Don't mix up #WireShark and #WireGuard: One is for analyzing #networktraffic and the other one is for hiding and encrypting network traffic (besides other things).
And yes, I verbally mix them up often enough even though I know exactly which one does what. Seems to be a #dyslexia thing.
@hbauer #wireguard sieht wirklich sehr viel einfacher aus.
Die Seite zuhause ist vorbereitet.
Nachher mal schauen, ob das auf dem #teltronika im Wohnwagen genauso gut geht.
#FOSDEM 2025 special!
Did you met @gyptazy at the conference? Double your resources or get a second VPS in the same or different location for enhancing the learning, evaluation and testing possibilities!
* Learn and create HA setups
* Test #BGP multi-site setups
* Test pf firewall setups
* Test #Wireguard setups
* Test #ZFS send/receive functions
* And many more things
How? Just message @gyptazy in Matrix by your already present and defined Matrix account.
Anyone know of a #wireguard based #vpn service that will give out a /56 or so #ipv6 prefix that can rotate regularly (maybe daily, or on demand, or something?)
@Bahnblogstelle Wer zu Hause eine #fritzbox hat kann dort leicht ein #wireguard #vpn einrichten. Damit verbinden sich mobile Geräte mit der eigenen fritzbox per VPN und der Verkehr wird dann über das heimische Netzwerk geroutet.
Läuft hier seit Monaten hervorragend.
During the #SharkBytes session at #SharkFest conference I had an opportunity to present a lightning talk about my pet project called IDS Lab.
It is a lab infrastructure deployable as docker containers, which simulates the small company network.
The IDS Lab consists of web webserver with #Wordpress, #MySQL database, #Linux desktop with RDP, the #WireGuard VPN for "remote" workers and for connecting another virtual or physical machines into the lab network.
This part of infrastructure can be used for attack simulations.
There are additional components for playing with logs and detections, too: #Fluentbit, #Suricata and #OpenObserve as lightweight SIEM.
In the #SIEM we already have preconfgured dashboards for alerts, netflows, web logs and logs from windows machines, if present.
Using the provided setup script, the whole lab can be up and running in up to 5 minutes. For more info, please check my GitHub repository with the IDS Lab:
It's been a few weeks since I mentioned some free software that I like. Here I go again!
I spent a bit of time today configuring WireGuard on various hosts. It's a way to set up an encrypted tunnel (VPN) between hosts that can send UDP packets to each other. It's pretty straightforward, and works really well.
I'm sure there are plenty of use cases where it isn't the best solution... luckily I don't have any of those! 
Okay, a udp scan tells me a lot should go through, yet... nothing. #WireGuard
Well that was shocking easy. I'll do a brief write up and throw it... somewhere, but TL;DR
1. Spun up two new VLANs (400 for Clients, 401 for VPN Egress)
2. Put a linux vm/router dual homed, with DHCP advertising itself as the gateway for the 400 VLAN, and setup iptables/IPV4 forwarding
3. Configure Wireguard client conf and spin it up.
4. Create a new SSID and attach clients to VLAN 400.
Boom, all wireless clients are now in New Zealand or wherever!
I wonder if there's a way to set up ProtonVPN for an entire VLAN. My Wifi supports layer 3 separation per SSID - my goal would be to have an SSID for "normal" traffic, then a SSID for "vpn" that would force all traffic through the VPN.
Maybe setting up a DHCP client on the vpn VLAN, specifying the gateway is an interface on the wireguard client, then using it to connect to protonvpn?
Has anyone done something so stupid like this before?
Achja, in der WireGuard Config einfach 8.8.8.8 oder 1.1.1.1 reinschreiben klappt auch nicht.
Die DNS-Requests laufen dann einfach in einen Timeout.
Verstehe es nicht, da die DNS-Geschichte bei einem zweiten WG-Client (via mullvad) perfekt funktioniert.
Lowering WireGuard's MTU to 1300 to work with a Three data SIM
This blogpost is very much what it says in the title.
And very annoying it is too, but I'll just have to see what impact it has, if any, in practice.
https://neilzone.co.uk/2024/11/lowering-wireguards-mtu-to-1300-to-work-with-a-three-data-sim/
I set up a #raspberrypi to boot off a 1TB SSD and sent it off to a friends house to act as a remote #borgbackup repository for my workstations and #homelab. It connects to my #opnsense router using #wireguard and I decided to write an article on my new blog: https://blog.abnml.com/2024/10/29/safeguarding-your-data-setting-up-a-remote-raspberry-pi-backup-with-borgbackup/
Check it out!
Always interesting when you upgrade from #ubuntu 2204 to 2404, and your #wireguard tunnel doesn't come up after a reboot.
Seems resolvconf was the culprit.
It is important to check the fingerprint of Debian repostitories. Keys should be specified per repostitory and not globally. A few things that increase security.
https://github.com/amnezia-vpn/amneziawg-linux-kernel-module/pull/27
Well, even on udp/443 my #WireGuard #vpn doesn't work here. Interesting.
@mkj I know of some places that block QUIC for security reasons. So I wouldn't be entirely surprised...
As for the DPI, I recently came across #AmneziaWG which might defeat some of those. If needed I'm going to play a bit with that ;)
Adjusted my home #wireguard #vpn setup on #opnsense to also listen on udp/443. Let's see if that gets through tonight.
My custom wg port was definitely being blocked on the network there.
| R.I.P Natenom 
