diff options
| -rw-r--r-- | about/resources.gmi | 204 | ||||
| -rw-r--r-- | gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi | 224 | ||||
| -rw-r--r-- | gemfeed/atom.xml | 243 | ||||
| -rw-r--r-- | index.gmi | 2 | ||||
| -rw-r--r-- | uptime-stats.gmi | 2 |
5 files changed, 398 insertions, 277 deletions
diff --git a/about/resources.gmi b/about/resources.gmi index 09b94014..d3a0e739 100644 --- a/about/resources.gmi +++ b/about/resources.gmi @@ -35,110 +35,110 @@ You won't find any links on this site because, over time, the links will break. In random order: -* Higher Order Perl; Mark Dominus; Morgan Kaufmann -* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook -* Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook -* Polished Ruby Programming; Jeremy Evans; Packt Publishing +* Effective awk programming; Arnold Robbins; O'Reilly +* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson * The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton -* Effective Java; Joshua Bloch; Addison-Wesley Professional -* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers -* Site Reliability Engineering; How Google runs production systems; O'Reilly -* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly -* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly -* C++ Programming Language; Bjarne Stroustrup; +* Funktionale Programmierung; Peter Pepper; Springer +* Raku Recipes; J.J. Merelo; Apress +* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press * The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible -* DNS and BIND; Cricket Liu; O'Reilly -* The Docker Book; James Turnbull; Kindle +* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt +* Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook * Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf -* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible -* Perl New Features; Joshua McAdams, brian d foy; Perl School -* Raku Fundamentals; Moritz Lenz; Apress -* Systemprogrammierung in Go; Frank Müller; dpunkt -* Java ist auch eine Insel; Christian Ullenboom; +* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly +* Effective Java; Joshua Bloch; Addison-Wesley Professional +* C++ Programming Language; Bjarne Stroustrup; * The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional -* Data Science at the Command Line; Jeroen Janssens; O'Reilly -* Funktionale Programmierung; Peter Pepper; Springer * Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly -* Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly +* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly +* Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly +* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers +* Perl New Features; Joshua McAdams, brian d foy; Perl School +* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress * Modern Perl; Chromatic ; Onyx Neon Press -* The Pragmatic Programmer; David Thomas; Addison-Wesley -* Ultimate Go Notebook; Bill Kennedy +* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly * 100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications -* Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press +* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press +* Pro Puppet; James Turnbull, Jeffrey McCune; Apress +* Polished Ruby Programming; Jeremy Evans; Packt Publishing +* The Docker Book; James Turnbull; Kindle +* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications +* Raku Fundamentals; Moritz Lenz; Apress +* 21st Century C: C Tips from the New School; Ben Klemens; O'Reilly +* Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers +* Systemprogrammierung in Go; Frank Müller; dpunkt +* DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible * Developing Games in Java; David Brackeen and others...; New Riders +* Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner +* Higher Order Perl; Mark Dominus; Morgan Kaufmann +* DNS and BIND; Cricket Liu; O'Reilly +* Java ist auch eine Insel; Christian Ullenboom; +* The Pragmatic Programmer; David Thomas; Addison-Wesley +* Terraform Cookbook; Mikael Krief; Packt Publishing * Concurrency in Go; Katherine Cox-Buday; O'Reilly +* Data Science at the Command Line; Jeroen Janssens; O'Reilly +* Ultimate Go Notebook; Bill Kennedy * Leanring eBPF; Liz Rice; O'Reilly -* Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications -* Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly -* Effective awk programming; Arnold Robbins; O'Reilly +* Site Reliability Engineering; How Google runs production systems; O'Reilly * Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly -* Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner -* 97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly -* Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson -* The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress * Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook -* Terraform Cookbook; Mikael Krief; Packt Publishing -* Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press -* Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt -* Pro Puppet; James Turnbull, Jeffrey McCune; Apress -* Raku Recipes; J.J. Merelo; Apress -* Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers +* The Kubernetes Book; Nigel Poulton; Unabridged Audiobook ## Technical references I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order: -* Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley -* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley * The Linux Programming Interface; Michael Kerrisk; No Starch Press -* Implementing Service Level Objectives; Alex Hidalgo; O'Reilly * Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly * Go: Design Patterns for Real-World Projects; Mat Ryer; Packt -* Relayd and Httpd Mastery; Michael W Lucas +* BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley * Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly +* Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley +* Implementing Service Level Objectives; Alex Hidalgo; O'Reilly +* Relayd and Httpd Mastery; Michael W Lucas ## Self-development and soft-skills books In random order: -* Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press -* Psycho-Cybernetics; Maxwell Maltz; Perigee Books -* Eat That Frog!; Brian Tracy; Hodder Paperbacks -* Solve for Happy; Mo Gawdat (RE-READ 1ST TIME) -* Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion -* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books -* Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook -* Atomic Habits; James Clear; Random House Business -* The Joy of Missing Out; Christina Crook; New Society Publishers +* Slow Productivity; Cal Newport; Penguin Random House +* Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing +* Deep Work; Cal Newport; Piatkus * So Good They Can't Ignore You; Cal Newport; Business Plus +* The Bullet Journal Method; Ryder Carroll; Fourth Estate * Soft Skills; John Sommez; Manning Publications -* The Good Enough Job; Simone Stolzoff; Ebury Edge -* Never Split the Difference; Chris Voss, Tahl Raz; Random House Business -* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd -* Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne +* Digital Minimalism; Cal Newport; Portofolio Penguin +* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select +* The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook * The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK -* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook -* The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME) -* The Bullet Journal Method; Ryder Carroll; Fourth Estate +* 101 Essays that change the way you think; Brianna Wiest; Audiobook * Ultralearning; Scott Young; Thorsons +* Never Split the Difference; Chris Voss, Tahl Raz; Random House Business * The Power of Now; Eckhard Tolle; Yellow Kite -* Meditation for Mortals, Oliver Burkeman, Audiobook -* Slow Productivity; Cal Newport; Penguin Random House -* The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook -* Deep Work; Cal Newport; Piatkus -* Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing -* Digital Minimalism; Cal Newport; Portofolio Penguin -* The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select -* Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly -* Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook -* Eat That Frog; Brian Tracy -* Influence without Authority; A. Cohen, D. Bradford; Wiley -* 97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook * Ultralearning; Anna Laurent; Self-published via Amazon -* 101 Essays that change the way you think; Brianna Wiest; Audiobook +* The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME) +* The Joy of Missing Out; Christina Crook; New Society Publishers +* Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook +* The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook * Getting Things Done; David Allen +* Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook +* The Good Enough Job; Simone Stolzoff; Ebury Edge +* Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press +* Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne * Stop starting, start finishing; Arne Roock; Lean-Kanban University +* Atomic Habits; James Clear; Random House Business +* Meditation for Mortals, Oliver Burkeman, Audiobook * The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook +* Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion +* Psycho-Cybernetics; Maxwell Maltz; Perigee Books +* The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd +* Eat That Frog!; Brian Tracy; Hodder Paperbacks +* Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly +* Influence without Authority; A. Cohen, D. Bradford; Wiley +* 97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook +* Solve for Happy; Mo Gawdat (RE-READ 1ST TIME) +* The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books +* Eat That Frog; Brian Tracy => ../notes/index.gmi Here are notes of mine for some of the books @@ -146,30 +146,30 @@ In random order: Some of these were in-person with exams; others were online learning lectures only. In random order: -* Structure and Interpretation of Computer Programs; Harold Abelson and more...; -* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. -* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon +* Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online * Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training -* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online -* Developing IaC with Terraform (with Live Lessons); O'Reilly Online * MySQL Deep Dive Workshop; 2-day on-site training -* AWS Immersion Day; Amazon; 1-day interactive online training -* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need) -* Apache Tomcat Best Practises; 3-day on-site training -* The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online * Protocol buffers; O'Reilly Online -* Ultimate Go Programming; Bill Kennedy; O'Reilly Online -* Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online * Functional programming lecture; Remote University of Hagen +* Structure and Interpretation of Computer Programs; Harold Abelson and more...; +* The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online +* The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online +* Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon * Scripting Vim; Damian Conway; O'Reilly Online +* Ultimate Go Programming; Bill Kennedy; O'Reilly Online +* F5 Loadbalancers Training; 2-day on-site training; F5, Inc. +* Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need) +* Apache Tomcat Best Practises; 3-day on-site training +* AWS Immersion Day; Amazon; 1-day interactive online training +* Developing IaC with Terraform (with Live Lessons); O'Reilly Online ## Technical guides These are not whole books, but guides (smaller or larger) which I found very useful. in random order: * How CPUs work at https://cpu.land -* Raku Guide at https://raku.guide * Advanced Bash-Scripting Guide +* Raku Guide at https://raku.guide ## Podcasts @@ -177,49 +177,49 @@ These are not whole books, but guides (smaller or larger) which I found very use In random order: -* Pratical AI -* Modern Mentor -* Backend Banter * Maintainable -* The Pragmatic Engineer Podcast * Fork Around And Find Out -* Hidden Brain -* BSD Now [BSD] -* Deep Questions with Cal Newport -* Cup o' Go [Golang] * The ProdCast (Google SRE Podcast) * Wednesday Wisdom -* The Changelog Podcast(s) -* Fallthrough [Golang] +* Backend Banter +* Hidden Brain * Dev Interrupted +* Cup o' Go [Golang] +* Pratical AI +* The Pragmatic Engineer Podcast +* Fallthrough [Golang] +* Deep Questions with Cal Newport +* BSD Now [BSD] +* Modern Mentor +* The Changelog Podcast(s) ### Podcasts I liked I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests. -* CRE: Chaosradio Express [german] -* FLOSS weekly * Java Pub House * Ship It (predecessor of Fork Around And Find Out) -* Go Time (predecessor of fallthrough) * Modern Mentor +* Go Time (predecessor of fallthrough) +* FLOSS weekly +* CRE: Chaosradio Express [german] ## Newsletters I like This is a mix of tech and non-tech newsletters I am subscribed to. In random order: -* Register Spill -* The Pragmatic Engineer -* Golang Weekly -* Applied Go Weekly Newsletter -* byteSizeGo -* Changelog News -* Andreas Brandhorst Newsletter (Sci-Fi author) -* Ruby Weekly * The Imperfectionist +* Ruby Weekly +* The Pragmatic Engineer +* Register Spill * VK Newsletter +* byteSizeGo * Monospace Mentor +* Andreas Brandhorst Newsletter (Sci-Fi author) +* Applied Go Weekly Newsletter +* Changelog News * The Valuable Dev +* Golang Weekly ## Magazines I like(d) diff --git a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi index 7b0fd9fe..989eb03a 100644 --- a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi +++ b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.gmi @@ -54,13 +54,9 @@ Let's begin... * ⇢ ⇢ ⇢ Manual OpenBSD interface configuration * ⇢ ⇢ ⇢ Verifying dual-stack connectivity * ⇢ ⇢ ⇢ Benefits of dual-stack -* ⇢ ⇢ Manual gateway failover for roaming clients -* ⇢ ⇢ ⇢ Configuration files for pixel7pro (phone) -* ⇢ ⇢ ⇢ Configuration files for earth (laptop) -* ⇢ ⇢ ⇢ Using manual failover on Android -* ⇢ ⇢ ⇢ Using manual failover on Linux * ⇢ ⇢ Happy WireGuard-ing * ⇢ ⇢ Managing Roaming Client Tunnels +* ⇢ ⇢ ⇢ Manual gateway failover configuration * ⇢ ⇢ ⇢ Starting and stopping on earth (Fedora laptop) * ⇢ ⇢ ⇢ Starting and stopping on pixel7pro (Android phone) * ⇢ ⇢ ⇢ Verifying connectivity @@ -517,9 +513,40 @@ hosts: exclude_peers: - earth - pixel7pro - # f1 and f2 similarly configured with exclude_peers for roaming clients - # (full config omitted for brevity) - ... + f1: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.131' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.131' + ipv6: 'fd42:beef:cafe:2::131' + exclude_peers: + - earth + - pixel7pro + f2: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.132' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.132' + ipv6: 'fd42:beef:cafe:2::132' + exclude_peers: + - earth + - pixel7pro r0: os: Linux ssh: @@ -537,8 +564,40 @@ hosts: exclude_peers: - earth - pixel7pro - # r1 and r2 similarly configured - ... + r1: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.121' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.121' + ipv6: 'fd42:beef:cafe:2::121' + exclude_peers: + - earth + - pixel7pro + r2: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.122' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.122' + ipv6: 'fd42:beef:cafe:2::122' + exclude_peers: + - earth + - pixel7pro blowfish: os: OpenBSD ssh: @@ -1012,7 +1071,7 @@ up !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf ``` -**Important**: The IPv6 address must be specified before the `up` directive. This ensures the interface has both addresses configured before WireGuard peers are loaded. +Important: The IPv6 address must be specified before the `up` directive. This ensures the interface has both addresses configured before WireGuard peers are loaded. Apply the configuration: @@ -1047,61 +1106,10 @@ The dual-stack configuration is backward compatible—hosts without the `ipv6` f Adding IPv6 to the mesh network provides: -* **Future-proofing**: Ready for IPv6-only services and networks -* **Compatibility**: Dual-stack maintains full IPv4 compatibility -* **Learning**: Hands-on experience with IPv6 networking -* **Flexibility**: Roaming clients can access both IPv4 and IPv6 internet resources - -## Manual gateway failover for roaming clients - -WireGuard doesn't automatically failover between multiple peers with identical `AllowedIPs` routes. When both gateways (blowfish and fishfinger) are configured with `AllowedIPs = 0.0.0.0/0, ::/0`, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup. - -To enable manual failover, separate configuration files have been created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer. - -### Configuration files for pixel7pro (phone) - -Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/`: - -* **wg0-blowfish.conf** - Routes all traffic through blowfish gateway (23.88.35.144) -* **wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway (46.23.94.99) - -### Configuration files for earth (laptop) - -Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/`: - -* **wg0-blowfish.conf** - Routes all traffic through blowfish gateway -* **wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway - -### Using manual failover on Android - -On the pixel7pro phone, import both QR codes using the WireGuard app to create two separate tunnel profiles: - -```sh -# Generate QR codes -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-blowfish.conf -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-fishfinger.conf -``` - -In the WireGuard app, you can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time. - -### Using manual failover on Linux - -On the earth laptop, copy both configs and use systemd to switch between them: - -```sh -# Install both configurations -sudo cp dist/earth/etc/wireguard/wg0-blowfish.conf /etc/wireguard/ -sudo cp dist/earth/etc/wireguard/wg0-fishfinger.conf /etc/wireguard/ - -# Start with blowfish gateway -sudo systemctl start wg-quick@wg0-blowfish.service - -# To switch to fishfinger gateway -sudo systemctl stop wg-quick@wg0-blowfish.service -sudo systemctl start wg-quick@wg0-fishfinger.service -``` - -This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues. +* Future-proofing: Ready for IPv6-only services and networks +* Compatibility: Dual-stack maintains full IPv4 compatibility +* Learning: Hands-on experience with IPv6 networking +* Flexibility: Roaming clients can access both IPv4 and IPv6 internet resources ## Happy WireGuard-ing @@ -1283,14 +1291,58 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8= ## Managing Roaming Client Tunnels -Since roaming clients like `earth` and `pixel7pro` connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to start and stop the WireGuard tunnels. +Since roaming clients like `earth` and `pixel7pro` connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to configure and manage the WireGuard tunnels. + +### Manual gateway failover configuration + +The default configuration for roaming clients includes both gateways (blowfish and fishfinger) with `AllowedIPs = 0.0.0.0/0, ::/0`. However, WireGuard doesn't automatically failover between multiple peers with identical `AllowedIPs` routes. When both gateways are configured this way, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup gateway. + +To enable manual failover, separate configuration files can be created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer. This provides explicit control over which gateway handles traffic. + +Configuration files for pixel7pro (phone): + +Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/`: + +* wg0-blowfish.conf - Routes all traffic through blowfish gateway (23.88.35.144) +* wg0-fishfinger.conf - Routes all traffic through fishfinger gateway (46.23.94.99) + +Generate QR codes for importing into the WireGuard Android app: + +```sh +qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-blowfish.conf +qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg0-fishfinger.conf +``` + +Import both QR codes using the WireGuard app to create two separate tunnel profiles. You can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time. + +Configuration files for earth (laptop): + +Two separate configs in `/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/`: + +* wg0-blowfish.conf - Routes all traffic through blowfish gateway +* wg0-fishfinger.conf - Routes all traffic through fishfinger gateway + +Install both configurations: + +```sh +sudo cp dist/earth/etc/wireguard/wg0-blowfish.conf /etc/wireguard/ +sudo cp dist/earth/etc/wireguard/wg0-fishfinger.conf /etc/wireguard/ +``` + +This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues. ### Starting and stopping on earth (Fedora laptop) -On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel: +On the Fedora laptop, WireGuard is managed via systemd. Using the separate gateway configs: ```sh -earth$ sudo systemctl start wg-quick@wg0.service +# Start with blowfish gateway +earth$ sudo systemctl start wg-quick@wg0-blowfish.service + +# Or start with fishfinger gateway +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service + +# Check tunnel status earth$ sudo wg show interface: wg0 public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo= @@ -1315,36 +1367,38 @@ peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns= persistent keepalive: every 25 seconds ``` -Stoppint the tunnel: +Stopping the tunnel: ```sh -earth$ sudo systemctl stop wg-quick@wg0.service +earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +# Or if using fishfinger: +earth$ sudo systemctl stop wg-quick@wg0-fishfinger.service + earth$ sudo wg show # No output - WireGuard interface is down ``` -Checking the tunnel status: +Switching between gateways: ```sh -earth$ sudo systemctl status wg-quick@wg0.service -● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0 - Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled) - Active: active (exited) since Sun 2026-01-11 22:45:00 EET +# Switch from blowfish to fishfinger +earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service ``` -The service remains `disabled` to prevent auto-start on boot, allowing manual control of when the VPN is active. +The services remain `disabled` to prevent auto-start on boot, allowing manual control of when the VPN is active and which gateway to use. ### Starting and stopping on pixel7pro (Android phone) -On Android using the official WireGuard app, tunnel management is like this: +On Android using the official WireGuard app, you now have two tunnel profiles (wg0-blowfish and wg0-fishfinger) after importing the QR codes: -Starting the tunnel: +Starting a tunnel: * 1. Open the WireGuard app -* 2. Tap the toggle switch next to the `pixel7pro` tunnel configuration +* 2. Tap the toggle switch next to either `wg0-blowfish` or `wg0-fishfinger` tunnel configuration * 3. The switch turns blue/green and shows "Active" * 4. A key icon appears in the notification bar indicating VPN is active -* 5. All traffic now routes through the VPN +* 5. All traffic now routes through the selected gateway Stopping the tunnel: @@ -1354,6 +1408,12 @@ Stopping the tunnel: * 4. The notification bar key icon disappears * 5. Normal internet routing resumes +Switching between gateways: + +* 1. Disable the currently active tunnel (e.g., wg0-blowfish) +* 2. Enable the other tunnel (e.g., wg0-fishfinger) +* Only enable one tunnel at a time + Quick toggling from notification: * Pull down the notification shade @@ -1378,7 +1438,7 @@ earth$ ping -c2 fishfinger.wg0 earth$ curl https://ifconfig.me # Should show gateway's public IP ``` -Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with `sudo wg show` on earth, or observe which gateway shows recent handshakes and increasing transfer bytes. +Check which gateway is active: Check the transfer statistics with `sudo wg show` on earth to see which peer shows recent handshakes and increasing transfer bytes. On Android, the WireGuard app shows the active tunnel with data transfer statistics. ## Conclusion diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml index 3f3cff03..1941776e 100644 --- a/gemfeed/atom.xml +++ b/gemfeed/atom.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> - <updated>2026-01-17T00:03:44+02:00</updated> + <updated>2026-01-17T00:15:15+02:00</updated> <title>foo.zone feed</title> <subtitle>To be in the .zone!</subtitle> <link href="gemini://foo.zone/gemfeed/atom.xml" rel="self" /> @@ -9632,13 +9632,9 @@ Jul <font color="#000000">06</font> <font color="#000000">10</font>:<font color= <li>⇢ ⇢ <a href='#manual-openbsd-interface-configuration'>Manual OpenBSD interface configuration</a></li> <li>⇢ ⇢ <a href='#verifying-dual-stack-connectivity'>Verifying dual-stack connectivity</a></li> <li>⇢ ⇢ <a href='#benefits-of-dual-stack'>Benefits of dual-stack</a></li> -<li>⇢ <a href='#manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</a></li> -<li>⇢ ⇢ <a href='#configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</a></li> -<li>⇢ ⇢ <a href='#configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</a></li> -<li>⇢ ⇢ <a href='#using-manual-failover-on-android'>Using manual failover on Android</a></li> -<li>⇢ ⇢ <a href='#using-manual-failover-on-linux'>Using manual failover on Linux</a></li> <li>⇢ <a href='#happy-wireguard-ing'>Happy WireGuard-ing</a></li> <li>⇢ <a href='#managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</a></li> +<li>⇢ ⇢ <a href='#manual-gateway-failover-configuration'>Manual gateway failover configuration</a></li> <li>⇢ ⇢ <a href='#starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</a></li> <li>⇢ ⇢ <a href='#starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</a></li> <li>⇢ ⇢ <a href='#verifying-connectivity'>Verifying connectivity</a></li> @@ -10139,9 +10135,40 @@ hosts: exclude_peers: - earth - pixel7pro - # f1 and f2 similarly configured with exclude_peers for roaming clients - # (full config omitted for brevity) - ... + f1: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.131' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.131' + ipv6: 'fd42:beef:cafe:2::131' + exclude_peers: + - earth + - pixel7pro + f2: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.132' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.132' + ipv6: 'fd42:beef:cafe:2::132' + exclude_peers: + - earth + - pixel7pro r0: os: Linux ssh: @@ -10159,8 +10186,40 @@ hosts: exclude_peers: - earth - pixel7pro - # r1 and r2 similarly configured - ... + r1: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.121' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.121' + ipv6: 'fd42:beef:cafe:2::121' + exclude_peers: + - earth + - pixel7pro + r2: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.122' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.122' + ipv6: 'fd42:beef:cafe:2::122' + exclude_peers: + - earth + - pixel7pro blowfish: os: OpenBSD ssh: @@ -10669,7 +10728,7 @@ up !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf </pre> <br /> -<span>**Important**: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br /> +<span>Important: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br /> <br /> <span>Apply the configuration:</span><br /> <br /> @@ -10711,70 +10770,11 @@ root@r0:~ <i><font color="silver"># ping6 -c 2 fd42:beef:cafe:2::130 # IPv6 to <span>Adding IPv6 to the mesh network provides:</span><br /> <br /> <ul> -<li>**Future-proofing**: Ready for IPv6-only services and networks</li> -<li>**Compatibility**: Dual-stack maintains full IPv4 compatibility</li> -<li>**Learning**: Hands-on experience with IPv6 networking</li> -<li>**Flexibility**: Roaming clients can access both IPv4 and IPv6 internet resources</li> -</ul><br /> -<h2 style='display: inline' id='manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</h2><br /> -<br /> -<span>WireGuard doesn't automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways (blowfish and fishfinger) are configured with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup.</span><br /> -<br /> -<span>To enable manual failover, separate configuration files have been created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer.</span><br /> -<br /> -<h3 style='display: inline' id='configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</h3><br /> -<br /> -<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br /> -<br /> -<ul> -<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway (23.88.35.144)</li> -<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway (46.23.94.99)</li> +<li>Future-proofing: Ready for IPv6-only services and networks</li> +<li>Compatibility: Dual-stack maintains full IPv4 compatibility</li> +<li>Learning: Hands-on experience with IPv6 networking</li> +<li>Flexibility: Roaming clients can access both IPv4 and IPv6 internet resources</li> </ul><br /> -<h3 style='display: inline' id='configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</h3><br /> -<br /> -<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br /> -<br /> -<ul> -<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway</li> -<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway</li> -</ul><br /> -<h3 style='display: inline' id='using-manual-failover-on-android'>Using manual failover on Android</h3><br /> -<br /> -<span>On the pixel7pro phone, import both QR codes using the WireGuard app to create two separate tunnel profiles:</span><br /> -<br /> -<!-- Generator: GNU source-highlight 3.1.9 -by Lorenzo Bettini -http://www.lorenzobettini.it -http://www.gnu.org/software/src-highlite --> -<pre><i><font color="silver"># Generate QR codes</font></i> -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf -</pre> -<br /> -<span>In the WireGuard app, you can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br /> -<br /> -<h3 style='display: inline' id='using-manual-failover-on-linux'>Using manual failover on Linux</h3><br /> -<br /> -<span>On the earth laptop, copy both configs and use systemd to switch between them:</span><br /> -<br /> -<!-- Generator: GNU source-highlight 3.1.9 -by Lorenzo Bettini -http://www.lorenzobettini.it -http://www.gnu.org/software/src-highlite --> -<pre><i><font color="silver"># Install both configurations</font></i> -sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/ -sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/ - -<i><font color="silver"># Start with blowfish gateway</font></i> -sudo systemctl start wg-quick@wg0-blowfish.service - -<i><font color="silver"># To switch to fishfinger gateway</font></i> -sudo systemctl stop wg-quick@wg0-blowfish.service -sudo systemctl start wg-quick@wg0-fishfinger.service -</pre> -<br /> -<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br /> -<br /> <h2 style='display: inline' id='happy-wireguard-ing'>Happy WireGuard-ing</h2><br /> <br /> <span>All is set up now. E.g. on <span class='inlinecode'>f0</span>:</span><br /> @@ -10964,17 +10964,69 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8= <br /> <h2 style='display: inline' id='managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</h2><br /> <br /> -<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to start and stop the WireGuard tunnels.</span><br /> +<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to configure and manage the WireGuard tunnels.</span><br /> +<br /> +<h3 style='display: inline' id='manual-gateway-failover-configuration'>Manual gateway failover configuration</h3><br /> +<br /> +<span>The default configuration for roaming clients includes both gateways (blowfish and fishfinger) with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>. However, WireGuard doesn't automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways are configured this way, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup gateway.</span><br /> +<br /> +<span>To enable manual failover, separate configuration files can be created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer. This provides explicit control over which gateway handles traffic.</span><br /> +<br /> +<span>Configuration files for pixel7pro (phone):</span><br /> +<br /> +<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br /> +<br /> +<ul> +<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway (23.88.35.144)</li> +<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway (46.23.94.99)</li> +</ul><br /> +<span>Generate QR codes for importing into the WireGuard Android app:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf +qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf +</pre> +<br /> +<span>Import both QR codes using the WireGuard app to create two separate tunnel profiles. You can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br /> +<br /> +<span>Configuration files for earth (laptop):</span><br /> +<br /> +<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br /> +<br /> +<ul> +<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway</li> +<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway</li> +</ul><br /> +<span>Install both configurations:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/ +sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/ +</pre> +<br /> +<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br /> <br /> <h3 style='display: inline' id='starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</h3><br /> <br /> -<span>On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel:</span><br /> +<span>On the Fedora laptop, WireGuard is managed via systemd. Using the separate gateway configs:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl start wg-quick@wg0.service +<pre><i><font color="silver"># Start with blowfish gateway</font></i> +earth$ sudo systemctl start wg-quick@wg0-blowfish.service + +<i><font color="silver"># Or start with fishfinger gateway</font></i> +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service + +<i><font color="silver"># Check tunnel status</font></i> earth$ sudo wg show interface: wg0 public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo= @@ -10999,43 +11051,45 @@ peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns= persistent keepalive: every <font color="#000000">25</font> seconds </pre> <br /> -<span>Stoppint the tunnel:</span><br /> +<span>Stopping the tunnel:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl stop wg-quick@wg0.service +<pre>earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +<i><font color="silver"># Or if using fishfinger:</font></i> +earth$ sudo systemctl stop wg-quick@wg0-fishfinger.service + earth$ sudo wg show <i><font color="silver"># No output - WireGuard interface is down</font></i> </pre> <br /> -<span>Checking the tunnel status:</span><br /> +<span>Switching between gateways:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl status wg-quick@wg0.service -● wg-quick@wg0.service - WireGuard via wg-quick(<font color="#000000">8</font>) <b><u><font color="#000000">for</font></u></b> wg0 - Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled) - Active: active (exited) since Sun <font color="#000000">2026</font>-<font color="#000000">01</font>-<font color="#000000">11</font> <font color="#000000">22</font>:<font color="#000000">45</font>:<font color="#000000">00</font> EET +<pre><i><font color="silver"># Switch from blowfish to fishfinger</font></i> +earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service </pre> <br /> -<span>The service remains <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active.</span><br /> +<span>The services remain <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active and which gateway to use.</span><br /> <br /> <h3 style='display: inline' id='starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</h3><br /> <br /> -<span>On Android using the official WireGuard app, tunnel management is like this:</span><br /> +<span>On Android using the official WireGuard app, you now have two tunnel profiles (wg0-blowfish and wg0-fishfinger) after importing the QR codes:</span><br /> <br /> -<span>Starting the tunnel:</span><br /> +<span>Starting a tunnel:</span><br /> <br /> <ul> <li>1. Open the WireGuard app</li> -<li>2. Tap the toggle switch next to the <span class='inlinecode'>pixel7pro</span> tunnel configuration</li> +<li>2. Tap the toggle switch next to either <span class='inlinecode'>wg0-blowfish</span> or <span class='inlinecode'>wg0-fishfinger</span> tunnel configuration</li> <li>3. The switch turns blue/green and shows "Active"</li> <li>4. A key icon appears in the notification bar indicating VPN is active</li> -<li>5. All traffic now routes through the VPN</li> +<li>5. All traffic now routes through the selected gateway</li> </ul><br /> <span>Stopping the tunnel:</span><br /> <br /> @@ -11046,6 +11100,13 @@ http://www.gnu.org/software/src-highlite --> <li>4. The notification bar key icon disappears</li> <li>5. Normal internet routing resumes</li> </ul><br /> +<span>Switching between gateways:</span><br /> +<br /> +<ul> +<li>1. Disable the currently active tunnel (e.g., wg0-blowfish)</li> +<li>2. Enable the other tunnel (e.g., wg0-fishfinger)</li> +<li>Only enable one tunnel at a time</li> +</ul><br /> <span>Quick toggling from notification:</span><br /> <br /> <ul> @@ -11075,7 +11136,7 @@ earth$ ping -c<font color="#000000">2</font> fishfinger.wg0 earth$ curl https://ifconfig.me <i><font color="silver"># Should show gateway's public IP</font></i> </pre> <br /> -<span>Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth, or observe which gateway shows recent handshakes and increasing transfer bytes.</span><br /> +<span>Check which gateway is active: Check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth to see which peer shows recent handshakes and increasing transfer bytes. On Android, the WireGuard app shows the active tunnel with data transfer statistics.</span><br /> <br /> <h2 style='display: inline' id='conclusion'>Conclusion</h2><br /> <br /> @@ -1,6 +1,6 @@ # Hello! -> This site was generated at 2026-01-17T00:03:44+02:00 by `Gemtexter` +> This site was generated at 2026-01-17T00:15:15+02:00 by `Gemtexter` Welcome to the foo.zone! diff --git a/uptime-stats.gmi b/uptime-stats.gmi index fe548d7f..c68d8cf0 100644 --- a/uptime-stats.gmi +++ b/uptime-stats.gmi @@ -1,6 +1,6 @@ # My machine uptime stats -> This site was last updated at 2026-01-17T00:03:44+02:00 +> This site was last updated at 2026-01-17T00:15:15+02:00 The following stats were collected via `uptimed` on all of my personal computers over many years and the output was generated by `guprecords`, the global uptime records stats analyser of mine. |