#wireguard weirdness
My phone has a WG client on it that connects back to the house (WG server is on the ASUS router). I can connect to Internet through the tunnel, and two devices (both servers) in the LAN, but not others, even with firewall on the router turned off.
The WG config has AllowedIPs = 0.0.0.0/0
Two of the devices are JetKVMs. Three are cameras. Can't see any restrictions on there.
@reimereien das ist ja ne interessante Geschichte. Ich mach das bisher selber mit #stubby, #dnsmasq und #wireguard auf nem Rechner vom #Hetzner. Da würd ich mir Zeit und Aufwand sparen.
@chotemysl habe Ich mir tatsächlich überlegt, aber ich möchte mein Tarif ändern und bei dieser Gelegenheit auf eine andere #fritzbox mit #wireguard Wechsel.
Gerade gelesen. Schade aber ich kann es verstehen. Leider unterstützt meine #fritzbox kein #Wireguard ..
@kuketzforum interessanter Beitrag. Ich nutze #myfritz + #Wireguard intensiv. Da ich Pi-Hole und andere Dienste wie #Jellyfin usw. als LXC über #Proxmox laufen lasse, werde ich mich mal damit beschäftigen, auch WG hierüber zu steuern und den Dienst in der #Fritzbox abzuschalten. Das ganze läuft allerdings seit sehr langer Zeit schon sehr stabil. Bin auf die Diskussion im Forum gespannt.
@bradley I'm NOT exposing my #pihole (s) directly to the internet - I use one at home and another one via #wireguard #vpn whereever I may roam 
Exposed ports for GUI and "healtchecks" are on a "random" highport which keeps logs mostly clear of "noise". Sometimes some scanners like #censys (or #shodan ) might also find these ports, but #iptables is very helpful 
Feel free to ask my via PM if something is not clear. I like feedback to make my docs better.
@zak I'm running #tailscale with exit nodes on my home network, so when I enable it on my phone, I get both ad-blocking DNS (pihole at home) and access to home resources at the same time. Based on #wireguard.
Cross open source collaboration: ConnMan connecting LibreElec and SailfishOS maintainers to get wider testing for the WireGuard changes. More info on https://forum.libreelec.tv/thread/29601-wireguard-experimental-support-for-connecting-via-fqdn-not-ip/
@Edent I use #freedombox which includes #nextcloud. I wonder if this means I can't run #wireguard?
I'm at the absolute end of my comprehension of Wireguard and WG-Easy. I, for the love of anything, CANNOT get my VPN to stay connected for more than 3 minutes. I have tried connecting via direct Public IP, my Domain with A Certs, PersistentKeepalive, changing/removing UFW/Firewall, hosting on bare metal, LXC, VM. I am at a complete loss and simply do not understand this anymore. If anyone has any ideas, please send them my way. #proxmox #selfhosting #vpn #lxc #vm #wireguard
FFS! A server can't run both #Docker *and* #Wireguard on #Linux.
Docker creates a "bridge" network interface which, apparently, interferes with WireGuard.
That was a depressing evening of eliminating the impossible. Completely stopping Docker allowed my VPN to connect.
And there's no way to actually run a Docker container without the network bridge (any documentation that says otherwise is lying).
First look Midori Browser with browsing VPN.
Midori Browser with VPN.... coming soon.
Behind all this there is @opensuse being the best distro :-)
Ob ich heute meine drei #Wireguard-Tunnel in einem Umbaue?
Here is a homebrew tap to install the proxyguard-client for #Wireguard on #MacOS.
It also provides a little wrapper to setup the correct routes etc
https://github.com/freifunkMUC/homebrew-proxyguard-client
This way you can easily use Wireguard over HTTP/HTTPs.
Kennt jemand eine Open Source-Variante von #tailscale? #WIreguard ist einfach, aber das zentral zu managen finde ich angenehm, mit einem #Zero-Trust-Ansatz ist das hübsch....
@StaceyCornelius In the past I did configure seperate systems for clients so they can travel without fuss regardless if "P.R." #China or #Russia or the #USA or #KSA...
Using @tails_live / @tails / #Tails and @torproject / #TorBrowser and when that's not an option, a #SSH-Tunnel / #OpenVPN or #WireGuard-#VPN to be able to #VNC into a machine.
CONSIDER THE #US ENEMY TERRITORY AS IN "If you wouldn't enter #NorthKorea, then why would you enter the USA?"
@ceresbzns You'd probably hate it, as it involves using short-lived nfs mounts through #wireguard tunnels. The hosts in the LAN copy the certs they need in this way. Systemd timers automate this "pulling". I only had to write 10 lines of bash code, in the way of actual programming.
Der neue OpenWrt One spricht Freifunk.
Und da das LeineLab über einen hervorragenden Laser verfügt, haben wir die Skyline Hannovers verstetigt.
Richtig gutes Gerät übrigens. WireGuard Speedtest Nutztraffic 330Mbit/s down, 230Mbit/s up.
Yes, for some reason, #KDE is way better than #Linux Mint's Cinnamon (or Mate) desktop (LM22), when one has multiple #Wireguard connections. 
I'm also really liking how the Bluetooth devices are connected to right from KDE's panel applet - several steps saved. Worked great.
Through a #wireguard tunnel ssh works in both directions.
With wireguard use PersistentKeepAlive on the "forgetting" side of NAT. Usually a home modem does NAT, so the computer that is not at home needs PersistentKeepAlive, and the home modem ideally has a fixed IP address or a DNS host name.
| wörk 
