diff options
| -rw-r--r-- | about/resources.html | 204 | ||||
| -rw-r--r-- | gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html | 362 | ||||
| -rw-r--r-- | gemfeed/atom.xml | 366 | ||||
| -rw-r--r-- | gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg | 2183 | ||||
| -rw-r--r-- | gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg | 772 | ||||
| -rw-r--r-- | index.html | 2 | ||||
| -rw-r--r-- | uptime-stats.html | 2 |
7 files changed, 2893 insertions, 998 deletions
diff --git a/about/resources.html b/about/resources.html index 2cff1495..7c4dfacb 100644 --- a/about/resources.html +++ b/about/resources.html @@ -50,67 +50,67 @@ <span>In random order:</span><br /> <br /> <ul> -<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> -<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> -<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> -<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> -<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> -<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> -<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> -<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> <li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li> -<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> -<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> -<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> +<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> +<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> +<li>The Docker Book; James Turnbull; Kindle</li> <li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> -<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> -<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> -<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> -<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> -<li>Leanring eBPF; Liz Rice; O'Reilly</li> -<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> -<li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li> -<li>Developing Games in Java; David Brackeen and others...; New Riders</li> -<li>Raku Fundamentals; Moritz Lenz; Apress</li> -<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> -<li>Concurrency in Go; Katherine Cox-Buday; O'Reilly</li> -<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> -<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> -<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> -<li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> -<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li> -<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> -<li>C++ Programming Language; Bjarne Stroustrup;</li> <li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> -<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> -<li>Java ist auch eine Insel; Christian Ullenboom; </li> -<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> <li>DNS and BIND; Cricket Liu; O'Reilly</li> -<li>Effective awk programming; Arnold Robbins; O'Reilly</li> -<li>Modern Perl; Chromatic ; Onyx Neon Press</li> -<li>Raku Recipes; J.J. Merelo; Apress</li> -<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> +<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> +<li>Java ist auch eine Insel; Christian Ullenboom; </li> <li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> -<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> +<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> +<li>Leanring eBPF; Liz Rice; O'Reilly</li> +<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li> +<li>Modern Perl; Chromatic ; Onyx Neon Press</li> +<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> <li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> -<li>Funktionale Programmierung; Peter Pepper; Springer</li> +<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> +<li>Effective awk programming; Arnold Robbins; O'Reilly</li> +<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> <li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li> +<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> +<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> +<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> +<li>Concurrency in Go; Katherine Cox-Buday; O'Reilly</li> +<li>Raku Fundamentals; Moritz Lenz; Apress</li> <li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li> +<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> +<li>Funktionale Programmierung; Peter Pepper; Springer</li> +<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> +<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> +<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> +<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> +<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> +<li>C++ Programming Language; Bjarne Stroustrup;</li> +<li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li> +<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> +<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> <li>Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly</li> -<li>The Docker Book; James Turnbull; Kindle</li> +<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> +<li>Raku Recipes; J.J. Merelo; Apress</li> +<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> +<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> +<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> +<li>Developing Games in Java; David Brackeen and others...; New Riders</li> +<li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> +<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> </ul><br /> <h2 style='display: inline' id='technical-references'>Technical references</h2><br /> <br /> <span>I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:</span><br /> <br /> <ul> -<li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li> -<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> <li>Go: Design Patterns for Real-World Projects; Mat Ryer; Packt</li> -<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> -<li>Relayd and Httpd Mastery; Michael W Lucas</li> <li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li> <li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> +<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> +<li>Relayd and Httpd Mastery; Michael W Lucas</li> +<li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li> +<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> <li>Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly</li> </ul><br /> <h2 style='display: inline' id='self-development-and-soft-skills-books'>Self-development and soft-skills books</h2><br /> @@ -118,44 +118,44 @@ <span>In random order:</span><br /> <br /> <ul> -<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> +<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> <li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li> +<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> +<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li> <li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> -<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> -<li>Eat That Frog; Brian Tracy</li> -<li>The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li> -<li>Deep Work; Cal Newport; Piatkus</li> -<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> -<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> -<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> <li>The Power of Now; Eckhard Tolle; Yellow Kite</li> -<li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> -<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> -<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> -<li>Slow Productivity; Cal Newport; Penguin Random House</li> +<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> +<li>Soft Skills; John Sommez; Manning Publications</li> <li>Getting Things Done; David Allen</li> +<li>Eat That Frog; Brian Tracy</li> +<li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> +<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li> <li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> -<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> -<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> +<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> +<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> +<li>Ultralearning; Scott Young; Thorsons</li> +<li>Deep Work; Cal Newport; Piatkus</li> +<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> +<li>The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li> <li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> -<li>Atomic Habits; James Clear; Random House Business</li> +<li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> +<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> <li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> +<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> +<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> <li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li> -<li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> -<li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> -<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> -<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li> -<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> -<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> -<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> +<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> <li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li> +<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> +<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> +<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> <li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li> -<li>Soft Skills; John Sommez; Manning Publications</li> -<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> -<li>Ultralearning; Scott Young; Thorsons</li> +<li>Atomic Habits; James Clear; Random House Business</li> <li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> -<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> -<li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li> +<li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> +<li>Slow Productivity; Cal Newport; Penguin Random House</li> +<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> +<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> </ul><br /> <a class='textlink' href='../notes/index.html'>Here are notes of mine for some of the books</a><br /> <br /> @@ -164,30 +164,30 @@ <span>Some of these were in-person with exams; others were online learning lectures only. In random order:</span><br /> <br /> <ul> -<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> <li>Scripting Vim; Damian Conway; O'Reilly Online</li> -<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> -<li>Functional programming lecture; Remote University of Hagen</li> -<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> -<li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> -<li>MySQL Deep Dive Workshop; 2-day on-site training</li> <li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> -<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> -<li>Protocol buffers; O'Reilly Online</li> -<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> +<li>MySQL Deep Dive Workshop; 2-day on-site training</li> <li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li> -<li>Apache Tomcat Best Practises; 3-day on-site training</li> -<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> <li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> +<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> +<li>Apache Tomcat Best Practises; 3-day on-site training</li> +<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> +<li>Protocol buffers; O'Reilly Online</li> <li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li> +<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> +<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> +<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> +<li>Functional programming lecture; Remote University of Hagen</li> +<li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> +<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> </ul><br /> <h2 style='display: inline' id='technical-guides'>Technical guides</h2><br /> <br /> <span>These are not whole books, but guides (smaller or larger) which I found very useful. in random order:</span><br /> <br /> <ul> -<li>Raku Guide at https://raku.guide </li> <li>Advanced Bash-Scripting Guide </li> +<li>Raku Guide at https://raku.guide </li> <li>How CPUs work at https://cpu.land</li> </ul><br /> <h2 style='display: inline' id='podcasts'>Podcasts</h2><br /> @@ -198,60 +198,60 @@ <br /> <ul> <li>Backend Banter</li> -<li>BSD Now [BSD]</li> -<li>Fork Around And Find Out</li> -<li>Cup o' Go [Golang]</li> -<li>Pratical AI</li> -<li>The ProdCast (Google SRE Podcast)</li> <li>The Pragmatic Engineer Podcast</li> -<li>Modern Mentor</li> +<li>Fallthrough [Golang]</li> <li>Deep Questions with Cal Newport</li> -<li>Hidden Brain</li> <li>Maintainable</li> +<li>Fork Around And Find Out</li> +<li>The ProdCast (Google SRE Podcast)</li> +<li>Modern Mentor</li> <li>The Changelog Podcast(s)</li> -<li>Fallthrough [Golang]</li> -<li>Dev Interrupted</li> +<li>Pratical AI</li> +<li>Hidden Brain</li> +<li>BSD Now [BSD]</li> <li>Wednesday Wisdom</li> +<li>Cup o' Go [Golang]</li> +<li>Dev Interrupted</li> </ul><br /> <h3 style='display: inline' id='podcasts-i-liked'>Podcasts I liked</h3><br /> <br /> <span>I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.</span><br /> <br /> <ul> -<li>Ship It (predecessor of Fork Around And Find Out)</li> <li>Modern Mentor</li> -<li>FLOSS weekly</li> <li>Go Time (predecessor of fallthrough)</li> -<li>CRE: Chaosradio Express [german]</li> +<li>FLOSS weekly</li> <li>Java Pub House</li> +<li>Ship It (predecessor of Fork Around And Find Out)</li> +<li>CRE: Chaosradio Express [german]</li> </ul><br /> <h2 style='display: inline' id='newsletters-i-like'>Newsletters I like</h2><br /> <br /> <span>This is a mix of tech and non-tech newsletters I am subscribed to. In random order:</span><br /> <br /> <ul> -<li>Ruby Weekly</li> <li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> -<li>Golang Weekly</li> +<li>VK Newsletter</li> +<li>The Imperfectionist</li> <li>Applied Go Weekly Newsletter</li> <li>The Valuable Dev</li> <li>Changelog News</li> -<li>Register Spill</li> -<li>The Imperfectionist</li> -<li>Monospace Mentor</li> +<li>Golang Weekly</li> <li>byteSizeGo</li> +<li>Monospace Mentor</li> <li>The Pragmatic Engineer</li> -<li>VK Newsletter</li> +<li>Ruby Weekly</li> +<li>Register Spill</li> </ul><br /> <h2 style='display: inline' id='magazines-i-liked'>Magazines I like(d)</h2><br /> <br /> <span>This is a mix of tech I like(d). I may not be a current subscriber, but now and then, I buy an issue. In random order:</span><br /> <br /> <ul> -<li>LWN (online only)</li> -<li>Linux User</li> <li>freeX (not published anymore)</li> <li>Linux Magazine</li> +<li>LWN (online only)</li> +<li>Linux User</li> </ul><br /> <h1 style='display: inline' id='formal-education'>Formal education</h1><br /> <br /> diff --git a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html index fdd2486f..896d4e04 100644 --- a/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html +++ b/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html @@ -13,12 +13,14 @@ </p> <h1 style='display: inline' id='f3s-kubernetes-with-freebsd---part-5-wireguard-mesh-network'>f3s: Kubernetes with FreeBSD - Part 5: WireGuard mesh network</h1><br /> <br /> -<span class='quote'>Published at 2025-05-11T11:35:57+03:00</span><br /> +<span class='quote'>Published at 2025-05-11T11:35:57+03:00, last updated Sun 11 Jan 21:33:40 EET 2026</span><br /> <br /> <span>This is the fifth blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.</span><br /> <br /> <span>I will post a new entry every month or so (there are too many other side projects for more frequent updates — I bet you can understand).</span><br /> <br /> +<span class='quote'>This post has been updated to include two roaming clients (<span class='inlinecode'>earth</span> - Fedora laptop, <span class='inlinecode'>pixel7pro</span> - Android phone) that connect to the mesh via the internet gateways. The updated content is integrated throughout the post.</span><br /> +<br /> <span>These are all the posts so far:</span><br /> <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> @@ -58,33 +60,58 @@ <li>⇢ ⇢ <a href='#generating-the-wg0conf-files-and-keys'>Generating the <span class='inlinecode'>wg0.conf</span> files and keys</a></li> <li>⇢ ⇢ <a href='#installing-the-wg0conf-files'>Installing the <span class='inlinecode'>wg0.conf</span> files</a></li> <li>⇢ ⇢ <a href='#re-generating-mesh-and-installing-the-wg0conf-files-again'>Re-generating mesh and installing the <span class='inlinecode'>wg0.conf</span> files again</a></li> +<li>⇢ ⇢ <a href='#setting-up-roaming-clients'>Setting up roaming clients</a></li> <li>⇢ <a href='#happy-wireguard-ing'>Happy WireGuard-ing</a></li> +<li>⇢ <a href='#managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</a></li> +<li>⇢ ⇢ <a href='#starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</a></li> +<li>⇢ ⇢ <a href='#starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</a></li> +<li>⇢ ⇢ <a href='#verifying-connectivity'>Verifying connectivity</a></li> <li>⇢ <a href='#conclusion'>Conclusion</a></li> </ul><br /> <h2 style='display: inline' id='introduction'>Introduction</h2><br /> <br /> -<span>By default, traffic within my home LAN, including traffic inside a k3s cluster, is not encrypted. While it resides in the "secure" home LAN, adopting a zero-trust policy means encryption is still preferable to ensure confidentiality and security. So we decide to secure all the traffic of all f3s participating hosts by building a mesh network of all participating hosts:</span><br /> +<span>By default, traffic within my home LAN, including traffic inside a k3s cluster, is not encrypted. While it resides in the "secure" home LAN, adopting a zero-trust policy means encryption is still preferable to ensure confidentiality and security. So we decide to secure all the traffic of all f3s participating hosts by building a mesh network:</span><br /> +<br /> +<a href='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg'><img alt='WireGuard mesh network topology' title='WireGuard mesh network topology' src='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg' /></a><br /> +<br /> +<span>The mesh network consists of eight infrastructure hosts and two roaming clients:</span><br /> <br /> -<a href='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg'><img alt='Full mesh network' title='Full mesh network' src='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg' /></a><br /> +<span>Infrastructure hosts (full mesh):</span><br /> <br /> -<span>Whereas <span class='inlinecode'>f0</span>, <span class='inlinecode'>f1</span>, and <span class='inlinecode'>f2</span> are the FreeBSD base hosts, <span class='inlinecode'>r0</span>, <span class='inlinecode'>r1</span>, and <span class='inlinecode'>r2</span> are the Rocky Linux Bhyve VMs, and <span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span> are two OpenBSD systems running on the internet (as mentioned in the first blog of this series—these systems are already built; in fact, this very blog is served by those OpenBSD systems).</span><br /> +<ul> +<li><span class='inlinecode'>f0</span>, <span class='inlinecode'>f1</span>, and <span class='inlinecode'>f2</span> are the FreeBSD base hosts in my home LAN</li> +<li><span class='inlinecode'>r0</span>, <span class='inlinecode'>r1</span>, and <span class='inlinecode'>r2</span> are the Rocky Linux Bhyve VMs running on the FreeBSD hosts</li> +<li><span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span> are two OpenBSD systems running on the internet (as mentioned in the first blog of this series—these systems are already built; in fact, this very blog is served by those OpenBSD systems)</li> +</ul><br /> +<span>oaming clients (gateway-only connections):</span><br /> <br /> -<span>As we can see from the graph, it is a true full-mesh network, where every host has a VPN tunnel to every other host. The benefit is that we do not need to route traffic through intermediate hosts (significantly simplifying the routing configuration). However, the downside is that there is some overhead in configuring and managing all the tunnels.</span><br /> +<ul> +<li><span class='inlinecode'>earth</span> is my Fedora laptop (192.168.2.200) which connects only to the internet gateways for remote access</li> +<li><span class='inlinecode'>pixel7pro</span> is my Android phone (192.168.2.201) which routes all traffic through the VPN when activated</li> +</ul><br /> +<span>As we can see from the diagram, the eight infrastructure hosts form a true full-mesh network, where every host has a VPN tunnel to every other host. The benefit is that we do not need to route traffic through intermediate hosts (significantly simplifying the routing configuration). However, the downside is that there is some overhead in configuring and managing all the tunnels. The roaming clients take a simpler approach—they only connect to the two internet-facing gateways (<span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>), which is sufficient for remote access and internet connectivity.</span><br /> <br /> <span>For simplicity, we also establish VPN tunnels between <span class='inlinecode'>f0 <-> r0</span>, <span class='inlinecode'>f1 <-> r1</span>, and <span class='inlinecode'>f2 <-> r2</span>. Technically, this wouldn't be strictly required since the VMs <span class='inlinecode'>rN</span> are running on the hosts <span class='inlinecode'>fN</span>, and no network traffic is leaving the box. However, it simplifies the configuration as we don't have to account for exceptions, and we are going to automate the mesh network configuration anyway (read on).</span><br /> <br /> <h3 style='display: inline' id='expected-traffic-flow'>Expected traffic flow</h3><br /> <br /> -<span>The traffic is expected to flow between the host groups through the mesh network as follows: </span><br /> +<span>The traffic is expected to flow between the host groups through the mesh network as follows:</span><br /> +<br /> +<span>nfrastructure mesh traffic:</span><br /> <br /> <ul> -<li><span class='inlinecode'>fN <-> rN</span>: The traffic between the FreeBSD hosts and the Rocky Linux VMs will be routed through the VPN tunnels for persistent storage. In a later post in this series, we will set up an NFS server on the <span class='inlinecode'>fN</span> hosts. </li> +<li><span class='inlinecode'>fN <-> rN</span>: The traffic between the FreeBSD hosts and the Rocky Linux VMs will be routed through the VPN tunnels for persistent storage. In a later post in this series, we will set up an NFS server on the <span class='inlinecode'>fN</span> hosts.</li> <li><span class='inlinecode'>fN <-> blowfish,fishfinger</span>: The traffic between the FreeBSD hosts and the OpenBSD host <span class='inlinecode'>blowfish,fishfinger</span> will be routed through the VPN tunnels for management. We may want to log in via the internet to set it up remotely. The VPN tunnel will also be used for monitoring purposes.</li> <li><span class='inlinecode'>rN <-> blowfish,fishfinger</span>: The traffic between the Rocky Linux VMs and the OpenBSD host <span class='inlinecode'>blowfish,fishfinger</span> will be routed through the VPN tunnels for usage traffic. Since k3s will be running on the <span class='inlinecode'>rN</span> hosts, the OpenBSD servers will route the traffic through <span class='inlinecode'>relayd</span> to the services running in Kubernetes.</li> <li><span class='inlinecode'>fN <-> fM</span>: The traffic between the FreeBSD hosts may be later used for data replication for the NFS storage.</li> <li><span class='inlinecode'>rN <-> rM</span>: The traffic between the Rocky Linux VMs will later be used by the k3s cluster itself, as every <span class='inlinecode'>rN</span> will be a Kubernetes worker node.</li> <li><span class='inlinecode'>blowfish <-> fishfinger</span>: The traffic between the OpenBSD hosts isn't strictly required for this setup, but I set it up anyway for future use cases.</li> </ul><br /> +<span>oaming client traffic:</span><br /> +<br /> +<ul> +<li><span class='inlinecode'>earth,pixel7pro <-> blowfish,fishfinger</span>: The roaming clients connect exclusively to the two internet gateways. All traffic from these clients (0.0.0.0/0) is routed through the VPN, providing secure internet access and the ability to reach services running in the mesh (via the gateways). The gateways use NAT to allow roaming clients to access the internet using the gateway's public IP address. The roaming clients cannot be reached by the LAN hosts—they are client-only and initiate all connections.</li> +</ul><br /> <span>We won't cover all the details in this blog post, as we only focus on setting up the Mesh network in this blog post. Subsequent posts in this series will cover the other details.</span><br /> <br /> <h2 style='display: inline' id='deciding-on-wireguard'>Deciding on WireGuard</h2><br /> @@ -283,9 +310,36 @@ http://www.gnu.org/software/src-highlite --> <font color="#000000">192.168</font>.<font color="#000000">2.110</font> blowfish.wg0 blowfish.wg0.wan.buetow.org <font color="#000000">192.168</font>.<font color="#000000">2.111</font> fishfinger.wg0 fishfinger.wg0.wan.buetow.org +<font color="#000000">192.168</font>.<font color="#000000">2.200</font> earth.wg0 earth.wg0.wan.buetow.org +<font color="#000000">192.168</font>.<font color="#000000">2.201</font> pixel7pro.wg0 pixel7pro.wg0.wan.buetow.org END </pre> <br /> +<span>To enable roaming clients (like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span>) to access the internet through the VPN, we need to configure NAT on the OpenBSD gateways. This allows the roaming clients to use the gateway's public IP address for outbound traffic. We add the following to <span class='inlinecode'>/etc/pf.conf</span> on both <span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><i><font color="silver"># NAT for WireGuard clients to access internet</font></i> +match out on vio0 from <font color="#000000">192.168</font>.<font color="#000000">2.0</font>/<font color="#000000">24</font> to any nat-to (vio0) + +<i><font color="silver"># Allow inbound traffic on WireGuard interface</font></i> +pass <b><u><font color="#000000">in</font></u></b> on wg0 + +<i><font color="silver"># Allow all UDP traffic on WireGuard port</font></i> +pass <b><u><font color="#000000">in</font></u></b> inet proto udp from any to any port <font color="#000000">56709</font> +</pre> +<br /> +<span>The NAT rule translates outgoing traffic from the WireGuard network (192.168.2.0/24) to the gateway's public IP. The firewall rules permit WireGuard traffic on the wg0 interface and UDP port 56709. After updating <span class='inlinecode'>/etc/pf.conf</span>, reload the firewall:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>blowfish$ doas pfctl -f /etc/pf.conf +</pre> +<br /> <h2 style='display: inline' id='wireguard-configuration'>WireGuard configuration</h2><br /> <br /> <span>So far, we have only started WireGuard on all participating hosts without any useful configuration. This means that no VPN tunnel has been established yet between any of the hosts.</span><br /> @@ -358,7 +412,41 @@ Endpoint = 46.23.94.99:56709 PersistentKeepalive = 25 </pre> <br /> -<span>Whereas there are two main sections. One is <span class='inlinecode'>[Interface]</span>, which configures the current host (here: <span class='inlinecode'>f0</span>):</span><br /> +<span>For roaming clients like <span class='inlinecode'>pixel7pro</span> (Android phone) or <span class='inlinecode'>earth</span> (Fedora laptop), the configuration looks different because they route all traffic through the VPN and only connect to the internet gateways:</span><br /> +<br /> +<pre> +[Interface] +# pixel7pro.wg0.wan.buetow.org +Address = 192.168.2.201 +PrivateKey = ************************** +ListenPort = 56709 +DNS = 1.1.1.1, 8.8.8.8 + +[Peer] +# blowfish.buetow.org as blowfish.wg0.wan.buetow.org +PublicKey = ************************** +PresharedKey = ************************** +AllowedIPs = 0.0.0.0/0, ::/0 +Endpoint = 23.88.35.144:56709 +PersistentKeepalive = 25 + +[Peer] +# fishfinger.buetow.org as fishfinger.wg0.wan.buetow.org +PublicKey = ************************** +PresharedKey = ************************** +AllowedIPs = 0.0.0.0/0, ::/0 +Endpoint = 46.23.94.99:56709 +PersistentKeepalive = 25 +</pre> +<br /> +<span>Note the key differences for roaming clients:</span><br /> +<ul> +<li><span class='inlinecode'>DNS</span> is configured to use external DNS servers (Cloudflare and Google)</li> +<li><span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span> routes all traffic (IPv4 and IPv6) through the VPN</li> +<li>Only two peers are configured (the internet gateways), not the full mesh</li> +<li><span class='inlinecode'>PersistentKeepalive = 25</span> is used for both peers to maintain NAT traversal</li> +</ul><br /> +<span>Whereas there are two main sections. One is <span class='inlinecode'>[Interface]</span>, which configures the current host (here: <span class='inlinecode'>f0</span> or <span class='inlinecode'>pixel7pro</span>):</span><br /> <br /> <ul> <li><span class='inlinecode'>Address</span>: Local virtual IP address on the WireGuard interface.</li> @@ -436,32 +524,12 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.130' - f1: - os: FreeBSD - ssh: - user: paul - conf_dir: /usr/local/etc/wireguard - sudo_cmd: doas - reload_cmd: service wireguard reload - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.131' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.131' - f2: - os: FreeBSD - ssh: - user: paul - conf_dir: /usr/local/etc/wireguard - sudo_cmd: doas - reload_cmd: service wireguard reload - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.132' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.132' + exclude_peers: + - earth + - pixel7pro + # f1 and f2 similarly configured with exclude_peers for roaming clients + # (full config omitted for brevity) + ... r0: os: Linux ssh: @@ -475,36 +543,16 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.120' - r1: - os: Linux - ssh: - user: root - conf_dir: /etc/wireguard - sudo_cmd: - reload_cmd: systemctl reload wg-quick@wg0.service - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.121' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.121' - r2: - os: Linux - ssh: - user: root - conf_dir: /etc/wireguard - sudo_cmd: - reload_cmd: systemctl reload wg-quick@wg0.service - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.122' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.122' + exclude_peers: + - earth + - pixel7pro + # r1 and r2 similarly configured + ... blowfish: os: OpenBSD ssh: user: rex + port: 2 conf_dir: /etc/wireguard sudo_cmd: doas reload_cmd: sh /etc/netstart wg0 @@ -514,10 +562,14 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.110' + exclude_peers: + - earth + - pixel7pro fishfinger: os: OpenBSD ssh: user: rex + port: 2 conf_dir: /etc/wireguard sudo_cmd: doas reload_cmd: sh /etc/netstart wg0 @@ -527,10 +579,41 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.111' + exclude_peers: + - earth + - pixel7pro + earth: + os: Linux + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.200' + exclude_peers: + - f0 + - f1 + - f2 + - r0 + - r1 + - r2 + - pixel7pro + pixel7pro: + os: Android + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.201' + exclude_peers: + - f0 + - f1 + - f2 + - r0 + - r1 + - r2 + - earth </pre> <br /> <span>The file specifies details such as SSH user settings, configuration directories, sudo or reload commands, and IP/domain assignments for both internal LAN-facing interfaces and WireGuard (<span class='inlinecode'>wg0</span>) interfaces. Each host is assigned specific roles, including internal participants and publicly accessible nodes with internet-facing IPs, enabling the creation of a fully connected mesh VPN.</span><br /> <br /> +<span>Roaming clients: Note the <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> entries—these are configured differently from the infrastructure hosts. They have no <span class='inlinecode'>lan</span> or <span class='inlinecode'>internet</span> sections, which signals to the generator that they are roaming clients. The <span class='inlinecode'>exclude_peers</span> configuration ensures they only connect to the internet gateways (<span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>) and are not reachable by LAN hosts. The generator automatically configures these clients with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span> to route all traffic through the VPN, includes DNS configuration (<span class='inlinecode'>1.1.1.1, 8.8.8.8</span>), and enables <span class='inlinecode'>PersistentKeepalive</span> for NAT traversal.</span><br /> +<br /> <h3 style='display: inline' id='wireguardmeshgeneratorrb-overview'><span class='inlinecode'>wireguardmeshgenerator.rb</span> overview</h3><br /> <br /> <span>The <span class='inlinecode'>wireguardmeshgenerator.rb</span> script consists of the following base classes:</span><br /> @@ -624,6 +707,8 @@ Generating dist/r<font color="#000000">1</font>/etc/wireguard/wg<font color="#00 Generating dist/r<font color="#000000">2</font>/etc/wireguard/wg<font color="#000000">0</font>.conf Generating dist/blowfish/etc/wireguard/wg<font color="#000000">0</font>.conf Generating dist/fishfinger/etc/wireguard/wg<font color="#000000">0</font>.conf +Generating dist/earth/etc/wireguard/wg<font color="#000000">0</font>.conf +Generating dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>.conf </pre> <br /> <span>It generated all the <span class='inlinecode'>wg0.conf</span> files listed in the output, plus those keys:</span><br /> @@ -663,6 +748,10 @@ keys/psk/fishfinger_r1.key keys/psk/blowfish_r2.key keys/psk/fishfinger_r2.key keys/psk/blowfish_fishfinger.key +keys/psk/blowfish_earth.key +keys/psk/earth_fishfinger.key +keys/psk/blowfish_pixel7pro.key +keys/psk/fishfinger_pixel7pro.key keys/f<font color="#000000">1</font>/priv.key keys/f<font color="#000000">1</font>/pub.key keys/f<font color="#000000">2</font>/priv.key @@ -677,6 +766,10 @@ keys/blowfish/priv.key keys/blowfish/pub.key keys/fishfinger/priv.key keys/fishfinger/pub.key +keys/earth/priv.key +keys/earth/pub.key +keys/pixel7pro/priv.key +keys/pixel7pro/pub.key </pre> <br /> <span>Those keys are embedded in the resulting <span class='inlinecode'>wg0.conf</span>, so later, we only need to install the <span class='inlinecode'>wg0.conf</span> files and not all the keys individually.</span><br /> @@ -812,6 +905,40 @@ http://www.gnu.org/software/src-highlite --> <br /> <span>That would also delete and re-generate all the keys involved.</span><br /> <br /> +<h3 style='display: inline' id='setting-up-roaming-clients'>Setting up roaming clients</h3><br /> +<br /> +<span>For roaming clients like <span class='inlinecode'>earth</span> (Fedora laptop) and <span class='inlinecode'>pixel7pro</span> (Android phone), the setup process differs slightly since these devices are not always accessible via SSH:</span><br /> +<br /> +<span>Android phone (<span class='inlinecode'>pixel7pro</span>):</span><br /> +<br /> +<span>The configuration is transferred to the phone using a QR code. The official WireGuard Android app (from Google Play Store) can scan and import the configuration:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>> sudo dnf install qrencode +> qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>.conf +</pre> +<br /> +<span>Scan the QR code with the WireGuard app to import the configuration. The phone will then route all traffic through the VPN when the tunnel is activated. Note that WireGuard does not support automatic failover between the two gateways (<span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>)—if one fails, manual disconnection and reconnection is required to switch to the other.</span><br /> +<br /> +<span>Fedora laptop (<span class='inlinecode'>earth</span>):</span><br /> +<br /> +<span>For the laptop, manually copy the generated configuration:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>> sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>.conf /etc/wireguard/ +> sudo chmod <font color="#000000">600</font> /etc/wireguard/wg<font color="#000000">0</font>.conf +> sudo systemctl start wg-quick@wg0.service <i><font color="silver"># Start manually</font></i> +> sudo systemctl disable wg-quick@wg0.service <i><font color="silver"># Prevent auto-start</font></i> +</pre> +<br /> +<span>The service is disabled from auto-start so the VPN is only active when manually started. This allows selective VPN usage based on need.</span><br /> +<br /> <h2 style='display: inline' id='happy-wireguard-ing'>Happy WireGuard-ing</h2><br /> <br /> <span>All is set up now. E.g. on <span class='inlinecode'>f0</span>:</span><br /> @@ -999,6 +1126,121 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8= allowed ips: <font color="#000000">192.168</font>.<font color="#000000">2.131</font>/<font color="#000000">32</font> </pre> <br /> +<h2 style='display: inline' id='managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</h2><br /> +<br /> +<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to start and stop the WireGuard tunnels.</span><br /> +<br /> +<h3 style='display: inline' id='starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</h3><br /> +<br /> +<span>On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>earth$ sudo systemctl start wg-quick@wg0.service +earth$ sudo wg show +interface: wg0 + public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo= + private key: (hidden) + listening port: <font color="#000000">56709</font> + fwmark: <font color="#000000">0xca6c</font> + +peer: 8PvGZH1NohHpZPVJyjhctBX9xblsNvYBhpg68FsFcns= + preshared key: (hidden) + endpoint: <font color="#000000">46.23</font>.<font color="#000000">94.99</font>:<font color="#000000">56709</font> + allowed ips: <font color="#000000">0.0</font>.<font color="#000000">0.0</font>/<font color="#000000">0</font>, ::/<font color="#000000">0</font> + latest handshake: <font color="#000000">5</font> seconds ago + transfer: <font color="#000000">15.89</font> KiB received, <font color="#000000">32.15</font> KiB sent + persistent keepalive: every <font color="#000000">25</font> seconds + +peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns= + preshared key: (hidden) + endpoint: <font color="#000000">23.88</font>.<font color="#000000">35.144</font>:<font color="#000000">56709</font> + allowed ips: (none) + latest handshake: <font color="#000000">5</font> seconds ago + transfer: <font color="#000000">124</font> B received, <font color="#000000">180</font> B sent + persistent keepalive: every <font color="#000000">25</font> seconds +</pre> +<br /> +<span>Stoppint the tunnel:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>earth$ sudo systemctl stop wg-quick@wg0.service +earth$ sudo wg show +<i><font color="silver"># No output - WireGuard interface is down</font></i> +</pre> +<br /> +<span>Checking the tunnel status:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>earth$ sudo systemctl status wg-quick@wg0.service +● wg-quick@wg0.service - WireGuard via wg-quick(<font color="#000000">8</font>) <b><u><font color="#000000">for</font></u></b> wg0 + Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled) + Active: active (exited) since Sun <font color="#000000">2026</font>-<font color="#000000">01</font>-<font color="#000000">11</font> <font color="#000000">22</font>:<font color="#000000">45</font>:<font color="#000000">00</font> EET +</pre> +<br /> +<span>The service remains <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active.</span><br /> +<br /> +<h3 style='display: inline' id='starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</h3><br /> +<br /> +<span>On Android using the official WireGuard app, tunnel management is like this:</span><br /> +<br /> +<span>Starting the tunnel:</span><br /> +<br /> +<ul> +<li>1. Open the WireGuard app</li> +<li>2. Tap the toggle switch next to the <span class='inlinecode'>pixel7pro</span> tunnel configuration</li> +<li>3. The switch turns blue/green and shows "Active"</li> +<li>4. A key icon appears in the notification bar indicating VPN is active</li> +<li>5. All traffic now routes through the VPN</li> +</ul><br /> +<span>Stopping the tunnel:</span><br /> +<br /> +<ul> +<li>1. Open the WireGuard app</li> +<li>2. Tap the toggle switch again to disable it</li> +<li>3. The switch turns gray and shows "Inactive"</li> +<li>4. The notification bar key icon disappears</li> +<li>5. Normal internet routing resumes</li> +</ul><br /> +<span>Quick toggling from notification:</span><br /> +<br /> +<ul> +<li>Pull down the notification shade</li> +<li>Tap the WireGuard notification to quickly enable/disable the tunnel without opening the app</li> +</ul><br /> +<span>The WireGuard Android app supports automatically activating tunnels based on:</span><br /> +<br /> +<ul> +<li>Mobile data connection (e.g., enable VPN when on cellular)</li> +<li>WiFi SSID (e.g., disable VPN when on trusted home network)</li> +<li>Ethernet connection status</li> +</ul><br /> +<span>These settings can be configured by tapping the pencil icon next to the tunnel name, then scrolling to "Toggle on/off based on" options.</span><br /> +<br /> +<h3 style='display: inline' id='verifying-connectivity'>Verifying connectivity</h3><br /> +<br /> +<span>Once the tunnel is active on either device, verify connectivity:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><i><font color="silver"># From earth laptop:</font></i> +earth$ ping -c<font color="#000000">2</font> blowfish.wg0 +earth$ ping -c<font color="#000000">2</font> fishfinger.wg0 +earth$ curl https://ifconfig.me <i><font color="silver"># Should show gateway's public IP</font></i> +</pre> +<br /> +<span>Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth, or observe which gateway shows recent handshakes and increasing transfer bytes.</span><br /> +<br /> <h2 style='display: inline' id='conclusion'>Conclusion</h2><br /> <br /> <span>Having a mesh network on our hosts is great for securing all the traffic between them for our future k3s setup. A self-managed WireGuard mesh network is better than Tailscale as it eliminates reliance on a third party and provides full control over the configuration. It reduces unnecessary abstraction and "magic," enabling easier debugging and ensuring full ownership of our network.</span><br /> diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml index d9eda66d..d24610e7 100644 --- a/gemfeed/atom.xml +++ b/gemfeed/atom.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> - <updated>2026-01-11T10:46:34+02:00</updated> + <updated>2026-01-11T22:40:26+02:00</updated> <title>foo.zone feed</title> <subtitle>To be in the .zone!</subtitle> <link href="https://foo.zone/gemfeed/atom.xml" rel="self" /> @@ -9566,7 +9566,7 @@ Jul <font color="#000000">06</font> <font color="#000000">10</font>:<font color= <title>f3s: Kubernetes with FreeBSD - Part 5: WireGuard mesh network</title> <link href="https://foo.zone/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html" /> <id>https://foo.zone/gemfeed/2025-05-11-f3s-kubernetes-with-freebsd-part-5.html</id> - <updated>2025-05-11T11:35:57+03:00</updated> + <updated>2025-05-11T11:35:57+03:00, last updated Sun 11 Jan 21:33:40 EET 2026</updated> <author> <name>Paul Buetow aka snonux</name> <email>paul@dev.buetow.org</email> @@ -9576,12 +9576,14 @@ Jul <font color="#000000">06</font> <font color="#000000">10</font>:<font color= <div xmlns="http://www.w3.org/1999/xhtml"> <h1 style='display: inline' id='f3s-kubernetes-with-freebsd---part-5-wireguard-mesh-network'>f3s: Kubernetes with FreeBSD - Part 5: WireGuard mesh network</h1><br /> <br /> -<span class='quote'>Published at 2025-05-11T11:35:57+03:00</span><br /> +<span class='quote'>Published at 2025-05-11T11:35:57+03:00, last updated Sun 11 Jan 21:33:40 EET 2026</span><br /> <br /> <span>This is the fifth blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution I will use on FreeBSD-based physical machines.</span><br /> <br /> <span>I will post a new entry every month or so (there are too many other side projects for more frequent updates — I bet you can understand).</span><br /> <br /> +<span class='quote'>This post has been updated to include two roaming clients (<span class='inlinecode'>earth</span> - Fedora laptop, <span class='inlinecode'>pixel7pro</span> - Android phone) that connect to the mesh via the internet gateways. The updated content is integrated throughout the post.</span><br /> +<br /> <span>These are all the posts so far:</span><br /> <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> @@ -9621,33 +9623,58 @@ Jul <font color="#000000">06</font> <font color="#000000">10</font>:<font color= <li>⇢ ⇢ <a href='#generating-the-wg0conf-files-and-keys'>Generating the <span class='inlinecode'>wg0.conf</span> files and keys</a></li> <li>⇢ ⇢ <a href='#installing-the-wg0conf-files'>Installing the <span class='inlinecode'>wg0.conf</span> files</a></li> <li>⇢ ⇢ <a href='#re-generating-mesh-and-installing-the-wg0conf-files-again'>Re-generating mesh and installing the <span class='inlinecode'>wg0.conf</span> files again</a></li> +<li>⇢ ⇢ <a href='#setting-up-roaming-clients'>Setting up roaming clients</a></li> <li>⇢ <a href='#happy-wireguard-ing'>Happy WireGuard-ing</a></li> +<li>⇢ <a href='#managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</a></li> +<li>⇢ ⇢ <a href='#starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</a></li> +<li>⇢ ⇢ <a href='#starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</a></li> +<li>⇢ ⇢ <a href='#verifying-connectivity'>Verifying connectivity</a></li> <li>⇢ <a href='#conclusion'>Conclusion</a></li> </ul><br /> <h2 style='display: inline' id='introduction'>Introduction</h2><br /> <br /> -<span>By default, traffic within my home LAN, including traffic inside a k3s cluster, is not encrypted. While it resides in the "secure" home LAN, adopting a zero-trust policy means encryption is still preferable to ensure confidentiality and security. So we decide to secure all the traffic of all f3s participating hosts by building a mesh network of all participating hosts:</span><br /> +<span>By default, traffic within my home LAN, including traffic inside a k3s cluster, is not encrypted. While it resides in the "secure" home LAN, adopting a zero-trust policy means encryption is still preferable to ensure confidentiality and security. So we decide to secure all the traffic of all f3s participating hosts by building a mesh network:</span><br /> +<br /> +<a href='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg'><img alt='WireGuard mesh network topology' title='WireGuard mesh network topology' src='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg' /></a><br /> +<br /> +<span>The mesh network consists of eight infrastructure hosts and two roaming clients:</span><br /> <br /> -<a href='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg'><img alt='Full mesh network' title='Full mesh network' src='./f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg' /></a><br /> +<span>Infrastructure hosts (full mesh):</span><br /> <br /> -<span>Whereas <span class='inlinecode'>f0</span>, <span class='inlinecode'>f1</span>, and <span class='inlinecode'>f2</span> are the FreeBSD base hosts, <span class='inlinecode'>r0</span>, <span class='inlinecode'>r1</span>, and <span class='inlinecode'>r2</span> are the Rocky Linux Bhyve VMs, and <span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span> are two OpenBSD systems running on the internet (as mentioned in the first blog of this series—these systems are already built; in fact, this very blog is served by those OpenBSD systems).</span><br /> +<ul> +<li><span class='inlinecode'>f0</span>, <span class='inlinecode'>f1</span>, and <span class='inlinecode'>f2</span> are the FreeBSD base hosts in my home LAN</li> +<li><span class='inlinecode'>r0</span>, <span class='inlinecode'>r1</span>, and <span class='inlinecode'>r2</span> are the Rocky Linux Bhyve VMs running on the FreeBSD hosts</li> +<li><span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span> are two OpenBSD systems running on the internet (as mentioned in the first blog of this series—these systems are already built; in fact, this very blog is served by those OpenBSD systems)</li> +</ul><br /> +<span>oaming clients (gateway-only connections):</span><br /> <br /> -<span>As we can see from the graph, it is a true full-mesh network, where every host has a VPN tunnel to every other host. The benefit is that we do not need to route traffic through intermediate hosts (significantly simplifying the routing configuration). However, the downside is that there is some overhead in configuring and managing all the tunnels.</span><br /> +<ul> +<li><span class='inlinecode'>earth</span> is my Fedora laptop (192.168.2.200) which connects only to the internet gateways for remote access</li> +<li><span class='inlinecode'>pixel7pro</span> is my Android phone (192.168.2.201) which routes all traffic through the VPN when activated</li> +</ul><br /> +<span>As we can see from the diagram, the eight infrastructure hosts form a true full-mesh network, where every host has a VPN tunnel to every other host. The benefit is that we do not need to route traffic through intermediate hosts (significantly simplifying the routing configuration). However, the downside is that there is some overhead in configuring and managing all the tunnels. The roaming clients take a simpler approach—they only connect to the two internet-facing gateways (<span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>), which is sufficient for remote access and internet connectivity.</span><br /> <br /> <span>For simplicity, we also establish VPN tunnels between <span class='inlinecode'>f0 <-> r0</span>, <span class='inlinecode'>f1 <-> r1</span>, and <span class='inlinecode'>f2 <-> r2</span>. Technically, this wouldn't be strictly required since the VMs <span class='inlinecode'>rN</span> are running on the hosts <span class='inlinecode'>fN</span>, and no network traffic is leaving the box. However, it simplifies the configuration as we don't have to account for exceptions, and we are going to automate the mesh network configuration anyway (read on).</span><br /> <br /> <h3 style='display: inline' id='expected-traffic-flow'>Expected traffic flow</h3><br /> <br /> -<span>The traffic is expected to flow between the host groups through the mesh network as follows: </span><br /> +<span>The traffic is expected to flow between the host groups through the mesh network as follows:</span><br /> +<br /> +<span>nfrastructure mesh traffic:</span><br /> <br /> <ul> -<li><span class='inlinecode'>fN <-> rN</span>: The traffic between the FreeBSD hosts and the Rocky Linux VMs will be routed through the VPN tunnels for persistent storage. In a later post in this series, we will set up an NFS server on the <span class='inlinecode'>fN</span> hosts. </li> +<li><span class='inlinecode'>fN <-> rN</span>: The traffic between the FreeBSD hosts and the Rocky Linux VMs will be routed through the VPN tunnels for persistent storage. In a later post in this series, we will set up an NFS server on the <span class='inlinecode'>fN</span> hosts.</li> <li><span class='inlinecode'>fN <-> blowfish,fishfinger</span>: The traffic between the FreeBSD hosts and the OpenBSD host <span class='inlinecode'>blowfish,fishfinger</span> will be routed through the VPN tunnels for management. We may want to log in via the internet to set it up remotely. The VPN tunnel will also be used for monitoring purposes.</li> <li><span class='inlinecode'>rN <-> blowfish,fishfinger</span>: The traffic between the Rocky Linux VMs and the OpenBSD host <span class='inlinecode'>blowfish,fishfinger</span> will be routed through the VPN tunnels for usage traffic. Since k3s will be running on the <span class='inlinecode'>rN</span> hosts, the OpenBSD servers will route the traffic through <span class='inlinecode'>relayd</span> to the services running in Kubernetes.</li> <li><span class='inlinecode'>fN <-> fM</span>: The traffic between the FreeBSD hosts may be later used for data replication for the NFS storage.</li> <li><span class='inlinecode'>rN <-> rM</span>: The traffic between the Rocky Linux VMs will later be used by the k3s cluster itself, as every <span class='inlinecode'>rN</span> will be a Kubernetes worker node.</li> <li><span class='inlinecode'>blowfish <-> fishfinger</span>: The traffic between the OpenBSD hosts isn't strictly required for this setup, but I set it up anyway for future use cases.</li> </ul><br /> +<span>oaming client traffic:</span><br /> +<br /> +<ul> +<li><span class='inlinecode'>earth,pixel7pro <-> blowfish,fishfinger</span>: The roaming clients connect exclusively to the two internet gateways. All traffic from these clients (0.0.0.0/0) is routed through the VPN, providing secure internet access and the ability to reach services running in the mesh (via the gateways). The gateways use NAT to allow roaming clients to access the internet using the gateway's public IP address. The roaming clients cannot be reached by the LAN hosts—they are client-only and initiate all connections.</li> +</ul><br /> <span>We won't cover all the details in this blog post, as we only focus on setting up the Mesh network in this blog post. Subsequent posts in this series will cover the other details.</span><br /> <br /> <h2 style='display: inline' id='deciding-on-wireguard'>Deciding on WireGuard</h2><br /> @@ -9846,9 +9873,36 @@ http://www.gnu.org/software/src-highlite --> <font color="#000000">192.168</font>.<font color="#000000">2.110</font> blowfish.wg0 blowfish.wg0.wan.buetow.org <font color="#000000">192.168</font>.<font color="#000000">2.111</font> fishfinger.wg0 fishfinger.wg0.wan.buetow.org +<font color="#000000">192.168</font>.<font color="#000000">2.200</font> earth.wg0 earth.wg0.wan.buetow.org +<font color="#000000">192.168</font>.<font color="#000000">2.201</font> pixel7pro.wg0 pixel7pro.wg0.wan.buetow.org END </pre> <br /> +<span>To enable roaming clients (like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span>) to access the internet through the VPN, we need to configure NAT on the OpenBSD gateways. This allows the roaming clients to use the gateway's public IP address for outbound traffic. We add the following to <span class='inlinecode'>/etc/pf.conf</span> on both <span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><i><font color="silver"># NAT for WireGuard clients to access internet</font></i> +match out on vio0 from <font color="#000000">192.168</font>.<font color="#000000">2.0</font>/<font color="#000000">24</font> to any nat-to (vio0) + +<i><font color="silver"># Allow inbound traffic on WireGuard interface</font></i> +pass <b><u><font color="#000000">in</font></u></b> on wg0 + +<i><font color="silver"># Allow all UDP traffic on WireGuard port</font></i> +pass <b><u><font color="#000000">in</font></u></b> inet proto udp from any to any port <font color="#000000">56709</font> +</pre> +<br /> +<span>The NAT rule translates outgoing traffic from the WireGuard network (192.168.2.0/24) to the gateway's public IP. The firewall rules permit WireGuard traffic on the wg0 interface and UDP port 56709. After updating <span class='inlinecode'>/etc/pf.conf</span>, reload the firewall:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>blowfish$ doas pfctl -f /etc/pf.conf +</pre> +<br /> <h2 style='display: inline' id='wireguard-configuration'>WireGuard configuration</h2><br /> <br /> <span>So far, we have only started WireGuard on all participating hosts without any useful configuration. This means that no VPN tunnel has been established yet between any of the hosts.</span><br /> @@ -9921,7 +9975,41 @@ Endpoint = 46.23.94.99:56709 PersistentKeepalive = 25 </pre> <br /> -<span>Whereas there are two main sections. One is <span class='inlinecode'>[Interface]</span>, which configures the current host (here: <span class='inlinecode'>f0</span>):</span><br /> +<span>For roaming clients like <span class='inlinecode'>pixel7pro</span> (Android phone) or <span class='inlinecode'>earth</span> (Fedora laptop), the configuration looks different because they route all traffic through the VPN and only connect to the internet gateways:</span><br /> +<br /> +<pre> +[Interface] +# pixel7pro.wg0.wan.buetow.org +Address = 192.168.2.201 +PrivateKey = ************************** +ListenPort = 56709 +DNS = 1.1.1.1, 8.8.8.8 + +[Peer] +# blowfish.buetow.org as blowfish.wg0.wan.buetow.org +PublicKey = ************************** +PresharedKey = ************************** +AllowedIPs = 0.0.0.0/0, ::/0 +Endpoint = 23.88.35.144:56709 +PersistentKeepalive = 25 + +[Peer] +# fishfinger.buetow.org as fishfinger.wg0.wan.buetow.org +PublicKey = ************************** +PresharedKey = ************************** +AllowedIPs = 0.0.0.0/0, ::/0 +Endpoint = 46.23.94.99:56709 +PersistentKeepalive = 25 +</pre> +<br /> +<span>Note the key differences for roaming clients:</span><br /> +<ul> +<li><span class='inlinecode'>DNS</span> is configured to use external DNS servers (Cloudflare and Google)</li> +<li><span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span> routes all traffic (IPv4 and IPv6) through the VPN</li> +<li>Only two peers are configured (the internet gateways), not the full mesh</li> +<li><span class='inlinecode'>PersistentKeepalive = 25</span> is used for both peers to maintain NAT traversal</li> +</ul><br /> +<span>Whereas there are two main sections. One is <span class='inlinecode'>[Interface]</span>, which configures the current host (here: <span class='inlinecode'>f0</span> or <span class='inlinecode'>pixel7pro</span>):</span><br /> <br /> <ul> <li><span class='inlinecode'>Address</span>: Local virtual IP address on the WireGuard interface.</li> @@ -9999,32 +10087,12 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.130' - f1: - os: FreeBSD - ssh: - user: paul - conf_dir: /usr/local/etc/wireguard - sudo_cmd: doas - reload_cmd: service wireguard reload - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.131' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.131' - f2: - os: FreeBSD - ssh: - user: paul - conf_dir: /usr/local/etc/wireguard - sudo_cmd: doas - reload_cmd: service wireguard reload - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.132' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.132' + exclude_peers: + - earth + - pixel7pro + # f1 and f2 similarly configured with exclude_peers for roaming clients + # (full config omitted for brevity) + ... r0: os: Linux ssh: @@ -10038,36 +10106,16 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.120' - r1: - os: Linux - ssh: - user: root - conf_dir: /etc/wireguard - sudo_cmd: - reload_cmd: systemctl reload wg-quick@wg0.service - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.121' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.121' - r2: - os: Linux - ssh: - user: root - conf_dir: /etc/wireguard - sudo_cmd: - reload_cmd: systemctl reload wg-quick@wg0.service - lan: - domain: 'lan.buetow.org' - ip: '192.168.1.122' - wg0: - domain: 'wg0.wan.buetow.org' - ip: '192.168.2.122' + exclude_peers: + - earth + - pixel7pro + # r1 and r2 similarly configured + ... blowfish: os: OpenBSD ssh: user: rex + port: 2 conf_dir: /etc/wireguard sudo_cmd: doas reload_cmd: sh /etc/netstart wg0 @@ -10077,10 +10125,14 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.110' + exclude_peers: + - earth + - pixel7pro fishfinger: os: OpenBSD ssh: user: rex + port: 2 conf_dir: /etc/wireguard sudo_cmd: doas reload_cmd: sh /etc/netstart wg0 @@ -10090,10 +10142,41 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.111' + exclude_peers: + - earth + - pixel7pro + earth: + os: Linux + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.200' + exclude_peers: + - f0 + - f1 + - f2 + - r0 + - r1 + - r2 + - pixel7pro + pixel7pro: + os: Android + wg0: + domain: 'wg0.wan.buetow.org' + ip: '192.168.2.201' + exclude_peers: + - f0 + - f1 + - f2 + - r0 + - r1 + - r2 + - earth </pre> <br /> <span>The file specifies details such as SSH user settings, configuration directories, sudo or reload commands, and IP/domain assignments for both internal LAN-facing interfaces and WireGuard (<span class='inlinecode'>wg0</span>) interfaces. Each host is assigned specific roles, including internal participants and publicly accessible nodes with internet-facing IPs, enabling the creation of a fully connected mesh VPN.</span><br /> <br /> +<span>Roaming clients: Note the <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> entries—these are configured differently from the infrastructure hosts. They have no <span class='inlinecode'>lan</span> or <span class='inlinecode'>internet</span> sections, which signals to the generator that they are roaming clients. The <span class='inlinecode'>exclude_peers</span> configuration ensures they only connect to the internet gateways (<span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>) and are not reachable by LAN hosts. The generator automatically configures these clients with <span class='inlinecode'>AllowedIPs = 0.0.0.0/0, ::/0</span> to route all traffic through the VPN, includes DNS configuration (<span class='inlinecode'>1.1.1.1, 8.8.8.8</span>), and enables <span class='inlinecode'>PersistentKeepalive</span> for NAT traversal.</span><br /> +<br /> <h3 style='display: inline' id='wireguardmeshgeneratorrb-overview'><span class='inlinecode'>wireguardmeshgenerator.rb</span> overview</h3><br /> <br /> <span>The <span class='inlinecode'>wireguardmeshgenerator.rb</span> script consists of the following base classes:</span><br /> @@ -10187,6 +10270,8 @@ Generating dist/r<font color="#000000">1</font>/etc/wireguard/wg<font color="#00 Generating dist/r<font color="#000000">2</font>/etc/wireguard/wg<font color="#000000">0</font>.conf Generating dist/blowfish/etc/wireguard/wg<font color="#000000">0</font>.conf Generating dist/fishfinger/etc/wireguard/wg<font color="#000000">0</font>.conf +Generating dist/earth/etc/wireguard/wg<font color="#000000">0</font>.conf +Generating dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>.conf </pre> <br /> <span>It generated all the <span class='inlinecode'>wg0.conf</span> files listed in the output, plus those keys:</span><br /> @@ -10226,6 +10311,10 @@ keys/psk/fishfinger_r1.key keys/psk/blowfish_r2.key keys/psk/fishfinger_r2.key keys/psk/blowfish_fishfinger.key +keys/psk/blowfish_earth.key +keys/psk/earth_fishfinger.key +keys/psk/blowfish_pixel7pro.key +keys/psk/fishfinger_pixel7pro.key keys/f<font color="#000000">1</font>/priv.key keys/f<font color="#000000">1</font>/pub.key keys/f<font color="#000000">2</font>/priv.key @@ -10240,6 +10329,10 @@ keys/blowfish/priv.key keys/blowfish/pub.key keys/fishfinger/priv.key keys/fishfinger/pub.key +keys/earth/priv.key +keys/earth/pub.key +keys/pixel7pro/priv.key +keys/pixel7pro/pub.key </pre> <br /> <span>Those keys are embedded in the resulting <span class='inlinecode'>wg0.conf</span>, so later, we only need to install the <span class='inlinecode'>wg0.conf</span> files and not all the keys individually.</span><br /> @@ -10375,6 +10468,40 @@ http://www.gnu.org/software/src-highlite --> <br /> <span>That would also delete and re-generate all the keys involved.</span><br /> <br /> +<h3 style='display: inline' id='setting-up-roaming-clients'>Setting up roaming clients</h3><br /> +<br /> +<span>For roaming clients like <span class='inlinecode'>earth</span> (Fedora laptop) and <span class='inlinecode'>pixel7pro</span> (Android phone), the setup process differs slightly since these devices are not always accessible via SSH:</span><br /> +<br /> +<span>Android phone (<span class='inlinecode'>pixel7pro</span>):</span><br /> +<br /> +<span>The configuration is transferred to the phone using a QR code. The official WireGuard Android app (from Google Play Store) can scan and import the configuration:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>> sudo dnf install qrencode +> qrencode -t ansiutf8 < dist/pixel7pro/etc/wireguard/wg<font color="#000000">0</font>.conf +</pre> +<br /> +<span>Scan the QR code with the WireGuard app to import the configuration. The phone will then route all traffic through the VPN when the tunnel is activated. Note that WireGuard does not support automatic failover between the two gateways (<span class='inlinecode'>blowfish</span> and <span class='inlinecode'>fishfinger</span>)—if one fails, manual disconnection and reconnection is required to switch to the other.</span><br /> +<br /> +<span>Fedora laptop (<span class='inlinecode'>earth</span>):</span><br /> +<br /> +<span>For the laptop, manually copy the generated configuration:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>> sudo cp dist/earth/etc/wireguard/wg<font color="#000000">0</font>.conf /etc/wireguard/ +> sudo chmod <font color="#000000">600</font> /etc/wireguard/wg<font color="#000000">0</font>.conf +> sudo systemctl start wg-quick@wg0.service <i><font color="silver"># Start manually</font></i> +> sudo systemctl disable wg-quick@wg0.service <i><font color="silver"># Prevent auto-start</font></i> +</pre> +<br /> +<span>The service is disabled from auto-start so the VPN is only active when manually started. This allows selective VPN usage based on need.</span><br /> +<br /> <h2 style='display: inline' id='happy-wireguard-ing'>Happy WireGuard-ing</h2><br /> <br /> <span>All is set up now. E.g. on <span class='inlinecode'>f0</span>:</span><br /> @@ -10562,6 +10689,121 @@ peer: 2htXdNcxzpI2FdPDJy4T4VGtm1wpMEQu1AkQHjNY6F8= allowed ips: <font color="#000000">192.168</font>.<font color="#000000">2.131</font>/<font color="#000000">32</font> </pre> <br /> +<h2 style='display: inline' id='managing-roaming-client-tunnels'>Managing Roaming Client Tunnels</h2><br /> +<br /> +<span>Since roaming clients like <span class='inlinecode'>earth</span> and <span class='inlinecode'>pixel7pro</span> connect on-demand rather than being always-on like the infrastructure hosts, it's useful to know how to start and stop the WireGuard tunnels.</span><br /> +<br /> +<h3 style='display: inline' id='starting-and-stopping-on-earth-fedora-laptop'>Starting and stopping on earth (Fedora laptop)</h3><br /> +<br /> +<span>On the Fedora laptop, WireGuard is managed via systemd. Starting the tunnel:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>earth$ sudo systemctl start wg-quick@wg0.service +earth$ sudo wg show +interface: wg0 + public key: Mc1CpSS3rbLN9A2w9c75XugQyXUkGPHKI2iCGbh8DRo= + private key: (hidden) + listening port: <font color="#000000">56709</font> + fwmark: <font color="#000000">0xca6c</font> + +peer: 8PvGZH1NohHpZPVJyjhctBX9xblsNvYBhpg68FsFcns= + preshared key: (hidden) + endpoint: <font color="#000000">46.23</font>.<font color="#000000">94.99</font>:<font color="#000000">56709</font> + allowed ips: <font color="#000000">0.0</font>.<font color="#000000">0.0</font>/<font color="#000000">0</font>, ::/<font color="#000000">0</font> + latest handshake: <font color="#000000">5</font> seconds ago + transfer: <font color="#000000">15.89</font> KiB received, <font color="#000000">32.15</font> KiB sent + persistent keepalive: every <font color="#000000">25</font> seconds + +peer: Xow+d3qVXgUMk4pcRSQ6Fe+vhYBa3VDyHX/4jrGoKns= + preshared key: (hidden) + endpoint: <font color="#000000">23.88</font>.<font color="#000000">35.144</font>:<font color="#000000">56709</font> + allowed ips: (none) + latest handshake: <font color="#000000">5</font> seconds ago + transfer: <font color="#000000">124</font> B received, <font color="#000000">180</font> B sent + persistent keepalive: every <font color="#000000">25</font> seconds +</pre> +<br /> +<span>Stoppint the tunnel:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>earth$ sudo systemctl stop wg-quick@wg0.service +earth$ sudo wg show +<i><font color="silver"># No output - WireGuard interface is down</font></i> +</pre> +<br /> +<span>Checking the tunnel status:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>earth$ sudo systemctl status wg-quick@wg0.service +● wg-quick@wg0.service - WireGuard via wg-quick(<font color="#000000">8</font>) <b><u><font color="#000000">for</font></u></b> wg0 + Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; disabled) + Active: active (exited) since Sun <font color="#000000">2026</font>-<font color="#000000">01</font>-<font color="#000000">11</font> <font color="#000000">22</font>:<font color="#000000">45</font>:<font color="#000000">00</font> EET +</pre> +<br /> +<span>The service remains <span class='inlinecode'>disabled</span> to prevent auto-start on boot, allowing manual control of when the VPN is active.</span><br /> +<br /> +<h3 style='display: inline' id='starting-and-stopping-on-pixel7pro-android-phone'>Starting and stopping on pixel7pro (Android phone)</h3><br /> +<br /> +<span>On Android using the official WireGuard app, tunnel management is like this:</span><br /> +<br /> +<span>Starting the tunnel:</span><br /> +<br /> +<ul> +<li>1. Open the WireGuard app</li> +<li>2. Tap the toggle switch next to the <span class='inlinecode'>pixel7pro</span> tunnel configuration</li> +<li>3. The switch turns blue/green and shows "Active"</li> +<li>4. A key icon appears in the notification bar indicating VPN is active</li> +<li>5. All traffic now routes through the VPN</li> +</ul><br /> +<span>Stopping the tunnel:</span><br /> +<br /> +<ul> +<li>1. Open the WireGuard app</li> +<li>2. Tap the toggle switch again to disable it</li> +<li>3. The switch turns gray and shows "Inactive"</li> +<li>4. The notification bar key icon disappears</li> +<li>5. Normal internet routing resumes</li> +</ul><br /> +<span>Quick toggling from notification:</span><br /> +<br /> +<ul> +<li>Pull down the notification shade</li> +<li>Tap the WireGuard notification to quickly enable/disable the tunnel without opening the app</li> +</ul><br /> +<span>The WireGuard Android app supports automatically activating tunnels based on:</span><br /> +<br /> +<ul> +<li>Mobile data connection (e.g., enable VPN when on cellular)</li> +<li>WiFi SSID (e.g., disable VPN when on trusted home network)</li> +<li>Ethernet connection status</li> +</ul><br /> +<span>These settings can be configured by tapping the pencil icon next to the tunnel name, then scrolling to "Toggle on/off based on" options.</span><br /> +<br /> +<h3 style='display: inline' id='verifying-connectivity'>Verifying connectivity</h3><br /> +<br /> +<span>Once the tunnel is active on either device, verify connectivity:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><i><font color="silver"># From earth laptop:</font></i> +earth$ ping -c<font color="#000000">2</font> blowfish.wg0 +earth$ ping -c<font color="#000000">2</font> fishfinger.wg0 +earth$ curl https://ifconfig.me <i><font color="silver"># Should show gateway's public IP</font></i> +</pre> +<br /> +<span>Check which gateway is active: The device will typically prefer one gateway (usually the first one with a successful handshake). To see which gateway is actively routing traffic, check the transfer statistics with <span class='inlinecode'>sudo wg show</span> on earth, or observe which gateway shows recent handshakes and increasing transfer bytes.</span><br /> +<br /> <h2 style='display: inline' id='conclusion'>Conclusion</h2><br /> <br /> <span>Having a mesh network on our hosts is great for securing all the traffic between them for our future k3s setup. A self-managed WireGuard mesh network is better than Tailscale as it eliminates reliance on a third party and provides full control over the configuration. It reduces unnecessary abstraction and "magic," enabling easier debugging and ensuring full ownership of our network.</span><br /> diff --git a/gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg b/gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg new file mode 100644 index 00000000..24c8ec9a --- /dev/null +++ b/gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh-with-roaming.svg @@ -0,0 +1,2183 @@ +<?xml version="1.0" encoding="utf-8" standalone="no"?> +<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" + "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> +<svg xmlns:xlink="http://www.w3.org/1999/xlink" width="712.8pt" height="596.577969pt" viewBox="0 0 712.8 596.577969" xmlns="http://www.w3.org/2000/svg" version="1.1"> + <metadata> + <rdf:RDF xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> + <cc:Work> + <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/> + <dc:date>2026-01-11T22:19:21.305547</dc:date> + <dc:format>image/svg+xml</dc:format> + <dc:creator> + <cc:Agent> + <dc:title>Matplotlib v3.10.8, https://matplotlib.org/</dc:title> + </cc:Agent> + </dc:creator> + </cc:Work> + </rdf:RDF> + </metadata> + <defs> + <style type="text/css">*{stroke-linejoin: round; stroke-linecap: butt}</style> + </defs> + <g id="figure_1"> + <g id="patch_1"> + <path d="M 0 596.577969 +L 712.8 596.577969 +L 712.8 0 +L 0 0 +z +" style="fill: #ffffff"/> + </g> + <g id="axes_1"> + <g id="line2d_1"> + <path d="M 356.4 521.477969 +L 152.312 453.577969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_2"> + <path d="M 356.4 521.477969 +L 560.488 453.577969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_3"> + <path d="M 356.4 521.477969 +L 356.4 152.877969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_4"> + <path d="M 356.4 521.477969 +L 152.312 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_5"> + <path d="M 356.4 521.477969 +L 560.488 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_6"> + <path d="M 356.4 521.477969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_7"> + <path d="M 356.4 521.477969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_8"> + <path d="M 152.312 453.577969 +L 560.488 453.577969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_9"> + <path d="M 152.312 453.577969 +L 356.4 152.877969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_10"> + <path d="M 152.312 453.577969 +L 152.312 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_11"> + <path d="M 152.312 453.577969 +L 560.488 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_12"> + <path d="M 152.312 453.577969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_13"> + <path d="M 152.312 453.577969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_14"> + <path d="M 560.488 453.577969 +L 356.4 152.877969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_15"> + <path d="M 560.488 453.577969 +L 152.312 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_16"> + <path d="M 560.488 453.577969 +L 560.488 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_17"> + <path d="M 560.488 453.577969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_18"> + <path d="M 560.488 453.577969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_19"> + <path d="M 356.4 152.877969 +L 152.312 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_20"> + <path d="M 356.4 152.877969 +L 560.488 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_21"> + <path d="M 356.4 152.877969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_22"> + <path d="M 356.4 152.877969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_23"> + <path d="M 152.312 220.777969 +L 560.488 220.777969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_24"> + <path d="M 152.312 220.777969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_25"> + <path d="M 152.312 220.777969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_26"> + <path d="M 560.488 220.777969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_27"> + <path d="M 560.488 220.777969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_28"> + <path d="M 67.825 337.177969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="line2d_29"> + <path d="M 181.8 60.727969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke-dasharray: 5.55,2.4; stroke-dashoffset: 0; stroke: #4169e1; stroke-opacity: 0.7; stroke-width: 1.5"/> + </g> + <g id="line2d_30"> + <path d="M 181.8 60.727969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke-dasharray: 5.55,2.4; stroke-dashoffset: 0; stroke: #4169e1; stroke-opacity: 0.7; stroke-width: 1.5"/> + </g> + <g id="line2d_31"> + <path d="M 531 60.727969 +L 67.825 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke-dasharray: 5.55,2.4; stroke-dashoffset: 0; stroke: #4169e1; stroke-opacity: 0.7; stroke-width: 1.5"/> + </g> + <g id="line2d_32"> + <path d="M 531 60.727969 +L 644.975 337.177969 +" clip-path="url(#pac2ac733d1)" style="fill: none; stroke-dasharray: 5.55,2.4; stroke-dashoffset: 0; stroke: #4169e1; stroke-opacity: 0.7; stroke-width: 1.5"/> + </g> + <g id="patch_2"> + <path d="M 356.4 545.727969 +C 362.831175 545.727969 368.999812 543.172836 373.547339 538.625308 +C 378.094867 534.077781 380.65 527.909144 380.65 521.477969 +C 380.65 515.046794 378.094867 508.878157 373.547339 504.330629 +C 368.999812 499.783102 362.831175 497.227969 356.4 497.227969 +C 349.968825 497.227969 343.800188 499.783102 339.252661 504.330629 +C 334.705133 508.878157 332.15 515.046794 332.15 521.477969 +C 332.15 527.909144 334.705133 534.077781 339.252661 538.625308 +C 343.800188 543.172836 349.968825 545.727969 356.4 545.727969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #ff6b6b; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_3"> + <path d="M 152.312 477.827969 +C 158.743175 477.827969 164.911812 475.272836 169.459339 470.725308 +C 174.006867 466.177781 176.562 460.009144 176.562 453.577969 +C 176.562 447.146794 174.006867 440.978157 169.459339 436.430629 +C 164.911812 431.883102 158.743175 429.327969 152.312 429.327969 +C 145.880825 429.327969 139.712188 431.883102 135.164661 436.430629 +C 130.617133 440.978157 128.062 447.146794 128.062 453.577969 +C 128.062 460.009144 130.617133 466.177781 135.164661 470.725308 +C 139.712188 475.272836 145.880825 477.827969 152.312 477.827969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #ff6b6b; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_4"> + <path d="M 560.488 477.827969 +C 566.919175 477.827969 573.087812 475.272836 577.635339 470.725308 +C 582.182867 466.177781 584.738 460.009144 584.738 453.577969 +C 584.738 447.146794 582.182867 440.978157 577.635339 436.430629 +C 573.087812 431.883102 566.919175 429.327969 560.488 429.327969 +C 554.056825 429.327969 547.888188 431.883102 543.340661 436.430629 +C 538.793133 440.978157 536.238 447.146794 536.238 453.577969 +C 536.238 460.009144 538.793133 466.177781 543.340661 470.725308 +C 547.888188 475.272836 554.056825 477.827969 560.488 477.827969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #ff6b6b; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_5"> + <path d="M 356.4 177.127969 +C 362.831175 177.127969 368.999812 174.572836 373.547339 170.025308 +C 378.094867 165.477781 380.65 159.309144 380.65 152.877969 +C 380.65 146.446794 378.094867 140.278157 373.547339 135.730629 +C 368.999812 131.183102 362.831175 128.627969 356.4 128.627969 +C 349.968825 128.627969 343.800188 131.183102 339.252661 135.730629 +C 334.705133 140.278157 332.15 146.446794 332.15 152.877969 +C 332.15 159.309144 334.705133 165.477781 339.252661 170.025308 +C 343.800188 174.572836 349.968825 177.127969 356.4 177.127969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #4ecdc4; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_6"> + <path d="M 152.312 245.027969 +C 158.743175 245.027969 164.911812 242.472836 169.459339 237.925308 +C 174.006867 233.377781 176.562 227.209144 176.562 220.777969 +C 176.562 214.346794 174.006867 208.178157 169.459339 203.630629 +C 164.911812 199.083102 158.743175 196.527969 152.312 196.527969 +C 145.880825 196.527969 139.712188 199.083102 135.164661 203.630629 +C 130.617133 208.178157 128.062 214.346794 128.062 220.777969 +C 128.062 227.209144 130.617133 233.377781 135.164661 237.925308 +C 139.712188 242.472836 145.880825 245.027969 152.312 245.027969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #4ecdc4; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_7"> + <path d="M 560.488 245.027969 +C 566.919175 245.027969 573.087812 242.472836 577.635339 237.925308 +C 582.182867 233.377781 584.738 227.209144 584.738 220.777969 +C 584.738 214.346794 582.182867 208.178157 577.635339 203.630629 +C 573.087812 199.083102 566.919175 196.527969 560.488 196.527969 +C 554.056825 196.527969 547.888188 199.083102 543.340661 203.630629 +C 538.793133 208.178157 536.238 214.346794 536.238 220.777969 +C 536.238 227.209144 538.793133 233.377781 543.340661 237.925308 +C 547.888188 242.472836 554.056825 245.027969 560.488 245.027969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #4ecdc4; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_8"> + <path d="M 67.825 361.427969 +C 74.256175 361.427969 80.424812 358.872836 84.972339 354.325308 +C 89.519867 349.777781 92.075 343.609144 92.075 337.177969 +C 92.075 330.746794 89.519867 324.578157 84.972339 320.030629 +C 80.424812 315.483102 74.256175 312.927969 67.825 312.927969 +C 61.393825 312.927969 55.225188 315.483102 50.677661 320.030629 +C 46.130133 324.578157 43.575 330.746794 43.575 337.177969 +C 43.575 343.609144 46.130133 349.777781 50.677661 354.325308 +C 55.225188 358.872836 61.393825 361.427969 67.825 361.427969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #ffd93d; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_9"> + <path d="M 644.975 361.427969 +C 651.406175 361.427969 657.574812 358.872836 662.122339 354.325308 +C 666.669867 349.777781 669.225 343.609144 669.225 337.177969 +C 669.225 330.746794 666.669867 324.578157 662.122339 320.030629 +C 657.574812 315.483102 651.406175 312.927969 644.975 312.927969 +C 638.543825 312.927969 632.375188 315.483102 627.827661 320.030629 +C 623.280133 324.578157 620.725 330.746794 620.725 337.177969 +C 620.725 343.609144 623.280133 349.777781 627.827661 354.325308 +C 632.375188 358.872836 638.543825 361.427969 644.975 361.427969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #ff6b6b; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_10"> + <path d="M 147.85 80.127969 +L 215.75 80.127969 +Q 220.6 80.127969 220.6 75.277969 +L 220.6 46.177969 +Q 220.6 41.327969 215.75 41.327969 +L 147.85 41.327969 +Q 143 41.327969 143 46.177969 +L 143 75.277969 +Q 143 80.127969 147.85 80.127969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #9b59b6; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="patch_11"> + <path d="M 497.05 80.127969 +L 564.95 80.127969 +Q 569.8 80.127969 569.8 75.277969 +L 569.8 46.177969 +Q 569.8 41.327969 564.95 41.327969 +L 497.05 41.327969 +Q 492.2 41.327969 492.2 46.177969 +L 492.2 75.277969 +Q 492.2 80.127969 497.05 80.127969 +z +" clip-path="url(#pac2ac733d1)" style="fill: #9b59b6; stroke: #000000; stroke-width: 2; stroke-linejoin: miter"/> + </g> + <g id="text_1"> + <!-- WireGuard Full Mesh Network with Roaming Clients --> + <g transform="translate(166.734062 17.077969) scale(0.13 -0.13)"> + <defs> + <path id="DejaVuSans-Bold-57" d="M 191 4666 +L 1344 4666 +L 2150 1275 +L 2950 4666 +L 4109 4666 +L 4909 1275 +L 5716 4666 +L 6859 4666 +L 5759 0 +L 4372 0 +L 3525 3547 +L 2688 0 +L 1300 0 +L 191 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-69" d="M 538 3500 +L 1656 3500 +L 1656 0 +L 538 0 +L 538 3500 +z +M 538 4863 +L 1656 4863 +L 1656 3950 +L 538 3950 +L 538 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-72" d="M 3138 2547 +Q 2991 2616 2845 2648 +Q 2700 2681 2553 2681 +Q 2122 2681 1889 2404 +Q 1656 2128 1656 1613 +L 1656 0 +L 538 0 +L 538 3500 +L 1656 3500 +L 1656 2925 +Q 1872 3269 2151 3426 +Q 2431 3584 2822 3584 +Q 2878 3584 2943 3579 +Q 3009 3575 3134 3559 +L 3138 2547 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-65" d="M 4031 1759 +L 4031 1441 +L 1416 1441 +Q 1456 1047 1700 850 +Q 1944 653 2381 653 +Q 2734 653 3104 758 +Q 3475 863 3866 1075 +L 3866 213 +Q 3469 63 3072 -14 +Q 2675 -91 2278 -91 +Q 1328 -91 801 392 +Q 275 875 275 1747 +Q 275 2603 792 3093 +Q 1309 3584 2216 3584 +Q 3041 3584 3536 3087 +Q 4031 2591 4031 1759 +z +M 2881 2131 +Q 2881 2450 2695 2645 +Q 2509 2841 2209 2841 +Q 1884 2841 1681 2658 +Q 1478 2475 1428 2131 +L 2881 2131 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-47" d="M 4781 347 +Q 4331 128 3847 18 +Q 3363 -91 2847 -91 +Q 1681 -91 1000 561 +Q 319 1213 319 2328 +Q 319 3456 1012 4103 +Q 1706 4750 2913 4750 +Q 3378 4750 3804 4662 +Q 4231 4575 4609 4403 +L 4609 3438 +Q 4219 3659 3833 3768 +Q 3447 3878 3059 3878 +Q 2341 3878 1952 3476 +Q 1563 3075 1563 2328 +Q 1563 1588 1938 1184 +Q 2313 781 3003 781 +Q 3191 781 3352 804 +Q 3513 828 3641 878 +L 3641 1784 +L 2906 1784 +L 2906 2591 +L 4781 2591 +L 4781 347 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-75" d="M 500 1363 +L 500 3500 +L 1625 3500 +L 1625 3150 +Q 1625 2866 1622 2436 +Q 1619 2006 1619 1863 +Q 1619 1441 1641 1255 +Q 1663 1069 1716 984 +Q 1784 875 1895 815 +Q 2006 756 2150 756 +Q 2500 756 2700 1025 +Q 2900 1294 2900 1772 +L 2900 3500 +L 4019 3500 +L 4019 0 +L 2900 0 +L 2900 506 +Q 2647 200 2364 54 +Q 2081 -91 1741 -91 +Q 1134 -91 817 281 +Q 500 653 500 1363 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-61" d="M 2106 1575 +Q 1756 1575 1579 1456 +Q 1403 1338 1403 1106 +Q 1403 894 1545 773 +Q 1688 653 1941 653 +Q 2256 653 2472 879 +Q 2688 1106 2688 1447 +L 2688 1575 +L 2106 1575 +z +M 3816 1997 +L 3816 0 +L 2688 0 +L 2688 519 +Q 2463 200 2181 54 +Q 1900 -91 1497 -91 +Q 953 -91 614 226 +Q 275 544 275 1050 +Q 275 1666 698 1953 +Q 1122 2241 2028 2241 +L 2688 2241 +L 2688 2328 +Q 2688 2594 2478 2717 +Q 2269 2841 1825 2841 +Q 1466 2841 1156 2769 +Q 847 2697 581 2553 +L 581 3406 +Q 941 3494 1303 3539 +Q 1666 3584 2028 3584 +Q 2975 3584 3395 3211 +Q 3816 2838 3816 1997 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-64" d="M 2919 2988 +L 2919 4863 +L 4044 4863 +L 4044 0 +L 2919 0 +L 2919 506 +Q 2688 197 2409 53 +Q 2131 -91 1766 -91 +Q 1119 -91 703 423 +Q 288 938 288 1747 +Q 288 2556 703 3070 +Q 1119 3584 1766 3584 +Q 2128 3584 2408 3439 +Q 2688 3294 2919 2988 +z +M 2181 722 +Q 2541 722 2730 984 +Q 2919 1247 2919 1747 +Q 2919 2247 2730 2509 +Q 2541 2772 2181 2772 +Q 1825 2772 1636 2509 +Q 1447 2247 1447 1747 +Q 1447 1247 1636 984 +Q 1825 722 2181 722 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-20" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-46" d="M 588 4666 +L 3834 4666 +L 3834 3756 +L 1791 3756 +L 1791 2888 +L 3713 2888 +L 3713 1978 +L 1791 1978 +L 1791 0 +L 588 0 +L 588 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-6c" d="M 538 4863 +L 1656 4863 +L 1656 0 +L 538 0 +L 538 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-4d" d="M 588 4666 +L 2119 4666 +L 3181 2169 +L 4250 4666 +L 5778 4666 +L 5778 0 +L 4641 0 +L 4641 3413 +L 3566 897 +L 2803 897 +L 1728 3413 +L 1728 0 +L 588 0 +L 588 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-73" d="M 3272 3391 +L 3272 2541 +Q 2913 2691 2578 2766 +Q 2244 2841 1947 2841 +Q 1628 2841 1473 2761 +Q 1319 2681 1319 2516 +Q 1319 2381 1436 2309 +Q 1553 2238 1856 2203 +L 2053 2175 +Q 2913 2066 3209 1816 +Q 3506 1566 3506 1031 +Q 3506 472 3093 190 +Q 2681 -91 1863 -91 +Q 1516 -91 1145 -36 +Q 775 19 384 128 +L 384 978 +Q 719 816 1070 734 +Q 1422 653 1784 653 +Q 2113 653 2278 743 +Q 2444 834 2444 1013 +Q 2444 1163 2330 1236 +Q 2216 1309 1875 1350 +L 1678 1375 +Q 931 1469 631 1722 +Q 331 1975 331 2491 +Q 331 3047 712 3315 +Q 1094 3584 1881 3584 +Q 2191 3584 2531 3537 +Q 2872 3491 3272 3391 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-68" d="M 4056 2131 +L 4056 0 +L 2931 0 +L 2931 347 +L 2931 1625 +Q 2931 2084 2911 2256 +Q 2891 2428 2841 2509 +Q 2775 2619 2662 2680 +Q 2550 2741 2406 2741 +Q 2056 2741 1856 2470 +Q 1656 2200 1656 1722 +L 1656 0 +L 538 0 +L 538 4863 +L 1656 4863 +L 1656 2988 +Q 1909 3294 2193 3439 +Q 2478 3584 2822 3584 +Q 3428 3584 3742 3212 +Q 4056 2841 4056 2131 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-4e" d="M 588 4666 +L 1931 4666 +L 3628 1466 +L 3628 4666 +L 4769 4666 +L 4769 0 +L 3425 0 +L 1728 3200 +L 1728 0 +L 588 0 +L 588 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-74" d="M 1759 4494 +L 1759 3500 +L 2913 3500 +L 2913 2700 +L 1759 2700 +L 1759 1216 +Q 1759 972 1856 886 +Q 1953 800 2241 800 +L 2816 800 +L 2816 0 +L 1856 0 +Q 1194 0 917 276 +Q 641 553 641 1216 +L 641 2700 +L 84 2700 +L 84 3500 +L 641 3500 +L 641 4494 +L 1759 4494 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-77" d="M 225 3500 +L 1313 3500 +L 1900 1088 +L 2491 3500 +L 3425 3500 +L 4013 1113 +L 4603 3500 +L 5691 3500 +L 4769 0 +L 3547 0 +L 2956 2406 +L 2369 0 +L 1147 0 +L 225 3500 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-6f" d="M 2203 2784 +Q 1831 2784 1636 2517 +Q 1441 2250 1441 1747 +Q 1441 1244 1636 976 +Q 1831 709 2203 709 +Q 2569 709 2762 976 +Q 2956 1244 2956 1747 +Q 2956 2250 2762 2517 +Q 2569 2784 2203 2784 +z +M 2203 3584 +Q 3106 3584 3614 3096 +Q 4122 2609 4122 1747 +Q 4122 884 3614 396 +Q 3106 -91 2203 -91 +Q 1297 -91 786 396 +Q 275 884 275 1747 +Q 275 2609 786 3096 +Q 1297 3584 2203 3584 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-6b" d="M 538 4863 +L 1656 4863 +L 1656 2216 +L 2944 3500 +L 4244 3500 +L 2534 1894 +L 4378 0 +L 3022 0 +L 1656 1459 +L 1656 0 +L 538 0 +L 538 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-52" d="M 2297 2597 +Q 2675 2597 2839 2737 +Q 3003 2878 3003 3200 +Q 3003 3519 2839 3656 +Q 2675 3794 2297 3794 +L 1791 3794 +L 1791 2597 +L 2297 2597 +z +M 1791 1766 +L 1791 0 +L 588 0 +L 588 4666 +L 2425 4666 +Q 3347 4666 3776 4356 +Q 4206 4047 4206 3378 +Q 4206 2916 3982 2619 +Q 3759 2322 3309 2181 +Q 3556 2125 3751 1926 +Q 3947 1728 4147 1325 +L 4800 0 +L 3519 0 +L 2950 1159 +Q 2778 1509 2601 1637 +Q 2425 1766 2131 1766 +L 1791 1766 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-6d" d="M 3781 2919 +Q 3994 3244 4286 3414 +Q 4578 3584 4928 3584 +Q 5531 3584 5847 3212 +Q 6163 2841 6163 2131 +L 6163 0 +L 5038 0 +L 5038 1825 +Q 5041 1866 5042 1909 +Q 5044 1953 5044 2034 +Q 5044 2406 4934 2573 +Q 4825 2741 4581 2741 +Q 4263 2741 4089 2478 +Q 3916 2216 3909 1719 +L 3909 0 +L 2784 0 +L 2784 1825 +Q 2784 2406 2684 2573 +Q 2584 2741 2328 2741 +Q 2006 2741 1831 2477 +Q 1656 2213 1656 1722 +L 1656 0 +L 531 0 +L 531 3500 +L 1656 3500 +L 1656 2988 +Q 1863 3284 2130 3434 +Q 2397 3584 2719 3584 +Q 3081 3584 3359 3409 +Q 3638 3234 3781 2919 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-6e" d="M 4056 2131 +L 4056 0 +L 2931 0 +L 2931 347 +L 2931 1631 +Q 2931 2084 2911 2256 +Q 2891 2428 2841 2509 +Q 2775 2619 2662 2680 +Q 2550 2741 2406 2741 +Q 2056 2741 1856 2470 +Q 1656 2200 1656 1722 +L 1656 0 +L 538 0 +L 538 3500 +L 1656 3500 +L 1656 2988 +Q 1909 3294 2193 3439 +Q 2478 3584 2822 3584 +Q 3428 3584 3742 3212 +Q 4056 2841 4056 2131 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-67" d="M 2919 594 +Q 2688 288 2409 144 +Q 2131 0 1766 0 +Q 1125 0 706 504 +Q 288 1009 288 1791 +Q 288 2575 706 3076 +Q 1125 3578 1766 3578 +Q 2131 3578 2409 3434 +Q 2688 3291 2919 2981 +L 2919 3500 +L 4044 3500 +L 4044 353 +Q 4044 -491 3511 -936 +Q 2978 -1381 1966 -1381 +Q 1638 -1381 1331 -1331 +Q 1025 -1281 716 -1178 +L 716 -306 +Q 1009 -475 1290 -558 +Q 1572 -641 1856 -641 +Q 2406 -641 2662 -400 +Q 2919 -159 2919 353 +L 2919 594 +z +M 2181 2772 +Q 1834 2772 1640 2515 +Q 1447 2259 1447 1791 +Q 1447 1309 1634 1061 +Q 1822 813 2181 813 +Q 2531 813 2725 1069 +Q 2919 1325 2919 1791 +Q 2919 2259 2725 2515 +Q 2531 2772 2181 2772 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-43" d="M 4288 256 +Q 3956 84 3597 -3 +Q 3238 -91 2847 -91 +Q 1681 -91 1000 561 +Q 319 1213 319 2328 +Q 319 3447 1000 4098 +Q 1681 4750 2847 4750 +Q 3238 4750 3597 4662 +Q 3956 4575 4288 4403 +L 4288 3438 +Q 3953 3666 3628 3772 +Q 3303 3878 2944 3878 +Q 2300 3878 1931 3465 +Q 1563 3053 1563 2328 +Q 1563 1606 1931 1193 +Q 2300 781 2944 781 +Q 3303 781 3628 887 +Q 3953 994 4288 1222 +L 4288 256 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-Bold-57"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(110.302734 0)"/> + <use xlink:href="#DejaVuSans-Bold-72" transform="translate(144.580078 0)"/> + <use xlink:href="#DejaVuSans-Bold-65" transform="translate(193.896484 0)"/> + <use xlink:href="#DejaVuSans-Bold-47" transform="translate(261.71875 0)"/> + <use xlink:href="#DejaVuSans-Bold-75" transform="translate(343.798828 0)"/> + <use xlink:href="#DejaVuSans-Bold-61" transform="translate(414.990234 0)"/> + <use xlink:href="#DejaVuSans-Bold-72" transform="translate(482.470703 0)"/> + <use xlink:href="#DejaVuSans-Bold-64" transform="translate(531.787109 0)"/> + <use xlink:href="#DejaVuSans-Bold-20" transform="translate(603.369141 0)"/> + <use xlink:href="#DejaVuSans-Bold-46" transform="translate(638.183594 0)"/> + <use xlink:href="#DejaVuSans-Bold-75" transform="translate(701.494141 0)"/> + <use xlink:href="#DejaVuSans-Bold-6c" transform="translate(772.685547 0)"/> + <use xlink:href="#DejaVuSans-Bold-6c" transform="translate(806.962891 0)"/> + <use xlink:href="#DejaVuSans-Bold-20" transform="translate(841.240234 0)"/> + <use xlink:href="#DejaVuSans-Bold-4d" transform="translate(876.054688 0)"/> + <use xlink:href="#DejaVuSans-Bold-65" transform="translate(975.566406 0)"/> + <use xlink:href="#DejaVuSans-Bold-73" transform="translate(1043.388672 0)"/> + <use xlink:href="#DejaVuSans-Bold-68" transform="translate(1102.910156 0)"/> + <use xlink:href="#DejaVuSans-Bold-20" transform="translate(1174.101562 0)"/> + <use xlink:href="#DejaVuSans-Bold-4e" transform="translate(1208.916016 0)"/> + <use xlink:href="#DejaVuSans-Bold-65" transform="translate(1292.607422 0)"/> + <use xlink:href="#DejaVuSans-Bold-74" transform="translate(1360.429688 0)"/> + <use xlink:href="#DejaVuSans-Bold-77" transform="translate(1408.232422 0)"/> + <use xlink:href="#DejaVuSans-Bold-6f" transform="translate(1500.615234 0)"/> + <use xlink:href="#DejaVuSans-Bold-72" transform="translate(1569.316406 0)"/> + <use xlink:href="#DejaVuSans-Bold-6b" transform="translate(1618.632812 0)"/> + <use xlink:href="#DejaVuSans-Bold-20" transform="translate(1685.136719 0)"/> + <use xlink:href="#DejaVuSans-Bold-77" transform="translate(1719.951172 0)"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(1812.333984 0)"/> + <use xlink:href="#DejaVuSans-Bold-74" transform="translate(1846.611328 0)"/> + <use xlink:href="#DejaVuSans-Bold-68" transform="translate(1894.414062 0)"/> + <use xlink:href="#DejaVuSans-Bold-20" transform="translate(1965.605469 0)"/> + <use xlink:href="#DejaVuSans-Bold-52" transform="translate(2000.419922 0)"/> + <use xlink:href="#DejaVuSans-Bold-6f" transform="translate(2077.421875 0)"/> + <use xlink:href="#DejaVuSans-Bold-61" transform="translate(2146.123047 0)"/> + <use xlink:href="#DejaVuSans-Bold-6d" transform="translate(2213.603516 0)"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(2317.802734 0)"/> + <use xlink:href="#DejaVuSans-Bold-6e" transform="translate(2352.080078 0)"/> + <use xlink:href="#DejaVuSans-Bold-67" transform="translate(2423.271484 0)"/> + <use xlink:href="#DejaVuSans-Bold-20" transform="translate(2494.853516 0)"/> + <use xlink:href="#DejaVuSans-Bold-43" transform="translate(2529.667969 0)"/> + <use xlink:href="#DejaVuSans-Bold-6c" transform="translate(2603.056641 0)"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(2637.333984 0)"/> + <use xlink:href="#DejaVuSans-Bold-65" transform="translate(2671.611328 0)"/> + <use xlink:href="#DejaVuSans-Bold-6e" transform="translate(2739.433594 0)"/> + <use xlink:href="#DejaVuSans-Bold-74" transform="translate(2810.625 0)"/> + <use xlink:href="#DejaVuSans-Bold-73" transform="translate(2858.427734 0)"/> + </g> + </g> + <g id="text_2"> + <!-- f0 --> + <g transform="translate(350.746094 524.237344) scale(0.1 -0.1)"> + <defs> + <path id="DejaVuSans-Bold-66" d="M 2841 4863 +L 2841 4128 +L 2222 4128 +Q 1984 4128 1890 4042 +Q 1797 3956 1797 3744 +L 1797 3500 +L 2753 3500 +L 2753 2700 +L 1797 2700 +L 1797 0 +L 678 0 +L 678 2700 +L 122 2700 +L 122 3500 +L 678 3500 +L 678 3744 +Q 678 4316 997 4589 +Q 1316 4863 1984 4863 +L 2841 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-30" d="M 2944 2338 +Q 2944 3213 2780 3570 +Q 2616 3928 2228 3928 +Q 1841 3928 1675 3570 +Q 1509 3213 1509 2338 +Q 1509 1453 1675 1090 +Q 1841 728 2228 728 +Q 2613 728 2778 1090 +Q 2944 1453 2944 2338 +z +M 4147 2328 +Q 4147 1169 3647 539 +Q 3147 -91 2228 -91 +Q 1306 -91 806 539 +Q 306 1169 306 2328 +Q 306 3491 806 4120 +Q 1306 4750 2228 4750 +Q 3147 4750 3647 4120 +Q 4147 3491 4147 2328 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-Bold-66"/> + <use xlink:href="#DejaVuSans-Bold-30" transform="translate(43.505859 0)"/> + </g> + </g> + <g id="text_3"> + <!-- f1 --> + <g transform="translate(146.658094 456.337344) scale(0.1 -0.1)"> + <defs> + <path id="DejaVuSans-Bold-31" d="M 750 831 +L 1813 831 +L 1813 3847 +L 722 3622 +L 722 4441 +L 1806 4666 +L 2950 4666 +L 2950 831 +L 4013 831 +L 4013 0 +L 750 0 +L 750 831 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-Bold-66"/> + <use xlink:href="#DejaVuSans-Bold-31" transform="translate(43.505859 0)"/> + </g> + </g> + <g id="text_4"> + <!-- f2 --> + <g transform="translate(554.834094 456.337344) scale(0.1 -0.1)"> + <defs> + <path id="DejaVuSans-Bold-32" d="M 1844 884 +L 3897 884 +L 3897 0 +L 506 0 +L 506 884 +L 2209 2388 +Q 2438 2594 2547 2791 +Q 2656 2988 2656 3200 +Q 2656 3528 2436 3728 +Q 2216 3928 1850 3928 +Q 1569 3928 1234 3808 +Q 900 3688 519 3450 +L 519 4475 +Q 925 4609 1322 4679 +Q 1719 4750 2100 4750 +Q 2938 4750 3402 4381 +Q 3866 4013 3866 3353 +Q 3866 2972 3669 2642 +Q 3472 2313 2841 1759 +L 1844 884 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-Bold-66"/> + <use xlink:href="#DejaVuSans-Bold-32" transform="translate(43.505859 0)"/> + </g> + </g> + <g id="text_5"> + <!-- r0 --> + <g transform="translate(350.455469 155.637344) scale(0.1 -0.1)"> + <use xlink:href="#DejaVuSans-Bold-72"/> + <use xlink:href="#DejaVuSans-Bold-30" transform="translate(49.316406 0)"/> + </g> + </g> + <g id="text_6"> + <!-- r1 --> + <g transform="translate(146.367469 223.537344) scale(0.1 -0.1)"> + <use xlink:href="#DejaVuSans-Bold-72"/> + <use xlink:href="#DejaVuSans-Bold-31" transform="translate(49.316406 0)"/> + </g> + </g> + <g id="text_7"> + <!-- r2 --> + <g transform="translate(554.543469 223.537344) scale(0.1 -0.1)"> + <use xlink:href="#DejaVuSans-Bold-72"/> + <use xlink:href="#DejaVuSans-Bold-32" transform="translate(49.316406 0)"/> + </g> + </g> + <g id="text_8"> + <!-- blowfish --> + <g transform="translate(44.053125 339.937344) scale(0.1 -0.1)"> + <defs> + <path id="DejaVuSans-Bold-62" d="M 2400 722 +Q 2759 722 2948 984 +Q 3138 1247 3138 1747 +Q 3138 2247 2948 2509 +Q 2759 2772 2400 2772 +Q 2041 2772 1848 2508 +Q 1656 2244 1656 1747 +Q 1656 1250 1848 986 +Q 2041 722 2400 722 +z +M 1656 2988 +Q 1888 3294 2169 3439 +Q 2450 3584 2816 3584 +Q 3463 3584 3878 3070 +Q 4294 2556 4294 1747 +Q 4294 938 3878 423 +Q 3463 -91 2816 -91 +Q 2450 -91 2169 54 +Q 1888 200 1656 506 +L 1656 0 +L 538 0 +L 538 4863 +L 1656 4863 +L 1656 2988 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-Bold-62"/> + <use xlink:href="#DejaVuSans-Bold-6c" transform="translate(71.582031 0)"/> + <use xlink:href="#DejaVuSans-Bold-6f" transform="translate(105.859375 0)"/> + <use xlink:href="#DejaVuSans-Bold-77" transform="translate(174.560547 0)"/> + <use xlink:href="#DejaVuSans-Bold-66" transform="translate(266.943359 0)"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(310.449219 0)"/> + <use xlink:href="#DejaVuSans-Bold-73" transform="translate(344.726562 0)"/> + <use xlink:href="#DejaVuSans-Bold-68" transform="translate(404.248047 0)"/> + </g> + </g> + <g id="text_9"> + <!-- fishfinger --> + <g transform="translate(617.666406 339.898281) scale(0.1 -0.1)"> + <use xlink:href="#DejaVuSans-Bold-66"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(43.505859 0)"/> + <use xlink:href="#DejaVuSans-Bold-73" transform="translate(77.783203 0)"/> + <use xlink:href="#DejaVuSans-Bold-68" transform="translate(137.304688 0)"/> + <use xlink:href="#DejaVuSans-Bold-66" transform="translate(208.496094 0)"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(252.001953 0)"/> + <use xlink:href="#DejaVuSans-Bold-6e" transform="translate(286.279297 0)"/> + <use xlink:href="#DejaVuSans-Bold-67" transform="translate(357.470703 0)"/> + <use xlink:href="#DejaVuSans-Bold-65" transform="translate(429.052734 0)"/> + <use xlink:href="#DejaVuSans-Bold-72" transform="translate(496.875 0)"/> + </g> + </g> + <g id="text_10"> + <!-- earth --> + <g style="fill: #ffffff" transform="translate(168.137578 63.211406) scale(0.09 -0.09)"> + <use xlink:href="#DejaVuSans-Bold-65"/> + <use xlink:href="#DejaVuSans-Bold-61" transform="translate(67.822266 0)"/> + <use xlink:href="#DejaVuSans-Bold-72" transform="translate(135.302734 0)"/> + <use xlink:href="#DejaVuSans-Bold-74" transform="translate(184.619141 0)"/> + <use xlink:href="#DejaVuSans-Bold-68" transform="translate(232.421875 0)"/> + </g> + </g> + <g id="text_11"> + <!-- pixel7pro --> + <g style="fill: #ffffff" transform="translate(507.076172 63.211406) scale(0.09 -0.09)"> + <defs> + <path id="DejaVuSans-Bold-70" d="M 1656 506 +L 1656 -1331 +L 538 -1331 +L 538 3500 +L 1656 3500 +L 1656 2988 +Q 1888 3294 2169 3439 +Q 2450 3584 2816 3584 +Q 3463 3584 3878 3070 +Q 4294 2556 4294 1747 +Q 4294 938 3878 423 +Q 3463 -91 2816 -91 +Q 2450 -91 2169 54 +Q 1888 200 1656 506 +z +M 2400 2772 +Q 2041 2772 1848 2508 +Q 1656 2244 1656 1747 +Q 1656 1250 1848 986 +Q 2041 722 2400 722 +Q 2759 722 2948 984 +Q 3138 1247 3138 1747 +Q 3138 2247 2948 2509 +Q 2759 2772 2400 2772 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-78" d="M 1422 1791 +L 159 3500 +L 1344 3500 +L 2059 2463 +L 2784 3500 +L 3969 3500 +L 2706 1797 +L 4031 0 +L 2847 0 +L 2059 1106 +L 1281 0 +L 97 0 +L 1422 1791 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-Bold-37" d="M 428 4666 +L 3944 4666 +L 3944 3988 +L 2125 0 +L 953 0 +L 2675 3781 +L 428 3781 +L 428 4666 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-Bold-70"/> + <use xlink:href="#DejaVuSans-Bold-69" transform="translate(71.582031 0)"/> + <use xlink:href="#DejaVuSans-Bold-78" transform="translate(105.859375 0)"/> + <use xlink:href="#DejaVuSans-Bold-65" transform="translate(170.361328 0)"/> + <use xlink:href="#DejaVuSans-Bold-6c" transform="translate(238.183594 0)"/> + <use xlink:href="#DejaVuSans-Bold-37" transform="translate(272.460938 0)"/> + <use xlink:href="#DejaVuSans-Bold-70" transform="translate(342.041016 0)"/> + <use xlink:href="#DejaVuSans-Bold-72" transform="translate(413.623047 0)"/> + <use xlink:href="#DejaVuSans-Bold-6f" transform="translate(462.939453 0)"/> + </g> + </g> + <g id="legend_1"> + <g id="patch_12"> + <path d="M 19.784 579.557969 +L 182.70775 579.557969 +Q 184.30775 579.557969 184.30775 577.957969 +L 184.30775 508.302969 +Q 184.30775 506.702969 182.70775 506.702969 +L 19.784 506.702969 +Q 18.184 506.702969 18.184 508.302969 +L 18.184 577.957969 +Q 18.184 579.557969 19.784 579.557969 +z +" style="fill: #ffffff; opacity: 0.98; stroke: #000000; stroke-linejoin: miter"/> + </g> + <g id="patch_13"> + <path d="M 21.384 515.981719 +L 37.384 515.981719 +L 37.384 510.381719 +L 21.384 510.381719 +z +" style="fill: #ff6b6b; stroke: #000000; stroke-linejoin: miter"/> + </g> + <g id="text_12"> + <!-- FreeBSD (f0-f2) --> + <g transform="translate(43.784 515.981719) scale(0.08 -0.08)"> + <defs> + <path id="DejaVuSans-46" d="M 628 4666 +L 3309 4666 +L 3309 4134 +L 1259 4134 +L 1259 2759 +L 3109 2759 +L 3109 2228 +L 1259 2228 +L 1259 0 +L 628 0 +L 628 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-72" d="M 2631 2963 +Q 2534 3019 2420 3045 +Q 2306 3072 2169 3072 +Q 1681 3072 1420 2755 +Q 1159 2438 1159 1844 +L 1159 0 +L 581 0 +L 581 3500 +L 1159 3500 +L 1159 2956 +Q 1341 3275 1631 3429 +Q 1922 3584 2338 3584 +Q 2397 3584 2469 3576 +Q 2541 3569 2628 3553 +L 2631 2963 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-65" d="M 3597 1894 +L 3597 1613 +L 953 1613 +Q 991 1019 1311 708 +Q 1631 397 2203 397 +Q 2534 397 2845 478 +Q 3156 559 3463 722 +L 3463 178 +Q 3153 47 2828 -22 +Q 2503 -91 2169 -91 +Q 1331 -91 842 396 +Q 353 884 353 1716 +Q 353 2575 817 3079 +Q 1281 3584 2069 3584 +Q 2775 3584 3186 3129 +Q 3597 2675 3597 1894 +z +M 3022 2063 +Q 3016 2534 2758 2815 +Q 2500 3097 2075 3097 +Q 1594 3097 1305 2825 +Q 1016 2553 972 2059 +L 3022 2063 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-42" d="M 1259 2228 +L 1259 519 +L 2272 519 +Q 2781 519 3026 730 +Q 3272 941 3272 1375 +Q 3272 1813 3026 2020 +Q 2781 2228 2272 2228 +L 1259 2228 +z +M 1259 4147 +L 1259 2741 +L 2194 2741 +Q 2656 2741 2882 2914 +Q 3109 3088 3109 3444 +Q 3109 3797 2882 3972 +Q 2656 4147 2194 4147 +L 1259 4147 +z +M 628 4666 +L 2241 4666 +Q 2963 4666 3353 4366 +Q 3744 4066 3744 3513 +Q 3744 3084 3544 2831 +Q 3344 2578 2956 2516 +Q 3422 2416 3680 2098 +Q 3938 1781 3938 1306 +Q 3938 681 3513 340 +Q 3088 0 2303 0 +L 628 0 +L 628 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-53" d="M 3425 4513 +L 3425 3897 +Q 3066 4069 2747 4153 +Q 2428 4238 2131 4238 +Q 1616 4238 1336 4038 +Q 1056 3838 1056 3469 +Q 1056 3159 1242 3001 +Q 1428 2844 1947 2747 +L 2328 2669 +Q 3034 2534 3370 2195 +Q 3706 1856 3706 1288 +Q 3706 609 3251 259 +Q 2797 -91 1919 -91 +Q 1588 -91 1214 -16 +Q 841 59 441 206 +L 441 856 +Q 825 641 1194 531 +Q 1563 422 1919 422 +Q 2459 422 2753 634 +Q 3047 847 3047 1241 +Q 3047 1584 2836 1778 +Q 2625 1972 2144 2069 +L 1759 2144 +Q 1053 2284 737 2584 +Q 422 2884 422 3419 +Q 422 4038 858 4394 +Q 1294 4750 2059 4750 +Q 2388 4750 2728 4690 +Q 3069 4631 3425 4513 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-44" d="M 1259 4147 +L 1259 519 +L 2022 519 +Q 2988 519 3436 956 +Q 3884 1394 3884 2338 +Q 3884 3275 3436 3711 +Q 2988 4147 2022 4147 +L 1259 4147 +z +M 628 4666 +L 1925 4666 +Q 3281 4666 3915 4102 +Q 4550 3538 4550 2338 +Q 4550 1131 3912 565 +Q 3275 0 1925 0 +L 628 0 +L 628 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-20" transform="scale(0.015625)"/> + <path id="DejaVuSans-28" d="M 1984 4856 +Q 1566 4138 1362 3434 +Q 1159 2731 1159 2009 +Q 1159 1288 1364 580 +Q 1569 -128 1984 -844 +L 1484 -844 +Q 1016 -109 783 600 +Q 550 1309 550 2009 +Q 550 2706 781 3412 +Q 1013 4119 1484 4856 +L 1984 4856 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-66" d="M 2375 4863 +L 2375 4384 +L 1825 4384 +Q 1516 4384 1395 4259 +Q 1275 4134 1275 3809 +L 1275 3500 +L 2222 3500 +L 2222 3053 +L 1275 3053 +L 1275 0 +L 697 0 +L 697 3053 +L 147 3053 +L 147 3500 +L 697 3500 +L 697 3744 +Q 697 4328 969 4595 +Q 1241 4863 1831 4863 +L 2375 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-30" d="M 2034 4250 +Q 1547 4250 1301 3770 +Q 1056 3291 1056 2328 +Q 1056 1369 1301 889 +Q 1547 409 2034 409 +Q 2525 409 2770 889 +Q 3016 1369 3016 2328 +Q 3016 3291 2770 3770 +Q 2525 4250 2034 4250 +z +M 2034 4750 +Q 2819 4750 3233 4129 +Q 3647 3509 3647 2328 +Q 3647 1150 3233 529 +Q 2819 -91 2034 -91 +Q 1250 -91 836 529 +Q 422 1150 422 2328 +Q 422 3509 836 4129 +Q 1250 4750 2034 4750 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-2d" d="M 313 2009 +L 1997 2009 +L 1997 1497 +L 313 1497 +L 313 2009 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-32" d="M 1228 531 +L 3431 531 +L 3431 0 +L 469 0 +L 469 531 +Q 828 903 1448 1529 +Q 2069 2156 2228 2338 +Q 2531 2678 2651 2914 +Q 2772 3150 2772 3378 +Q 2772 3750 2511 3984 +Q 2250 4219 1831 4219 +Q 1534 4219 1204 4116 +Q 875 4013 500 3803 +L 500 4441 +Q 881 4594 1212 4672 +Q 1544 4750 1819 4750 +Q 2544 4750 2975 4387 +Q 3406 4025 3406 3419 +Q 3406 3131 3298 2873 +Q 3191 2616 2906 2266 +Q 2828 2175 2409 1742 +Q 1991 1309 1228 531 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-29" d="M 513 4856 +L 1013 4856 +Q 1481 4119 1714 3412 +Q 1947 2706 1947 2009 +Q 1947 1309 1714 600 +Q 1481 -109 1013 -844 +L 513 -844 +Q 928 -128 1133 580 +Q 1338 1288 1338 2009 +Q 1338 2731 1133 3434 +Q 928 4138 513 4856 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-46"/> + <use xlink:href="#DejaVuSans-72" transform="translate(50.269531 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(89.132812 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(150.65625 0)"/> + <use xlink:href="#DejaVuSans-42" transform="translate(212.179688 0)"/> + <use xlink:href="#DejaVuSans-53" transform="translate(279.033203 0)"/> + <use xlink:href="#DejaVuSans-44" transform="translate(342.509766 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(419.511719 0)"/> + <use xlink:href="#DejaVuSans-28" transform="translate(451.298828 0)"/> + <use xlink:href="#DejaVuSans-66" transform="translate(490.3125 0)"/> + <use xlink:href="#DejaVuSans-30" transform="translate(525.517578 0)"/> + <use xlink:href="#DejaVuSans-2d" transform="translate(589.140625 0)"/> + <use xlink:href="#DejaVuSans-66" transform="translate(625.224609 0)"/> + <use xlink:href="#DejaVuSans-32" transform="translate(660.429688 0)"/> + <use xlink:href="#DejaVuSans-29" transform="translate(724.052734 0)"/> + </g> + </g> + <g id="patch_14"> + <path d="M 21.384 527.724219 +L 37.384 527.724219 +L 37.384 522.124219 +L 21.384 522.124219 +z +" style="fill: #4ecdc4; stroke: #000000; stroke-linejoin: miter"/> + </g> + <g id="text_13"> + <!-- Rocky Linux (r0-r2) --> + <g transform="translate(43.784 527.724219) scale(0.08 -0.08)"> + <defs> + <path id="DejaVuSans-52" d="M 2841 2188 +Q 3044 2119 3236 1894 +Q 3428 1669 3622 1275 +L 4263 0 +L 3584 0 +L 2988 1197 +Q 2756 1666 2539 1819 +Q 2322 1972 1947 1972 +L 1259 1972 +L 1259 0 +L 628 0 +L 628 4666 +L 2053 4666 +Q 2853 4666 3247 4331 +Q 3641 3997 3641 3322 +Q 3641 2881 3436 2590 +Q 3231 2300 2841 2188 +z +M 1259 4147 +L 1259 2491 +L 2053 2491 +Q 2509 2491 2742 2702 +Q 2975 2913 2975 3322 +Q 2975 3731 2742 3939 +Q 2509 4147 2053 4147 +L 1259 4147 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-6f" d="M 1959 3097 +Q 1497 3097 1228 2736 +Q 959 2375 959 1747 +Q 959 1119 1226 758 +Q 1494 397 1959 397 +Q 2419 397 2687 759 +Q 2956 1122 2956 1747 +Q 2956 2369 2687 2733 +Q 2419 3097 1959 3097 +z +M 1959 3584 +Q 2709 3584 3137 3096 +Q 3566 2609 3566 1747 +Q 3566 888 3137 398 +Q 2709 -91 1959 -91 +Q 1206 -91 779 398 +Q 353 888 353 1747 +Q 353 2609 779 3096 +Q 1206 3584 1959 3584 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-63" d="M 3122 3366 +L 3122 2828 +Q 2878 2963 2633 3030 +Q 2388 3097 2138 3097 +Q 1578 3097 1268 2742 +Q 959 2388 959 1747 +Q 959 1106 1268 751 +Q 1578 397 2138 397 +Q 2388 397 2633 464 +Q 2878 531 3122 666 +L 3122 134 +Q 2881 22 2623 -34 +Q 2366 -91 2075 -91 +Q 1284 -91 818 406 +Q 353 903 353 1747 +Q 353 2603 823 3093 +Q 1294 3584 2113 3584 +Q 2378 3584 2631 3529 +Q 2884 3475 3122 3366 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-6b" d="M 581 4863 +L 1159 4863 +L 1159 1991 +L 2875 3500 +L 3609 3500 +L 1753 1863 +L 3688 0 +L 2938 0 +L 1159 1709 +L 1159 0 +L 581 0 +L 581 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-79" d="M 2059 -325 +Q 1816 -950 1584 -1140 +Q 1353 -1331 966 -1331 +L 506 -1331 +L 506 -850 +L 844 -850 +Q 1081 -850 1212 -737 +Q 1344 -625 1503 -206 +L 1606 56 +L 191 3500 +L 800 3500 +L 1894 763 +L 2988 3500 +L 3597 3500 +L 2059 -325 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-4c" d="M 628 4666 +L 1259 4666 +L 1259 531 +L 3531 531 +L 3531 0 +L 628 0 +L 628 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-69" d="M 603 3500 +L 1178 3500 +L 1178 0 +L 603 0 +L 603 3500 +z +M 603 4863 +L 1178 4863 +L 1178 4134 +L 603 4134 +L 603 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-6e" d="M 3513 2113 +L 3513 0 +L 2938 0 +L 2938 2094 +Q 2938 2591 2744 2837 +Q 2550 3084 2163 3084 +Q 1697 3084 1428 2787 +Q 1159 2491 1159 1978 +L 1159 0 +L 581 0 +L 581 3500 +L 1159 3500 +L 1159 2956 +Q 1366 3272 1645 3428 +Q 1925 3584 2291 3584 +Q 2894 3584 3203 3211 +Q 3513 2838 3513 2113 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-75" d="M 544 1381 +L 544 3500 +L 1119 3500 +L 1119 1403 +Q 1119 906 1312 657 +Q 1506 409 1894 409 +Q 2359 409 2629 706 +Q 2900 1003 2900 1516 +L 2900 3500 +L 3475 3500 +L 3475 0 +L 2900 0 +L 2900 538 +Q 2691 219 2414 64 +Q 2138 -91 1772 -91 +Q 1169 -91 856 284 +Q 544 659 544 1381 +z +M 1991 3584 +L 1991 3584 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-78" d="M 3513 3500 +L 2247 1797 +L 3578 0 +L 2900 0 +L 1881 1375 +L 863 0 +L 184 0 +L 1544 1831 +L 300 3500 +L 978 3500 +L 1906 2253 +L 2834 3500 +L 3513 3500 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-52"/> + <use xlink:href="#DejaVuSans-6f" transform="translate(64.982422 0)"/> + <use xlink:href="#DejaVuSans-63" transform="translate(126.164062 0)"/> + <use xlink:href="#DejaVuSans-6b" transform="translate(181.144531 0)"/> + <use xlink:href="#DejaVuSans-79" transform="translate(235.429688 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(294.609375 0)"/> + <use xlink:href="#DejaVuSans-4c" transform="translate(326.396484 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(382.109375 0)"/> + <use xlink:href="#DejaVuSans-6e" transform="translate(409.892578 0)"/> + <use xlink:href="#DejaVuSans-75" transform="translate(473.271484 0)"/> + <use xlink:href="#DejaVuSans-78" transform="translate(536.650391 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(595.830078 0)"/> + <use xlink:href="#DejaVuSans-28" transform="translate(627.617188 0)"/> + <use xlink:href="#DejaVuSans-72" transform="translate(666.630859 0)"/> + <use xlink:href="#DejaVuSans-30" transform="translate(707.744141 0)"/> + <use xlink:href="#DejaVuSans-2d" transform="translate(771.367188 0)"/> + <use xlink:href="#DejaVuSans-72" transform="translate(807.451172 0)"/> + <use xlink:href="#DejaVuSans-32" transform="translate(848.564453 0)"/> + <use xlink:href="#DejaVuSans-29" transform="translate(912.1875 0)"/> + </g> + </g> + <g id="patch_15"> + <path d="M 21.384 539.466719 +L 37.384 539.466719 +L 37.384 533.866719 +L 21.384 533.866719 +z +" style="fill: #ffd93d; stroke: #000000; stroke-linejoin: miter"/> + </g> + <g id="text_14"> + <!-- OpenBSD (blowfish, fishfinger) --> + <g transform="translate(43.784 539.466719) scale(0.08 -0.08)"> + <defs> + <path id="DejaVuSans-4f" d="M 2522 4238 +Q 1834 4238 1429 3725 +Q 1025 3213 1025 2328 +Q 1025 1447 1429 934 +Q 1834 422 2522 422 +Q 3209 422 3611 934 +Q 4013 1447 4013 2328 +Q 4013 3213 3611 3725 +Q 3209 4238 2522 4238 +z +M 2522 4750 +Q 3503 4750 4090 4092 +Q 4678 3434 4678 2328 +Q 4678 1225 4090 567 +Q 3503 -91 2522 -91 +Q 1538 -91 948 565 +Q 359 1222 359 2328 +Q 359 3434 948 4092 +Q 1538 4750 2522 4750 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-70" d="M 1159 525 +L 1159 -1331 +L 581 -1331 +L 581 3500 +L 1159 3500 +L 1159 2969 +Q 1341 3281 1617 3432 +Q 1894 3584 2278 3584 +Q 2916 3584 3314 3078 +Q 3713 2572 3713 1747 +Q 3713 922 3314 415 +Q 2916 -91 2278 -91 +Q 1894 -91 1617 61 +Q 1341 213 1159 525 +z +M 3116 1747 +Q 3116 2381 2855 2742 +Q 2594 3103 2138 3103 +Q 1681 3103 1420 2742 +Q 1159 2381 1159 1747 +Q 1159 1113 1420 752 +Q 1681 391 2138 391 +Q 2594 391 2855 752 +Q 3116 1113 3116 1747 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-62" d="M 3116 1747 +Q 3116 2381 2855 2742 +Q 2594 3103 2138 3103 +Q 1681 3103 1420 2742 +Q 1159 2381 1159 1747 +Q 1159 1113 1420 752 +Q 1681 391 2138 391 +Q 2594 391 2855 752 +Q 3116 1113 3116 1747 +z +M 1159 2969 +Q 1341 3281 1617 3432 +Q 1894 3584 2278 3584 +Q 2916 3584 3314 3078 +Q 3713 2572 3713 1747 +Q 3713 922 3314 415 +Q 2916 -91 2278 -91 +Q 1894 -91 1617 61 +Q 1341 213 1159 525 +L 1159 0 +L 581 0 +L 581 4863 +L 1159 4863 +L 1159 2969 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-6c" d="M 603 4863 +L 1178 4863 +L 1178 0 +L 603 0 +L 603 4863 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-77" d="M 269 3500 +L 844 3500 +L 1563 769 +L 2278 3500 +L 2956 3500 +L 3675 769 +L 4391 3500 +L 4966 3500 +L 4050 0 +L 3372 0 +L 2619 2869 +L 1863 0 +L 1184 0 +L 269 3500 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-73" d="M 2834 3397 +L 2834 2853 +Q 2591 2978 2328 3040 +Q 2066 3103 1784 3103 +Q 1356 3103 1142 2972 +Q 928 2841 928 2578 +Q 928 2378 1081 2264 +Q 1234 2150 1697 2047 +L 1894 2003 +Q 2506 1872 2764 1633 +Q 3022 1394 3022 966 +Q 3022 478 2636 193 +Q 2250 -91 1575 -91 +Q 1294 -91 989 -36 +Q 684 19 347 128 +L 347 722 +Q 666 556 975 473 +Q 1284 391 1588 391 +Q 1994 391 2212 530 +Q 2431 669 2431 922 +Q 2431 1156 2273 1281 +Q 2116 1406 1581 1522 +L 1381 1569 +Q 847 1681 609 1914 +Q 372 2147 372 2553 +Q 372 3047 722 3315 +Q 1072 3584 1716 3584 +Q 2034 3584 2315 3537 +Q 2597 3491 2834 3397 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-68" d="M 3513 2113 +L 3513 0 +L 2938 0 +L 2938 2094 +Q 2938 2591 2744 2837 +Q 2550 3084 2163 3084 +Q 1697 3084 1428 2787 +Q 1159 2491 1159 1978 +L 1159 0 +L 581 0 +L 581 4863 +L 1159 4863 +L 1159 2956 +Q 1366 3272 1645 3428 +Q 1925 3584 2291 3584 +Q 2894 3584 3203 3211 +Q 3513 2838 3513 2113 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-2c" d="M 750 794 +L 1409 794 +L 1409 256 +L 897 -744 +L 494 -744 +L 750 256 +L 750 794 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-67" d="M 2906 1791 +Q 2906 2416 2648 2759 +Q 2391 3103 1925 3103 +Q 1463 3103 1205 2759 +Q 947 2416 947 1791 +Q 947 1169 1205 825 +Q 1463 481 1925 481 +Q 2391 481 2648 825 +Q 2906 1169 2906 1791 +z +M 3481 434 +Q 3481 -459 3084 -895 +Q 2688 -1331 1869 -1331 +Q 1566 -1331 1297 -1286 +Q 1028 -1241 775 -1147 +L 775 -588 +Q 1028 -725 1275 -790 +Q 1522 -856 1778 -856 +Q 2344 -856 2625 -561 +Q 2906 -266 2906 331 +L 2906 616 +Q 2728 306 2450 153 +Q 2172 0 1784 0 +Q 1141 0 747 490 +Q 353 981 353 1791 +Q 353 2603 747 3093 +Q 1141 3584 1784 3584 +Q 2172 3584 2450 3431 +Q 2728 3278 2906 2969 +L 2906 3500 +L 3481 3500 +L 3481 434 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-4f"/> + <use xlink:href="#DejaVuSans-70" transform="translate(78.710938 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(142.1875 0)"/> + <use xlink:href="#DejaVuSans-6e" transform="translate(203.710938 0)"/> + <use xlink:href="#DejaVuSans-42" transform="translate(267.089844 0)"/> + <use xlink:href="#DejaVuSans-53" transform="translate(333.943359 0)"/> + <use xlink:href="#DejaVuSans-44" transform="translate(397.419922 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(474.421875 0)"/> + <use xlink:href="#DejaVuSans-28" transform="translate(506.208984 0)"/> + <use xlink:href="#DejaVuSans-62" transform="translate(545.222656 0)"/> + <use xlink:href="#DejaVuSans-6c" transform="translate(608.699219 0)"/> + <use xlink:href="#DejaVuSans-6f" transform="translate(636.482422 0)"/> + <use xlink:href="#DejaVuSans-77" transform="translate(697.664062 0)"/> + <use xlink:href="#DejaVuSans-66" transform="translate(779.451172 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(814.65625 0)"/> + <use xlink:href="#DejaVuSans-73" transform="translate(842.439453 0)"/> + <use xlink:href="#DejaVuSans-68" transform="translate(894.539062 0)"/> + <use xlink:href="#DejaVuSans-2c" transform="translate(957.917969 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(989.705078 0)"/> + <use xlink:href="#DejaVuSans-66" transform="translate(1021.492188 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(1056.697266 0)"/> + <use xlink:href="#DejaVuSans-73" transform="translate(1084.480469 0)"/> + <use xlink:href="#DejaVuSans-68" transform="translate(1136.580078 0)"/> + <use xlink:href="#DejaVuSans-66" transform="translate(1199.958984 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(1235.164062 0)"/> + <use xlink:href="#DejaVuSans-6e" transform="translate(1262.947266 0)"/> + <use xlink:href="#DejaVuSans-67" transform="translate(1326.326172 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(1389.802734 0)"/> + <use xlink:href="#DejaVuSans-72" transform="translate(1451.326172 0)"/> + <use xlink:href="#DejaVuSans-29" transform="translate(1492.439453 0)"/> + </g> + </g> + <g id="patch_16"> + <path d="M 21.384 551.209219 +L 37.384 551.209219 +L 37.384 545.609219 +L 21.384 545.609219 +z +" style="fill: #9b59b6; stroke: #000000; stroke-linejoin: miter"/> + </g> + <g id="text_15"> + <!-- Roaming Clients (earth, pixel7pro) --> + <g transform="translate(43.784 551.209219) scale(0.08 -0.08)"> + <defs> + <path id="DejaVuSans-61" d="M 2194 1759 +Q 1497 1759 1228 1600 +Q 959 1441 959 1056 +Q 959 750 1161 570 +Q 1363 391 1709 391 +Q 2188 391 2477 730 +Q 2766 1069 2766 1631 +L 2766 1759 +L 2194 1759 +z +M 3341 1997 +L 3341 0 +L 2766 0 +L 2766 531 +Q 2569 213 2275 61 +Q 1981 -91 1556 -91 +Q 1019 -91 701 211 +Q 384 513 384 1019 +Q 384 1609 779 1909 +Q 1175 2209 1959 2209 +L 2766 2209 +L 2766 2266 +Q 2766 2663 2505 2880 +Q 2244 3097 1772 3097 +Q 1472 3097 1187 3025 +Q 903 2953 641 2809 +L 641 3341 +Q 956 3463 1253 3523 +Q 1550 3584 1831 3584 +Q 2591 3584 2966 3190 +Q 3341 2797 3341 1997 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-6d" d="M 3328 2828 +Q 3544 3216 3844 3400 +Q 4144 3584 4550 3584 +Q 5097 3584 5394 3201 +Q 5691 2819 5691 2113 +L 5691 0 +L 5113 0 +L 5113 2094 +Q 5113 2597 4934 2840 +Q 4756 3084 4391 3084 +Q 3944 3084 3684 2787 +Q 3425 2491 3425 1978 +L 3425 0 +L 2847 0 +L 2847 2094 +Q 2847 2600 2669 2842 +Q 2491 3084 2119 3084 +Q 1678 3084 1418 2786 +Q 1159 2488 1159 1978 +L 1159 0 +L 581 0 +L 581 3500 +L 1159 3500 +L 1159 2956 +Q 1356 3278 1631 3431 +Q 1906 3584 2284 3584 +Q 2666 3584 2933 3390 +Q 3200 3197 3328 2828 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-43" d="M 4122 4306 +L 4122 3641 +Q 3803 3938 3442 4084 +Q 3081 4231 2675 4231 +Q 1875 4231 1450 3742 +Q 1025 3253 1025 2328 +Q 1025 1406 1450 917 +Q 1875 428 2675 428 +Q 3081 428 3442 575 +Q 3803 722 4122 1019 +L 4122 359 +Q 3791 134 3420 21 +Q 3050 -91 2638 -91 +Q 1578 -91 968 557 +Q 359 1206 359 2328 +Q 359 3453 968 4101 +Q 1578 4750 2638 4750 +Q 3056 4750 3426 4639 +Q 3797 4528 4122 4306 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-74" d="M 1172 4494 +L 1172 3500 +L 2356 3500 +L 2356 3053 +L 1172 3053 +L 1172 1153 +Q 1172 725 1289 603 +Q 1406 481 1766 481 +L 2356 481 +L 2356 0 +L 1766 0 +Q 1100 0 847 248 +Q 594 497 594 1153 +L 594 3053 +L 172 3053 +L 172 3500 +L 594 3500 +L 594 4494 +L 1172 4494 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-37" d="M 525 4666 +L 3525 4666 +L 3525 4397 +L 1831 0 +L 1172 0 +L 2766 4134 +L 525 4134 +L 525 4666 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-52"/> + <use xlink:href="#DejaVuSans-6f" transform="translate(64.982422 0)"/> + <use xlink:href="#DejaVuSans-61" transform="translate(126.164062 0)"/> + <use xlink:href="#DejaVuSans-6d" transform="translate(187.443359 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(284.855469 0)"/> + <use xlink:href="#DejaVuSans-6e" transform="translate(312.638672 0)"/> + <use xlink:href="#DejaVuSans-67" transform="translate(376.017578 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(439.494141 0)"/> + <use xlink:href="#DejaVuSans-43" transform="translate(471.28125 0)"/> + <use xlink:href="#DejaVuSans-6c" transform="translate(541.105469 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(568.888672 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(596.671875 0)"/> + <use xlink:href="#DejaVuSans-6e" transform="translate(658.195312 0)"/> + <use xlink:href="#DejaVuSans-74" transform="translate(721.574219 0)"/> + <use xlink:href="#DejaVuSans-73" transform="translate(760.783203 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(812.882812 0)"/> + <use xlink:href="#DejaVuSans-28" transform="translate(844.669922 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(883.683594 0)"/> + <use xlink:href="#DejaVuSans-61" transform="translate(945.207031 0)"/> + <use xlink:href="#DejaVuSans-72" transform="translate(1006.486328 0)"/> + <use xlink:href="#DejaVuSans-74" transform="translate(1047.599609 0)"/> + <use xlink:href="#DejaVuSans-68" transform="translate(1086.808594 0)"/> + <use xlink:href="#DejaVuSans-2c" transform="translate(1150.1875 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(1181.974609 0)"/> + <use xlink:href="#DejaVuSans-70" transform="translate(1213.761719 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(1277.238281 0)"/> + <use xlink:href="#DejaVuSans-78" transform="translate(1305.021484 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(1361.076172 0)"/> + <use xlink:href="#DejaVuSans-6c" transform="translate(1422.599609 0)"/> + <use xlink:href="#DejaVuSans-37" transform="translate(1450.382812 0)"/> + <use xlink:href="#DejaVuSans-70" transform="translate(1514.005859 0)"/> + <use xlink:href="#DejaVuSans-72" transform="translate(1577.482422 0)"/> + <use xlink:href="#DejaVuSans-6f" transform="translate(1616.345703 0)"/> + <use xlink:href="#DejaVuSans-29" transform="translate(1677.527344 0)"/> + </g> + </g> + <g id="line2d_33"> + <path d="M 21.384 560.151719 +L 29.384 560.151719 +L 37.384 560.151719 +" style="fill: none; stroke: #808080; stroke-linecap: square"/> + </g> + <g id="text_16"> + <!-- Full Mesh VPN --> + <g transform="translate(43.784 562.951719) scale(0.08 -0.08)"> + <defs> + <path id="DejaVuSans-4d" d="M 628 4666 +L 1569 4666 +L 2759 1491 +L 3956 4666 +L 4897 4666 +L 4897 0 +L 4281 0 +L 4281 4097 +L 3078 897 +L 2444 897 +L 1241 4097 +L 1241 0 +L 628 0 +L 628 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-56" d="M 1831 0 +L 50 4666 +L 709 4666 +L 2188 738 +L 3669 4666 +L 4325 4666 +L 2547 0 +L 1831 0 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-50" d="M 1259 4147 +L 1259 2394 +L 2053 2394 +Q 2494 2394 2734 2622 +Q 2975 2850 2975 3272 +Q 2975 3691 2734 3919 +Q 2494 4147 2053 4147 +L 1259 4147 +z +M 628 4666 +L 2053 4666 +Q 2838 4666 3239 4311 +Q 3641 3956 3641 3272 +Q 3641 2581 3239 2228 +Q 2838 1875 2053 1875 +L 1259 1875 +L 1259 0 +L 628 0 +L 628 4666 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-4e" d="M 628 4666 +L 1478 4666 +L 3547 763 +L 3547 4666 +L 4159 4666 +L 4159 0 +L 3309 0 +L 1241 3903 +L 1241 0 +L 628 0 +L 628 4666 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-46"/> + <use xlink:href="#DejaVuSans-75" transform="translate(52.019531 0)"/> + <use xlink:href="#DejaVuSans-6c" transform="translate(115.398438 0)"/> + <use xlink:href="#DejaVuSans-6c" transform="translate(143.181641 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(170.964844 0)"/> + <use xlink:href="#DejaVuSans-4d" transform="translate(202.751953 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(289.03125 0)"/> + <use xlink:href="#DejaVuSans-73" transform="translate(350.554688 0)"/> + <use xlink:href="#DejaVuSans-68" transform="translate(402.654297 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(466.033203 0)"/> + <use xlink:href="#DejaVuSans-56" transform="translate(497.820312 0)"/> + <use xlink:href="#DejaVuSans-50" transform="translate(566.228516 0)"/> + <use xlink:href="#DejaVuSans-4e" transform="translate(626.53125 0)"/> + </g> + </g> + <g id="line2d_34"> + <path d="M 21.384 571.894219 +L 29.384 571.894219 +L 37.384 571.894219 +" style="fill: none; stroke-dasharray: 5.55,2.4; stroke-dashoffset: 0; stroke: #4169e1; stroke-width: 1.5"/> + </g> + <g id="text_17"> + <!-- Client → Gateway VPN --> + <g transform="translate(43.784 574.694219) scale(0.08 -0.08)"> + <defs> + <path id="DejaVuSans-2192" d="M 5050 2147 +L 5050 1866 +L 3822 638 +L 3447 1013 +L 4175 1741 +L 366 1741 +L 366 2272 +L 4175 2272 +L 3447 3000 +L 3822 3375 +L 5050 2147 +z +" transform="scale(0.015625)"/> + <path id="DejaVuSans-47" d="M 3809 666 +L 3809 1919 +L 2778 1919 +L 2778 2438 +L 4434 2438 +L 4434 434 +Q 4069 175 3628 42 +Q 3188 -91 2688 -91 +Q 1594 -91 976 548 +Q 359 1188 359 2328 +Q 359 3472 976 4111 +Q 1594 4750 2688 4750 +Q 3144 4750 3555 4637 +Q 3966 4525 4313 4306 +L 4313 3634 +Q 3963 3931 3569 4081 +Q 3175 4231 2741 4231 +Q 1884 4231 1454 3753 +Q 1025 3275 1025 2328 +Q 1025 1384 1454 906 +Q 1884 428 2741 428 +Q 3075 428 3337 486 +Q 3600 544 3809 666 +z +" transform="scale(0.015625)"/> + </defs> + <use xlink:href="#DejaVuSans-43"/> + <use xlink:href="#DejaVuSans-6c" transform="translate(69.824219 0)"/> + <use xlink:href="#DejaVuSans-69" transform="translate(97.607422 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(125.390625 0)"/> + <use xlink:href="#DejaVuSans-6e" transform="translate(186.914062 0)"/> + <use xlink:href="#DejaVuSans-74" transform="translate(250.292969 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(289.501953 0)"/> + <use xlink:href="#DejaVuSans-2192" transform="translate(321.289062 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(405.078125 0)"/> + <use xlink:href="#DejaVuSans-47" transform="translate(436.865234 0)"/> + <use xlink:href="#DejaVuSans-61" transform="translate(514.355469 0)"/> + <use xlink:href="#DejaVuSans-74" transform="translate(575.634766 0)"/> + <use xlink:href="#DejaVuSans-65" transform="translate(614.84375 0)"/> + <use xlink:href="#DejaVuSans-77" transform="translate(676.367188 0)"/> + <use xlink:href="#DejaVuSans-61" transform="translate(758.154297 0)"/> + <use xlink:href="#DejaVuSans-79" transform="translate(819.433594 0)"/> + <use xlink:href="#DejaVuSans-20" transform="translate(878.613281 0)"/> + <use xlink:href="#DejaVuSans-56" transform="translate(910.400391 0)"/> + <use xlink:href="#DejaVuSans-50" transform="translate(978.808594 0)"/> + <use xlink:href="#DejaVuSans-4e" transform="translate(1039.111328 0)"/> + </g> + </g> + </g> + </g> + </g> + <defs> + <clipPath id="pac2ac733d1"> + <rect x="7.2" y="7.377969" width="698.4" height="582"/> + </clipPath> + </defs> +</svg> diff --git a/gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg b/gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg deleted file mode 100644 index f2f4f359..00000000 --- a/gemfeed/f3s-kubernetes-with-freebsd-part-5/wireguard-full-mesh.svg +++ /dev/null @@ -1,772 +0,0 @@ -<?xml version="1.0" encoding="utf-8" standalone="no"?> -<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" - "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> -<svg xmlns:xlink="http://www.w3.org/1999/xlink" width="720pt" height="576pt" viewBox="0 0 720 576" xmlns="http://www.w3.org/2000/svg" version="1.1"> - <metadata> - <rdf:RDF xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> - <cc:Work> - <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/> - <dc:date>2025-05-04T06:41:23.234045</dc:date> - <dc:format>image/svg+xml</dc:format> - <dc:creator> - <cc:Agent> - <dc:title>Matplotlib v3.6.3, https://matplotlib.org/</dc:title> - </cc:Agent> - </dc:creator> - </cc:Work> - </rdf:RDF> - </metadata> - <defs> - <style type="text/css">*{stroke-linejoin: round; stroke-linecap: butt}</style> - </defs> - <g id="figure_1"> - <g id="patch_1"> - <path d="M 0 576 -L 720 576 -L 720 0 -L 0 0 -z -" style="fill: #ffffff"/> - </g> - <g id="axes_1"> - <g id="LineCollection_1"> - <path d="M 657.520661 288 -L 570.378873 119.696901 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 657.520661 288 -L 359.999987 49.983471 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 657.520661 288 -L 149.621127 119.696901 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 657.520661 288 -L 62.479339 288.000021 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 657.520661 288 -L 149.621109 456.303085 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 657.520661 288 -L 360.000004 526.016529 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 657.520661 288 -L 570.378838 456.303127 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 570.378873 119.696901 -L 359.999987 49.983471 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 570.378873 119.696901 -L 149.621127 119.696901 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 570.378873 119.696901 -L 62.479339 288.000021 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 570.378873 119.696901 -L 149.621109 456.303085 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 570.378873 119.696901 -L 360.000004 526.016529 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 570.378873 119.696901 -L 570.378838 456.303127 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 359.999987 49.983471 -L 149.621127 119.696901 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 359.999987 49.983471 -L 62.479339 288.000021 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 359.999987 49.983471 -L 149.621109 456.303085 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 359.999987 49.983471 -L 360.000004 526.016529 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 359.999987 49.983471 -L 570.378838 456.303127 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 149.621127 119.696901 -L 62.479339 288.000021 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 149.621127 119.696901 -L 149.621109 456.303085 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 149.621127 119.696901 -L 360.000004 526.016529 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 149.621127 119.696901 -L 570.378838 456.303127 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 62.479339 288.000021 -L 149.621109 456.303085 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 62.479339 288.000021 -L 360.000004 526.016529 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 62.479339 288.000021 -L 570.378838 456.303127 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 149.621109 456.303085 -L 360.000004 526.016529 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 149.621109 456.303085 -L 570.378838 456.303127 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - <path d="M 360.000004 526.016529 -L 570.378838 456.303127 -" clip-path="url(#p24c674e8fe)" style="fill: none; stroke: #808080"/> - </g> - <g id="PathCollection_1"> - <defs> - <path id="m1f11223b72" d="M 0 22.36068 -C 5.930122 22.36068 11.618159 20.004617 15.811388 15.811388 -C 20.004617 11.618159 22.36068 5.930122 22.36068 0 -C 22.36068 -5.930122 20.004617 -11.618159 15.811388 -15.811388 -C 11.618159 -20.004617 5.930122 -22.36068 0 -22.36068 -C -5.930122 -22.36068 -11.618159 -20.004617 -15.811388 -15.811388 -C -20.004617 -11.618159 -22.36068 -5.930122 -22.36068 0 -C -22.36068 5.930122 -20.004617 11.618159 -15.811388 15.811388 -C -11.618159 20.004617 -5.930122 22.36068 0 22.36068 -z -" style="stroke: #add8e6"/> - </defs> - <g clip-path="url(#p24c674e8fe)"> - <use xlink:href="#m1f11223b72" x="657.520661" y="288" style="fill: #add8e6; stroke: #add8e6"/> - <use xlink:href="#m1f11223b72" x="570.378873" y="119.696901" style="fill: #add8e6; stroke: #add8e6"/> - <use xlink:href="#m1f11223b72" x="359.999987" y="49.983471" style="fill: #add8e6; stroke: #add8e6"/> - <use xlink:href="#m1f11223b72" x="149.621127" y="119.696901" style="fill: #add8e6; stroke: #add8e6"/> - <use xlink:href="#m1f11223b72" x="62.479339" y="288.000021" style="fill: #add8e6; stroke: #add8e6"/> - <use xlink:href="#m1f11223b72" x="149.621109" y="456.303085" style="fill: #add8e6; stroke: #add8e6"/> - <use xlink:href="#m1f11223b72" x="360.000004" y="526.016529" style="fill: #add8e6; stroke: #add8e6"/> - <use xlink:href="#m1f11223b72" x="570.378838" y="456.303127" style="fill: #add8e6; stroke: #add8e6"/> - </g> - </g> - <g id="text_1"> - <g clip-path="url(#p24c674e8fe)"> - <!-- f0 --> - <g transform="translate(651.590974 291.31125) scale(0.12 -0.12)"> - <defs> - <path id="DejaVuSans-66" d="M 2375 4863 -L 2375 4384 -L 1825 4384 -Q 1516 4384 1395 4259 -Q 1275 4134 1275 3809 -L 1275 3500 -L 2222 3500 -L 2222 3053 -L 1275 3053 -L 1275 0 -L 697 0 -L 697 3053 -L 147 3053 -L 147 3500 -L 697 3500 -L 697 3744 -Q 697 4328 969 4595 -Q 1241 4863 1831 4863 -L 2375 4863 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-30" d="M 2034 4250 -Q 1547 4250 1301 3770 -Q 1056 3291 1056 2328 -Q 1056 1369 1301 889 -Q 1547 409 2034 409 -Q 2525 409 2770 889 -Q 3016 1369 3016 2328 -Q 3016 3291 2770 3770 -Q 2525 4250 2034 4250 -z -M 2034 4750 -Q 2819 4750 3233 4129 -Q 3647 3509 3647 2328 -Q 3647 1150 3233 529 -Q 2819 -91 2034 -91 -Q 1250 -91 836 529 -Q 422 1150 422 2328 -Q 422 3509 836 4129 -Q 1250 4750 2034 4750 -z -" transform="scale(0.015625)"/> - </defs> - <use xlink:href="#DejaVuSans-66"/> - <use xlink:href="#DejaVuSans-30" x="35.205078"/> - </g> - </g> - </g> - <g id="text_2"> - <g clip-path="url(#p24c674e8fe)"> - <!-- f1 --> - <g transform="translate(564.449186 123.008151) scale(0.12 -0.12)"> - <defs> - <path id="DejaVuSans-31" d="M 794 531 -L 1825 531 -L 1825 4091 -L 703 3866 -L 703 4441 -L 1819 4666 -L 2450 4666 -L 2450 531 -L 3481 531 -L 3481 0 -L 794 0 -L 794 531 -z -" transform="scale(0.015625)"/> - </defs> - <use xlink:href="#DejaVuSans-66"/> - <use xlink:href="#DejaVuSans-31" x="35.205078"/> - </g> - </g> - </g> - <g id="text_3"> - <g clip-path="url(#p24c674e8fe)"> - <!-- f2 --> - <g transform="translate(354.070299 53.294721) scale(0.12 -0.12)"> - <defs> - <path id="DejaVuSans-32" d="M 1228 531 -L 3431 531 -L 3431 0 -L 469 0 -L 469 531 -Q 828 903 1448 1529 -Q 2069 2156 2228 2338 -Q 2531 2678 2651 2914 -Q 2772 3150 2772 3378 -Q 2772 3750 2511 3984 -Q 2250 4219 1831 4219 -Q 1534 4219 1204 4116 -Q 875 4013 500 3803 -L 500 4441 -Q 881 4594 1212 4672 -Q 1544 4750 1819 4750 -Q 2544 4750 2975 4387 -Q 3406 4025 3406 3419 -Q 3406 3131 3298 2873 -Q 3191 2616 2906 2266 -Q 2828 2175 2409 1742 -Q 1991 1309 1228 531 -z -" transform="scale(0.015625)"/> - </defs> - <use xlink:href="#DejaVuSans-66"/> - <use xlink:href="#DejaVuSans-32" x="35.205078"/> - </g> - </g> - </g> - <g id="text_4"> - <g clip-path="url(#p24c674e8fe)"> - <!-- r0 --> - <g transform="translate(143.337064 123.008151) scale(0.12 -0.12)"> - <defs> - <path id="DejaVuSans-72" d="M 2631 2963 -Q 2534 3019 2420 3045 -Q 2306 3072 2169 3072 -Q 1681 3072 1420 2755 -Q 1159 2438 1159 1844 -L 1159 0 -L 581 0 -L 581 3500 -L 1159 3500 -L 1159 2956 -Q 1341 3275 1631 3429 -Q 1922 3584 2338 3584 -Q 2397 3584 2469 3576 -Q 2541 3569 2628 3553 -L 2631 2963 -z -" transform="scale(0.015625)"/> - </defs> - <use xlink:href="#DejaVuSans-72"/> - <use xlink:href="#DejaVuSans-30" x="41.113281"/> - </g> - </g> - </g> - <g id="text_5"> - <g clip-path="url(#p24c674e8fe)"> - <!-- r1 --> - <g transform="translate(56.195276 291.311271) scale(0.12 -0.12)"> - <use xlink:href="#DejaVuSans-72"/> - <use xlink:href="#DejaVuSans-31" x="41.113281"/> - </g> - </g> - </g> - <g id="text_6"> - <g clip-path="url(#p24c674e8fe)"> - <!-- r2 --> - <g transform="translate(143.337046 459.614335) scale(0.12 -0.12)"> - <use xlink:href="#DejaVuSans-72"/> - <use xlink:href="#DejaVuSans-32" x="41.113281"/> - </g> - </g> - </g> - <g id="text_7"> - <g clip-path="url(#p24c674e8fe)"> - <!-- blowfish --> - <g transform="translate(335.238754 529.327779) scale(0.12 -0.12)"> - <defs> - <path id="DejaVuSans-62" d="M 3116 1747 -Q 3116 2381 2855 2742 -Q 2594 3103 2138 3103 -Q 1681 3103 1420 2742 -Q 1159 2381 1159 1747 -Q 1159 1113 1420 752 -Q 1681 391 2138 391 -Q 2594 391 2855 752 -Q 3116 1113 3116 1747 -z -M 1159 2969 -Q 1341 3281 1617 3432 -Q 1894 3584 2278 3584 -Q 2916 3584 3314 3078 -Q 3713 2572 3713 1747 -Q 3713 922 3314 415 -Q 2916 -91 2278 -91 -Q 1894 -91 1617 61 -Q 1341 213 1159 525 -L 1159 0 -L 581 0 -L 581 4863 -L 1159 4863 -L 1159 2969 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-6c" d="M 603 4863 -L 1178 4863 -L 1178 0 -L 603 0 -L 603 4863 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-6f" d="M 1959 3097 -Q 1497 3097 1228 2736 -Q 959 2375 959 1747 -Q 959 1119 1226 758 -Q 1494 397 1959 397 -Q 2419 397 2687 759 -Q 2956 1122 2956 1747 -Q 2956 2369 2687 2733 -Q 2419 3097 1959 3097 -z -M 1959 3584 -Q 2709 3584 3137 3096 -Q 3566 2609 3566 1747 -Q 3566 888 3137 398 -Q 2709 -91 1959 -91 -Q 1206 -91 779 398 -Q 353 888 353 1747 -Q 353 2609 779 3096 -Q 1206 3584 1959 3584 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-77" d="M 269 3500 -L 844 3500 -L 1563 769 -L 2278 3500 -L 2956 3500 -L 3675 769 -L 4391 3500 -L 4966 3500 -L 4050 0 -L 3372 0 -L 2619 2869 -L 1863 0 -L 1184 0 -L 269 3500 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-69" d="M 603 3500 -L 1178 3500 -L 1178 0 -L 603 0 -L 603 3500 -z -M 603 4863 -L 1178 4863 -L 1178 4134 -L 603 4134 -L 603 4863 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-73" d="M 2834 3397 -L 2834 2853 -Q 2591 2978 2328 3040 -Q 2066 3103 1784 3103 -Q 1356 3103 1142 2972 -Q 928 2841 928 2578 -Q 928 2378 1081 2264 -Q 1234 2150 1697 2047 -L 1894 2003 -Q 2506 1872 2764 1633 -Q 3022 1394 3022 966 -Q 3022 478 2636 193 -Q 2250 -91 1575 -91 -Q 1294 -91 989 -36 -Q 684 19 347 128 -L 347 722 -Q 666 556 975 473 -Q 1284 391 1588 391 -Q 1994 391 2212 530 -Q 2431 669 2431 922 -Q 2431 1156 2273 1281 -Q 2116 1406 1581 1522 -L 1381 1569 -Q 847 1681 609 1914 -Q 372 2147 372 2553 -Q 372 3047 722 3315 -Q 1072 3584 1716 3584 -Q 2034 3584 2315 3537 -Q 2597 3491 2834 3397 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-68" d="M 3513 2113 -L 3513 0 -L 2938 0 -L 2938 2094 -Q 2938 2591 2744 2837 -Q 2550 3084 2163 3084 -Q 1697 3084 1428 2787 -Q 1159 2491 1159 1978 -L 1159 0 -L 581 0 -L 581 4863 -L 1159 4863 -L 1159 2956 -Q 1366 3272 1645 3428 -Q 1925 3584 2291 3584 -Q 2894 3584 3203 3211 -Q 3513 2838 3513 2113 -z -" transform="scale(0.015625)"/> - </defs> - <use xlink:href="#DejaVuSans-62"/> - <use xlink:href="#DejaVuSans-6c" x="63.476562"/> - <use xlink:href="#DejaVuSans-6f" x="91.259766"/> - <use xlink:href="#DejaVuSans-77" x="152.441406"/> - <use xlink:href="#DejaVuSans-66" x="234.228516"/> - <use xlink:href="#DejaVuSans-69" x="269.433594"/> - <use xlink:href="#DejaVuSans-73" x="297.216797"/> - <use xlink:href="#DejaVuSans-68" x="349.316406"/> - </g> - </g> - </g> - <g id="text_8"> - <g clip-path="url(#p24c674e8fe)"> - <!-- fishfinger --> - <g transform="translate(542.122588 459.614377) scale(0.12 -0.12)"> - <defs> - <path id="DejaVuSans-6e" d="M 3513 2113 -L 3513 0 -L 2938 0 -L 2938 2094 -Q 2938 2591 2744 2837 -Q 2550 3084 2163 3084 -Q 1697 3084 1428 2787 -Q 1159 2491 1159 1978 -L 1159 0 -L 581 0 -L 581 3500 -L 1159 3500 -L 1159 2956 -Q 1366 3272 1645 3428 -Q 1925 3584 2291 3584 -Q 2894 3584 3203 3211 -Q 3513 2838 3513 2113 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-67" d="M 2906 1791 -Q 2906 2416 2648 2759 -Q 2391 3103 1925 3103 -Q 1463 3103 1205 2759 -Q 947 2416 947 1791 -Q 947 1169 1205 825 -Q 1463 481 1925 481 -Q 2391 481 2648 825 -Q 2906 1169 2906 1791 -z -M 3481 434 -Q 3481 -459 3084 -895 -Q 2688 -1331 1869 -1331 -Q 1566 -1331 1297 -1286 -Q 1028 -1241 775 -1147 -L 775 -588 -Q 1028 -725 1275 -790 -Q 1522 -856 1778 -856 -Q 2344 -856 2625 -561 -Q 2906 -266 2906 331 -L 2906 616 -Q 2728 306 2450 153 -Q 2172 0 1784 0 -Q 1141 0 747 490 -Q 353 981 353 1791 -Q 353 2603 747 3093 -Q 1141 3584 1784 3584 -Q 2172 3584 2450 3431 -Q 2728 3278 2906 2969 -L 2906 3500 -L 3481 3500 -L 3481 434 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-65" d="M 3597 1894 -L 3597 1613 -L 953 1613 -Q 991 1019 1311 708 -Q 1631 397 2203 397 -Q 2534 397 2845 478 -Q 3156 559 3463 722 -L 3463 178 -Q 3153 47 2828 -22 -Q 2503 -91 2169 -91 -Q 1331 -91 842 396 -Q 353 884 353 1716 -Q 353 2575 817 3079 -Q 1281 3584 2069 3584 -Q 2775 3584 3186 3129 -Q 3597 2675 3597 1894 -z -M 3022 2063 -Q 3016 2534 2758 2815 -Q 2500 3097 2075 3097 -Q 1594 3097 1305 2825 -Q 1016 2553 972 2059 -L 3022 2063 -z -" transform="scale(0.015625)"/> - </defs> - <use xlink:href="#DejaVuSans-66"/> - <use xlink:href="#DejaVuSans-69" x="35.205078"/> - <use xlink:href="#DejaVuSans-73" x="62.988281"/> - <use xlink:href="#DejaVuSans-68" x="115.087891"/> - <use xlink:href="#DejaVuSans-66" x="178.466797"/> - <use xlink:href="#DejaVuSans-69" x="213.671875"/> - <use xlink:href="#DejaVuSans-6e" x="241.455078"/> - <use xlink:href="#DejaVuSans-67" x="304.833984"/> - <use xlink:href="#DejaVuSans-65" x="368.310547"/> - <use xlink:href="#DejaVuSans-72" x="429.833984"/> - </g> - </g> - </g> - <g id="text_9"> - <!-- Wireguard Full-Mesh Network --> - <g style="fill: #333333" transform="translate(242.625 -6) scale(0.16 -0.16)"> - <defs> - <path id="DejaVuSans-57" d="M 213 4666 -L 850 4666 -L 1831 722 -L 2809 4666 -L 3519 4666 -L 4500 722 -L 5478 4666 -L 6119 4666 -L 4947 0 -L 4153 0 -L 3169 4050 -L 2175 0 -L 1381 0 -L 213 4666 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-75" d="M 544 1381 -L 544 3500 -L 1119 3500 -L 1119 1403 -Q 1119 906 1312 657 -Q 1506 409 1894 409 -Q 2359 409 2629 706 -Q 2900 1003 2900 1516 -L 2900 3500 -L 3475 3500 -L 3475 0 -L 2900 0 -L 2900 538 -Q 2691 219 2414 64 -Q 2138 -91 1772 -91 -Q 1169 -91 856 284 -Q 544 659 544 1381 -z -M 1991 3584 -L 1991 3584 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-61" d="M 2194 1759 -Q 1497 1759 1228 1600 -Q 959 1441 959 1056 -Q 959 750 1161 570 -Q 1363 391 1709 391 -Q 2188 391 2477 730 -Q 2766 1069 2766 1631 -L 2766 1759 -L 2194 1759 -z -M 3341 1997 -L 3341 0 -L 2766 0 -L 2766 531 -Q 2569 213 2275 61 -Q 1981 -91 1556 -91 -Q 1019 -91 701 211 -Q 384 513 384 1019 -Q 384 1609 779 1909 -Q 1175 2209 1959 2209 -L 2766 2209 -L 2766 2266 -Q 2766 2663 2505 2880 -Q 2244 3097 1772 3097 -Q 1472 3097 1187 3025 -Q 903 2953 641 2809 -L 641 3341 -Q 956 3463 1253 3523 -Q 1550 3584 1831 3584 -Q 2591 3584 2966 3190 -Q 3341 2797 3341 1997 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-64" d="M 2906 2969 -L 2906 4863 -L 3481 4863 -L 3481 0 -L 2906 0 -L 2906 525 -Q 2725 213 2448 61 -Q 2172 -91 1784 -91 -Q 1150 -91 751 415 -Q 353 922 353 1747 -Q 353 2572 751 3078 -Q 1150 3584 1784 3584 -Q 2172 3584 2448 3432 -Q 2725 3281 2906 2969 -z -M 947 1747 -Q 947 1113 1208 752 -Q 1469 391 1925 391 -Q 2381 391 2643 752 -Q 2906 1113 2906 1747 -Q 2906 2381 2643 2742 -Q 2381 3103 1925 3103 -Q 1469 3103 1208 2742 -Q 947 2381 947 1747 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-20" transform="scale(0.015625)"/> - <path id="DejaVuSans-46" d="M 628 4666 -L 3309 4666 -L 3309 4134 -L 1259 4134 -L 1259 2759 -L 3109 2759 -L 3109 2228 -L 1259 2228 -L 1259 0 -L 628 0 -L 628 4666 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-2d" d="M 313 2009 -L 1997 2009 -L 1997 1497 -L 313 1497 -L 313 2009 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-4d" d="M 628 4666 -L 1569 4666 -L 2759 1491 -L 3956 4666 -L 4897 4666 -L 4897 0 -L 4281 0 -L 4281 4097 -L 3078 897 -L 2444 897 -L 1241 4097 -L 1241 0 -L 628 0 -L 628 4666 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-4e" d="M 628 4666 -L 1478 4666 -L 3547 763 -L 3547 4666 -L 4159 4666 -L 4159 0 -L 3309 0 -L 1241 3903 -L 1241 0 -L 628 0 -L 628 4666 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-74" d="M 1172 4494 -L 1172 3500 -L 2356 3500 -L 2356 3053 -L 1172 3053 -L 1172 1153 -Q 1172 725 1289 603 -Q 1406 481 1766 481 -L 2356 481 -L 2356 0 -L 1766 0 -Q 1100 0 847 248 -Q 594 497 594 1153 -L 594 3053 -L 172 3053 -L 172 3500 -L 594 3500 -L 594 4494 -L 1172 4494 -z -" transform="scale(0.015625)"/> - <path id="DejaVuSans-6b" d="M 581 4863 -L 1159 4863 -L 1159 1991 -L 2875 3500 -L 3609 3500 -L 1753 1863 -L 3688 0 -L 2938 0 -L 1159 1709 -L 1159 0 -L 581 0 -L 581 4863 -z -" transform="scale(0.015625)"/> - </defs> - <use xlink:href="#DejaVuSans-57"/> - <use xlink:href="#DejaVuSans-69" x="96.626953"/> - <use xlink:href="#DejaVuSans-72" x="124.410156"/> - <use xlink:href="#DejaVuSans-65" x="163.273438"/> - <use xlink:href="#DejaVuSans-67" x="224.796875"/> - <use xlink:href="#DejaVuSans-75" x="288.273438"/> - <use xlink:href="#DejaVuSans-61" x="351.652344"/> - <use xlink:href="#DejaVuSans-72" x="412.931641"/> - <use xlink:href="#DejaVuSans-64" x="452.294922"/> - <use xlink:href="#DejaVuSans-20" x="515.771484"/> - <use xlink:href="#DejaVuSans-46" x="547.558594"/> - <use xlink:href="#DejaVuSans-75" x="599.578125"/> - <use xlink:href="#DejaVuSans-6c" x="662.957031"/> - <use xlink:href="#DejaVuSans-6c" x="690.740234"/> - <use xlink:href="#DejaVuSans-2d" x="718.523438"/> - <use xlink:href="#DejaVuSans-4d" x="754.607422"/> - <use xlink:href="#DejaVuSans-65" x="840.886719"/> - <use xlink:href="#DejaVuSans-73" x="902.410156"/> - <use xlink:href="#DejaVuSans-68" x="954.509766"/> - <use xlink:href="#DejaVuSans-20" x="1017.888672"/> - <use xlink:href="#DejaVuSans-4e" x="1049.675781"/> - <use xlink:href="#DejaVuSans-65" x="1124.480469"/> - <use xlink:href="#DejaVuSans-74" x="1186.003906"/> - <use xlink:href="#DejaVuSans-77" x="1225.212891"/> - <use xlink:href="#DejaVuSans-6f" x="1307"/> - <use xlink:href="#DejaVuSans-72" x="1368.181641"/> - <use xlink:href="#DejaVuSans-6b" x="1409.294922"/> - </g> - </g> - </g> - </g> - <defs> - <clipPath id="p24c674e8fe"> - <rect x="0" y="0" width="720" height="576"/> - </clipPath> - </defs> -</svg> @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='hello'>Hello!</h1><br /> <br /> -<span class='quote'>This site was generated at 2026-01-11T10:46:34+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> +<span class='quote'>This site was generated at 2026-01-11T22:40:26+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> <br /> <span>Welcome to the foo.zone!</span><br /> <br /> diff --git a/uptime-stats.html b/uptime-stats.html index ef4181c0..92712e63 100644 --- a/uptime-stats.html +++ b/uptime-stats.html @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='my-machine-uptime-stats'>My machine uptime stats</h1><br /> <br /> -<span class='quote'>This site was last updated at 2026-01-11T10:46:34+02:00</span><br /> +<span class='quote'>This site was last updated at 2026-01-11T22:40:26+02:00</span><br /> <br /> <span>The following stats were collected via <span class='inlinecode'>uptimed</span> on all of my personal computers over many years and the output was generated by <span class='inlinecode'>guprecords</span>, the global uptime records stats analyser of mine.</span><br /> <br /> |
