| Age | Commit message (Collapse) | Author |
|---|
|
Updated all `wg show` output examples to include IPv6 addresses
in the "allowed ips" field for mesh peers.
Changes:
- All mesh peers now show dual-stack: 192.168.2.X/32, fd42:beef:cafe:2::X/128
- Roaming client output updated to show single gateway peer
- Reflects actual dual-stack WireGuard configuration
This makes the example outputs consistent with the IPv6 implementation
documented earlier in the blog post.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Removed invalid Gemtext formatting:
- Changed #### headers to plain text with colons (Gemtext only supports # ## ###)
- Removed ** bold formatting (Gemtext has no inline formatting)
Gemtext is a minimal format with no support for inline bold/italic
or 4-level headers. Changed to plain text formatting.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Restructured "Managing Roaming Client Tunnels" section to follow
a more logical flow:
1. First: Manual gateway failover configuration (create the configs)
- Configuration files for pixel7pro (QR codes)
- Configuration files for earth (systemd services)
2. Then: Usage instructions
- Starting/stopping on earth (using the configured services)
- Starting/stopping on pixel7pro (using the imported profiles)
- Verifying connectivity
This "configure first, then use" approach is more intuitive than
the previous order where usage instructions came before explaining
the failover configuration.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Moved "Manual gateway failover for roaming clients" section into
"Managing Roaming Client Tunnels" as a subsection. This provides
better flow:
1. First explains basic roaming client setup and management
2. Then explains start/stop operations
3. Finally discusses the failover limitation and manual solution
The manual failover discussion now comes after readers understand
the basic roaming client operations, making it easier to follow.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Updated the configuration example to show the complete setup for all
10 hosts (f0-f2, r0-r2, blowfish, fishfinger, earth, pixel7pro) with
their IPv6 addresses, instead of abbreviated "..." sections.
This makes the IPv6 configuration clearer and provides a complete
reference for readers implementing dual-stack WireGuard mesh.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Updated blog posts to include IPv6 (fd42:beef:cafe:2::/64) addresses
alongside IPv4 addresses for all WireGuard mesh hosts.
Changes:
- Part 5: Added IPv6 addresses to all three /etc/hosts examples
- Part 5: Updated wireguardmeshgenerator.yaml to show ipv6 field
- Part 6: Added IPv6 address for f3s-storage-ha VIP
All hosts now have dual-stack hostname resolution documented.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Added section explaining how to use separate gateway configurations
for pixel7pro and earth roaming clients to enable manual failover
between blowfish and fishfinger gateways.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
|
|
Added new 'Managing Roaming Client Tunnels' section before the conclusion
covering how to start and stop WireGuard on both roaming clients:
earth (Fedora laptop):
- systemctl start/stop/status commands
- Example wg show output showing active peers
- Notes about disabled service preventing auto-start
pixel7pro (Android phone):
- Step-by-step toggle instructions in WireGuard app
- Quick toggle from notification shade
- Optional automatic activation based on network conditions
- Instructions for configuring auto-activation settings
Also includes:
- Verifying connectivity section with ping and curl examples
- How to check which gateway is actively routing traffic
- Transfer statistics monitoring
This provides practical guidance for day-to-day VPN usage on roaming clients.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Updated rake generate output and keys listing to include:
- dist/earth/etc/wireguard/wg0.conf generation
- dist/pixel7pro/etc/wireguard/wg0.conf generation
- PSK keys for earth and pixel7pro with blowfish and fishfinger
- Private/public keys for earth and pixel7pro
This completes the integration of roaming clients into all output examples
throughout the blog post.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Rewrote Part 5 blog post to seamlessly integrate roaming client (earth, pixel7pro)
content throughout instead of having it as a separate update section. The post now
reads as one cohesive article.
Changes:
- Simplified header note about roaming clients (removed large update section)
- Updated introduction to include roaming clients in topology description
- Added roaming traffic patterns to "Expected traffic flow" section
- Updated YAML config example to show earth and pixel7pro entries with exclude_peers
- Added roaming client wg0.conf example after infrastructure example
- Added OpenBSD NAT/PF configuration section with detailed firewall rules
- Added roaming client /etc/hosts entries for earth and pixel7pro
- Added "Setting up roaming clients" subsection covering Android QR code and Fedora setup
- Removed separate "Adding Roaming Clients (Update)" section at end
- Deleted old wireguard-full-mesh.svg (without roaming clients)
- Updated wireguard-full-mesh-with-roaming.svg with improved positioning
The blog post now flows naturally as if roaming clients were part of the original
design, making it easier to read and understand the complete mesh network setup.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
- Generated new visualization showing earth and pixel7pro roaming clients
- Both clients shown connecting exclusively to blowfish and fishfinger gateways
- Original full mesh connections preserved for infrastructure hosts
- Color-coded nodes: FreeBSD (red), Rocky Linux (teal), OpenBSD (yellow), Roaming (purple)
- Added graph reference to blog post update section
Graph generated using matplotlib with proper positioning:
- Mesh hosts maintain original layout
- Roaming clients positioned at bottom (laptop left, phone right)
- Client connections shown as blue dashed lines to gateways only
- Includes legend explaining host types and connection types
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Added comprehensive documentation for two new roaming clients added to the
WireGuard mesh network in January 2026:
- earth: Fedora laptop (192.168.2.200)
- pixel7pro: Android phone (192.168.2.201)
Changes:
- Updated blog post header with "last updated" timestamp
- Added "Update: Roaming Client Support Added" section after TOC
- Added detailed "Adding Roaming Clients" section before conclusion
- Updated introduction to mention roaming clients
Key topics covered:
- Client-only architecture (connect to gateways, not LAN hosts)
- All-traffic routing (0.0.0.0/0) for internet access via VPN
- WireGuard mesh generator modifications for roaming client detection
- OpenBSD gateway PF NAT configuration
- Client setup for Android (QR code) and Fedora (manual)
- WireGuard automatic failover limitation explained
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
|
|
|
