Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:vpn [2024-12-07 Sat wk49 12:43] – [Syncthing] baumkpdocker_notes:vpn [2024-12-28 Sat wk52 11:23] (current) – [Wireguard] baumkp
Line 4: Line 4:
  
 There have been considered 3 different levels of access as described by the applications used: There have been considered 3 different levels of access as described by the applications used:
-  * Nextcloud a full privately hosted publicly accessible file shareing application, with many additional features +  *Wireguard A VPN server 
-  * Privatebin - An encrypted file publicly accessible file sharing server +  *Tailscale 
-  * Syncthing - A files synchronising system +  *Headscale 
-  * Wireguard - A VPN server+  *OpenVPN (Old)
  
 These applications and their scope are described further below. These applications and their scope are described further below.
  
-=====Nextcloud===== +=====Wireguard===== 
-Nextcloud is an open source content collaboration platform.  At its core is file-sharing, but it has many other core functions as well as extensibility with additional installed applications.  While Nextcloud can securely share files it is not focused as **simple**, public, and secure file-sharing platform.+I previously successfully setup [[https://wiki.kptree.net/doku.php?id=linux_router:wireguard|KPTree wireguard]] on my router.  This was installed on "bare metal" as was the nftable based router firewall. I later installed Bind9 DNS and Kea DHCP programs in Docker containers.  I always run Docker in a VM to prevent Docker's packet filtering from affecting the bare metal firewall rules.  Until recently I did not move Wireguard to Docker container as I did not have the need or time.
  
-I have been using Nextcloud and before that Owncloud from which Nextcloud was forked since circa 2013.  My server setup is described here: +Using Docker [[https://github.com/linuxserver/docker-wireguard|wireguard]] from linuxserver.io is much easier than the manual "bare-metal" setup on my router The docker setup is below: 
-  *kptree  [[https://wiki.kptree.net/doku.php?id=docker_notes:docker-nextcloud|nextcloud]] is Docker based setup, that I currently use, since 2022+++++docker-compose.yml| 
-  *kptree [[https://wiki.kptree.net/doku.php?id=home_server:web_server_setup#nextcloud_setup|nextcloud]] is a VM setup previously I used.+<code yaml>--- 
 +services: 
 +  wireguard: 
 +    image: lscr.io/linuxserver/wireguard:latest 
 +    container_name: wireguard 
 +    cap_add: 
 +      - NET_ADMIN 
 +      - SYS_MODULE #optional 
 +    environment: 
 +      - PUID=1000 
 +      - PGID=1000 
 +      - TZ=Australia/Perth 
 +      - SERVERURL=kptree.net #optional 
 +      - SERVERPORT=51820 #optional 
 +      - PEERS=2 #optional 
 +      - PEERDNS=auto #optional 
 +      - INTERNAL_SUBNET=10.13.13.0 #optional 
 +      - ALLOWEDIPS=0.0.0.0/0 #optional 
 +      - PERSISTENTKEEPALIVE_PEERS=all #optional 
 +      - LOG_CONFS=true #optional 
 +    volumes: 
 +      - ./config:/config 
 +      #- /lib/modules:/lib/modules #optional 
 +    ports: 
 +      - 51820:51820/udp 
 +    sysctls: 
 +      - net.ipv4.conf.all.src_valid_mark=1 
 +    restart: unless-stopped</code> 
 +++++
  
-=====Privatebin=====+The Wireguard container [[https://github.com/linuxserver/docker-wireguard#server-mode|Server Mode]] documentation give some key points on usage: 
 +  *Variables ''SERVERURL'', ''SERVERPORT'', ''INTERNAL_SUBNET'', ''PEERDNS'', ''INTERFACE, ALLOWEDIPS'' and ''PERSISTENTKEEPALIVE_PEERS'' are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs. 
 +  *To add more peers/clients later on, you increment the ''PEERS'' environment variable or add more elements to the list and recreate the container. 
 +  *To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: ''docker exec -it wireguard /app/show-peer 1 4 5'' or ''docker exec -it wireguard /app/show-peer myPC myPhone myTablet'' (Keep in mind that the QR codes are also stored as PNGs in the config folder). 
 +====References===== 
 +  *[[https://hub.docker.com/r/headscale/headscale/tags|Wireguard]] 
 +  * xdeb.org [[https://xdeb.org/post/2019/09/26/setting-up-a-server-firewall-with-nftables-that-support-wireguard-vpn/|Setting up a server firewall with nftables that support WireGuard VPN]] 
 +  * [[https://engineerworkshop.com/blog/how-to-set-up-a-wireguard-vpn-server-on-ubuntu-linux/|How To Set Up a WireGuard VPN Server on Ubuntu Linux]] 
 +  * [[https://github.com/pirate/wireguard-docs|Some Unofficial WireGuard Documentation]] 
 +  * [[https://securityespresso.org/tutorials/2019/03/22/vpn-server-using-wireguard-on-ubuntu/|How to setup your own VPN server using WireGuard on Ubuntu]] 
 +  * [[https://wiki.archlinux.org/index.php/WireGuard|Archlinux Wireguard]] 
 +  * [[https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/|Wireguard VPN: Typical Setup]] 
 +  * [[https://try.popho.be/vpn.html|OpenVPN FAQ]] 
 +  * [[https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/#insert-replace-or-delete-iptables-rules|A Tutorial for Controlling Network Traffic with iptables]] 
 +  * [[https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/|How To Set Up WireGuard Firewall Rules in Linux]] 
 +  * [[https://serversideup.net/courses/gain-flexibility-and-increase-privacy-with-wireguard-vpn/|Gain flexibility & increase privacy with WireGuard VPN]]
  
-=====Syncthing===== +=====Tailscale===== 
- +See Headscale. 
-[[https://syncthing.net/|Syncthing]] +====Reference==== 
-=====Wireguard===== +  *[[https://tailscale.com/|Tailscale]]: 
-I previously successfully setup [[https://wiki.kptree.net/doku.php?id=linux_router:wireguard|wireguard]] on my router.  This was installed on "bare metal" as was the nftable based router firewall. I later installed Bind9 DNS and Kea DHCP programs in Docker containers.  I always run Docker in a VM to prevent Docker's packet filtering from affecting the bare metal firewall rules.  I did not move Wireguard to a Docker container as I did not have the need at the time.+    *[[https://tailscale.com/kb/1017/install|Tailscale quickstart]] 
 +    *[[https://tailscale.com/kb/1282/docker|Using Tailscale with Docker]] 
 +    *[[https://github.com/tailscale-dev|github Tailscale Community]] 
 +      *[[https://github.com/tailscale-dev/docker-guide-code-examples|tailscale-dev / docker-guide-code-examples]] 
 +=====Headscale===== 
 +For my use case Headscale was too complicated to setup.  I am also concerned about the effort to maintain.  So have decided not to use at this time.
  
 +https://github.com/juanfont/headscale/releases
 +====Reference====
 +  *[[https://headscale.net/stable/|headscale]]
 +    *[[https://headscale.net/0.23.0/setup/install/container/|Running headscale in a container]]
 +  *[[https://github.com/juanfont/headscale/releases|github headscale]]
 +  *[[https://github.com/JamesTurland/JimsGarage/tree/main/Headscale2|JimsGarage Headscale2]]
 +  *[[https://hub.docker.com/r/headscale/headscale/tags|Dockerhub headscale]]
 ---- ----
  
 <- docker_notes:docker-dhcp|Back ^ docker_notes:index|Start page ^ docker_notes:fileshare|Next -> <- docker_notes:docker-dhcp|Back ^ docker_notes:index|Start page ^ docker_notes:fileshare|Next ->