Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "wireguard"
Wireguard reminds me of ssh. You exchange keys and start using the thing.
You protect client by limiting IPs that can access it and you protect server by listing IPs that can connect + iptables for more advanced access rules.
And the whole thing runs on UDP and in kernelspace, so it's fast AF
iperf3 tests compared to OpenVPN look amazing: x20 times faster than OpenVPN :D
I freaking love Linux!
If I want to set up a vpn tunnel in a network to securely transfer files between android devices connected to the network , what can i do ?
A kali os is responsible for destributing public, private keys.
Tried to use wireguard for that but the apk wont support file transfer.
I'm currently planning to set myselv up with some vps/dedicated server's for a project. What i plan to do to secure these servers is.
*Use centos 7
* Setup Wireguard and join all of the servers +1 client (my pc) to that network
*Disable SSH Access from outside that VPN
*Only allow RSA Key login to the Servers
*Install Cockpit for monitoring
*Intall docker/kubernetes for the applications i plan to run
What do you guys think of that as a baseline? Im not sure if my lower powered VPS (VPS M SSD from Contabo) will work as Kubernetes Nodes, does anyone have experience with that?
In general these Servers will be used for my projects and other fooling around.
If you guys have other suggestions for Securing/monitoring or other software i could put on to have more control without eating up to much of the Servers power, let me know :D13
Have a look at my new project.
It's a docker container to deploy a wireguard interface.
Why would you do something like this you ask, well there's actually 2 main reasons.
1. Distributing wireguard configuration over k8s/swarm/whatever.
2. Bringing up wireguard Interfaces automatically, on systems that don't support that normally, eg. Alpinelinux.3
Today is productive day and amazing day.
Finally got my fucking WireGuard VPN on my VPS set up. Pain but damn its fucking worth it. Oh god i love it already.
The speed against openVPN is crazy. Im not kidding its near double.
To anyone running openVPN. Throw that shit fucking away and set up an WireGuard VPN. You will thanks me later.
Oh yeah and its like much much more secure then fucking OpenVPN.4
whenever I suspend my laptop my openvpn would get stuck on reconnecting and I'd have to ctrl c and wait for like minutes so it would correctly close. so I only used VPN when I really needed it.
but then I found out: mullvad (my VPN host supports wireguard! and so wireguard is a more passive protocol, and doesn't need to keep open the connection. so now I can just set my VPN to "always on" and not worry about it anymore, yay!
ps: you should have seen my face when I found out mullvad gives away free stickers! :D
I am in love with WireGuard. I have been testing it and till now I haven't felt any glitches and it is so simple and feature rich VPN. https://www.wireguard.com
I finally managed to get my Wireguard setup to work in both ways! Beforehand I could ping from A to B, but not the other way around.
A network 10.1.0.0/16
B network 10.2.0.0/16
(both actually use multiple /24 subnets, but I reserve a /16 for each site for the sake of simplicity)
Lots of fiddling later this is my configuration:
A interface 10.1.199.1/32
A allowedIPs 10.2.0.0/16
B interface 10.2.199.1/32
B allowed IPs 10.1.0.0/16
ping from 10.1.1.1 to 10.2.1.1 => 172ms
ping from 10.2.1.1 to 10.1.1.1 => 172ms
it works, yay! now to add more sites...2
So, today, I wanted to try setting up a wireguard VPN server on my little raspberry pi at home. I... expected /some/ issues, but what I found dumbfounded me.
1 - I already had the wireguard package from the unstable branch of the main raspbian repo installed... Huh, okay.
2 - Setting up config was extremely easy... Wow, so the rumors were true. Wireguard really is almost dumb-simple.
3 - Failed to create a network interface? Oh, trouble, here it is! So lets see... modprobe wireguard... Nope. Don't have the module? What?
4 - Reconfigure package to rebuild the module - missing kernel headers? Huh... weird
This was the simple stuff... Then I went down the rabbit hole of the Raspberry Pi ecosystem:
1 - There is the Raspberry Pi Bootloader, that is apparently separate from the Kernel itself. And I didn't seem to have any of the standard linux-image-* installed... What? Weird, yet there I was, running a 4.19.42-v7+ kernel...
2 - No kernel and no headers... What... The... Fuck
3 - Okay, so... Lets just... try to install the latest kernel image then? One apt-get install... It downloaded the image, but during package configuration, it failed because... I didn't have... its headers? What? What for? And if it needs them (for whatever reason), why isn't the headers package as a dependency? Ugh, whatever...
4 - Another apt-get install and... Okay, building the initrd image aaaaand...
WHAT. What is it this time!?
Oh... Ran... No more space on device? What? Is /boot independent? Of course it is, it has to be, its a bloody different filesystem
Okay, so, lets che-OH MY GOD WTF.
Its just bloody 45 MBs big! The entire /boot is just 45 MBs large. WHY. THE. FUCK.
This was a default raspbian install from I have no idea when. But... Why. Oh WHY would ANYONE pre-configure /boot to be this incredibly tiny!?
No wonder the new init ramdisk couldn't fit in there! Its already used up from 64%!
Thanks, Raspbian Devs, now I gotta reinstall the whole system because, yes, the /boot is, of course, sector 8192. Just far enough from 2048 that there are *some* sectors free - About 3 MBs.
So what did I try? Remove the partition and recreate it from the very beginning. Only... I never tried in in the past, and okay, kernel doesn't like having the partition where its image resides deleted on the fly, it will not give up FDs pointing there or something.
So now, I have a system I cannot reboot, or it will never boot back up :|
I need to get a cheap 1U somewhere or something T.T1
If you have a blog, How do you decide what to write and publish on it? And, How do I motivate myself to write posts?
Context: I created my blog/website on 29 September 2017. I had a few ideas on writing blog posts(Condition variables in Go, Serverless related stuff and a whole bunch of posts related to wireguard) but every time I have tried write a post, I learn there is someone else who has already written a post on it and probably better than what I could have done, So what is really the point of writing it? And, I feel very insecure about writing posts, I feel like, If I do write a post, every one will know, I don't know anything about **anything**. :( I know about imposter syndrome, But I don't think I have that. I work with a lot of realllly smart people and I don't know as much as them. So, I am actually an imposter.
edit: I am usually active on Telegram, IRC and I try to help out people. It's easier for me to help people in communities like that but doing the same thing with a blog makes me very uncomfortable.2
Lemme just say... Wow. Wireguard... It's so incredibly simple and elegant. I cannot believe how easy and how little reading it needed to set it up.
And unlike OpenVPN, the Android client is even able to override the system's DNS servers, meaning I can finally start blocking nosy apps from contacting their big brothers in the cloud via DNS blackholing!
Wow. Wireguard... 10/10. Simple, fast to set up, elegant.4
Quick question, if anyone knows.
Does Wireguard encrypt traffic end-to-end or only between neighbor peers?1
Can someone answer me a question about Wireguard?
I couldn't find an answer to it online.
I know WG supports roaming, so switching a connection to a different route.
But how does WG handle multiple valid routes, before a connection can be established?
Eg, when I'm at home I could have 3 valid routes.
Connecting over LAN.
Connecting over public IP of the router.
Connecting to a vserver, using it as a bridge to connect to my server, if it's behind a firewall.4