Some links and notes that might help me getting WireGuard site-to-site VPN working between GL.iNET and pfSense.
Archive for the ‘VPN’ Category
WireGuard site-to-site VPN between GL.iNET and pfSense
Posted by jpluimers on 2026/01/12
Posted in GL.iNet, GL.iNET GL-SFT1200, Hardware, Network-and-equipment, Power User, VPN, Wireguard | Leave a Comment »
rcmcdonald91/pfSense-pkg-WireGuard: This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.
Posted by jpluimers on 2025/12/25
This is actually the WireGuard package you can install on pfSense CE 2.5.2 and higher: [Wayback/Archive] rcmcdonald91/pfSense-pkg-WireGuard: This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.
Note that the source code mentions a lot of web-technologies but that is because the majority of the code is the pfSense plugin. Underneath it pulls the actual build from [Wayback/Archive] git.zx2c4.com/wireguard-freebsd/snapshot which is almost exclusively C code.
Like WireGuardNT on Windows, it uses a high performance kernel mode driver.
Some more links on it:
Share this:
Posted in Conference Topics, Conferences, Development, DVCS - Distributed Version Control, Event, git, GitHub, Hardware, Network-and-equipment, pfSense, Power User, routers, Software Development, Source Code Management, Tailscale | Tagged: 11281, 73 | Leave a Comment »
Tailscale SSH · Tailscale
Posted by jpluimers on 2024/07/12
Reminder to self to play around with [Wayback/Archive] Tailscale SSH · Tailscale
Tailscale SSH allows Tailscale to manage the authentication and authorization of SSH connections on your tailnet.
Share this:
Posted in *nix, *nix-tools, Hardware, Network-and-equipment, Power User, ssh/sshd, Tailscale, VPN, Wireguard | Leave a Comment »
OpenVPN somehow failed when tethering on the Android mobile hotspot from a new phone
Posted by jpluimers on 2023/04/07
A while after I got a new smartphone, I noticed that when my MacBook was connected over Wi-Fi to the mobile hotspot of my Android phone, the Tunnelblick connections over OpenVPN to my family members would not work. A telnet from the Android phone to the OpenVPN TCP port 1194 woud succeed, but not from the MacBook. Connecting from the phone using JuiceSSH to the OpenSSH endpoints at those family members would work too, so I was a bit flabbergasted.
In the end this seems to be a set of coincidences that fails in this particular setup, but I am not totally aware why.
The solution was to both re-configure the APN (Access Point Name) the smartphone uses to connect to the internet from ipv4/ipv6 to ipv4, and to reboot the phone.
For Dutch provider KPN Mobile, the APN is named internet and apparently changed default to ipv4/ipv6 without properly supporting ipv4. Note the configuration parameters are all lowercase, although they should be written IPv4 and IPv6.
Here are a few posts that got me on the right track (all via [Wayback/Archive] openvpn fails over android hotspot – Google Search):
- [Wayback/Archive] wireless networking – VPN Issues While Using Phone’s Hotspot – Super User (thanks [Wayback/Archive] Nicolas Roux)
Solved me, I had to change APN setting from IPv6 to IPv4.
- [Wayback/Archive] OpenVPN problemen | KPN Community
Probleem gevonden…. APN van KPN staat op ipv4/ipv6Ik krijg dus alleen een ipv6 ip nummer, dat verbindt geen ipv4 vpn server.APN van KPN veranderd in ipv4 en hij doet het weer - [Wayback/Archive] OpenVPN via mobiel internet van KPN ( 4G / 5G ) – Dit is wat Stijn ziet
Dit is eenvoud op te lossen door je Android in te stellen op IPv4 only. Standaard staat dit op IPv4/IPv6 en kiest je telefoon automatisch IPv6.
Note that sometimes the MTU can cause similar failures:
- [Wayback/Archive] [Solved] OpenVPN works over mobile tethering, but not on home router – MTU Problem – OpenVPN Support Forum
For posterity, would like to post that the error was on account of incorrect MTU size setting on the TCP packet in the router. The size was set to 1452 bytes instead of 1492 bytes. Because of that the SSL/TLS packet was fragmented and the server ACK was not received. On changing the MTU size, everything works perfectly!
Note too: some links to check for OpenVPN responding are below.
- [Wayback/Archive] GitHub – liquidat/nagios-icinga-openvpn: Nagios/Icinga check for OpenVPN availability monitoring
- [Wayback/Archive] security – How to check that an OpenVPN server is listening on a remote port without using OpenVPN client? – Server Fault (thanks [Wayback/Archive] Loic Dachary)
- [Wayback/Archive] OpenVPN connection test | It’s full of stars!
Various sites with (often different) APNs that KPN mobile supports:
- [Wayback/Archive] Can’t connect to VPN throught 4G mobile internet | KPN Community
- [Wayback/Archive] Uitleg over het gebruik van APN’s
- [Wayback/Archive] KPN Mobile Netherlands APN Configuration Settings – APN Settings Search Engine
- [Wayback/Archive] VPN via 4G/ipv4 | KPN Community (mentioning the
advancedinternetAPN without mentioning the firewall you need) - [Wayback/Archive] Werkt je mobiele data niet? Check je APN instellingen. Dit moet je doen.
There are quite a few APNs, some with firewall and/or proxy and/or compression, some with external IP address (which means your smartphone really needs a firewall).
–jeroen
Share this:
Posted in Android Devices, Hardware, Network-and-equipment, OpenVPN, Power User, VPN | Leave a Comment »
Dave Anderson on Twitter: “Cool minor @Tailscale moment: I’m recommissioning a server that got moved from a different network, so all its network config was wrong, and generally I couldn’t get at it over the network, only IPKVM console. But then my `ping` over Tailscale started working?!” / Twitter
Posted by jpluimers on 2023/04/04
Wow, I wrote about Tailscale a few times before, and it is still on my research list, but this is a very compelling reason to use it. [Archive] Dave Anderson on Twitter: “Cool minor @Tailscale moment: I’m recommissioning a server that got moved from a different network, so all its network config was wrong, and generally I couldn’t get at it over the network, only IPKVM console. But then my ping over Tailscale started working?!” / Twitter
I archived the thread so it becomes easier to read: [Wayback/Archive] A readable Thread by @dave_universetf Says Cool minor @Tailscale moment: I’ – UnrollThread.com.
The core are these three tweets:
Turns out, IPv6 autoconfiguration is what happened. Sure, v4 configuration was entirely wrong (it was trying to connect to wifi, via a wifi dongle that was no longer installed, and wanted to talk to a DNS server that doesn’t exist any more), but eno1 had a cable plugged in!The server noticed IPv6 router advertisements, went “I’ll have some of that”, and got global IPv6 connectivity automagically. IPv4 and DNS were still down though, so all it had at this point is the ability to send/receive IPv6 packets.So, how did Tailscale get from there to a working setup? It still needs to contact https://t.co/hEs4S8qvTw to get a network map, and still needs to talk to DERP servers to get p2p tunnels working outside the LAN. Enter bootstrap DNS!
It means I have to re-read Source: Some links on Tailscale / Wiregard, especially the [Wayback] How Tailscale works · Tailscale bit, then decide how I want to organise my infrastructure to run parts under Tailscale (I have the impression it is a peer based set-up, not router based).
Then I have to read [Wayback/Archive] IPv4, IPv6, and a sudden change in attitude – apenwarr of which the conclusion is this:
IP mobility is what we do, in a small way, with Tailscale’s WireGuard connections. We try all your Internet links, IPv4 and IPv6, UDP and TCP, relayed and peer-to-peer. We made mobile IP a real thing, if only on your private network for now. And what do you know, the math works. Tailscale’s use of WireGuard with two networks is more reliable than with one network.
Finally I need to not just read it, but understand all it (:
Or maybe I should ask Kris, as I got here through:
- [Archive] Kris on Twitter: “Ich bin übrigens komplett vergreist und sollte nicht mehr in die Nähe von Computern gelassen werden. Ich habe also die Wireguard Dokumentation gelesen und auf dem lokalen Windows-Laptop “scoop install wireguard” gemacht.” / Twitter
- [Archive] Brad Fitzpatrick on Twitter: “@eliasp @isotopp @Tailscale Und oft gibt es mehr als eine lokale Netzwerkoption (IPv6 link local + IPv4). Etwas verwandt: eine Geschichte über einen Überraschungs-Netzwerk-Link… …” / Twitter (linking to the Twitter thread at the top of this post)
I saved Kris’ message thread here at [Wayback/Archive] Thread by @isotopp on Thread Reader App – Thread Reader App.
An OK translation is at [Wayback/Archive] Thread by @isotopp on Thread Reader App – Thread Reader App.
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Scoop, Tailscale, VPN, Windows, Wireguard | 1 Comment »
I had some Windows ATOM issues before, but this beats them easily
Posted by jpluimers on 2022/10/19
I’ve had some issues with Windows ATOM tables filling up, but nothing like this security bypass:
A new Windows code injection technique, atombombing, which bypasses current security solutions.
Source: AtomBombing: Brand New Code Injection for Windows – Breaking Malware [WayBack] with source code at BreakingMalwareResearch/atom-bombing: Brand New Code Injection for Windows
Note that since writing the first draft, the above AtomBombing article moved via Wayback: blog.ensilo.com to [Wayback/Archive.is] AtomBombing – A Brand New Code Injection Technique for Windows | FortiGuard Labs.
Share this:
Posted in Development, FortiGate/FortiClient, Hardware, Network-and-equipment, Power User, Security, Software Development, VPN, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Development, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »
Since about 5 months now, there has been a new Chocolatey package maintainer for OpenVPN
Posted by jpluimers on 2022/08/26
Last winter, I discovered that the OpenVPN version on Chocolatey was really old: it had not been updated since 2019.
Most Chocolatey maintainers are volunteers and sometimes the burden can become too large. Back then the maintainer was [Wayback/Archive] Chocolatey Software | wget, but luckily [Wayback/Archive] Chocolatey Software | dgalbraith has stepped in and in March 2022 bumped the version from [Wayback/Archive] Chocolatey Software | OpenVPN 2.4.7 to [Wayback/Archive] Chocolatey Software | OpenVPN – Open Source SSL VPN Solution 2.5.4 and kept maintaining (currently there is [Wayback/Archive] Chocolatey Software | OpenVPN – Open Source SSL VPN Solution 2.5.7).
Share this:
Posted in *nix, *nix-tools, Chocolatey, Hardware, Network-and-equipment, OpenVPN, Power User, ssh/sshd, VPN, Windows | Leave a Comment »
Perkeep lets you permanently keep your stuff, for life.
Posted by jpluimers on 2022/03/30
For my link archive: [Wayback] Perkeep
Via [Wayback] bradfitz – Joining Tailscale: Simplifying Networking, Authentication, and Authorization (which has many interesting linkis, including [Archive.is] bradfitz/homelab: Brad’s homelab setup)
- [Wayback/Archive.is] ycombinator: Perkeep: personal storage system for life | Hacker News.
- Perkeep – Wikipedia
Perkeep (previously Camlistore, Content-Addressable Multi-Layer Indexed Storage) is a set of open-source formats, protocols, and software for modeling, storing, searching, sharing, and synchronizing data.
- [Wayback] Documentation – Perkeep
- [Archive.is] Perkeep (née Camlistore)
–jeroen
Share this:
Posted in Cloud, Hardware, Infrastructure, Network-and-equipment, Perkeep, Power User, Storage, Tailscale, VPN, Wireguard | Leave a Comment »
Some links on Tailscale / Wiregard
Posted by jpluimers on 2022/03/29
For my link archive:
- WireGuard – Wikipedia
- Brad Fitzpatrick – Wikipedia
- [Wayback] Installing Tailscale on Windows · Tailscale
- [Wayback] How Tailscale works · Tailscale
- [Wayback] Tailscale · Best VPN Service for Secure Networks
Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any network or physical location.
Related: [Wayback] Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code – Scott Hanselman’s Blog
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
“Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code”
Posted by jpluimers on 2022/03/23
“Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code”
Points to [Wayback] Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code – Scott Hanselman’s Blog
Related:
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
The Wiert Corner - irregular stream of stuff 