“Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code”
Points to [Wayback] Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code – Scott Hanselman’s Blog
Related:
–jeroen
Archive for the ‘VPN’ Category
“Using Tailscale on Windows to network more easily with WSL2 and Visual Studio Code”
Posted by jpluimers on 2022/03/23
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
Wake-on LAN over tailscale VPN
Posted by jpluimers on 2022/03/22
Hey macOS desktop in the basement, thanks for going to sleep while I was in the middle of typing at you via SSH.
Maybe that should be a signal not to sleep, eh?
$ sudo wakeonlan ac:87:a3:19:7e:81
Sending magic packet to 255.255.255.255:9 withWell, at least that works.
Related:
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
Some links on Wireguard as DHCP clients were not supported back then yet
Posted by jpluimers on 2021/11/12
Wireguard seems more light-weignt and secure than OpenVPN and IPsec. So I’m anxious to know how it is supposed to work for road warriors that often depend on receiving DHCP addresses into the network of the VPN server.
Some links that hopefully get me started to install a Wireguard VPN server and provide services to road warrior clients.
First the Twitter thread that got me investigating:
- [WayBack] Daniël Verlaan on Twitter: “Opgepast ⚠️ – nerd-tweet incoming. Ben echt ontzettend te spreken over WireGuard, een nieuw vpn-protocol dat sneller, veiliger en energiezuiniger is dan OpenVPN, IPSec of IKEv2. Goed te gebruiken met o.a. Algo, Mullvad of iVPN op desktop en mobile 🙌 … “
- [WayBack] Jeroen Pluimers on Twitter: “Hoe zit het met de handout van DHCP client adressen aan de VPN clients?… “
- [WayBack] Daniël Verlaan on Twitter: “durf ik niet te zeggen uit mijn hoofd, maar daar zal genoeg over te vinden zijn online… “
- [WayBack] Jeroen Pluimers on Twitter: “Mijn initiele poging was niet echt hoopvol, vandaar de vraag; ik denk dat ik iets over het hoofd zie. Mocht je iets tegenkomen met goede info, dan graag!… “
- [WayBack] Arian van Putten on Twitter: “Hai! Op dit moment nog niet gesupport. Maar wordt aan gewerkt https://t.co/qpdClRdRyw Waarschijnlijk niet via DHCP maar via ipv6… “
- [WayBack] Arian van Putten on Twitter: “Probleem is dat dynamic addresses en cryptokey-routing beetje tegen elkaar inwerken. Maar ipv6 geeft tools om dit wel mogelijk te maken zo ver ik begrijp… “
- [WayBack] Jeroen Pluimers on Twitter: “Eigenlijk ben ik al een tijd op zoek naar varvanging van Fritz!Box VPN naar meer moderne en liefst onderhoudsarme VPN zowel voor LAN-to-LAN als roaming mobiele apparaten die achter wisselende NATs hangen. Voorlopig (zie profiel) extreem laag in energie, dus alle hulp is welkom.… “
- [WayBack] Arian van Putten on Twitter: “maar maakt dan toch niet uit dat binnenin je VPN het netwerk static is? Wireguard lijkt me een goede fit. Vooral omdat het goed omgaat met roaming… “
- [WayBack] Jeroen Pluimers on Twitter: “Dank! Dit is waarom ik van Twitter hou: als je zelf even in een mentale dip zit en niet meer alles kunt overzien, gooit iemand het kwartje naar je toe zodat je het kunt laten vallen. Alle clients hun eigen vaste IPv4, dan maakt het niet meer uit vanachter welke NAT ze connecten.… “
- [WayBack] 𝓹𝓮𝓽𝓾𝓻 on Twitter: “Ik heb mijn clients allemaal een vast adres gegeven, dat lukt nog als het er niet te veel zijn. De server kant is een UBNT ER-X… “
- [WayBack] Arian van Putten on Twitter: “maar maakt dan toch niet uit dat binnenin je VPN het netwerk static is? Wireguard lijkt me een goede fit. Vooral omdat het goed omgaat met roaming… “
- [WayBack] Jeroen Pluimers on Twitter: “Eigenlijk ben ik al een tijd op zoek naar varvanging van Fritz!Box VPN naar meer moderne en liefst onderhoudsarme VPN zowel voor LAN-to-LAN als roaming mobiele apparaten die achter wisselende NATs hangen. Voorlopig (zie profiel) extreem laag in energie, dus alle hulp is welkom.… “
Then some links I found:
- [WayBack] WireGuard – Wikipedia
- [Archive.is] Brad Fitzpatrick on Twitter: “We just made the first bits of the @Tailscale code public, starting w/ the Linux client + its dependent/common code: … Still lots of rough edges & TODOs everywhere so temper expectations accordingly. We want to hack in open and not wait until it’s perfect.… “
- [WayBack] GitHub – tailscale/tailscale: The easiest, most secure, cross platform way to use WireGuard + oauth2 + 2FA/SSO
- [WayBack] Tailscale
- [WayBack] Brad Fitzpatrick – Wikipedia
- [Archive.is] Brad Fitzpatrick on Twitter: “”An update on bradfitz” After ~12.5 years at Google and ~10 years working on Go, it’s time for me to do something new. Tomorrow is my last day at Google. 👋 I’ll still be involved with #golang but less, and differently. More: …”
- [Archive.is] Brad Fitzpatrick on Twitter: “Turns out Google’s internal business card order form only allows a few email address domain names in its drop-down. But that’s easy enough to fix by editing the DOM with Chrome DevTools. My parting gift arrived. (I couldn’t change the Google to a gopher, though.)… “
- [Archive.is] Brad Fitzpatrick on Twitter: “Unemployment got boring. I’m joining @Tailscale. More: …”
- [WayBack] bradfitz – Joining Tailscale
- [WayBack] Absolute scale corrupts absolutely – apenwarr
- [Archive.is] Dave Anderson on Twitter: “So, as of yesterday, I have a new job! I’m with @Tailscale. The ideas in the linked post were a huge part of what got me on board. I want to bring the LAN of old back into the modern world, and return to a simpler model for writing software.… “
- [Archive.is] David Crawshaw on Twitter: “What I am working on, and why. …”
- [WayBack] bradfitz – Joining Tailscale
- [WayBack] Installation – WireGuard
- [WayBack] Quick Start – WireGuard
- [WayBack] WireGuard: fast, modern, secure VPN tunnel
- [WayBack] TUMBLEWEED wireguard support?
- [WayBack] [Solved] Wireguard as a VPN “server” – Installing and Using OpenWrt – OpenWrt Forum
–jeroen
Share this:
Posted in Hardware, Network-and-equipment, Power User, Tailscale, VPN, Wireguard | Leave a Comment »
It looks like a volunteer has been found to maintain the openvpn chocolatey
Posted by jpluimers on 2021/08/09
The chocolatey package for OpenVPN has not been updated for quite a while. It looks like it has to do with the current dependency to verify the OpenVPN signature.
The current [Wayback] Chocolatey Software | OpenVPN 2.4.7 version is both outdated on the major version number ([Wayback/Archive.is] Release OpenVPN v2.5.3 release · OpenVPN/openvpn) and minor version ([Wayback/Archive.is] Release OpenVPN v2.4.11 release · OpenVPN/openvpn). The version 2.4 Windows installers are now called “Legacy Windows Installers”.
Luckily less than a day after the start of the [Wayback/Archive.is] RFM – openvpn · Issue #1024 · chocolatey-community/chocolatey-package-requests, a volunteer stepped forward.
Hopefully by now the package is being maintained again.
–jeroen
Share this:
Posted in Network-and-equipment, OpenVPN, Power User, VPN | Leave a Comment »
Fritz!Box as DMZ behind an Experiabox version 10A
Posted by jpluimers on 2021/06/17
First of all: incoming Fritz!Box VPN behind an Experiabox version 10A fails, because the DMZ implementation of the Experiabox is faulty.
This worked just fine with the Fritz!Box as DMZ host behind a Ziggo Connectbox ([WayBack] Connectbox | Klantenservice | Ziggo).
First a few things to get regular TCP stuff to work: having your Fritz!Box as the DMZ host of an Experiabox.
I had a hart time figuring out some of them, so further below are also quite a few links just in case you bump into simular things.
- On the back of the Experiabox version 10A you find the SSDI and WiFi password on what appears to be a sticker, but is in fact a small piece of cardboard paper.
- Behind that cardboard paper is a sticker with the initial administrator password: shove out the piece of cardboard to reveal the sticker.
- After login (you cannot change the username, which is
ADMINorKPN) you have to choose a new password, which has these undocumented restrictions:- It cannot be the old password
- The password must contain at least 1 special character (
!@#$%^&*()_+|~- =\`{}[]:";'<>?,./). - The password must contain at least 1 number character.
- The password must contain at least 1 uppercase letter.
- Other restrictions I have not bumped into
- The default address of the Experiabox V10a is 192.168.2.254. Do NEVER change it, as KPN totally does not support that scenario and will force you to reset it before starting to help you out with anything. Logon as Administrator to the Experiabox at 192.168.2.254.
- Setting fixed DHCP leases was hard to find (I was looking for fixed DHCP, not DHCP reservation): Network -> LAN -> LAN DHCP (dropdown next to LAN) -> DHCP Reservation (up to 10 computers).
- The DMZ setting was not where I expected it: Network -> Firewall -> DMZ (dropdown next to Firewall)
External port checker: [WayBack] Open Port Checker & Scanner | Test Port Forwarding | Internet Protocol Tools
Related:
- Passwords and SSID on the back of the device:
- [WayBack] KPN toont nieuwe Experiabox V10a met vplus-ondersteuning | Van de Kooy Computers & ICT
- [WayBack] [Melding] Experiabox V10a met verkeerde WiFi gegevens op de sticker | Telfort Forum
- [WayBack] Experia Box v10a | KPN Community
- [WayBack] Wachtwoord Experia box | KPN Community
- [WayBack] Wachtwoord Experia box V10a | KPN Community
Beste antwoord door wjb
Het wachtwoord staat echterop op een sticker, zichtbaar als je het kaartje er uit schuift.
- Use of your own internal routers behind the Experiabox:
- [WayBack] WAN uitgang prive-router communiceert niet met Experia Box | KPN Community
- [WayBack] ASUS RT-AC66U achter Experia Box v10A bijvooorbeeld in DMZ | KPN Community
- IPsec works for Telfort
- [WayBack] VPN op een V10A werkt niet | Telfort Forum: IPSec and OpenVPN should work
- [WayBack] VPN op een V10A werkt niet | Telfort Forum: Somebody got IPSec to work and observed PPTP fails.
- [WayBack] VPN op een V10A werkt niet | Telfort Forum background information on IPSec/SSL-VPN/OpenVPN
- [WayBack] Experia Box V10 DMZ werkt niet correct na een herstart | Telfort Forum
- IPsec fails for KPN; over many years (via “KPN” experiabox “v10a” “IPsec” “server” – Google Search)
- [WayBack] Experiabox v10a, icm VPN-diensten 1900AC (PPTP fails, IPSec should work, but on my system does not)
- 2014 [WayBack] Synology VPN L2TP/IPSec | KPN Community
- 2017 [WayBack] L2TP VPN (Windows Server 2016) werkt niet door ExperiaBox i.c.m. portformwarding | KPN Community
- 2018 [WayBack] Poort forwarding werkt niet op de de Experiabox V10A | KPN Community
- 2019 [WayBack] L2TP/IPsec VPN over Experiabox V10a werkt niet | KPN Community
- 2019 [WayBack] VPN werkt niet meer op Experiabox V10a | KPN Community
- Incoming SMTP port 25 could be blocked:
- DHCP configuration:
- You can only configure 32 DHCP Bindings (this used be an even more mediocre 10 DHCP bindings), which is a laugh:
- There have been quite a few issues in the past that have been solved with firmware updates; I’m still not sure how to update it apart from doing a hard reset.
- [WayBack] Feedback over het nieuwste modem van KPN V10A | KPN Community
- [WayBack] Experiabox v10a update | KPN Community
- [WayBack] Devices IP adres toekennen in v10a | KPN Community (devices not getting DHCP leases, but a 169.254.x.x Link-local address – Wikipedia)
- Wall mounting:
- Keep the bar at the bottom as it protects the plugs (a not so nice design is that they stick out on the back unlike most routers I have ever seen):[WayBack] Beugel Experiabox v10a | KPN Community
- Manuals and such:
- Service tool (be careful: anyone on the internal network can run these if they know the last 3 digits of your bank account!):
- [WayBack] Servicetool: wijzig je WiFi naam & wachtwoord | KPN (fails if you are behind the second router, even though it says it is in progress)
- [WayBack] Servicetool herstellen fabrieksinstellingen Experia Box | KPN
- Without Experiabox seems to be only possible for Telfort, not for KPN:
- [WayBack] Ervaring Telfort oude glasvezelnetwerk naar het nieuwe netwerk / Instellen FritzBox voor externe VOIP | Telfort Forum
- [WayBack] Gebruik een eigen router i.p.v. de Experia Box | KPN Community
- [WayBack] KPN Glasvezel internet zonder Experia Box | KPN Community
- WayBack: Een eigen router | netwerkje.com
- [WayBack] Fritz box i.p.v Experiabox | KPN Community
- [WayBack] KPN Experiabox vervangen voor eigen modem/router – Netwerken – GoT
–jeroen
Share this:
Posted in Network-and-equipment, Power User, VPN | Leave a Comment »
Stop FortiClient from auto-starting (as it uses a truckload of Windows resources, often including 2 gigabyte of memory for their logger)
Posted by jpluimers on 2021/04/16
I see lot’s of negative reactions on FortiClient, as it is very closed source, many intermittent issues, and is a product that tries to be a jack of all trades (over a couple of versions, in addition of being a proprietary VPN client, they started doing vulnerability scanning, interfering with anti-virus products, they blocked saving of passwords and allowing password managers to paste them, and I could go on).
Sometimes you have to use it in order to access a FortiGate based VPN server, so the best is to defer starting it until as late as possible.
Here are some links to get that configured correctly:
- [WayBack] Cant stop FortiClient from starting on startup | Fortinet Technical Discussion Forums
- [WayBack] How to disable FortiClient – // Vedran Zulin – Homepage
–jeroen
Share this:
Posted in FortiGate/FortiClient, Network-and-equipment, Power User, VPN | Leave a Comment »
How to remember password in FortiClient VPN? – Stack Overflow
Posted by jpluimers on 2021/04/12
In [WayBack] How to remember password in FortiClient VPN? – Stack Overflow, the consensus seems to be “it varies, and usually is unreliable”.
Time to write a tool that snifs the Windows GUI and auto-enters the credentials.
That would be much like the Linux expect solution: [WayBack] Continuous run Forticlient VPN using expect. Automatically restart VPN if get disconnected or session closed. · GitHub
Via: [WayBack] Forticlient 5.6 – Save Credentials | Fortinet Technical Discussion Forums
–jeroen
Share this:
Posted in FortiGate/FortiClient, Network-and-equipment, Power User, VPN | Leave a Comment »
GL-AR300M – GL.iNet: nice small device allowing NAT over WAN, WiFi, 3G/4G modem, or OpenVPN
Posted by jpluimers on 2020/08/28
Still glad I got a few of [WayBack] GL-AR300M – GL.iNet: it makes travel life so much easier when you cannot use tethering.
I got the model GL-AR300M with external antennas (the GL-AR300M only has internal ones with a much shorter range).
Powered over USB, it runs OpenWRT and can NAT a local network towards an external network on the WAN, WiFi or (via USB) 3G/4G modem.
Despite doing only 2.4Ghz, it was a life saver in many occasions (there is a 5Ghz model, but it has over heating issues).
Share this:
Posted in Development, Ethernet, GL-AR300M, GL.iNet, Hardware, Hardware Development, LifeHacker, Network-and-equipment, Power User, Raspberry Pi, routers, VPN, WiFi | Leave a Comment »
On my research list: finding out how to prevent FortiClient to route all traffic over VPN
Posted by jpluimers on 2020/08/10
Links that will likely help me:
- https://docs.fortinet.com/d/forticlient-5.4.1-xml-reference/download
- [WayBack] FortiClient-5.4.1-XML-Reference.pdf
- [WayBack] FortiClient VPN Problems With OSX 10.11 El Capitan | Fortinet Technical Discussion Forums
- [WayBack] macos – How to selectively route network traffic through VPN on Mac OS X Leopard? – Super User
- [WayBack] vpn – How to get forticlient working in OSX El Capitan – Server Fault
- [WayBack] Set no default route for VPN Client via PPTP/L2TP – Mac OS X Hints
- [WayBack] Routing all remote traffic through the VPN tunnel
–jeroen
Share this:
Posted in FortiGate/FortiClient, Hardware, Internet, Network-and-equipment, Power User, routers, Security, VPN | Leave a Comment »
Forticlient “the user might login in another computer”, never found the cause
Posted by jpluimers on 2019/11/25
Could only find one reference using “the user might login in another computer” – Google Search, who also could not find out why this error happened:
When trying to log in on FortiClient, I get an error message that says, “the user might login in another computer” I assume that could mean that I’m logged in on another machine elsewhere? I could not find any information confirming that.
[WayBack] Error Message | Fortinet Technical Discussion Forums
So I reached out to Fortinet, the makers of Forticlient:
[WayBack] Jeroen Pluimers on Twitter: “@Fortinet what could cause this? Searching for the message “The user might login in another computer” did not get me any further: https://t.co/Bl4KoWJ7IB FortiClient 6.6.1.723 on MacOS High Sierra.…”
–jeroen
Share this:
Posted in FortiGate/FortiClient, Network-and-equipment, Power User, VPN | Leave a Comment »
The Wiert Corner - irregular stream of stuff 