptop my openvpn would get stuck on reconnecting and I'd have to ctrl c and wait for like minutes so it would correctly close. so I only used VPN when I really needed it.
but then I found out: mullvad (my VPN host supports wireguard! and so wireguard is a more passive protocol, and doesn't need to keep open the connection. so now I can just set my VPN to "always on" and not worry about it anymore, yay!
ps: you should have seen my face when I found out mullvad gives away free stickers! :D -
I am in love with WireGuard. I have been testing it and till now I haven't felt any glitches and it is so simple and feature rich VPN. https://www.wireguard.com
-
I finally managed to get my Wireguard setup to work in both ways! Beforehand I could ping from A to B, but not the other way around.
A network 10.1.0.0/16
B network 10.2.0.0/16
(both actually use multiple /24 subnets, but I reserve a /16 for each site for the sake of simplicity)
Lots of fiddling later this is my configuration:
A interface 10.1.199.1/32
A allowedIPs 10.2.0.0/16
B interface 10.2.199.1/32
B allowed IPs 10.1.0.0/16
ping from 10.1.1.1 to 10.2.1.1 => 172ms
ping from 10.2.1.1 to 10.1.1.1 => 172ms
it works, yay! now to add more sites...2 -
So, today, I wanted to try setting up a wireguard VPN server on my little raspberry pi at home. I... expected /some/ issues, but what I found dumbfounded me.
1 - I already had the wireguard package from the unstable branch of the main raspbian repo installed... Huh, okay.
2 - Setting up config was extremely easy... Wow, so the rumors were true. Wireguard really is almost dumb-simple.
3 - Failed to create a network interface? Oh, trouble, here it is! So lets see... modprobe wireguard... Nope. Don't have the module? What?
4 - Reconfigure package to rebuild the module - missing kernel headers? Huh... weird
This was the simple stuff... Then I went down the rabbit hole of the Raspberry Pi ecosystem:
1 - There is the Raspberry Pi Bootloader, that is apparently separate from the Kernel itself. And I didn't seem to have any of the standard linux-image-* installed... What? Weird, yet there I was, running a 4.19.42-v7+ kernel...
2 - No kernel and no headers... What... The... Fuck
3 - Okay, so... Lets just... try to install the latest kernel image then? One apt-get install... It downloaded the image, but during package configuration, it failed because... I didn't have... its headers? What? What for? And if it needs them (for whatever reason), why isn't the headers package as a dependency? Ugh, whatever...
4 - Another apt-get install and... Okay, building the initrd image aaaaand...
FAIL
WHAT. What is it this time!?
Oh... Ran... No more space on device? What? Is /boot independent? Of course it is, it has to be, its a bloody different filesystem
Okay, so, lets che-OH MY GOD WTF.
Its just bloody 45 MBs big! The entire /boot is just 45 MBs large. WHY. THE. FUCK.
This was a default raspbian install from I have no idea when. But... Why. Oh WHY would ANYONE pre-configure /boot to be this incredibly tiny!?
No wonder the new init ramdisk couldn't fit in there! Its already used up from 64%!
Thanks, Raspbian Devs, now I gotta reinstall the whole system because, yes, the /boot is, of course, sector 8192. Just far enough from 2048 that there are *some* sectors free - About 3 MBs.
So what did I try? Remove the partition and recreate it from the very beginning. Only... I never tried in in the past, and okay, kernel doesn't like having the partition where its image resides deleted on the fly, it will not give up FDs pointing there or something.
So now, I have a system I cannot reboot, or it will never boot back up :|
Thanks, Raspbian!
I need to get a cheap 1U somewhere or something T.T1 -
Lemme just say... Wow. Wireguard... It's so incredibly simple and elegant. I cannot believe how easy and how little reading it needed to set it up.
And unlike OpenVPN, the Android client is even able to override the system's DNS servers, meaning I can finally start blocking nosy apps from contacting their big brothers in the cloud via DNS blackholing!
Wow. Wireguard... 10/10. Simple, fast to set up, elegant.4 -
Quick question, if anyone knows.
Does Wireguard encrypt traffic end-to-end or only between neighbor peers?1 -
Can someone answer me a question about Wireguard?
I couldn't find an answer to it online.
I know WG supports roaming, so switching a connection to a different route.
But how does WG handle multiple valid routes, before a connection can be established?
Eg, when I'm at home I could have 3 valid routes.
Connecting over LAN.
Connecting over public IP of the router.
Connecting to a vserver, using it as a bridge to connect to my server, if it's behind a firewall.4
Top Tags
Weekly Rant
View