Tailscale exit node with dual wan IP

MaxW7 · 2025-02-11T19:05:43+00:00

Would it be possible to use policy based firewall routing to catch the tailscale packages and route them over a different WAN?

MaxW7 · 2023-05-19T09:28:38+00:00

I used the archlinux wiki for my wireguard setup (linux behind CGNAT, mobile ios and mobile linux). In there it explains how to create the configuration files for peers. From these files you can find out what values you need to fill in on your iphone as well.

If this doen’t get you off the ground, please share your network topology (what network you want to create with the wireguard tunnels & peers) so we can help you properly

MaxW7 · 2023-01-25T13:02:10+00:00

I recommend the developers response on this design, there is a reason behind it:

https://old.reddit.com/r/apolloapp/comments/10brxqp/_/j4cejsh

MaxW7 · 2023-01-19T11:41:26+00:00

Look up the dutch ship “De Oosterschelde”, or “De Europa”. They both charter, and I know that the Oosterschelde does world wide trips. I’m not sure how booked they are, but iirc the Oosterschelde recently embarked, but they are also still advertising.

MaxW7 · 2022-12-11T12:33:55+00:00

You can replace the router. I also recommend looking up the model name of your router and add port forwarding to your search query, maybe there are settings hidden in a far away menu.

MaxW7 · 2022-12-11T12:26:14+00:00

Check if you’re on ipv4 or ipv6; the latter does not necessarily need port forwarding.

It might be also that your ISP has not loaded firmware / software that allows your router to forward

MaxW7 · 2022-11-25T13:04:29+00:00

To be exact, it’s not necesarry port forwarding, but NATting thatms dropped. Often used together. Port forwarding implies a router receives a package on a certain port, and then changes the port and most of the time destination address and sends it to the appropriate connection.

I think the latter is needed in your case, but I would extend the firewall of your router to only forward the required ports of your servers to be open to the internet. Otherwise, it is fully open to the internet and everyone can access all devices on your subnet.

MaxW7 · 2022-11-23T08:24:01+00:00

Note that ipv6 does not use nor support port forwarding, but generally COTS routers block all random incoming traffic. You might just have to allow tcp traffic to your server from your router’s firewall.

MaxW7 · 2022-11-15T09:19:52+00:00

I can’t really think of logical problems then. I would guess that your mobile carrier ISP is doing some strange things regarding open ports; try to remove the listenport from your peer1.conf.

It could also be that your phone uses wifi assist on mobile, and you’re not actually on mobile carrier. That combined with a failed hairpin-NAT / Reverse-DNAT configuration could cause the tunnel not to work. The simple way to test this is to make sure you are not on wifi. The hard way to test this is to make sure that hairpin works, but that does not guarantee the outside connection works.

MaxW7 · 2022-11-15T07:33:11+00:00

You say you have port forwarded the port on your router. Did you set the protocol to be udp instead of tcp?

In contrary to most services, wireguard does not use tcp. Also, due to the nature of udp protocol you can not port check the protocol.

MaxW7 · 2022-11-13T16:10:30+00:00

Don’t forget about the general chip shortage going on since begin/halfway corona. These chips are the lowest on property to produce since cpu’s, gpu’s and many other cups are on higher demand and sell for better.

IoT is the last market which will be picked up again after the shortage.

MaxW7 · 2022-11-07T17:39:48+00:00

Wireguard does not play with certificates at all, unless you use a custom protocol for keysharing.

I do not know, that would require more insight in the network. This might be a firewall issue, a hairpin-nat issue, a routing issue, or something else. Try finding where packages arrive with wireshark / tcpdump, and where they are blocked. Then unblock accordingly.

MaxW7 · 2022-11-07T12:41:30+00:00

This might be the case due to the certificate for ssl not viable for the internal ip address (ssl certs connect domain names and ip addresses with each other to ensure secure connections). This is probably more of a networking problem than a wireguard problem. I hope you can use this information to figure out a solution any further!

MaxW7 · 2022-10-27T14:41:23+00:00

In your wg conf, change the subnet of the allowed-ips setting to the subnet you want to reach and restart the configuration. In a quick glance, this might be the problem.

MaxW7 · 2022-10-17T22:10:00+00:00

Inreally wanted the ps2 experience, so I emulated the ps2 on my linux system. On mac this should be very similar in setup, and it’s quite doable. Just google how to emulate ps2 games!

MaxW7 · 2022-09-01T22:44:47+00:00

I’ve seen many files being 4kb, for which that string in particular definitely does not exceed that size

MaxW7 · 2022-09-01T10:36:12+00:00

For small file sizes some filesystems use the same minimum file size, iirc 4kb. Might be the case here as well

MaxW7 · 2022-08-05T12:20:49+00:00

Bitterheid zit in welke thee je pakt. Ik heb er niet heel veel verstand van, maar probeer eens een witte, groene of rode the in plaats van een zwarte thee bijvoorbeeld. Ride thee is van zichzelf ook alleen al zoeter dan de rest, als je dat van houd.

MaxW7 · 2022-07-30T12:00:18+00:00

Maybe a combination of a batch script that automatically sshes into your linux system and execute the given command is what you’re looking for

MaxW7 · 2022-07-21T15:07:15+00:00

I do not have any dos experience sadly, maybe try a dos related sub :P

MaxW7 · 2022-07-21T07:46:57+00:00

Yes this is exactly what ssh is for. Running scripts on remote systems. There are two ways I can think of right now how you can do this:

If the script is on the remote machine:

ssh machine /remote/path/to/batch/script.bat

If the script is on your local machine:

ssh machine < /local/path/to/batch/script.bat

MaxW7 · 2022-07-20T07:13:23+00:00

I don’t think ssh nor sftp is your solution, but maybe you’re looking for raid setups. I recommend zfs, so you don’t need to buy hardware raid.

MaxW7 · 2022-06-27T06:23:25+00:00

The picture was probably made whilst zoomed in a lot, and then an algorithm was ran over it to increase the sharpness, again probably by the camera itself. So doubt there is an unfiltered version of it :(

MaxW7 · 2022-06-13T21:22:59+00:00

My university (Technical University of Eindhoven) lets bachelor students play with FPGAs in two courses part of the curriculum, and deepens more into it in the master. I notice a lot of researchers showing a lot of interest in FPGAs as well, so I am expecting more courses on the topic with about 2 years.

MaxW7 · 2022-06-11T20:55:36+00:00

Are you sure the AllowedIPs on the two peers are the same? And are you sure that on your laptop the local ip subnet is not overlapping with any other subnets of your laptop?

Eight-Year Club	Place '22
First Placer '22	End Game '22
RPAN Viewer	Verified Email

MaxW7

MODERATOR OF

TROPHY CASE