New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
For what it's worth, I've usually found the opposite. At least on my home internet connection, pings over IPv6 tend to be lower and DNS lookups are faster. IPv4 routing is a lot more complex which can sometimes make things a bit slower.
I'm reasonably sure that if you have both IPv4 and IPv6 resolvers, it'll contact both and use the one that provides the fastest response. Similar to the "happy eyeballs" algorithm used for TCP connections to hosts with both IPv4 and IPv6 addresses.
I'll put an example: Google, which is the most popular resolver among the given choices, isn't accesible from Cogent over IPv6.
I understand that operating systems and applications include algorithms to work around that and most networks are not single homed to Cogent, but what would be the improvement? I don't have a strong opinion against this change and if people insist I'll give in, but I see it as unnecessary to be honest.
Work on OVH VPS/Cloud? If so i will donate !
It works almost everywhere except OpenVZ/LXC/Docker (for now).
Only exception would be in some distributions if you are using a custom kernel.
Yup! Works.
Thank you @Nyr
Hi. First of all, thanks for the work.
I am new on Linux and Wireguard and i have a question:
Thanks again
In the client.conf, edit the
AllowedIPs
line and put something like10.0.7.0/24
, which is the local network.Great work! Donation sent.
it works but also removing the DNS line
Thanks
Indeed, I missed that.
I used the script on a fresh deb10 install and everything seemed fine but it would disconnect during upload. Am I missing something?
Cool script!
Any plans to add the ability to have two wg sessions up where each routes 0.0.0.0 to the right side? Seems to have issues routing if more than one instance is defined for 0.0.0.0/0
Maybe take a look at Mailcow Dockerized too.
Define "disconnect during upload". Do you mean that your WireGuard client disconnects when it is sending outbound traffic?
I don't understand what you mean. A client can't route 0.0.0.0/0 (which is everything) to two different servers. You can use smaller prefixes to set priorities.
Any chance for a docker container? It would be simply amazing if you could connect to your server using wireguard and route that through some other container with some other arbitrary VPN for ultra protection
Using one of those "double VPN" setups will only provide significant slowness, not "more protection". I'd suggest against that.
With that said, Docker support is something which I want to do (not a Docker container).
So the issue is say you have two bgp tunnels over WG. you need both interfaces to have a policy for 0.0.0.0/0 ( who knows what's going to route over it ). You do not need routes active on both - or at all. What you need is for the encryption policies to accept traffic for * on either interface and manage the route outside.
I see. The script is a "road-warrior" installer, to be used as a secure gateway over an untrusted link. I don't plan to support other use cases at this time, sorry.
Some people choose slowness over greater protection. They're not mutually exclusive though and it doesn't necessarily have to be much slower, it's all going to depend on where the jump box and second vpn server lie (network wise).
Can you define "greater protection"? What's the threat model?
Nyr's road-warrior model is the just-enough for the 99.9% who just want to get rid of ISP shenanigans
@Nyr Any plans for pihole integration like this (there are also adguard branches but looks like they are WIP)? I've been using this script, so not really critical for me, but saves a lot of time and hassle having pihole or adguard home setup automatically.
That being said, it looks like pihole v5 is a rip up over v4 so if you were going to add pihole support, probably only worth starting from v5.
It is probably not going to happen. My script is a VPN installer, so if I end up implementing Unbound + Pi-hole + whatever is next... it will end up being a very different thing than a simple and lightweight VPN installer which works with 64MB of RAM.
Please note that the DNS configuration is specified directly in the client, so using whatever DNS server you already have running is very easy and Pi-hole has an automated installer itself, so it's not difficult to combine the two.
Also, the script has AdGuard DNS integrated anyway.
Does this keep any logs by default? How can I make sure it keeps ZERO logs?
It's installed on your server.
So logs aren't a problem, are they?
They are a problem. I prefer to leave no trace regardless.
I read a while back that wireguard keeps some logs. And nordvpn has modified the code to use it on their servers.
Not sure now though. Have to lookup in my logs.
@theblackesthat
Big thanks for this