Best way to have constant access to 3 servers? >apartment server - NAT, but I'm mostly in the home network >family server - NAT, but it's in family home which I visit occasionally >VPS - direct Here's a few scenarios that I end up being in: >in my apartment I use SSH directly to apartment server inside LAN. I can reach public and LAN only web services running on it via domain names. I use SSH on a forwarded port on public IP to reach family server. I use SSH on an exposed port on public IP to reach VPS. >on mobile data connection I use WireGuard to get into apartment network, then I can reach apartment server as if I was in apartment LAN. Others as in previous scenario. >in family home I use SSH directly to family server inside LAN. Others as in previous scenario.
The issue is most prevalent when I visit family. I connect to apartment WG, but then I'm not using family DNS server, which means I have to type in family server IP address because local domain there isn't known by apartment DNS. I'm looking for some solution that would basically keep apartment AND family LAN always reachable. Sort of like two permanent WireGuard connections on my laptop and phone, but with a lower priority - if I'm in apartment, WG's routes to apartment network are ignored in favor of direct connection. Relying on WG though would break my apartment server's backup script, because it expects family server's SSH to be on public IP. I don't want WG client on server. Another approach that comes to mind is doing some site-to-site VPN - it will be up to routers at apartment and family home to route the traffic, and I would simply access servers by LAN IPs, no matter which place I'm in. I'd have to add DNS entries for both servers (and web services) on both routers. If I'm on mobile connection, I would just have to manually VPN into e.g. apartment, and that would still give me access to all 3 servers without much fuss (but with indirect path to family). Seems like it would just work. Thoughts?
>>apartment server - NAT, but I'm mostly in the home network For clarity: I meant that I usually am in the apartment network.
Jackson Martin
>De-botnet your life >links to google docs
Wyatt Peterson
>Best way to have constant access to 3 servers? zerotier, just werks.
Jace Wood
You wanna maintain a list yourself on something other than gdocs?
Jose Parker
poorfag cope
Liam Perry
Is there an easy way to cut off a docker container's access to the internet without dicking with a firewall?
Ethan Murphy
don't expose any ports.
Ian Foster
or put it on macvlan network with no gateway.
Justin Carter
You know, I actually had this mentioned in my post and had to delete it due to character limit. Two things with ZeroTier (or Tailscale for that matter): >I'd rather have a DIY solution that doesn't rely on some "cloud". >How does it handle situations where I have e.g. ZeroTier running and connected and whatever, but am in the apartment network? Meaning I have direct access to the server because it's in the same subnet. Can ZeroTier figure it out and change routes to not push laptop-server traffic through cloud in that case? And I also wouldn't want to install any VPN client on servers (be it WireGuard or ZeroTier), if there's a less bloat solution.
Christopher Howard
Oddly enough, ECC ram has been generally cheaper than regular for a while now.
Blake Sullivan
when building from scratch and not buying new and when the rest of your platform supports both it and non-ECC, sure. but we're talking about people trying to build storage machines out of raspberry pis or their retired gaymer compoooooters.
Jose Diaz
the cloud is just use to initiate the handshake no data goes though it, if you're schizo, you can host your own planetary server that will negotiate your connection for you and be completely self-hosted. >How does it handle situations where I have e.g. ZeroTier running and connected and whatever Just like any other vpn, just adds a route to your table, zerotier give you a few non-private subnets to choose from that you use for routing, so you have a zerotier ip and a regular private IP for every device. You can also manage them online remotely (remove clients from your vpn, add new ones, change IP's, dns and lots of routing/ACL options that I've not really dug into desu.) If you don;t want additional software on your clients then you're forced to use firewall rule, port forwarding, SSH/RDP.
Brandon Jenkins
>so you have a zerotier ip and a regular private IP for every device. That would mean I have to reach server by different IP depending on what network I'm in, right? That's exactly what I'm trying to avoid.
Asher Carter
Check out net maker
It's possible to make a zerotier like setup of your own
Jayden Richardson
If you want to ssh to the same dns name regardless if your on or off the vpn, you're going to need either split dns (two dns servers) or you're going to need a a bridge that will bridge into you lan subnet. afaik there's no way to do that without a vpn.
Gavin Allen
Can you interface with other Wireguard clients connected to a peer? So if 10.0.0.1 is the server, 10.0.0.2 is your computer and 10.0.0.3 is your phone, can you connect both your computer and phone to 10.0.0.1 and then ping 10.0.0.2 from your phone?
Jayden Sanders
user searching for a 1l pc to replace my pi4 here again.
today someone listed a HP ProDesk 400 G1. it has a i3-4160T (2c 4t) and 4gb ram, the asking price 50 euros. is 50 an oke price for this or should i avoid this one for whatever reason? note: i do not need a lot of power but the pi's file transferspeeds are too slow for me.
Sounds fine for that use case. It's cheaper than a new Raspberry Pi anyways.
Brandon Smith
>afaik there's no way to do that without a vpn. What I'm thinking of is leaving VPN to run only on routers in each place. I don't like ZeroTier's default approach of just running its VPN client on all devices. Pic rel is what I'm trying to do, looks like it would work, wouldn't it? It's 4th gen CPU, but for that price it's definitely worth it. Have fun user, these tinyminimicro boxes are great.
depends how you setup wireguard but in theory you can. if you set the allowed addresses to something like 10.0.0.X/24 and enable forwarding onto the middle one it should work.
however generally you want to do point to point and not forward shit
Wyatt Long
Forgot to reply to you, sorry. Cool thing if I ever need an automated mesh network, but in my case I think site-to-site VPN would be sufficient.
yes, 50 bux for i-series 2000-5000 CPU is good, and the CPU isnt terribly far behind per-core performance as the later generations with DDR4 like the 6th to 8th gen chips.
just make sure you check if there's wifi and all drive mount parts (and what drive if any) included and how much RAM if any included.
Brayden Howard
Couldn't they just use the VPS as the central peer so they don't need to use ZeroTier/Tailscale?
