5 Jan 2024 |
bjtftw | In reply to @cw:kernelpanic.cafe Does anyone have any suggestions for VPNs to use over the top of yggdrasil? It does depend on what situation we are thinking here. Do you want to use someone service on yggdrasil to achieve this or you do have VPS/real machine somewhere and want to use yggdrasil as tunnel for your traffic there and access internet from there? | 07:03:06 |
chinchilla optional | The latter. | 07:03:30 |
chinchilla optional | bjtftwmy machines. | 07:05:21 |
bjtftw | OK so you want just to create ipip6 tunnel over yggdrasil network to you remote host and then enabling there forwarding (if you have multiple public IPs there) ot create NAT there | 07:05:46 |
bjtftw | sudo ip tunnel add NAME mode ipip6 remote 201:... locate 202:... | 07:07:24 |
bjtftw | * sudo ip tunnel add NAME mode ipip6 remote 201:... local 202:... | 07:07:52 |
bjtftw | and on the other machine replace remote and local addresses | 07:08:12 |
chinchilla optional | shit cool I was hoping that could be done without any extra software | 07:08:26 |
bjtftw | as yggdrasil is encrypting everything you do not need to use wireguard, etc | 07:08:48 |
bjtftw | there is few types of that tunnels like ipip, ip6ip6, ipip6, ip6ip | 07:09:20 |
chinchilla optional | I didn't really like the idea of using another vpn but wasn't sure how to handle the routing. | 07:10:01 |
bjtftw | first ip tells what IPvX you want to route over that tunnel and second ip tells over what IPv version you want to build the tunnel | 07:10:08 |
chinchilla optional | Like I couldn't just add a defualt route | 07:10:17 |
bjtftw | yes you cane only use route to acheive that | 07:10:39 |
chinchilla optional | so does IP tunnel set that as a default route? | 07:11:39 |
chinchilla optional | or do I need to handle subnets/routing separately? | 07:11:49 |
bjtftw | yes you need few commands more | 07:12:00 |
chinchilla optional | okay cool | 07:12:10 |
chinchilla optional | thanks for the tip on ip tunnel | 07:12:31 |
bjtftw | like you need to assign IP addreses to those tunnel interface on both sides (like 192.168.1.1/24 on 1 comp and 192.168.43.1.2/24 on 2nd machine) | 07:13:14 |
bjtftw | then you can ping them on those addresses so it looks like LAN | 07:13:38 |
bjtftw | and then on remote machine you create NAT | 07:13:47 |
bjtftw | enable forwarding like echo 1 > /proc/sys/net/ipv4/conf/all/forwarding | 07:14:12 |
bjtftw | and here you go | 07:14:20 |
bjtftw | nad ofcourse on you local machine you want to set default routing through that tunnel | 07:16:56 |
bjtftw | like ip route add default dev NAME (tunnel name) | 07:17:08 |
bjtftw | * and of course on you local machine you want to set default routing through that tunnel | 07:18:28 |
bjtftw | * and of course on your local machine you want to set default routing through that tunnel | 07:18:55 |
chinchilla optional | Hah yes I am having to translate this all into nixos | 07:21:41 |
bjtftw | * like you need to assign IP addreses to those tunnel interface on both sides (like 192.168.1.1/24 on 1 comp and 192.168.1.2/24 on 2nd machine) | 07:21:54 |