2/3 Topics #EU_OS needs help with:

1) What is the best way to backup user data for Linux EU OS users? https://gitlab.com/eu-os/eu-os.gitlab.io/-/issues/46 #borgbackup #btrfsbk #btrfs#nextcloud

2) How can unattended deployment with #foreman look like during pilot stage (thus without reconfiguring the network/DHCP yet)? https://gitlab.com/eu-os/eu-os.gitlab.io/-/issues/39 #foreman

3) How can a modern VPN provide extra security for people in home offices or on business trips? https://gitlab.com/eu-os/eu-os.gitlab.io/-/issues/47 #tailscale #headscale #rosenpass #wireguard #openvpn

How are you integrating #WireGuard with an identity provider like OpenID, MS, or Goog for MFA?

welp, my latest Fedora KDE update borked my Wireguard installation. No discernable errors. It just... won't connect to its peer.

Maybe it's time to do something other than Fedora...

#fedora #wireguard #linux

I've got a OpenBSD VPS with a WireGuard connection to a server on my home network. I can ssh and ping both ways through the WireGuard tunnel.

Would it be possible to use relayd on the VPS to direct traffic to different services running on the server at home?

service1.example.com -> server:8443
service2.example.com -> server:8090

It kind of looks that way from:

https://mutualaid.info/posts/using-relayd-as-a-reverse-proxy-on-openbsd/

I can add DNS records to the domain in question.

(I'm new to OpenBSD, but not Linux)

#OpenBSD#WireGuard #selfhosted

What is the preferred method to setup a #Wireguard client ?

I find adding/removing routes for multiple clients painful if I have to send a new config file to 50 people.

I just stopped myself from legacy IP thinking.

I'm planning a new Wireguard link between a pair of servers and was about to use a small IPv6 subnet when I caught myself.

Thanks to our amazing home ISP, not only do we have fixed IPv6 and legacy IP addresses, but we have a massive /48 of IPv6 space available so for a home network, plus guest and iot WiFi, and a few lab vlans, we really do have a practically unlimited amount of address space available (65535 /64's, each with 18 quintillion addresses).

So, even though it's a point to point link, I can just allocate a /64 and pick a pair of addresses from that range. This isn't legacy IP anymore, stop thinking that way.

I could of course just use a pair of link local addresses and the traffic would (should...) still flow but if I use GUA's from my allocation instead, I'll get proper responses in traceroute if I need to troubleshoot.

#ipv6 #wireguard

I wanted a #Wireguard GUI client for #FreeBSD and there wasn't none so I put this QT6 thing together last night.

From an idea to a working beta version in just a few hours. #IPv6 tunnel service with #Wireguard and #OpenVPN support. GRE & SIT follows, OpenVPN PKI backend will be switched to Hashicorp Vault.

Still several things to do… #network#IPv4#GRE#SIT#Tunnel #homelab #net #services @BoxyBSD

Would you be interested into an alternative #IPv6 Tunnelbroker service? Hosted and located in Germany, offering free IPv6 subnets (not sure about sizes, sth. between /64 - /48) that can be used by #SIT, #GRE, #OpenVPN or #Wireguard tunnels. Currently, this is already available but only for @BoxyBSD users.