New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[2024 EXTENDED] Black Friday / Cyber Monday: FLASH SALE & MEGATHREAD
This discussion has been closed.
Comments
@FAT32 wish you were here, sweet dreams though
It seems you are aiming to post your deal on Cyber Tuesday?
I can do curl --interface [failover ip]
and it sends from the failover ip
It's still Monday here but why not, if Tuesday rocks the boat, why not!
Still Monday in England.
for what ?
As an envirement variable? Yes, but what would I put? The failover IP as I do with curl?
But not on Australia
RCLOUDSYSTEMS CYBERMONDAY MEGAPACK 2024
20 APPS + WP PLUGINS (Worth AT LEAST $244!!!)
ORDER HERE - $20 (yearly recurring)
Apps:
WP plugins
ORDER HERE - $20 (yearly recurring)
Fine print:
yeah, if you initiate connection from outside
i actually am not sure that you can do that from inside, although you may try some SNAT, maybe you already have
i'm lagging a bit, too sleepy... sry
I thought you said the failover IP had it's own interface, maybe I'm getting mixed up
Well after frustration of 15 minutes and rage re-install, I realized that default user in OVH is not root but debian. So I was trying to login with wrong user all this time FML
ROAD-TO-3-MILLIONS!
Yeah you need to do SNAT. But there's another layer of NAT from inside the container so doing SNAT in there will mess things up. The easy way is to just set
network_mode: hostand supply your own wg config which I remember the docker image supports.PostUp = iptables -A FORWARD -i <wireguard_interface> -j ACCEPT; iptables -A FORWARD -o <outbound_interface> -j ACCEPT; iptables -t nat -A POSTROUTING -s 10.13.14.0/24 -o <outbound_interface> -j SNAT --to-source <failover_ip>PostDown = iptables -D FORWARD -i <wireguard_interface> -j ACCEPT; iptables -D FORWARD -o <outbound_interface> -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.13.14.0/24 -o <outbound_interface> -j SNAT --to-source <failover_ip>No, same enp5s0
but I can run
curl --interaface [failover ip] https://ifconfig.me/
and I'll get the failover IP
@maverick dosen't this contradict your point? Maybe it doesn't I'm not good with networking
Haha. Went through that many moons ago
Hold on
Will try
If this works, key is yours
usually you can log in with root but just get displayed a message to use the debian account right?
Nope.
Can confirm this is something I have no experience with
Buuuut surprisingly Claude can sometimes be helpful. This is what Claude said:
I'll help you solve the routing issue with your Wireguard setup. It sounds like you want to ensure that outgoing traffic from the Wireguard clients uses the failover IP instead of the primary IP.
Here's a refined approach to modify your Wireguard configuration:
The key changes are:
1. Replace the MASQUERADE with SNAT
2. Use
--to-source [failover_ip]to explicitly set the source IP to your failover IPA few additional recommendations:
[failover_ip]with your actual failover IPTo verify the routing after changes:
1. Connect to the Wireguard VPN
2. Run
ip route show default3. Check
curl ifconfig.meto confirm the IP is your failover IPWould you like me to elaborate on any of these steps or help you troubleshoot further?
emgh:
I can do curl --interface [failover ip] and it sends from the failover ipClaude:
That's a good observation! If
curl --interface [failover ip]works, it means the failover IP is correctly configured at the network interface level.Let's dig a bit deeper into your routing setup. The fact that you can explicitly bind to the failover IP suggests that the IP is correctly added to the network interface. The challenge is likely in getting your Wireguard traffic to consistently use this IP.
Could you try the following modifications to your Wireguard configuration:
These additional
ip routeandip rulecommands create a separate routing table that specifically routes traffic from the Wireguard interface using the failover IP.A few questions to help diagnose:
1. Can you confirm the exact commands you're using to test the IP source?
2. Are you seeing any specific error messages when trying to route traffic?
3. What does
ip route show table alloutput?yup that the default
cringe ahh heztner
tried but forgot to push the host mode to git to it never got applied
that didn't work
will try again and actually do it
So... Is it over yet? I mean, we're close to 700.
I think root login is disabled with their Debian template. I even switch to rescue mode and changed root password and it still didn't work. I just need to switch my new servers to SSH key so it doesn't happen again -_-
Its lunchtime here in New Zealand (granted, on a tuesday...) but I feel a little hungry for another (last) round of 90% discount on our New Zealand based servers
GL01U9RZ8UThis will be our little 10 slots so get em while they're hot.
@admax @Firework this is your last chance
Sorting out who gets the laptops gonna be a royal mess now. Your estate will be fighting with LET members as to who is the rightful recipient.