20200726: Difference between revisions
From charlesreid1
(→Bespin) |
(→Bespin) |
||
| Line 80: | Line 80: | ||
===Bespin=== | ===Bespin=== | ||
====Bespin DNS server==== | |||
Bespin is running its own DNS server - PiHole in a docker conainer. | |||
bespin | This needs a new DNS record, so bespin.charles will point to bespin's tinc IP address, 10.6.0.10. | ||
bespin | Adding custom DNS entries to PiHole: https://github.com/pi-hole/pi-hole/issues/975#issuecomment-281027117 | ||
Open a shell in the PiHole container. Create a new dnsmasq configuration file with the following contents: | |||
<code>/etc/dnsmasq.d/charles.conf</code> | |||
<pre> | |||
address=/bespin.charles/10.6.0.10 | |||
address=/dorky.charles/10.6.0.1 | |||
</pre> | |||
To do this with commands: | |||
<pre> | |||
$ docker exec -it e0dedd5f8129 /bin/bash | |||
# echo "address=/bespin.charles/10.6.0.10" > /etc/dnsmasq.d/charles.conf | |||
# echo "address=/dorky.charles/10.6.0.1" >> /etc/dnsmasq.d/charles.conf | |||
</pre> | |||
Restart the container: | |||
<pre> | |||
sudo systemctl restart pihole | |||
</pre> | |||
====Bespin tinc connection to dorky==== | |||
Ensure this is okay by pinging other side of tunnel. From 10.6.0.10: | |||
<pre> | |||
ping 10.6.0.1 | |||
</pre> | |||
and vice versa. | |||
====Bespin self-signed SSL cert==== | |||
To create a self-signed certificate for bespin.charles: | |||
[[Create_an_SSL_Certificate]] | |||
==Related== | ==Related== | ||
Revision as of 21:55, 26 July 2020
Notes
network/domain/dns questions
- pod private wiki requires a domain
- that requires network interfaces and ip addresses to be set up
tinc
- installing tinc natively, whole point is to avoid fuss
- doesn't feel particularly secure, but it's all public/private key infra, soooo
- tinc is more limited, requires clients to have tinc installed and keys copied
- to get around that, create dorky socks proxy server that handles traffic to the wiki
bespin setup:
- bespin runs own dns server
- bespin.charles points to itself
- bespin.charles/wiki is wiki endpoint
- bespin connects to dorky via tinc, 10.6.0.10
- bespin has a self-signed ssl certificate for bespin.charles
dorky setup:
- dorky has a dns server bound to tinc interface - tinc dnsmasq
- dorky.charles points to itself
- dorky gets connection from bespin via tinc, 10.6.0.1
- dorky has a charlesreid1.party certificate
- dorky runs a socks server
- dorky forwards packets between socks tunnel and tinc tunnel
- dns requests forwarded thru socks tunnel are handled by tinc dnsmasq
Tinc on bespin and dorky
Main article: Tinc
On bespin (behind NAT):
$ cd /etc/tinc/master $ cat tinc.conf Name = bespin AddressFamily = any Mode = switch ConnectTo = dorky $ cat tinc-up #!/bin/sh ifconfig $INTERFACE 10.6.0.10 netmask 255.255.0.0 $ cat tinc-down #!/bin/sh ifconfig $INTERFACE down $ ls hosts/ bespin dorky
On dorky (public IP):
$ cd /etc/tinc/master $ cat tinc.conf Name = dorky AddressFamily = any Mode = switch $ cat tinc-up #!/bin/sh ifconfig $INTERFACE 10.6.0.1 netmask 255.255.0.0 $ cat tinc-down #!/bin/sh ifconfig $INTERFACE down $ ls hosts/ bespin dorky
Bespin
Bespin DNS server
Bespin is running its own DNS server - PiHole in a docker conainer.
This needs a new DNS record, so bespin.charles will point to bespin's tinc IP address, 10.6.0.10.
Adding custom DNS entries to PiHole: https://github.com/pi-hole/pi-hole/issues/975#issuecomment-281027117
Open a shell in the PiHole container. Create a new dnsmasq configuration file with the following contents:
/etc/dnsmasq.d/charles.conf
address=/bespin.charles/10.6.0.10 address=/dorky.charles/10.6.0.1
To do this with commands:
$ docker exec -it e0dedd5f8129 /bin/bash # echo "address=/bespin.charles/10.6.0.10" > /etc/dnsmasq.d/charles.conf # echo "address=/dorky.charles/10.6.0.1" >> /etc/dnsmasq.d/charles.conf
Restart the container:
sudo systemctl restart pihole
Bespin tinc connection to dorky
Ensure this is okay by pinging other side of tunnel. From 10.6.0.10:
ping 10.6.0.1
and vice versa.
Bespin self-signed SSL cert
To create a self-signed certificate for bespin.charles: