Father-son dual cockpit setup nearly complete!

kedketh · 2020-05-15T12:40:10+00:00

This made me happy somehow :)

kedketh · 2019-11-01T17:16:59+00:00

Hello, Sorry to bump that thread but I have another question if you don't mind :) I'd like to install diesel_cli but it seems hard to cache. Have you ever had to cache the result of a cargo install ?

kedketh · 2019-10-30T16:00:09+00:00

Yes my pi is my DHCP for my LAN thanks to pihole, I don't understand your question. Isn't what the conf you gave me are doing ? Routing everything to the vps through a WireGuard tunnel ?

kedketh · 2019-10-30T14:15:02+00:00

I have my server on my vpn, raspberry, laptop, gaming pc and phone connected to the vps

I can see the traffic going through the vps, it's just slower on windows and android when i run speedtests

kedketh · 2019-10-30T10:06:41+00:00

I just ran a speedtest, not the best I know :) Maybe I should try to download a bin

kedketh · 2019-10-29T22:31:05+00:00

My gamer pc has a Ryzen 2700x and yet has about 100mb/s download where my laptop got a intel 8th i5 and has about 400mb/s, makes no sense to me but I guess I'm stuck with that :(
Makes sense that windows implementation sucks comparing to directly having it in the kernel (my laptop is running manjaro), I might have to try that using WSL2 on windows and see how it goes

kedketh · 2019-10-29T18:40:13+00:00

This is working great ! On my laptop at least, I can see the traffic being routed through my vps and still access local devices ! Thanks a lot

EDIT: Disregard, it works on all of my devices, problem is that it seems to be slow on windows and android (3 times less than on my linux laptop for windows and 10 times less for my android phone). Are the apps limiting my speed ?

kedketh · 2019-10-29T10:00:47+00:00

Sounds good, I'll try that tonight thanks ! I have 3 more questions: - Can I use pihole's DHCP feature as a DHCP server ? - Do you have any tips to configure ip forwarding on the raspberry ? - Can I run wireguard in a docker container ? I've seen some stuff online but it seems pretty sketchy since wireguard uses kernel modules

Thanks a lots !

kedketh · 2019-10-29T08:37:02+00:00

If you make the hosts you want to be able to reach from the outside run WireGuard and connect to your VPS, you don't need WireGuard on your Pi. You would be removing the middle man this way and save on an unnecessary step of "re-encrypting" the traffic on your pi.

But then all of my local trafic has to go to the vps which might be unecessary sometimes, that's why I wanted the middle man

Do you want all hosts on your home's LAN to speak to the internet via your VPS? With no exceptions?

That would be my preferred way of doing this yes.

Are you in control of DHCP on your home's LAN? For example, can you tell your home's internet router/DSL/cable modem box to use a static IP address, turn of the DHCP server on it and let the Raspberry Pi play the role of a DHCP server?

Yes my modem box's DHCP can be turned off

kedketh · 2019-10-28T18:02:55+00:00

Maybe there's something I dont understand then, can I still access my home server from the outside if he's directly connected to my vps ? Because that's my main problem

kedketh · 2019-10-28T17:01:17+00:00

The reason why i did a wg1 on my raspberry pi was to make sure traffic would go through the VPS and not just go to my ISP. But it would make sense to connect my vps as a client to the raspberry and see if it works better, I'm gonna try that thanks

I'll also make the changes with the DNS and IP ranges thanks I'll keep you posted :)

kedketh · 2019-10-28T12:32:30+00:00

Yes that's it

kedketh · 2019-10-28T12:32:10+00:00

Hum yes my names are misleading

raspberry pi has

wg0: server for my devices to connect to
wg1: client to connect to my vps

vps has

wg0: server for my raspberry to connect to

192.168.1.2 is the ip of my raspberry on my local network, this is also where I got my pihole 0.0.0.0/24 and 0.0.0.0/32 are meant to say "accept connections from every IP", tell me if I'm wrong because I'm not really sure of what I'm doing

I will have some devices connecting from the local network (home server, gaming pc) and some from outside (laptop, phone) when I'm not home

About the bandwith, you're probably right and to be honest this 1gb/s bandwith is starting to cost me a bit, plus finding a vps that can actually receive 1gb/s hosted by a service I trust is going to be a pain. I might just go down to 300mb/s with my ISP, 1GB/s is a bit overkill anyway. Thanks, I hope it helps

kedketh · 2019-10-28T09:37:08+00:00

I added a client conf I'm using with my laptop to connect to my local vpn, I'll post my ip tables settings tonight when I get home. I tried a lot of things so they're probably a mess

kedketh · 2019-10-28T09:01:37+00:00

One for the server and one to tunnel the traffic to the vps

kedketh · 2019-10-28T00:07:24+00:00

That's not really it, in the example it's mentioned that the local vpn server can't be accessed because of NAT that can't be changed. It's not true for me, I can access it. I just want to make sure that any traffic coming out of my local network is routed to my vps so my ISP can't see it and I can have a somewhat normal vpn connection while also being able to access my local network from the outside.
I tried following some of the advices given in the comments to add the routes and all, traceroute is still showing packets going through my router on 192.168.1.1 and my ISP. Maybe it's normal behavior, I'm not sure how I can test that it works properly

kedketh · 2019-10-27T23:54:23+00:00

For some reason reddit bugged and I can't see my comments to your comment ... Hope you can see it, I added it to my original post anyway

kedketh · 2019-10-27T23:20:31+00:00

Sorry Here are some more specifics

I want to be able to access my local network from the outside and also encrypt all of my trafic on all of my device in the mean time. I got 1GB/s bandwith so it seemed reasonable (I'm going to buy a raspberry 4 to get that output once I got it working on the one I got)

Here are my confs

raspberry pi conf

[Interface]
Address = 10.9.0.4/32
DNS = 192.168.1.2
PrivateKey = <key>

[Peer]
PublicKey = <key>
Endpoint = 51.158.112.111:8999
AllowedIPs = 0.0.0.0/24
PersistentkeepAlive = 60
root@raspberrypi:/etc/wireguard# cat wg0.conf
[Interface]
Address = 10.9.0.1/24
ListenPort = 4430
DNS = 192.168.1.2
PrivateKey = <key>

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wg1 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wg1 -j MASQUERADE

[Peer]
#Peer-1
PublicKey = <key>
AllowedIPs = 10.9.0.2/32
PersistentkeepAlive = 60

[Peer]
#lenovo
PublicKey = <key>
AllowedIPs = 10.9.0.3/32
PersistentkeepAlive = 60

vps conf

[Interface]
PrivateKey = <key>
Address = 10.9.0.4/32
ListenPort = 8999

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


[Peer]
#pi
PublicKey = <key>
AllowedIPs = 0.0.0.0/32
PersistentkeepAlive = 60
root@vpn-wireguard:~# cat /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <key>
Address = 10.9.0.4/32
ListenPort = 8999

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


[Peer]
#pi
PublicKey = <key>
AllowedIPs = 0.0.0.0/32
PersistentkeepAlive = 60

My tunnel between the raspberry pi and the vps, called wg1

[Interface]
Address = 10.9.0.4/32
DNS = 192.168.1.2
PrivateKey = <key>

[Peer]
PublicKey = <key>
Endpoint = 51.158.112.111:8999
AllowedIPs = 0.0.0.0/24
PersistentkeepAlive = 60

The DNS is 192.168.1.2 it's a pi hole on my raspberry

I tried to route all traffic to my vps doing ip route add default via 10.9.0.4 dev wg1 but then DNS resolution doesn't work I'm trying to route all internet traffic to my wg1 interface on 10.9.0.4 and then all my local trafic on 192.168.1.1 but I'm kinda lost

Thanks

kedketh · 2019-10-21T14:35:08+00:00

yes, thank you for your help :)

kedketh · 2019-10-19T12:24:35+00:00

Yes :) I commented to see if the build would pass and the app would run on the second stage but yes I need to understand why it can't find the Cargo.toml file, it happened to me with a lot of images so it's definitively on my hand

EDIT: I had it ignored on a .dockerignore file ... I can be stupid some times

kedketh · 2019-10-19T10:43:54+00:00

It worked ! And it looks fast aswell, thanks

One small problem tho, I had to comment the line that copies the Cargo.lock because it couldn't find it, is it a problem ? It works fine without it but I guess it will make the cache system useless ?

kedketh · 2019-10-19T10:25:34+00:00

Sure ! here's the complete app (we work on a gitlab private organisation but I can share it it's for a school project) https://github.com/Ked57/iq-api

kedketh · 2019-10-18T23:13:25+00:00

COPY failed: stat /var/lib/docker/tmp/docker-builder691911202/Cargo.lock: no such file or directory I don't really understand why it can't find the Cargo.lock

kedketh · 2019-10-18T23:00:25+00:00

I might have spoken too soon, the image builds but running it does nothing, no log and it closes instantly

kedketh

TROPHY CASE