lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c8efd222889735a4b6027023f25710b35817688
hpr-knowledge-base/hpr_transcripts/hpr3286.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

108 lines
8.2 KiB
Plaintext
Raw Blame History

Episode: 3286
Title: HPR3286: Wireguard How To
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3286/hpr3286.mp3
Transcribed: 2025-10-24 20:13:14
---
This is Hacker Public Radio Episode 3286 for Monday 8th of March 2021.
Today's show is entitled, Why Not How To?
It is the first show my new host Tim Timmy and in about 10 minutes long and Karim a clean flag.
The summer is, my findings setting up why not at home and in my office at work.
This episode of HBR is brought to you by an honest host.com.
Get 15% discount on all shared hosting with the offer code HBR15.
That's HBR15.
Better web hosting that's honest and fair at an honest host.com.
This show has been submitted by Marshall Tilly, also known as Tim Timmy on the interwebs.
It's been narrated by Ken Feller.
Why a guard how to? Firstly, I'm not an expert.
These are just my findings setting up why a guard at home and in my office at work.
I've used a program called Shuttle for 7 or 8 years to attach myself to my home and work networks
when on a public untrusted network or when I need to access some resources at work from home.
S Shuttle for the main part works great.
The main benefit is that there's only one port that you ever need to open on the server network.
And that's the port your SSH server is running on.
The downside to S Shuttle is that it won't work with my Android devices.
So I've been using a paid VPN called PIA on untrusted networks or just staying on 3G and 4G and not having any way to connect to my home or work network.
S Shuttle is written in Python and a few weeks ago Arch Linux moved to Python 3.8 which broke S Shuttle.
There's a workaround using Py-M and a bug has been filed with the Python team and it's already fixed upstream issue 35415.
Anyway, I thought it was about time that I looked at setting up a proper VPN on my work network.
So I spent a couple of hours reading up on open VPN and creating clients and server certificates.
Making a server config on the work server forwarding the port on the router to the server.
When I spent a couple of hours poking around trying to figure out why it wouldn't work, I eventually gave up frustrated.
I'm not blaming open VPN, I know it works for many people but I couldn't see what I was doing wrong.
So I did hope we all do in a situation like this.
I took to social media which in my case was Plemora server and posted a message to the Fediverse.
Open VPN has fried my brain, need booze.
Then I had a beer and a nice cold, steeple, howled brow if I remember right.
A few minutes later, a message popped up from Theroux.
It contained one word with a smiley face, wire guard.
Now I had looked a wire guard a while ago but you might remember it is the headlines because Linus Tarvales
praised how beautifully the cold was written first.
It turns out what he said was it's beautiful when compared to open VPN's cold.
Back then the hot guards were really hard to follow, at least for myself.
There were just examples of two machines on the same land together.
I struggled to get my head around it being serverless and both machines being peers to each other.
After all the open VPN had clients and servers and even as shuttle on my laptop connects to a server machine.
There were a couple of weeks that I read on a Christmas Eve that gave me the light bulb moment and some clarity on the way it worked.
So I decided to try and set it up.
The articles acknowledged that it is a peer to peer technology and then go on to call one peer server and the other peer client.
Also I would recommend for your first client to use an Android device with the wire guard app.
It's more user friendly in that some of the config is also filled for you and then you can export the config file and examine it in a text editor later to get a better handle on things.
I'm going to assume that you've installed the wire guard packages for your system and that you're giving your server a static IP on your network.
I'm using Arch Linux on my servers, but I see the Linno Debian how to works in the same way.
So we're going to log into the server and start the setup.
First we create a public and private key.
So create a directory for the keys, CD home directory, make your space wire guard, CD wire guard.
Now we create the keys, you mask 077, then the command WG space Gen key, space pipe T, space private key, space pipe WG space public key and read the route that to the public key for.
Create a sub directory for the client one keys, make your client one CD client one, WG space Gen key space T.
Space private key, space WG space public key and redirect to public key.
Create or edit the wire guard config.
Check the interface name found in the internet is connected before you copy and paste, but you're in an IF config.
Before you continue, you need to forward a port from your internet facing router to your server.
Somewhere in your router settings, you'll find a port forward setting.
At home, I have a Fritzbox and it's buried under network permit access.
At work, it's a link says AC1200 and it's under gaming apps single port forward.
I'm sure you'll find it.
Wire guard default port is 51820 and you'll find this port named in most of the how to's on the web.
I use a different port number just to add a little bit of obscurity, slash security to my setup.
So if you choose to forward to a different port from your router, then remember to use that number in the configs.
Below is the working wg0.conf file from my art server with one client.
It's got an interface section address is equal to the IP address.
MTU is 1500, save configs is false, listen port is 8001, private key is listed.
Postop has an IP tables command, post down has an IP tables command, post routing, sets up masquerade.
It's got a peer section with a command for the key, public key and the allied IP addresses.
And below is the working wg0 config from my art arm server with one client.
Again, an interface section with an address, an subnet mask, MTU save configs, false, listen port is configured, listen port is set.
Private key and post up, post down and a post routing section with a peer section with a public key and the allowed IP address ranges.
Then the next section is enabling IPv4 forwarding.
On the server enable IPv4 forwarding using syscontrol, syscontrolspace-wspace-net.ipv4.ip-undescore-forward equals one.
And to make the change permanent add net.ipv4.ip-undescore-forward equals one to the EDC syscontrol.d99-syscontrol.conf.
Then check if everything works, bring up a terminal using wg-quick-space-up-space-wg0.
Check the tunnel state and see the currently connected peers by typing wg.
If all works, then you can use systemd to start the tunnel on boot.
System control enable-wg-quick-as-wg0.service.
If it doesn't, more likely it's an IPv4 forwarding issue.
Try running the syscontrol IP-forward again or DNS on the client is set wrong.
An arch Linux use Pacman-capital-s, wireguard-tools, wireguard-arch-dkms, and Linux-service packages.
On arch-arm you need DKMS and the headers as well.
So Pacman-space-s, DKMS, wireguard-tools, wireguard-dkms, Linux-resburypy- headers.
And then there are some additional links and the show notes.
First one is to episode 1, 2, 6, 3, an old s-shuttle episode by MY Bill.
Then a link to the AURArtsLinux.org packages where you can find network manager-wireguard.github.link to MaxMozor's network manager-wireguard.
A link to the arch-wiki on Wireguard and a link to Linnode and how to set up Wireguard VPN on Ubuntu.
And that was it.
As I said before, this show was submitted by TNTME aka MarshallTV.
Jr. tomorrow for another exciting episode of Hacker Public Radio.
You've been listening to Hacker Public Radio at Hacker Public Radio.org.
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by an HPR listener like yourself.
If you ever thought of recording a podcast and click on our contributing to find out how easy it really is.
Hacker Public Radio was founded by the digital dog pound and the infonomicon computer club.
And it's part of the binary revolution at binrev.com.
If you have comments on today's show, please email the host directly.
Leave a comment on the website or record a follow-up episode yourself,
unless otherwise stated.
Today's show is released on the creative comments,
attribution, share a life, 3.0 license.
Reference in New Issue View Git Blame Copy Permalink