- So, i've been busy lalety...no time to do anything...
- Will be updating gaming stuff
- Upgraded the site for a new 2018 look...may stick for another 2 or 3 years maybe... :D
Recent Videos - Star Citizen
Recent Videos - Star Citizen
Setting up WireGuard VPN on UniFi Dream Machine Pro (UDM Pro)
Having access to my home network from anywhere is the key to have my arsenal on demand. Be it for a quick look in a text file on my pc, or to remotely troubleshoot my devices, I should be able to access them when the time comes. But accessibility comes with a significant risk of security. No one should ever expose their private network without any layer of security. I have seen most successful attack originating from the internet is due to low security or no security at all.
It is advisable to have some layer of security to mitigate the risk and implement a layer 2 VPN for the connection. I have used OpenVPN previously but WireGuard is all the buzz now. My setup is very simple, which I will be setting up my UDM Pro as the WireGuard server and my phones as the clients.
Before you proceed, you must have a good understanding of networking to be able to understand how and why the configuration is done as is. This diagram visualizes what my setup is.
Installing WireGuard Kernel Mode for UDM Pro
Open an SSH connection to your UDM Pro, and download the latest wireguard-kmod. Please check the link below if you do not know how to enable SSH on the UDM Pro
You can download the files from here https://github.com/tusc/wireguard-kmod/releases
# curl -LJo wireguard-kmod.tar.Z https://github.com/tusc/wireguard-kmod/releases/download/v5-28-21/wireguard-kmod-05-28-21.tar.Z
When the download completes, run this to extract the contents to /mnt/data
# tar -C /mnt/data -xvzf wireguard-kmod.tar.Z
cd into /mnt/data/wireguard and run the script setup_wireguard.sh once the extraction is complete.
# ./setup_wireguard.sh loading wireguard...
This will basically will symlink to the wg binaries and /etc/wireguard and load the kernel modules. You should see something like this in dmesg.
wireguard: WireGuard 1.0.20210219 loaded. See www.wireguard.com for information. wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
To be able to make it persistent across reboot, you have to run the script on boot. You need to do this in the UniFi OS directly running the below command.
# unifi-os shell
Download udm-boot_1.0.5_all.deb, install it and exit.
# curl -L https://udm-boot.boostchicken.dev -o udm-boot_1.0.5_all.deb # dpkg -i udm-boot_1.0.5_all.deb # exit
Back on the UDM Pro, copy the WireGuard boot script into the /mnt/data/on_boot.d/ folder. This will run on every boot, and bring up wg0 interface.
# curl -LJo /mnt/data/on_boot.d/10-wireguard.sh https://github.com/k-a-s-c-h/unifi/blob/main/on_boot.d/10-wireguard.sh
For more info, please refer here. UDM Pro on-boot-script
Configuration is quite easy compared to other setups. There is a sample file provided, and you can use that as a start.
# cp /etc/wireguard/wg0.conf.sample /etc/wireguard/wg0.conf # vi /etc/wireguard/wg0.conf
You will need to generate the key using included wg bin.
Generate the keypair for UDM Pro first
# wg genkey | tee udmprivatekey | wg pubkey > udmpublickey
And generate the keypair for my phone
# wg genkey | tee phoneprivatekey | wg pubkey > phonepublickey
The contents of the files are the key for both configurations.
As I mentioned earlier, my setup only for my phone to access my home network. My wg0.conf on UDM Pro looks like this.
[Interface] Address = 172.16.20.1 #the LAN interface IP on UDM Pro PrivateKey = udmprivatekey #contents of udmprivatekey ListenPort = 44333 #port to listen for connection [Peer] PublicKey = phonepublickey #contents of phonepublickey AllowedIPs = 172.16.20.0/24 #my local network subnet # This is for if you're behind a NAT and # want the connection to be kept alive. PersistentKeepalive = 25
That’s the basic config needed for the server part (UDM Pro).
Some of you may find this is hard, so you would better off using this config generator
Generate and overwrite wg0.conf
Starting the tunnel
Run this in the terminal
# wg-quick up wg0
and it should show up something like this
[#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 172.16.20.1/24 dev wg0 [#] ip link set mtu 1420 up dev wg0
You can also check the status using wg
# wg interface: wg0 public key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX private key: (hidden) listening port: 44333 peer: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX endpoint: 10.243.45.111:44334 allowed ips: 10.10.10.2/32 latest handshake: 2 seconds ago transfer: 11.65 MiB received, 151.40 MiB sent persistent keepalive: every 25 seconds
To stop the tunnel, run
# wg-quick down wg0
Before you start connecting, you need to allow incoming wireguard packet through the configured listen port, which in my case is 44333, you can change it to suit your environment.
Depending on your UDM Pro UI, you need to configure a firewall rule on you WAN LOCAL. Please refer here how to get there.
Configure it like this. You need to add a new port group.
1. Create a new custom firewall rule
2. Add a new port group.
Configuring peer devices
For easy config on the phone, you can generate a qr code and scan it by running this
qrencode -t ansiutf8 </etc/wireguard/wg0.conf
On the phone, install WireGuard app and scan the barcode.
It will look like something like this.
Well, that’s it. You now have a running a secure tunnel to your home network.
Multi WAN failover
If you have multiple WAN uplink, you can use this script to failover to which WAN connection is available.
This goes into /mnt/data/on_boot.d folder.
UniFi Dream Machine Pro : https://store.ui.com/collections/unifi-network-unifi-os-consoles/products/udm-pro
WireGuard : https://www.wireguard.com/
WireGuard-kmod : https://github.com/tusc/wireguard-kmod
UDM/UDM Pro Boot Script : https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script#readme
UDM Source Code : https://github.com/tusc/UDM-source-code
WireGuard Docs : https://github.com/pirate/wireguard-docs#WireGuard-Setup-tools
Hi all, this is some guide on how you can install slackware on your ARM device.
This is based on the documents by Stuart Winter on installing slackware on ARM devices.
check it out here..Installing Slackware on ARM device
There’s also an update on arm.slackware.com site, says that alienBOB is working on Slackware ARM hard float port….
Slackware ARM hard float port now in progress
By mozes on 02-Apr-2013
Eric Hameleers (alienBOB of the Slackware Core team) has begun a 32-bit ARM hard float port of Slackware. This port will allow Slackware users to maximise the performance of the newest ARM devices (ARMv7 and greater). The project is currently focusing on supporting the Samsung 2012 ARM Chromebook.
See Eric’s ARM blog for progress.
So i guess later on the whole process might be a little simple than the previous one. here’s the link to his blog.
OK basically this is just to share how I compiled dsniff 2.4 in my box.
wget http://monkey.org/~dugsong/dsniff/beta/dsniff-2.4b1.tar.gz tar -zxf dsniff-2.4b1.tar.gz cd dsniff-2.4 ./configure ./make
during make, I encountered this error.
./sshow.c:226: error: (Each undeclared identifier is reported only once ./sshow.c:226: error: for each function it appears in.) ./sshow.c: In function 'server_to_client': ./sshow.c:274: error: 'CLK_TCK' undeclared (first use in this function)
Below is the fix.
You have to use CLOCKS_PER_SEC instead of CLK_TCK.
According to /usr/include/time.h, CLK_TCK is the “obsolete POSIX.1-1988 name” for CLOCKS_PER_SEC.
Please also change this.The function arp_cache_lookup does not use the correct interface when running under Linux .. it always uses interface “eth0”.
cd to dsniff-2.4, find arp.c and edit the following:
strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev));
strncpy(ar.arp_dev, "wlan0", sizeof(ar.arp_dev));
Save the file and recompile dsniff.
hehe…tadi bos aku suh try test celcom broadband nye speed. So aku pun try la *censored* dlm windows. Slow gile… 0.1Mbps je kot download. Pastu la ni nak try lak online guna Slack.
Simple jek nak online broadband gune linux. Konsep dia sama dgn PPP punya connection. Since aku guna Slackware 13, aku try nak guna wvdial je utk connect.
nak install wvdial ni korang kene install dulu wvstream library. Aku guna build dari slackbuild je.
chmod +x wvstreams.Slackbuild ./wvstreams.Slackbuild
Jangan lupa donlod wvdial lak.
chmod +x wvdial.Slackbuild ./wvdial.Slackbuild
I was setting up samba to allow my shares available for windows users. However, i got frustated when if failed to start. I was wondering what could cause it since from previous 12.2 slack it was ok.
bash-3.1# /etc/rc.d/rc.samba start Starting Samba: /usr/sbin/smbd -D /etc/rc.d/rc.samba: line 11: 24728 Aborted (core dumped) /usr/sbin/smbd -D /usr/sbin/nmbd -D /etc/rc.d/rc.samba: line 11: 24729 Aborted (core dumped) /usr/sbin/nmbd -D
I started checking the logs in /var/log/samba/* and tried to dismantle through the errors.
[2009/09/04 15:48:13,0] smbd/server.c:main(1210) smbd version 3.2.13 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2009/09/04 15:48:13,0] lib/messages_local.c:messaging_tdb_init(96) ERROR: Failed to initialise messages database: No such file or directory [2009/09/04 15:48:13, 0] lib/messages.c:messaging_init(204) messaging_tdb_init failed: NT_STATUS_OBJECT_NAME_NOT_FOUND [2009/09/04 15:48:13,0] lib/util.c:smb_panic(1670) PANIC (pid 24728): Could not init smbd messaging context [2009/09/04 15:48:13,0] lib/util.c:log_stack_trace(1774) BACKTRACE: 6 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xb7d29724] #1 /usr/sbin/smbd(smb_panic+0x80) [0xb7d29881] #2 /usr/sbin/smbd(smbd_messaging_context+0x64) [0xb7f6785f] #3 /usr/sbin/smbd(main+0x6ac) [0xb7f69651] #4 /lib/libc.so.6(__libc_start_main+0xe5) [0xb762d6a5] #5 /usr/sbin/smbd [0xb7b12921] [2009/09/04 15:48:13,0] lib/fault.c:dump_core(201) dumping core in /var/log/samba/cores/smbd
core dump? oh shit, not another bug… damn.. It made me disbelief as it was working fine before….
I did numerous test to pin down the root cause.
- Started samba without smb.conf – smbd and nmbd did not run
- Started samba with dummy smb.conf – smbd and nmbd runs
- Started samba with updated smb.conf – smbd and nmbd did not run
Then i realized that the problem lies in the smb.conf file. I checked the /etc/samba/smb.conf file. I run testparm to check what could be the problem.
bash-3.1# testparm Load smb config files from /etc/samba/smb.conf Processing section "[shared]" Loaded services file OK. ERROR: lock directory file:///var/cache/samba does not exist ERROR: pid directory file:///var/run does not exist Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions (input truncated.....) bash-3.1#
What the f u ck man! I knew it when i first saw it. The file:// is appending at every directory configurations.
I quickly remove every occurance of file:// and restarted samba and hell yeah! It resolve the problem.
bash-3.1# /etc/rc.d/rc.samba start Starting Samba: /usr/sbin/smbd -D /usr/sbin/nmbd -D bash-3.1#
How the hell does the config change like that?
Well, its kde4 samba setting bug…damn..should have go through *all bug lists* first.. hahahah
The fix would be in KDE 4.3.0. However if you have the sources, just update with the latest SVN.