Início / user-561402

taiBsu's questions

Martin Hope
tai
Asked: 2024-09-14 01:41:06 +0800 CST
  • 5

Problema

Quero usar o Wireguard como VPN para poder acessar meus dispositivos LAN remotamente e, ao mesmo tempo, rotear o tráfego pelo meu Pi-hole local para bloquear anúncios e ficar seguro em redes não confiáveis.

Assim, configurei o Wireguard com Pi-hole usando o tutorial do Pi-hole sobre o Wireguard . Segui todos os passos bem pedantes e depois de configurar tudo, consegui acessar o servidor via 10.100.0.1meu cliente, mas nada mais - nem site nem dispositivos locais.

O que eu fiz até agora:

  • crie uma configuração Wireguard conforme indicado aqui
  • crie uma configuração de cliente exatamente como declarado aqui
  • fazer com que meu cliente consiga canalizar todo o tráfego da Internet através do Wireguard, conforme descrito aqui
  • altere o 99-sysctl.confarquivo para habilitar o encaminhamento de IP e habilite o NAT no servidor conforme indicado aqui

Não tenho ideia do que está faltando.

Aqui está o conteúdo dos meus arquivos conf:

wg0.conf

Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 47111
PrivateKey = redacted

PostUp = nft add table ip wireguard; nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade; nft add table ip6 wireguard; nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade
PostDown = nft delete table ip wireguard; nft delete table ip6 wireguard

[Peer]
PublicKey = redacted
PresharedKey = redacted
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128

cliente.conf

[Interface]
Address = 10.100.0.2/32, fd08:4711::2/128
DNS = 10.100.0.1
PrivateKey = redacted

[Peer]
#AllowedIPs = 10.100.0.1/32, fd08:4711::1/128
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = mydoma.in:47111
PersistentKeepalive = 25
PublicKey = redacted
PresharedKey = redacted

saída deip route

default via 192.24.0.1 dev enp6s0 proto dhcp src 192.24.0.3 metric 100 
10.0.0.0/24 dev br-2747fb0d94d8 proto kernel scope link src 10.0.0.1 
10.100.0.0/24 dev wg0 proto kernel scope link src 10.100.0.1 
10.178.40.0/24 dev tun0 proto kernel scope link src 10.178.40.1 
192.17.0.0/16 dev docker0 proto kernel scope link src 192.17.0.1 linkdown 
192.18.0.0/16 dev br-cb5d7cb9fc9b proto kernel scope link src 192.18.0.1 
192.19.0.0/16 dev br-6fa7708a9945 proto kernel scope link src 192.19.0.1 
192.20.0.0/16 dev br-0003ef5216eb proto kernel scope link src 192.20.0.1 
192.21.0.0/16 dev br-5779db6c38ec proto kernel scope link src 192.21.0.1 
192.22.0.0/16 dev br-0b6ecf5437f9 proto kernel scope link src 192.22.0.1 linkdown 
192.23.0.0/16 dev br-9813798ea15d proto kernel scope link src 192.23.0.1 
192.24.0.0/24 dev enp6s0 proto kernel scope link src 192.24.0.3 metric 100 
192.25.0.0/16 dev br-bd655dfed23b proto kernel scope link src 192.25.0.1 linkdown

saída de log do cliente wireguard

--------- beginning of main
09-17 15:55:49.839 27728 27791 I WireGuard/GoBackend: Bringing tunnel wireguard_vpn UP
09-17 15:55:49.840 27728 27791 D WireGuard/GoBackend: Requesting to start VpnService
09-17 15:55:49.935 27728 27791 D WireGuard/GoBackend: Go backend 2163620
09-17 15:55:49.937 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Attaching to interface tun0
09-17 15:55:49.941 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UAPI: Updating private key
09-17 15:55:49.942 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UAPI: Removing all peers
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 3 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 6 - started
09-17 15:55:49.942 27728 27797 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 3 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 3 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 4 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 2 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 5 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 5 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 4 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 6 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 8 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 5 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 6 - started
09-17 15:55:49.942 27728 27959 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 7 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 8 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 7 - started
09-17 15:55:49.942 27728 27797 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 2 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 8 - started
09-17 15:55:49.942 27728 27959 D WireGuard/GoBackend/wireguard_vpn: Routine: TUN reader - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 7 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: event worker - started
09-17 15:55:49.943 27728 27957 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 2 - started
09-17 15:55:49.943 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Created
09-17 15:55:49.943 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Adding allowedip
09-17 15:55:49.943 27728 27955 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 4 - started
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Adding allowedip
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating endpoint
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating persistent keepalive interval
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating preshared key
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UDP bind has been updated
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Starting
09-17 15:55:49.947 27728 27955 D WireGuard/GoBackend/wireguard_vpn: Routine: receive incoming v6 - started
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Sending keepalive packet
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Sending handshake initiation
09-17 15:55:49.947 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: receive incoming v4 - started
09-17 15:55:49.947 27728 27803 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Routine: sequential sender - started
09-17 15:55:49.947 27728 27957 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Routine: sequential receiver - started
09-17 15:55:49.948 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Interface state was Down, requested Up, now Up
09-17 15:55:49.948 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Device started
09-17 15:55:49.968 27728 27957 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Received handshake response

Informações do sistema

Servidor

Roteador

  • FRITZ!Box com encaminhamento de porta para 47111/UDP habilitado

Cliente

  • GrapheneOS / Android 14
  • Wireguard F-Droid
  • configuração analisada via código QR

Se alguém puder me dar dicas de qualquer tipo, eu ficaria muito grato.

Muito obrigado antecipadamente.

ubuntu
Martin Hope
taiBsu
Asked: 2023-03-09 16:26:18 +0800 CST
  • 4

Quero deixar meu provedor de e-mail atual, que também hospeda meu domínio, e configurar um servidor de e-mail privado em minha máquina local que funciona 24 horas por dia, 7 dias por semana.

Digamos que eu tenha 4 endereços de e-mail cadastrados user1@example.com, user2@example.com, user3@example.come user4@example.com, onde example.comestá meu domínio registrado na IONOS.

Desejo usar a configuração de DNS do meu domínio IONOS example.come rotear o servidor MX para minha máquina local (que pode ser acessada por meio de um domínio DynDNS).

  1. Terei que ajustar a configuração do meu cliente de email para usar diretamente o servidor de email da minha máquina privada ou ainda é possível usar imap.ionos.dee eles cuidarão do roteamento para minha máquina local fornecida no registro MX com meu domínio DynDNS?
  2. Vou enfrentar grandes problemas de lista negra e sinalização de spam depois de configurá-los ou meu endereço de e-mail ainda estará na lista de permissões, pois é encaminhado por imap/smtp.ionos.de?

Muito obrigado antecipadamente.

email-server