20200726: Difference between revisions
From charlesreid1
(→Notes) |
|||
| Line 1: | Line 1: | ||
==Notes== | ==Notes== | ||
network/domain/dns questions | |||
* pod private wiki requires a domain | * pod private wiki requires a domain | ||
* that requires network interfaces and ip addresses to be set up | * that requires network interfaces and ip addresses to be set up | ||
tinc | |||
* installing tinc natively, whole point is to avoid fuss | * installing tinc natively, whole point is to avoid fuss | ||
* doesn't feel particularly secure, but it's all public/private key infra, soooo | * doesn't feel particularly secure, but it's all public/private key infra, soooo | ||
* tinc is more limited, requires clients to have tinc installed and keys copied | * tinc is more limited, requires clients to have tinc installed and keys copied | ||
* to get around that, create dorky socks proxy server that handles traffic to the wiki | * to get around that, create dorky socks proxy server that handles traffic to the wiki | ||
bespin setup: | |||
* bespin runs own dns server | |||
* bespin.charles points to itself | |||
* bespin.charles/wiki is wiki endpoint | |||
* bespin connects to dorky via tinc, 10.6.0.10 | |||
* bespin has a self-signed ssl certificate for bespin.charles | |||
dorky setup: | |||
* dorky has a dns server bound to tinc interface - tinc dnsmasq | |||
* dorky.charles points to itself | |||
* dorky gets connection from bespin via tinc, 10.6.0.1 | |||
* dorky has a charlesreid1.party certificate | |||
* dorky runs a socks server | |||
* dorky forwards packets between socks tunnel and tinc tunnel | |||
* dns requests forwarded thru socks tunnel are handled by tinc dnsmasq | |||
===Tinc on bespin and dorky=== | ===Tinc on bespin and dorky=== | ||
Revision as of 21:44, 26 July 2020
Notes
network/domain/dns questions
- pod private wiki requires a domain
- that requires network interfaces and ip addresses to be set up
tinc
- installing tinc natively, whole point is to avoid fuss
- doesn't feel particularly secure, but it's all public/private key infra, soooo
- tinc is more limited, requires clients to have tinc installed and keys copied
- to get around that, create dorky socks proxy server that handles traffic to the wiki
bespin setup:
- bespin runs own dns server
- bespin.charles points to itself
- bespin.charles/wiki is wiki endpoint
- bespin connects to dorky via tinc, 10.6.0.10
- bespin has a self-signed ssl certificate for bespin.charles
dorky setup:
- dorky has a dns server bound to tinc interface - tinc dnsmasq
- dorky.charles points to itself
- dorky gets connection from bespin via tinc, 10.6.0.1
- dorky has a charlesreid1.party certificate
- dorky runs a socks server
- dorky forwards packets between socks tunnel and tinc tunnel
- dns requests forwarded thru socks tunnel are handled by tinc dnsmasq
Tinc on bespin and dorky
Main article: Tinc
On bespin (behind NAT):
$ cd /etc/tinc/master $ cat tinc.conf Name = bespin AddressFamily = any Mode = switch ConnectTo = dorky $ cat tinc-up #!/bin/sh ifconfig $INTERFACE 10.6.0.10 netmask 255.255.0.0 $ cat tinc-down #!/bin/sh ifconfig $INTERFACE down $ ls hosts/ bespin dorky
On dorky (public IP):
$ cd /etc/tinc/master $ cat tinc.conf Name = dorky AddressFamily = any Mode = switch $ cat tinc-up #!/bin/sh ifconfig $INTERFACE 10.6.0.1 netmask 255.255.0.0 $ cat tinc-down #!/bin/sh ifconfig $INTERFACE down $ ls hosts/ bespin dorky