Ancestors

Toot

Written by Adam Trickett :debian: :kde: on 2025-01-18 at 16:21

Been set a challenge to make #Synology #NAS which doesn't have #Wireguard on, accessible over the Internet.

I think I'm going to use a #Debian VM in the cloud as my public Wireguard entry point and a Debian box inside the office to act as my relay, and then use IP tables rules to relay packets to and from the Synology NAS. I think it can all be done.

Don't like #SMB but Windows doesn't speak #NFSv4.

=> More informations about this toot | More toots from drajt@fosstodon.org

Descendants

Written by Daniel Lakeland on 2025-01-18 at 16:27

@drajt

This is a job for #IPv6

=> More informations about this toot | More toots from dlakelan@mastodon.sdf.org

Written by Adam Trickett :debian: :kde: on 2025-01-18 at 16:30

@dlakelan Yes, and while both the hosted VM and relay systems will both have IPv6, not every client will have, so it also has to work over IPv4.

If I could get Wireguard directly on the Synology device a lot of problems would go away. I'm pretty sure I can't which is a real pain.

=> More informations about this toot | More toots from drajt@fosstodon.org

Written by Daniel Lakeland on 2025-01-18 at 16:52

@drajt

Are the clients arbitrary internet users, or could they all share v6 routes for ULA through some wireguard tunnels? Then you only need the routers to have wireguard and you can avoid v4 NAT

=> More informations about this toot | More toots from dlakelan@mastodon.sdf.org

Written by Adam Trickett :debian: :kde: on 2025-01-18 at 16:56

@dlakelan It's a small list of Windows 11 clients - and not ones I directly control. There may be a Mac in the mix. I'll have one Debian client, but I'm personally trapped with only IPv4 - but configuring my personal system is easy.

Many of the users will have IPv6, but not all. It's common but not universal in France.

=> More informations about this toot | More toots from drajt@fosstodon.org

Written by Daniel Lakeland on 2025-01-18 at 17:07

@drajt

If you don't control the clients you probably don't control their routers either I assume. If you did you could distribute a ULA to all the LANs with wireguard between the routers. My only other suggestion is to look at yggdrasil.

=> More informations about this toot | More toots from dlakelan@mastodon.sdf.org

Written by Adam Trickett :debian: :kde: on 2025-01-18 at 17:13

@dlakelan yes, no control over their routers, just domestic ISP issued routers from the big three ISPs in France. To be fair they are a bit smarter than the routers I came across in the UK, but they are restricted and I can't just go fiddling with them...

I think doing NAT on my relay system is the least bad option...

=> More informations about this toot | More toots from drajt@fosstodon.org

Written by Daniel Lakeland on 2025-01-18 at 17:26

@drajt

Well, take a look at

https://yggdrasil-network.github.io/

It's pretty nice. You could set up your relay as a common hub and the clients then connect to that.

=> More informations about this toot | More toots from dlakelan@mastodon.sdf.org

Written by Adam Trickett :debian: :kde: on 2025-01-18 at 19:23

@dlakelan I started to think about that too. I've been playing with it under Debian but I don't have a Windows box to test it with.

=> More informations about this toot | More toots from drajt@fosstodon.org