@movq@www.uninformativ.de I think I misunderstood some aspects of Wireguard as mentioned here, not 100% sure, but so far things are much happier now with assigning /32
(s) as Tunnel IP(s) for Peers and being a bit more thoughtful about the AllowedIPs
š¤ Iām only playing around with 3 devices right now, my core router (RouterOS), an Ubuntu 22.04 VM over at Vultr and my iPhone.
@prologic@twtxt.net Nothing special, really. š¤ We have āsite-to-siteā (a pair of servers) and āpoint-to-siteā (one server, many clients) setups, pretty much the same as described here:
https://wiki.archlinux.org/title/WireGuard#Usage
Which operating system(s) are you using?
I think this is what I was missing in my understanding:
In other words, when sending packets, the list of allowed IPs behaves as a sort of routing table, and when > receiving packets, the list of allowed IPs behaves as a sort of access control list.
This is what we call a Cryptokey Routing Table: the simple association of public keys and allowed IPs.
@movq@www.uninformativ.de Whatās your setup like? How many peers? How are they configured? (if you can share)
@prologic Hm, Iām afraid I canāt be of much help here. Wireguard always ājust workedā, I didnāt have the need yet to dig deep into troubleshooting. š¤
@bender https://tilde.zone/@movq but Iām much more active here on twtxt. š
After a streak of ugly āmetaā sketches working on my naive folder/image browser today I added some improvements, finally got it working from the command line, moved it to the admin_script folder and Iām quite happy with it. Also, I went back to a complementary āmetaā idea of using #Pythonās #difflib to show sketch code evolution over timeā¦
Hmmm really not getting this at al š¤¦āāļø So far things appear to be a bit more stable, but the only changes I made was to assign addresses to peers of the form 172.30.0.X/32
instead of 172.30.0.X/24
and setting AllowedIPs
to 0.0.0.0/0
for mobile peers (phones, etc) and X.X.X.X/24, Y.Y.Y.Y/24
for more static peers (remote VMs) where X and Y are the LAN and Wireguard subnets.
Hmm when I said āWireguard is kind of coolā in this twt now Iām not so sure š¢ I canāt get āstable tunnelsā to freakān stay up, survive reboots, survive random disconnections, etc. This is nuts š¤¦āāļø
Huh hmm Boring Proxy actually uses SSH under the hood (written in Go) for the tunnelling š¤ Clever, I would have done the same if I hadnāt learned about Wireguard š
@mckinley@twtxt.net Now that I have real experience with Wireguard, Iām seriously thinking about building my own āCloudflareā replacement infra š ā And commodifying that somehow. Boring Proxy kind of does this too, but I may have a slightly different takes on things š¤
Wireguard is incredible.
@movq@www.uninformativ.de whatās your Fedi handle?
Iāve set PersistentKeepAlive = 25
on both side. Letās see if that improves things a bitā¦
@movq@www.uninformativ.de Wow that is wicked cool! š
@movq@www.uninformativ.de Only problem I seem to have is the connection keeps dropping out and never re-connecting until I forcefully disconnect/reconnect one side. Hmm š¤
#Book: Ā«Iāve Been ThinkingĀ» by Daniel C Dennett: https://www.theguardian.com/books/2023/oct/01/ive-been-thinking-by-daniel-c-dennett-review-an-engaging-vexing-memoir-with-a-humility-bypass
With so many people speaking ātheir truthā, how do we know what the truth really is?: https://theconversation.com/with-so-many-people-speaking-their-truth-how-do-we-know-what-the-truth-really-is-205388
Todos os dias uma razão para rejeitar o #ChatControl e só paramos quando for derrotado:
- A mesma sondagem mostra que dois terƧos dos jovens da UE discorda que se permita que as plataformas monitorizem as suas conversas privadas.
Assina a petição em https://chatcontrol.pt
Isto dos Globos de Ouro da autoproclamada televisĆ£o āindependenteā poderiam ser algo decente se fossem realmente independentes. Mas tantos dos nomeados que seriam mais merecedores e nĆ£o foram assim comprovam que nĆ£o sĆ£o.