diff options
| -rw-r--r-- | about/resources.html | 204 | ||||
| -rw-r--r-- | gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html | 241 | ||||
| -rw-r--r-- | gemfeed/atom.xml | 243 | ||||
| -rw-r--r-- | index.html | 2 | ||||
| -rw-r--r-- | uptime-stats.html | 2 |
5 files changed, 407 insertions, 285 deletions
diff --git a/about/resources.html b/about/resources.html index 6c8a42e8..87c89768 100644 --- a/about/resources.html +++ b/about/resources.html @@ -50,112 +50,112 @@ <span>In random order:</span><br /> <br /> <ul> -<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> -<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> -<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li> -<li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> +<li>Effective awk programming; Arnold Robbins; O'Reilly</li> +<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> <li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> -<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> -<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> -<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> -<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> -<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> -<li>C++ Programming Language; Bjarne Stroustrup;</li> +<li>Funktionale Programmierung; Peter Pepper; Springer</li> +<li>Raku Recipes; J.J. Merelo; Apress</li> +<li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li> <li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li> -<li>DNS and BIND; Cricket Liu; O'Reilly</li> -<li>The Docker Book; James Turnbull; Kindle</li> +<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> +<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li> <li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li> -<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> -<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> -<li>Raku Fundamentals; Moritz Lenz; Apress</li> -<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> -<li>Java ist auch eine Insel; Christian Ullenboom; </li> +<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> +<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> +<li>C++ Programming Language; Bjarne Stroustrup;</li> <li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> -<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> -<li>Funktionale Programmierung; Peter Pepper; Springer</li> <li>Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly</li> -<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> +<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> +<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> +<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> +<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> +<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> <li>Modern Perl; Chromatic ; Onyx Neon Press</li> -<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> -<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> <li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> -<li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li> +<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> +<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> +<li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> +<li>The Docker Book; James Turnbull; Kindle</li> +<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> +<li>Raku Fundamentals; Moritz Lenz; Apress</li> +<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> +<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> +<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> +<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> <li>Developing Games in Java; David Brackeen and others...; New Riders</li> +<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> +<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> +<li>DNS and BIND; Cricket Liu; O'Reilly</li> +<li>Java ist auch eine Insel; Christian Ullenboom; </li> +<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> +<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> <li>Concurrency in Go; Katherine Cox-Buday; O'Reilly</li> +<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> +<li>Ultimate Go Notebook; Bill Kennedy</li> <li>Leanring eBPF; Liz Rice; O'Reilly</li> -<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> -<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> -<li>Effective awk programming; Arnold Robbins; O'Reilly</li> +<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> <li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> -<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> -<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> -<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> -<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> <li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li> -<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> -<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> -<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> -<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> -<li>Raku Recipes; J.J. Merelo; Apress</li> -<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> +<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> </ul><br /> <h2 style='display: inline' id='technical-references'>Technical references</h2><br /> <br /> <span>I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:</span><br /> <br /> <ul> -<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> -<li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li> <li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li> -<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> <li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> <li>Go: Design Patterns for Real-World Projects; Mat Ryer; Packt</li> -<li>Relayd and Httpd Mastery; Michael W Lucas</li> +<li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li> <li>Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly</li> +<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> +<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> +<li>Relayd and Httpd Mastery; Michael W Lucas</li> </ul><br /> <h2 style='display: inline' id='self-development-and-soft-skills-books'>Self-development and soft-skills books</h2><br /> <br /> <span>In random order:</span><br /> <br /> <ul> -<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> -<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> -<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> -<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li> -<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li> -<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> -<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> -<li>Atomic Habits; James Clear; Random House Business</li> -<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> +<li>Slow Productivity; Cal Newport; Penguin Random House</li> +<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> +<li>Deep Work; Cal Newport; Piatkus</li> <li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> +<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> <li>Soft Skills; John Sommez; Manning Publications</li> -<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> -<li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> -<li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li> -<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> +<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> +<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> +<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li> <li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> -<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> -<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> -<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> +<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> <li>Ultralearning; Scott Young; Thorsons</li> +<li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> <li>The Power of Now; Eckhard Tolle; Yellow Kite</li> -<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> -<li>Slow Productivity; Cal Newport; Penguin Random House</li> -<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li> -<li>Deep Work; Cal Newport; Piatkus</li> -<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> -<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> -<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> -<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> -<li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li> -<li>Eat That Frog; Brian Tracy</li> -<li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> -<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li> <li>Ultralearning; Anna Laurent; Self-published via Amazon</li> -<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> +<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> +<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> +<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> +<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> <li>Getting Things Done; David Allen</li> +<li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li> +<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> +<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> +<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> <li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> +<li>Atomic Habits; James Clear; Random House Business</li> +<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> <li>The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li> +<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li> +<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> +<li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li> +<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> +<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> +<li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> +<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li> +<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li> +<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> +<li>Eat That Frog; Brian Tracy</li> </ul><br /> <a class='textlink' href='../notes/index.html'>Here are notes of mine for some of the books</a><br /> <br /> @@ -164,22 +164,22 @@ <span>Some of these were in-person with exams; others were online learning lectures only. In random order:</span><br /> <br /> <ul> -<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> -<li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li> -<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> +<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> <li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li> -<li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> -<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> <li>MySQL Deep Dive Workshop; 2-day on-site training</li> -<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> -<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> -<li>Apache Tomcat Best Practises; 3-day on-site training</li> -<li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> <li>Protocol buffers; O'Reilly Online</li> -<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> -<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> <li>Functional programming lecture; Remote University of Hagen</li> +<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> +<li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> +<li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> +<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> <li>Scripting Vim; Damian Conway; O'Reilly Online</li> +<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> +<li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li> +<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> +<li>Apache Tomcat Best Practises; 3-day on-site training</li> +<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> +<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> </ul><br /> <h2 style='display: inline' id='technical-guides'>Technical guides</h2><br /> <br /> @@ -187,8 +187,8 @@ <br /> <ul> <li>How CPUs work at https://cpu.land</li> -<li>Raku Guide at https://raku.guide </li> <li>Advanced Bash-Scripting Guide </li> +<li>Raku Guide at https://raku.guide </li> </ul><br /> <h2 style='display: inline' id='podcasts'>Podcasts</h2><br /> <br /> @@ -197,51 +197,51 @@ <span>In random order:</span><br /> <br /> <ul> -<li>Pratical AI</li> -<li>Modern Mentor</li> -<li>Backend Banter</li> <li>Maintainable</li> -<li>The Pragmatic Engineer Podcast</li> <li>Fork Around And Find Out</li> -<li>Hidden Brain</li> -<li>BSD Now [BSD]</li> -<li>Deep Questions with Cal Newport</li> -<li>Cup o' Go [Golang]</li> <li>The ProdCast (Google SRE Podcast)</li> <li>Wednesday Wisdom</li> -<li>The Changelog Podcast(s)</li> -<li>Fallthrough [Golang]</li> +<li>Backend Banter</li> +<li>Hidden Brain</li> <li>Dev Interrupted</li> +<li>Cup o' Go [Golang]</li> +<li>Pratical AI</li> +<li>The Pragmatic Engineer Podcast</li> +<li>Fallthrough [Golang]</li> +<li>Deep Questions with Cal Newport</li> +<li>BSD Now [BSD]</li> +<li>Modern Mentor</li> +<li>The Changelog Podcast(s)</li> </ul><br /> <h3 style='display: inline' id='podcasts-i-liked'>Podcasts I liked</h3><br /> <br /> <span>I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.</span><br /> <br /> <ul> -<li>CRE: Chaosradio Express [german]</li> -<li>FLOSS weekly</li> <li>Java Pub House</li> <li>Ship It (predecessor of Fork Around And Find Out)</li> -<li>Go Time (predecessor of fallthrough)</li> <li>Modern Mentor</li> +<li>Go Time (predecessor of fallthrough)</li> +<li>FLOSS weekly</li> +<li>CRE: Chaosradio Express [german]</li> </ul><br /> <h2 style='display: inline' id='newsletters-i-like'>Newsletters I like</h2><br /> <br /> <span>This is a mix of tech and non-tech newsletters I am subscribed to. In random order:</span><br /> <br /> <ul> -<li>Register Spill</li> -<li>The Pragmatic Engineer</li> -<li>Golang Weekly</li> -<li>Applied Go Weekly Newsletter</li> -<li>byteSizeGo</li> -<li>Changelog News</li> -<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> -<li>Ruby Weekly</li> <li>The Imperfectionist</li> +<li>Ruby Weekly</li> +<li>The Pragmatic Engineer</li> +<li>Register Spill</li> <li>VK Newsletter</li> +<li>byteSizeGo</li> <li>Monospace Mentor</li> +<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> +<li>Applied Go Weekly Newsletter</li> +<li>Changelog News</li> <li>The Valuable Dev</li> +<li>Golang Weekly</li> </ul><br /> <h2 style='display: inline' id='magazines-i-liked'>Magazines I like(d)</h2><br /> <br /> diff --git a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html index 80a0173f..7a8207f3 100644 --- a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html +++ b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html @@ -68,13 +68,9 @@ <li>⇢ ⇢ <a href='#manual-openbsd-interface-configuration'>Manual OpenBSD interface configuration</a></li> <li>⇢ ⇢ <a href='#verifying-dual-stack-connectivity'>Verifying dual-stack connectivity</a></li> <li>⇢ ⇢ <a href='#benefits-of-dual-stack'>Benefits of dual-stack</a></li> -<li>⇢ <a href='#manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</a></li> -<li>⇢ ⇢ <a href='#configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</a></li> -<li>⇢ ⇢ <a href='#configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</a></li> -<li>⇢ ⇢ <a href='#using-manual-failover-on-android'>Using manual failover on Android</a></li> -<li>⇢ ⇢ <a href='#using-manual-failover-on-linux'>Using manual failover on Linux</a></li> <li>⇢ <a href='#happy-wireguard-ing'>Happy WireGuard-ing</a></li> <li>⇢ <a href='#managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</a></li> +<li>⇢ ⇢ <a href='#manual-gateway-failover-configuration'>Manual gateway failover configuration</a></li> <li>⇢ ⇢ <a href='#starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</a></li> <li>⇢ ⇢ <a href='#starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</a></li> <li>⇢ ⇢ <a href='#verifying-connectivity'>Verifying connectivity</a></li> @@ -575,9 +571,40 @@ hosts: exclude_peers: - earth - pixel7pro - # f1 and f2 similarly configured with exclude_peers for roaming clients - # (full config omitted for brevity) - ... + f1: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.131' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.131' + ipv6: 'fd42:beef:cafe:2::131' + exclude_peers: + - earth + - pixel7pro + f2: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.132' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.132' + ipv6: 'fd42:beef:cafe:2::132' + exclude_peers: + - earth + - pixel7pro r0: os: Linux ssh: @@ -595,8 +622,40 @@ hosts: exclude_peers: - earth - pixel7pro - # r1 and r2 similarly configured - ... + r1: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.121' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.121' + ipv6: 'fd42:beef:cafe:2::121' + exclude_peers: + - earth + - pixel7pro + r2: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.122' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.122' + ipv6: 'fd42:beef:cafe:2::122' + exclude_peers: + - earth + - pixel7pro blowfish: os: OpenBSD ssh: @@ -1105,7 +1164,7 @@ up !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf </pre> <br /> -<span>**Important**: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br /> +<span>Important: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br /> <br /> <span>Apply the configuration:</span><br /> <br /> @@ -1147,70 +1206,11 @@ root@r0:~ <i><font color="silver"># ping6 -c 2 fd42:beef:cafe:2::130 # IPv6 to <span>Adding IPv6 to the mesh network provides:</span><br /> <br /> <ul> -<li>**Future-proofing**: Ready for IPv6-only services and networks</li> -<li>**Compatibility**: Dual-stack maintains full IPv4 compatibility</li> -<li>**Learning**: Hands-on experience with IPv6 networking</li> -<li>**Flexibility**: Roaming clients can access both IPv4 and IPv6 internet resources</li> -</ul><br /> -<h2 style='display: inline' id='manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</h2><br /> -<br /> -<span>WireGuard doesn't automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways (blowfish and fishfinger) are configured with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup.</span><br /> -<br /> -<span>To enable manual failover, separate configuration files have been created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer.</span><br /> -<br /> -<h3 style='display: inline' id='configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</h3><br /> -<br /> -<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br /> -<br /> -<ul> -<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway (23.88.35.144)</li> -<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway (46.23.94.99)</li> +<li>Future-proofing: Ready for IPv6-only services and networks</li> +<li>Compatibility: Dual-stack maintains full IPv4 compatibility</li> +<li>Learning: Hands-on experience with IPv6 networking</li> +<li>Flexibility: Roaming clients can access both IPv4 and IPv6 internet resources</li> </ul><br /> -<h3 style='display: inline' id='configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</h3><br /> -<br /> -<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br /> -<br /> -<ul> -<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway</li> -<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway</li> -</ul><br /> -<h3 style='display: inline' id='using-manual-failover-on-android'>Using manual failover on Android</h3><br /> -<br /> -<span>On the pixel7pro phone, import both QR codes using the WireGuard app to create two separate tunnel profiles:</span><br /> -<br /> -<!-- Generator: GNU source-highlight 3.1.9 -by Lorenzo Bettini -http://www.lorenzobettini.it -http://www.gnu.org/software/src-highlite --> -<pre><i><font color="silver"># Generate QR codes</font></i> -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf -</pre> -<br /> -<span>In the WireGuard app, you can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br /> -<br /> -<h3 style='display: inline' id='using-manual-failover-on-linux'>Using manual failover on Linux</h3><br /> -<br /> -<span>On the earth laptop, copy both configs and use systemd to switch between them:</span><br /> -<br /> -<!-- Generator: GNU source-highlight 3.1.9 -by Lorenzo Bettini -http://www.lorenzobettini.it -http://www.gnu.org/software/src-highlite --> -<pre><i><font color="silver"># Install both configurations</font></i> -sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/ -sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/ - -<i><font color="silver"># Start with blowfish gateway</font></i> -sudo systemctl start wg-quick@wg0-blowfish.service - -<i><font color="silver"># To switch to fishfinger gateway</font></i> -sudo systemctl stop wg-quick@wg0-blowfish.service -sudo systemctl start wg-quick@wg0-fishfinger.service -</pre> -<br /> -<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br /> -<br /> <h2 style='display: inline' id='happy-wireguard-ing'>Happy WireGuard-ing</h2><br /> <br /> <span>All is set up now. E.g. on <span class='inlinecode'>f0</span>:</span><br /> @@ -1400,17 +1400,69 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8= <br /> <h2 style='display: inline' id='managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</h2><br /> <br /> -<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to start and stop the WireGuard tunnels.</span><br /> +<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to configure and manage the WireGuard tunnels.</span><br /> +<br /> +<h3 style='display: inline' id='manual-gateway-failover-configuration'>Manual gateway failover configuration</h3><br /> +<br /> +<span>The default configuration for roaming clients includes both gateways (blowfish and fishfinger) with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>. However, WireGuard doesn't automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways are configured this way, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup gateway.</span><br /> +<br /> +<span>To enable manual failover, separate configuration files can be created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer. This provides explicit control over which gateway handles traffic.</span><br /> +<br /> +<span>Configuration files for pixel7pro (phone):</span><br /> +<br /> +<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br /> +<br /> +<ul> +<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway (23.88.35.144)</li> +<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway (46.23.94.99)</li> +</ul><br /> +<span>Generate QR codes for importing into the WireGuard Android app:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf +qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf +</pre> +<br /> +<span>Import both QR codes using the WireGuard app to create two separate tunnel profiles. You can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br /> +<br /> +<span>Configuration files for earth (laptop):</span><br /> +<br /> +<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br /> +<br /> +<ul> +<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway</li> +<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway</li> +</ul><br /> +<span>Install both configurations:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/ +sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/ +</pre> +<br /> +<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br /> <br /> <h3 style='display: inline' id='starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</h3><br /> <br /> -<span>On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel:</span><br /> +<span>On the Fedora laptop, WireGuard is managed via systemd. Using the separate gateway configs:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl start wg-quick@wg0.service +<pre><i><font color="silver"># Start with blowfish gateway</font></i> +earth$ sudo systemctl start wg-quick@wg0-blowfish.service + +<i><font color="silver"># Or start with fishfinger gateway</font></i> +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service + +<i><font color="silver"># Check tunnel status</font></i> earth$ sudo wg show interface: wg0 public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo= @@ -1435,43 +1487,45 @@ peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns= persistent keepalive: every <font color="#000000">25</font> seconds </pre> <br /> -<span>Stoppint the tunnel:</span><br /> +<span>Stopping the tunnel:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl stop wg-quick@wg0.service +<pre>earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +<i><font color="silver"># Or if using fishfinger:</font></i> +earth$ sudo systemctl stop wg-quick@wg0-fishfinger.service + earth$ sudo wg show <i><font color="silver"># No output - WireGuard interface is down</font></i> </pre> <br /> -<span>Checking the tunnel status:</span><br /> +<span>Switching between gateways:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl status wg-quick@wg0.service -● wg-quick@wg0.service - WireGuard via wg-quick(<font color="#000000">8</font>) <b><u><font color="#000000">for</font></u></b> wg0 - Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled) - Active: active (exited) since Sun <font color="#000000">2026</font>-<font color="#000000">01</font>-<font color="#000000">11</font> <font color="#000000">22</font>:<font color="#000000">45</font>:<font color="#000000">00</font> EET +<pre><i><font color="silver"># Switch from blowfish to fishfinger</font></i> +earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service </pre> <br /> -<span>The service remains <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active.</span><br /> +<span>The services remain <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active and which gateway to use.</span><br /> <br /> <h3 style='display: inline' id='starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</h3><br /> <br /> -<span>On Android using the official WireGuard app, tunnel management is like this:</span><br /> +<span>On Android using the official WireGuard app, you now have two tunnel profiles (wg0-blowfish and wg0-fishfinger) after importing the QR codes:</span><br /> <br /> -<span>Starting the tunnel:</span><br /> +<span>Starting a tunnel:</span><br /> <br /> <ul> <li>1. Open the WireGuard app</li> -<li>2. Tap the toggle switch next to the <span class='inlinecode'>pixel7pro</span> tunnel configuration</li> +<li>2. Tap the toggle switch next to either <span class='inlinecode'>wg0-blowfish</span> or <span class='inlinecode'>wg0-fishfinger</span> tunnel configuration</li> <li>3. The switch turns blue/green and shows "Active"</li> <li>4. A key icon appears in the notification bar indicating VPN is active</li> -<li>5. All traffic now routes through the VPN</li> +<li>5. All traffic now routes through the selected gateway</li> </ul><br /> <span>Stopping the tunnel:</span><br /> <br /> @@ -1482,6 +1536,13 @@ http://www.gnu.org/software/src-highlite --> <li>4. The notification bar key icon disappears</li> <li>5. Normal internet routing resumes</li> </ul><br /> +<span>Switching between gateways:</span><br /> +<br /> +<ul> +<li>1. Disable the currently active tunnel (e.g., wg0-blowfish)</li> +<li>2. Enable the other tunnel (e.g., wg0-fishfinger)</li> +<li>Only enable one tunnel at a time</li> +</ul><br /> <span>Quick toggling from notification:</span><br /> <br /> <ul> @@ -1511,7 +1572,7 @@ earth$ ping -c<font color="#000000">2</font> fishfinger.wg0 earth$ curl https://ifconfig.me <i><font color="silver"># Should show gateway's public IP</font></i> </pre> <br /> -<span>Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth, or observe which gateway shows recent handshakes and increasing transfer bytes.</span><br /> +<span>Check which gateway is active: Check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth to see which peer shows recent handshakes and increasing transfer bytes. On Android, the WireGuard app shows the active tunnel with data transfer statistics.</span><br /> <br /> <h2 style='display: inline' id='conclusion'>Conclusion</h2><br /> <br /> diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml index 92baa74d..8f6aa951 100644 --- a/gemfeed/atom.xml +++ b/gemfeed/atom.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> - <updated>2026-01-17T00:03:44+02:00</updated> + <updated>2026-01-17T00:15:15+02:00</updated> <title>foo.zone feed</title> <subtitle>To be in the .zone!</subtitle> <link href="https://foo.zone/gemfeed/atom.xml" rel="self" /> @@ -9632,13 +9632,9 @@ Jul <font color="#000000">06</font> <font color="#000000">10</font>:<font color= <li>⇢ ⇢ <a href='#manual-openbsd-interface-configuration'>Manual OpenBSD interface configuration</a></li> <li>⇢ ⇢ <a href='#verifying-dual-stack-connectivity'>Verifying dual-stack connectivity</a></li> <li>⇢ ⇢ <a href='#benefits-of-dual-stack'>Benefits of dual-stack</a></li> -<li>⇢ <a href='#manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</a></li> -<li>⇢ ⇢ <a href='#configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</a></li> -<li>⇢ ⇢ <a href='#configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</a></li> -<li>⇢ ⇢ <a href='#using-manual-failover-on-android'>Using manual failover on Android</a></li> -<li>⇢ ⇢ <a href='#using-manual-failover-on-linux'>Using manual failover on Linux</a></li> <li>⇢ <a href='#happy-wireguard-ing'>Happy WireGuard-ing</a></li> <li>⇢ <a href='#managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</a></li> +<li>⇢ ⇢ <a href='#manual-gateway-failover-configuration'>Manual gateway failover configuration</a></li> <li>⇢ ⇢ <a href='#starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</a></li> <li>⇢ ⇢ <a href='#starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</a></li> <li>⇢ ⇢ <a href='#verifying-connectivity'>Verifying connectivity</a></li> @@ -10139,9 +10135,40 @@ hosts: exclude_peers: - earth - pixel7pro - # f1 and f2 similarly configured with exclude_peers for roaming clients - # (full config omitted for brevity) - ... + f1: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.131' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.131' + ipv6: 'fd42:beef:cafe:2::131' + exclude_peers: + - earth + - pixel7pro + f2: + os: FreeBSD + ssh: + user: paul + conf_dir: /usr/local/etc/wireguard + sudo_cmd: doas + reload_cmd: service wireguard reload + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.132' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.132' + ipv6: 'fd42:beef:cafe:2::132' + exclude_peers: + - earth + - pixel7pro r0: os: Linux ssh: @@ -10159,8 +10186,40 @@ hosts: exclude_peers: - earth - pixel7pro - # r1 and r2 similarly configured - ... + r1: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.121' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.121' + ipv6: 'fd42:beef:cafe:2::121' + exclude_peers: + - earth + - pixel7pro + r2: + os: Linux + ssh: + user: root + conf_dir: /etc/wireguard + sudo_cmd: + reload_cmd: systemctl reload wg-quick@wg0.service + lan: + domain: 'lan.buetow.org' + ip: '192.168.1.122' + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.122' + ipv6: 'fd42:beef:cafe:2::122' + exclude_peers: + - earth + - pixel7pro blowfish: os: OpenBSD ssh: @@ -10669,7 +10728,7 @@ up !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf </pre> <br /> -<span>**Important**: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br /> +<span>Important: The IPv6 address must be specified before the <span class='inlinecode'>up</span> directive. This ensures the interface has both addresses configured before WireGuard peers are loaded.</span><br /> <br /> <span>Apply the configuration:</span><br /> <br /> @@ -10711,70 +10770,11 @@ root@r0:~ <i><font color="silver"># ping6 -c 2 fd42:beef:cafe:2::130 # IPv6 to <span>Adding IPv6 to the mesh network provides:</span><br /> <br /> <ul> -<li>**Future-proofing**: Ready for IPv6-only services and networks</li> -<li>**Compatibility**: Dual-stack maintains full IPv4 compatibility</li> -<li>**Learning**: Hands-on experience with IPv6 networking</li> -<li>**Flexibility**: Roaming clients can access both IPv4 and IPv6 internet resources</li> -</ul><br /> -<h2 style='display: inline' id='manual-gateway-failover-for-roaming-clients'>Manual gateway failover for roaming clients</h2><br /> -<br /> -<span>WireGuard doesn't automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways (blowfish and fishfinger) are configured with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup.</span><br /> -<br /> -<span>To enable manual failover, separate configuration files have been created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer.</span><br /> -<br /> -<h3 style='display: inline' id='configuration-files-for-pixel7pro-phone'>Configuration files for pixel7pro (phone)</h3><br /> -<br /> -<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br /> -<br /> -<ul> -<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway (23.88.35.144)</li> -<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway (46.23.94.99)</li> +<li>Future-proofing: Ready for IPv6-only services and networks</li> +<li>Compatibility: Dual-stack maintains full IPv4 compatibility</li> +<li>Learning: Hands-on experience with IPv6 networking</li> +<li>Flexibility: Roaming clients can access both IPv4 and IPv6 internet resources</li> </ul><br /> -<h3 style='display: inline' id='configuration-files-for-earth-laptop'>Configuration files for earth (laptop)</h3><br /> -<br /> -<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br /> -<br /> -<ul> -<li>**wg0-blowfish.conf** - Routes all traffic through blowfish gateway</li> -<li>**wg0-fishfinger.conf** - Routes all traffic through fishfinger gateway</li> -</ul><br /> -<h3 style='display: inline' id='using-manual-failover-on-android'>Using manual failover on Android</h3><br /> -<br /> -<span>On the pixel7pro phone, import both QR codes using the WireGuard app to create two separate tunnel profiles:</span><br /> -<br /> -<!-- Generator: GNU source-highlight 3.1.9 -by Lorenzo Bettini -http://www.lorenzobettini.it -http://www.gnu.org/software/src-highlite --> -<pre><i><font color="silver"># Generate QR codes</font></i> -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf -qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf -</pre> -<br /> -<span>In the WireGuard app, you can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br /> -<br /> -<h3 style='display: inline' id='using-manual-failover-on-linux'>Using manual failover on Linux</h3><br /> -<br /> -<span>On the earth laptop, copy both configs and use systemd to switch between them:</span><br /> -<br /> -<!-- Generator: GNU source-highlight 3.1.9 -by Lorenzo Bettini -http://www.lorenzobettini.it -http://www.gnu.org/software/src-highlite --> -<pre><i><font color="silver"># Install both configurations</font></i> -sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/ -sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/ - -<i><font color="silver"># Start with blowfish gateway</font></i> -sudo systemctl start wg-quick@wg0-blowfish.service - -<i><font color="silver"># To switch to fishfinger gateway</font></i> -sudo systemctl stop wg-quick@wg0-blowfish.service -sudo systemctl start wg-quick@wg0-fishfinger.service -</pre> -<br /> -<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br /> -<br /> <h2 style='display: inline' id='happy-wireguard-ing'>Happy WireGuard-ing</h2><br /> <br /> <span>All is set up now. E.g. on <span class='inlinecode'>f0</span>:</span><br /> @@ -10964,17 +10964,69 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8= <br /> <h2 style='display: inline' id='managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</h2><br /> <br /> -<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to start and stop the WireGuard tunnels.</span><br /> +<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to configure and manage the WireGuard tunnels.</span><br /> +<br /> +<h3 style='display: inline' id='manual-gateway-failover-configuration'>Manual gateway failover configuration</h3><br /> +<br /> +<span>The default configuration for roaming clients includes both gateways (blowfish and fishfinger) with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span>. However, WireGuard doesn't automatically failover between multiple peers with identical <span class='inlinecode'>AllowedIPs</span> routes. When both gateways are configured this way, WireGuard uses the first peer with a recent handshake. If that gateway goes down, traffic won't automatically switch to the backup gateway.</span><br /> +<br /> +<span>To enable manual failover, separate configuration files can be created for roaming clients (earth laptop and pixel7pro phone), each containing only a single gateway peer. This provides explicit control over which gateway handles traffic.</span><br /> +<br /> +<span>Configuration files for pixel7pro (phone):</span><br /> +<br /> +<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/pixel7pro/etc/wireguard/</span>:</span><br /> +<br /> +<ul> +<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway (23.88.35.144)</li> +<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway (46.23.94.99)</li> +</ul><br /> +<span>Generate QR codes for importing into the WireGuard Android app:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf +qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf +</pre> +<br /> +<span>Import both QR codes using the WireGuard app to create two separate tunnel profiles. You can then manually enable/disable each tunnel to select which gateway to use. Only enable one tunnel at a time.</span><br /> +<br /> +<span>Configuration files for earth (laptop):</span><br /> +<br /> +<span>Two separate configs in <span class='inlinecode'>/home/paul/git/wireguardmeshgenerator/dist/earth/etc/wireguard/</span>:</span><br /> +<br /> +<ul> +<li>wg0-blowfish.conf - Routes all traffic through blowfish gateway</li> +<li>wg0-fishfinger.conf - Routes all traffic through fishfinger gateway</li> +</ul><br /> +<span>Install both configurations:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-blowfish.conf /etc/wireguard/ +sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>-fishfinger.conf /etc/wireguard/ +</pre> +<br /> +<span>This approach provides explicit control over which gateway handles roaming client traffic, useful when one gateway needs maintenance or experiences connectivity issues.</span><br /> <br /> <h3 style='display: inline' id='starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</h3><br /> <br /> -<span>On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel:</span><br /> +<span>On the Fedora laptop, WireGuard is managed via systemd. Using the separate gateway configs:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl start wg-quick@wg0.service +<pre><i><font color="silver"># Start with blowfish gateway</font></i> +earth$ sudo systemctl start wg-quick@wg0-blowfish.service + +<i><font color="silver"># Or start with fishfinger gateway</font></i> +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service + +<i><font color="silver"># Check tunnel status</font></i> earth$ sudo wg show interface: wg0 public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo= @@ -10999,43 +11051,45 @@ peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns= persistent keepalive: every <font color="#000000">25</font> seconds </pre> <br /> -<span>Stoppint the tunnel:</span><br /> +<span>Stopping the tunnel:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl stop wg-quick@wg0.service +<pre>earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +<i><font color="silver"># Or if using fishfinger:</font></i> +earth$ sudo systemctl stop wg-quick@wg0-fishfinger.service + earth$ sudo wg show <i><font color="silver"># No output - WireGuard interface is down</font></i> </pre> <br /> -<span>Checking the tunnel status:</span><br /> +<span>Switching between gateways:</span><br /> <br /> <!-- Generator: GNU source-highlight 3.1.9 by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -<pre>earth$ sudo systemctl status wg-quick@wg0.service -● wg-quick@wg0.service - WireGuard via wg-quick(<font color="#000000">8</font>) <b><u><font color="#000000">for</font></u></b> wg0 - Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled) - Active: active (exited) since Sun <font color="#000000">2026</font>-<font color="#000000">01</font>-<font color="#000000">11</font> <font color="#000000">22</font>:<font color="#000000">45</font>:<font color="#000000">00</font> EET +<pre><i><font color="silver"># Switch from blowfish to fishfinger</font></i> +earth$ sudo systemctl stop wg-quick@wg0-blowfish.service +earth$ sudo systemctl start wg-quick@wg0-fishfinger.service </pre> <br /> -<span>The service remains <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active.</span><br /> +<span>The services remain <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active and which gateway to use.</span><br /> <br /> <h3 style='display: inline' id='starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</h3><br /> <br /> -<span>On Android using the official WireGuard app, tunnel management is like this:</span><br /> +<span>On Android using the official WireGuard app, you now have two tunnel profiles (wg0-blowfish and wg0-fishfinger) after importing the QR codes:</span><br /> <br /> -<span>Starting the tunnel:</span><br /> +<span>Starting a tunnel:</span><br /> <br /> <ul> <li>1. Open the WireGuard app</li> -<li>2. Tap the toggle switch next to the <span class='inlinecode'>pixel7pro</span> tunnel configuration</li> +<li>2. Tap the toggle switch next to either <span class='inlinecode'>wg0-blowfish</span> or <span class='inlinecode'>wg0-fishfinger</span> tunnel configuration</li> <li>3. The switch turns blue/green and shows "Active"</li> <li>4. A key icon appears in the notification bar indicating VPN is active</li> -<li>5. All traffic now routes through the VPN</li> +<li>5. All traffic now routes through the selected gateway</li> </ul><br /> <span>Stopping the tunnel:</span><br /> <br /> @@ -11046,6 +11100,13 @@ http://www.gnu.org/software/src-highlite --> <li>4. The notification bar key icon disappears</li> <li>5. Normal internet routing resumes</li> </ul><br /> +<span>Switching between gateways:</span><br /> +<br /> +<ul> +<li>1. Disable the currently active tunnel (e.g., wg0-blowfish)</li> +<li>2. Enable the other tunnel (e.g., wg0-fishfinger)</li> +<li>Only enable one tunnel at a time</li> +</ul><br /> <span>Quick toggling from notification:</span><br /> <br /> <ul> @@ -11075,7 +11136,7 @@ earth$ ping -c<font color="#000000">2</font> fishfinger.wg0 earth$ curl https://ifconfig.me <i><font color="silver"># Should show gateway's public IP</font></i> </pre> <br /> -<span>Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth, or observe which gateway shows recent handshakes and increasing transfer bytes.</span><br /> +<span>Check which gateway is active: Check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth to see which peer shows recent handshakes and increasing transfer bytes. On Android, the WireGuard app shows the active tunnel with data transfer statistics.</span><br /> <br /> <h2 style='display: inline' id='conclusion'>Conclusion</h2><br /> <br /> @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='hello'>Hello!</h1><br /> <br /> -<span class='quote'>This site was generated at 2026-01-17T00:03:44+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> +<span class='quote'>This site was generated at 2026-01-17T00:15:15+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> <br /> <span>Welcome to the foo.zone!</span><br /> <br /> diff --git a/uptime-stats.html b/uptime-stats.html index cca46497..590759f2 100644 --- a/uptime-stats.html +++ b/uptime-stats.html @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='my-machine-uptime-stats'>My machine uptime stats</h1><br /> <br /> -<span class='quote'>This site was last updated at 2026-01-17T00:03:44+02:00</span><br /> +<span class='quote'>This site was last updated at 2026-01-17T00:15:15+02:00</span><br /> <br /> <span>The following stats were collected via <span class='inlinecode'>uptimed</span> on all of my personal computers over many years and the output was generated by <span class='inlinecode'>guprecords</span>, the global uptime records stats analyser of mine.</span><br /> <br /> |