handmade.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
handmade.social is for all handmade artisans to create accounts for their Etsy and other handmade business shops.

Server stats:

35
active users

#wireguard

0 posts0 participants0 posts today

#FOSDEM 2025 special!

Did you met @gyptazy at the conference? Double your resources or get a second VPS in the same or different location for enhancing the learning, evaluation and testing possibilities!

* Learn and create HA setups
* Test #BGP multi-site setups
* Test pf firewall setups
* Test #Wireguard setups
* Test #ZFS send/receive functions
* And many more things

How? Just message @gyptazy in Matrix by your already present and defined Matrix account.

During the #SharkBytes session at #SharkFest conference I had an opportunity to present a lightning talk about my pet project called IDS Lab.
It is a lab infrastructure deployable as docker containers, which simulates the small company network.

The IDS Lab consists of web webserver with #Wordpress, #MySQL database, #Linux desktop with RDP, the #WireGuard VPN for "remote" workers and for connecting another virtual or physical machines into the lab network.
This part of infrastructure can be used for attack simulations.

There are additional components for playing with logs and detections, too: #Fluentbit, #Suricata and #OpenObserve as lightweight SIEM.

In the #SIEM we already have preconfgured dashboards for alerts, netflows, web logs and logs from windows machines, if present.

Using the provided setup script, the whole lab can be up and running in up to 5 minutes. For more info, please check my GitHub repository with the IDS Lab:

github.com/SecurityDungeon/ids

#sf24eu #wireshark @wireshark

It's been a few weeks since I mentioned some free software that I like. Here I go again!

I spent a bit of time today configuring WireGuard on various hosts. It's a way to set up an encrypted tunnel (VPN) between hosts that can send UDP packets to each other. It's pretty straightforward, and works really well.

I'm sure there are plenty of use cases where it isn't the best solution... luckily I don't have any of those! 😄

Continued thread

Well that was shocking easy. I'll do a brief write up and throw it... somewhere, but TL;DR

1. Spun up two new VLANs (400 for Clients, 401 for VPN Egress)
2. Put a linux vm/router dual homed, with DHCP advertising itself as the gateway for the 400 VLAN, and setup iptables/IPV4 forwarding
3. Configure Wireguard client conf and spin it up.
4. Create a new SSID and attach clients to VLAN 400.

Boom, all wireless clients are now in New Zealand or wherever!

I wonder if there's a way to set up ProtonVPN for an entire VLAN. My Wifi supports layer 3 separation per SSID - my goal would be to have an SSID for "normal" traffic, then a SSID for "vpn" that would force all traffic through the VPN.

Maybe setting up a DHCP client on the vpn VLAN, specifying the gateway is an interface on the wireguard client, then using it to connect to protonvpn?

Has anyone done something so stupid like this before?

Lowering WireGuard's MTU to 1300 to work with a Three data SIM

This blogpost is very much what it says in the title.

And very annoying it is too, but I'll just have to see what impact it has, if any, in practice.

neilzone.co.uk/2024/11/lowerin

neilzone.co.ukLowering WireGuard's MTU to 1300 to work with a Three data SIM
More from Neil Brown