| Age | Commit message (Collapse) | Author |
|---|
|
Updated client-side setup section to include DNS configuration.
Added instructions for adding /etc/hosts entries pointing LAN
service domains to the CARP VIP (192.168.1.138).
Renamed section from 'Client-side CA trust' to 'Client-side DNS
and CA setup' to reflect both DNS and certificate configuration.
|
|
Keep only Linux/FreeBSD setup instructions that match the actual
infrastructure. Removed unnecessary platform-specific instructions
for macOS and Windows from the Client-side CA trust section.
|
|
Gemini gemtext only supports headers up to ###. Changed all ####
headers to the *Header*: format for proper Gemini compatibility.
|
|
Added update notice at the beginning of the blog post to inform
readers about the LAN ingress feature addition in February 2026.
The notice references the new section and summarizes key features.
|
|
- Document CARP + relayd architecture for LAN access
- Explain cert-manager setup with self-signed CA
- Provide example LAN ingress configuration for Grafana
- Include CARP failover testing results
- Document three TLS offloaders (OpenBSD, Traefik, stunnel)
- Show step-by-step setup for FreeBSD relayd
- Add client-side CA trust instructions for Linux/macOS/Windows
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c086d-c760-779d-b740-0f748094b62a
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c086d-c760-779d-b740-0f748094b62a
Co-authored-by: Amp <amp@ampcode.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Updated all `wg show` output examples to include IPv6 addresses
in the "allowed ips" field for mesh peers.
Changes:
- All mesh peers now show dual-stack: 192.168.2.X/32, fd42:beef:cafe:2::X/128
- Roaming client output updated to show single gateway peer
- Reflects actual dual-stack WireGuard configuration
This makes the example outputs consistent with the IPv6 implementation
documented earlier in the blog post.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
Removed invalid Gemtext formatting:
- Changed #### headers to plain text with colons (Gemtext only supports # ## ###)
- Removed ** bold formatting (Gemtext has no inline formatting)
Gemtext is a minimal format with no support for inline bold/italic
or 4-level headers. Changed to plain text formatting.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Restructured "Managing Roaming Client Tunnels" section to follow
a more logical flow:
1. First: Manual gateway failover configuration (create the configs)
- Configuration files for pixel7pro (QR codes)
- Configuration files for earth (systemd services)
2. Then: Usage instructions
- Starting/stopping on earth (using the configured services)
- Starting/stopping on pixel7pro (using the imported profiles)
- Verifying connectivity
This "configure first, then use" approach is more intuitive than
the previous order where usage instructions came before explaining
the failover configuration.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Moved "Manual gateway failover for roaming clients" section into
"Managing Roaming Client Tunnels" as a subsection. This provides
better flow:
1. First explains basic roaming client setup and management
2. Then explains start/stop operations
3. Finally discusses the failover limitation and manual solution
The manual failover discussion now comes after readers understand
the basic roaming client operations, making it easier to follow.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
Updated the configuration example to show the complete setup for all
10 hosts (f0-f2, r0-r2, blowfish, fishfinger, earth, pixel7pro) with
their IPv6 addresses, instead of abbreviated "..." sections.
This makes the IPv6 configuration clearer and provides a complete
reference for readers implementing dual-stack WireGuard mesh.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Updated blog posts to include IPv6 (fd42:beef:cafe:2::/64) addresses
alongside IPv4 addresses for all WireGuard mesh hosts.
Changes:
- Part 5: Added IPv6 addresses to all three /etc/hosts examples
- Part 5: Updated wireguardmeshgenerator.yaml to show ipv6 field
- Part 6: Added IPv6 address for f3s-storage-ha VIP
All hosts now have dual-stack hostname resolution documented.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Added section explaining how to use separate gateway configurations
for pixel7pro and earth roaming clients to enable manual failover
between blowfish and fishfinger gateways.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
|
