i figured it out i had dns in the client wiregaurd config

GNU/MacOS/TimApple/Proprietary/Unix Which is all apart of the SystemD Operating system

Weres crowd strike windows shitting the bed when u need it

Grammer is for english class or grammer community’s. Who cares

Yeah is guide is pretty useful! i went with setting up wireguard instead of openvpn. For a while now ive been self hosting alot of my stuff, SearXNG with gluetun tunneling, minecraft server for me and the boys and a Samba Share instead of paying for some dopey cloud storage. Ive gotten ZFS running in a 1tb z1 pool for my containers and plan to add a 10tb Z2 pool for long term storage and backups. i chose to do it in NixOS instead of debian or ubuntu, just because im a little bit of a nut for immutability.

its actually kinda funny i just left a post asking for help setting up wiregaurd server on c/selfhosted and referenced louis’s guide! Also i gotta add thats EPIC you got 10gbps internet, i went with a glinet flint 2 for my router. Because it runs openwrt under the hood, i personally like openwrt alot. there are people that swear by pfsense or opensense because of the bsd network stack, is very well maintained and secure as alot of commercial products like switches and firewalls run pfsense under the hood. for security and vlans pfsense would probably be better from what i heard. But openwrt works pretty well aswell, and i ended up just going with the flint 2 because it has 2.5gb wan in and 1 2.5gb lan. which was more than enough more my measly 1-2gb internet.

so for example, setting 192.168.8.170 on the clients as the only allowed IP aswell as the server would do what i need? thanks for helping trying to navigate my labyrinth of networking :P

For client example [Interface] Address = 10.0.0.3/24 ListenPort = 51820 PrivateKey = magic numbers

[Peer] PublicKey = magic numbers

PresharedKey = magic numbers

AllowedIPs = 192.168.8.170 Endpoint = magic numbers"

For server example

peers = [

{ #friend1 publicKey = “magic numbers and letters”; allowedIPs = [ “192.168.8.170/24” ]; endpoint = “magic numbers and letters”; presharedKey = “magic numbers and letters”; persistentKeepalive = 25; }

{ # My phone publicKey = “magic numbers and letters”; allowedIPs = [ “192.168.8.170/24” ]; endpoint = “magic numbers and letters”; presharedKey = “magic numbers and letters”; persistentKeepalive = 25; }

{# friend 2 publicKey = “magic numbers and letters”; allowedIPs = [ “192.168.8.170/24” ]; endpoint = “magic numbers and letters”; presharedKey = “magic numbers and letters”; persistentKeepalive = 25;

} {# friend 3 publicKey = “magic numbers and letters”; allowedIPs = [ “192.168.8.170/24” ]; endpoint = “magic numbers and letters”; presharedKey = “magic numbers and letters”; persistentKeepalive = 25; }

neat web app! the drawings kinda suck tho, but thats just a skill issue on my part :P

so if i understand this correctly, it runs a docker container to which runs the wireguard server and then you just specify hostname/ip adress for the services, then when sombody tunnels in they have acess to only the services specifide in config file? if so looks pretty useful!, i just question what happens to the rest of the traffic? is it locally routed in my network or client side? im not very familiar with proxys, i know what they are but have never really messed with one. Thanks for sharing

ok ill try to explain to the best of my ability and simply it.

i no longer want to use tailscale, because of accounts. i used to use tailscale for the minecraft server i want my friends to be able to acess only 192.168.8.170 on my local network and all other traffic to not be routed through my vpn but my friends to have acess to there internet on there LAN. example, we can play minecraft on the server on my network and we can be in a group call in signal. meaning friend 1 and 2 are using there internet connection locally, and only 192.168.8.170 being routed.

We also had some connectivity issues with tailscale, where friend 1 would be on and friend 2 would lag out of the server randomly. when if we played a game through steam we wouldnt have any connection issues. my friend is also very forgetful and cant log into his tailscale account, which is another reason why i wanna ditch tailscale.

so my friends wiregaurd config is

Old Client Config

"[Interface] Address = 10.0.0.3/24 ListenPort = 51820 PrivateKey = magic numbers

[Peer] PublicKey = magic numbers PresharedKey = magic numbers AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = magic numbers"

So if i understand the article correctly, i need to change it to

New client config

"[Interface] Address = 10.0.0.3/24 ListenPort = 51820 PrivateKey = magic numbers

[Peer] PublicKey = magic numbers

PresharedKey = magic numbers

AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = magic numbers" Split tunneling: Exclude certain traffic from the VPN

PostUp = ip rule add from 192.168.50.0/24 table main

PostDown = ip rule delete from 192.168.50.0/24 table main

my friends LAN is 192.168.50.0/0 so im assuming were just trying to tell wireguard that anything within my friends subnet doesnt get routed? which means he will still be able to reach HigherGround@'192.168.8.170? and all of his other traffic will be local to him and go through his router?

im confused what “table” and “main” are im assuming its apart of iptables rules? im pretty new to IP tables so forgive me for my lack of understanding. i know its basically a linux purest firewall LMAO,

Then on my server i would edit

This allows the wireguard server to route your traffic to the internet and hence be like a VPN

  postUp = ''
    ${pkgs.iptables}/bin/iptables -A FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
  '';

  # Undo the above
  preDown = ''
    ${pkgs.iptables}/bin/iptables -D FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
  '';

And make it like this?

This allows the wireguard server to route your traffic to the internet and hence be like a VPN

  postUp = ''
    ${pkgs.iptables}/bin/iptables -A FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
    ${pkgs.busybox/bin/ip rule add from 192.168.50.0/24 table main
  '';

  # Undo the above
  preDown = ''
    ip rule add from 192.168.1.0/24 table main
    ${pkgs.iptables}/bin/iptables -D FORWARD -i cavein0 -j ACCEPT
    ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
    ${pkgs.busybox/bin/ip rule delete from 192.168.50.0/24 table main
  '';

Right? or is step 4 on the client still? its not very clear in the article thanks for helping out!

gronk use ms paint to describe. gronk bad at explaining so he draws pretty pictures :P

monotone “yes mr gates i will upgrade to windows 11 and buy all the windows 11 office utilitys. Microsoft edge is the best browser it frees me from the scary concepts of choices”

As AOL guy once said

“You got mail”

Damnn what an uptime! Cheer to that!

I recently helped swith my friends father to linux, it wasnt originally going to install linux. But it went somthing like this.

My friend DM’d me at 9:00 telling me “my dads computer cant connect to the internet and a fan isnt spinning, he mostly wanted the internet to work” so i did some follow up, has he tried unplugging and repluging in the computers ethernet, have you tried restarted the computer. Really basic stuff, i also asked for a picture of what fan.

IT WAS THE CPU COOLER FAN!! i quickly told him to power off his pc, and asked him if i could come over to help. (Hes not very tech savy) He gave me the green, and i drove to his house. I went to the PC, and immediately checked the fan connectors and tried power cycling the computer. The fan was a BRICK, didnt even move, i noticed the PC was immaculately clean inside. I asked the friend when the last time his dad cleaned his pc. “He cleaned it yesterday” Oh what did he use? “Electronics cleaner and the air compressor” Im 99% sure your fan is cacked, i went to my bag and pulled out a new fan and swapped it in and repasted the cpu cooler aswell. Worked like new. The friend then said “ok can we see if we can get the internet working” I agreed and we flipped on the pc. It then starts to boot windows 10, 20 minutes go by and loads up the sign in page. It was defiantly a hardisk drive, his dad then punchs in his password. And the computer starts to load the desktop, it loads and loads and continued for 20 minutes and yet the mouse pointer kept spinning. I noticed the time was 1:00AM on the computer which was accurate to the real time. His dad opens microsoft edge, i asked my friend why he uses microsoft edge? “Its because its already there” which just deeply pained me hearing those words as ive recently been reading “how to seize the means of computation” which describes internet enshitafaction as a whole. So his dad opens youtube in the browser of depression. And it gives an cannot connect to internet. I told my friend i bet its time skew of the computer not being correct, i then went to the keyboard pressed SUPER+I to open settings.

it wouldnt load settings, no matter how long i waited, the mouse pointer was still spinning. I took my libre booted t440p running gentoo linux and plugged in the ethernet into my laptop and went to youtube. Yep it was the time being wrong, So at this point i asked how old the computer was? Neither of them knew, i then followed up with “how old is the hdd?” Once again nobody knew. I then opened the computer and pulled out a 2013 western digital hardrive. From what my friends dad told me, is that his pc stopped working a day ago and decided to clean it after it wasnt working. My two running theorys on why windows wouldnt load were

The hardrive is from 2013 and its 2024 so it definitely has data rot. Or he cleaned his pc and got eletronics cleaner inside the hardrive.

Either way i broke the news that the hardive was the problem, i told my friend. I theoreticly could reinstall windows on the hardive and that MAY fix it. But that would be a bandaid on a bullet hole. So i asked what the primary function this computer served. In exact qoute “my dad comes home from work and watches youtube and reads the Vietnamese news” I the rebuttaled if there was any other tasks he does on the pc or files needed off the hdd. He gave a hard nope on the files, and reassured me of his only purpose of the pc was news and youtube. I then told them to buy a 240gb ssd off of amazon which would be delivered the following day, we then upgraded to ZorinOS from windows 10. (I chose Zorin because its LTS and i use it to run my laser cutter and have never had problems with it). The install went without a hitch and the father was enjoying his preformance dancing shows on youtube.

My friend did pay me a little bit, but it was alot of fun and i never really expected to get paid. I purely did it for the fun of it and my friend has helped me out with stuff aswell.

All in all, it felt good to help other and spread foss software

NO MR HACKER PLEASE. NOT MY KDE DOTFILE!!!

SOMBODY HELP HE IS RICING MY DESKTOP ENVIRONMENT!!!

HES POSTING IT ON UNIXPORN THAT SICK FUCK

Fusion 360 :(

Yes i know theres wine versions But they just dont work the same. And randomly crash.

Yes i know free cad exists, but it feels so clunky and is so much diffrent than fusion/inventor

• Assuming your disk is using gpt partition scheme. Dos is limited to 4

huh thanks for the insight, there is alot of moving parts to ublue XD

Thanks for your input, but i cannot remember the exact error. But it would say it cannot install steam because of layering.

See we had auroa layered on bazzite, and for some reaaon steam wouldnt install because it got added then removed by layers.

We had the same problem with firefox, another friend needed non-flatpak firefox for a cac card reader and there were drivers available but didnt work with flatpak. And when we tried to install firefox via rpm os-tree it just failed in the same way

I gotta agree, ublue is an amazing technology and recently got my friend to switch from windows 11 to aurora for school work. Hes is very happy with it, and its pretty bullet proof. However the following month he wanted linux on his ryzen 9, 6900xt gaming desktop.

We started with aurora, which had problems with getting steam to work, tried flatpak couldnt get the 2nd ssd to have permisions to use as a steam library. Tried bazzite container, sometimes wouldnt launch. Tried intalling it through rpm ostree. And after my friend said he wanted to get virtual machines and stuff. I was tapped out, we tried bazzite. But the immutability is the main selling point of being imencly hard to break. But when it got in your way it was sisyhian. We eventually got fedora workstation 40 and hes been really happy with it!

The only thing he has had problems with is running an old star trek game through lutris, it has a weird aspect ration and thr cursor is offset. We still havent been able to fix it.

So basically ublue is if its there already its super easy to install and if its not it is emencly hard.