Ubuntu/Bespin: Difference between revisions

From charlesreid1
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Step by Step Articles==
All the setup involved for bespin, a Ubuntu 18.04 desktop server.
All the setup involved for bespin, a Ubuntu 18.04 desktop server.


=Inital Setup=
* [[Ubuntu/Bespin/Initial Setup]] - initial setup of the Ubuntu machine


[[Ubuntu/Bespin/Initial Setup]]
* [[Ubuntu/Bespin/Gnome Setup]] - setting up gnome on the Ubuntu machine


=Gnome Setup=
* [[Ubuntu/Bespin/Ansible]] - setting up and running an Ansible role for the machine


[[Ubuntu/Bespin/Gnome Setup]]
* [[Ubuntu/Bespin/PIA]] - set up a [[PIA]] VPN tunnel using [[OpenVPN]]


=Ansible Setup=
* [[Ubuntu/Bespin/DNS]] - removing the built-in DNS server on Ubuntu and replacing it with dnsmasq


[[Ubuntu/Bespin/Ansible]]
* [[Ubuntu/Bespin/PiHole]] - run an instance of PiHole, the DNS sinkhole, in a Docker container; install it between dnsmasq and the VPN tunnel, so all DNS queries will pass through the PiHole


=Wifi Access Point Setup=
* [[Ubuntu/Bespin/Iptables]] - Update the iptables rules to allow better protection of the server and be less permissive


[[Ubuntu/Bespin/Old/Wifi AP Setup]]
* [[Ubuntu/Bespin/TIL]] - the summary of "today I learned" things that I learned while setting up Bespin


=VPN Tunnel=
==Related Articles==


[[Ubuntu/Bespin/PIA]]
* [[Ubuntu/OpenVPN Server]] - set up an OpenVPN server on a Ubuntu machine (not running on bespin)


=Connect AP to VPN Tunnel=
==Old Irrelevant Articles==


[[Ubuntu/Bespin/AP PIA Tunnel]]
Articles that are no longer relevant to bespin but that may have useful information for some future project.


=PiHole=
* <s>[[Ubuntu/Bespin/Second AP Tunnel]]</s> - this ended in failure, twice. short version: you can't have multiple simultaneous PIA tunnels in OpenVPN without significant extra configuration, so no need to go this above and beyond.
 
Run PiHole in a Docker container, and install it between dnsmasq and the VPN tunnel (so that DNS queries will be filtered by the PiHole).
 
* [[Ubuntu/Bespin/PiHole]]
 
=OpenVPN Server=
 
Real simple: just set up an OpenVPN server.
 
* [[Ubuntu/Bespin/OpenVPN Server]]
 
47 pages later: man that was was intense
 
=Brushup of dnsmasq Config=
 
Updated the dnsmasq config file to the one shown here.
 
Key changes:
 
* Specifying the interfaces and listen addresses together (only need one or the other, but just to be sure)
* Using the expanded notation for the server keyword, and using it to specify which DNS nameserver to use for traffic from different sources. Now different LANs can use different DNS.
 
<code>/etc/dnsmasq.conf</code>
 
<pre>
# don't send external traffic that is missing a domain
domain-needed
# don't send external traffic that has bogus private ip
bogus-priv
## set the local domain
#domain=anon
#local=/anon/
# listen on these interfaces and only these interfaces
interface=lo
listen-address=127.0.0.1
interface=wlan1
listen-address=192.168.10.1
bind-interfaces
# define range of IP addresses to hand out
dhcp-range=192.168.10.100,192.168.10.150,255.255.255.0,24h
# don't read /etc/resolv.conf
no-resolv
# define what to do if no name resolution
# the notation for server used here is
# <dest-ip>/<src-ip>
# local dns queries use pihole dns server
server=127.53.0.1/127.0.0.1
# lan10 dns queries use pihole dns server
server=127.53.0.1/192.168.10.1
## lan20 dns queries use google
#server=8.8.8.8/192.168.20.1
# send dnsmasq logs to a single place
log-facility=/var/log/dnsmasq.log
</pre>


=Iptables Reconfiguration=
* <s>[[Ubuntu/Bespin/Wifi Repeater]]</s> - using bespin to run hostapd and make a wifi repeater


Update the iptables rules to allow better protection of the server and be less permissive:
* <s>[[Ubuntu/Bespin/Old/Wifi AP Setup]]</s>  set up a wireless AP to create/host a wifi hotspot on the machine


[[Ubuntu/Bespin/Iptables]]
* <s>[[Ubuntu/Bespin/Old/AP PIA Tunnel]]</s> - route traffic from a wireless AP to a PIA VPN tunnel


=Wifi Repeater=
* <s>[[Ubuntu/Bespin/Old/Iptables]]</s> - old iptables rules for things that aren't actually running on Bespin


Eventually we abandoned the idea of running hostapd on bespin to create a wifi network that would tunnel traffic through a PIA VPN tunnel. That job was moved to Thing 1.
We did have a new problem that hostapd could solve: Bespin and a few other computers are far from the wifi router. We want Bespin to provide a wifi repeater so that other computers can talk to Bespin faster than they can talk to the rest of the network. This doesn't make much of a difference, except if you're using services on Bespin, which we are.
[[Ubuntu/Bespin/Wifi Repeater]]
=Related Pages=
* [[Ubuntu/Bespin/TIL]] - the summary of "today I learned" things that I learned while setting up Bespin
* <s>[[Ubuntu/Bespin/Second AP Tunnel]]</s> - this ended in failure, twice. short version: you can't have multiple simultaneous PIA tunnels in OpenVPN without significant extra configuration, so no need to go this above and beyond.




Latest revision as of 05:38, 19 August 2020

Step by Step Articles

All the setup involved for bespin, a Ubuntu 18.04 desktop server.

  • Ubuntu/Bespin/DNS - removing the built-in DNS server on Ubuntu and replacing it with dnsmasq
  • Ubuntu/Bespin/PiHole - run an instance of PiHole, the DNS sinkhole, in a Docker container; install it between dnsmasq and the VPN tunnel, so all DNS queries will pass through the PiHole
  • Ubuntu/Bespin/Iptables - Update the iptables rules to allow better protection of the server and be less permissive
  • Ubuntu/Bespin/TIL - the summary of "today I learned" things that I learned while setting up Bespin

Related Articles

Old Irrelevant Articles

Articles that are no longer relevant to bespin but that may have useful information for some future project.

  • Ubuntu/Bespin/Second AP Tunnel - this ended in failure, twice. short version: you can't have multiple simultaneous PIA tunnels in OpenVPN without significant extra configuration, so no need to go this above and beyond.
Retrieved from "https://charlesreid1.com/w/index.php?title=Ubuntu/Bespin&oldid=28545"