dataprolet

dataprolet , 15 days ago

How can something like Tailscale be blocked?

dataprolet , 13 days ago

Interesting, because Tailacale doesn't use any special ports. How would that be detected? And could you maybe use Headscale on a dynamic port to circumvent that?

dataprolet OP , 28 days ago

Of what?

dataprolet OP , 28 days ago

I'm using Headscale, but yes.

dataprolet OP , 28 days ago

How do I make sure of this? What am I supposed to see using the command?

dataprolet OP , 28 days ago

Thanks, that's what I'm trying to do. :)

And my VPS doesn't have any IPs in the same range as my home server.

dataprolet OP , 28 days ago

Doesn't seem to work.

dataprolet OP , 28 days ago

No, I'm not using ACLs.

dataprolet OP , 28 days ago

Yes, both clients can tailscale ping each other and after doing so the status shows active; relay "ams".

Using tailcale ping 192.168.178.178 also works for some reason.

Not sure what to do with the output of netmap.

dataprolet OP , 27 days ago

So to confirm your behavior, you can tailscale ping each other fine and tailscale ping to the internal network. You cannot however ping from the OS to the remote internal network?

Exactly.

Have you checked your routing tables to make sure the tailscale client added the route properly?

How do I do this? I use Headscale and headscale routes list shows the following:

ID | Machine | Prefix           | Advertised | Enabled | Primary
1  | server  | 0.0.0.0/0        | false      | false   | -
2  | server  | ::/0             | false      | false   | -
3  | server  | 192.168.178.0/24 | true       | true    | true

Also have you checked your firewall rules? If you’re using ipfw or something, try just turning off iptables briefly and see if that lets you ping through.

I'm not using a firewall, but the VPS is hosted on Hetzner, which has a firewall. But I already allowed UDP port 41641 and 41641. The wg0 rule is from the Wireguard setup I want to replace using Tailscale.

# iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A INPUT -s 100.64.0.0/10 -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 81 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9090 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9001 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

dataprolet OP , 27 days ago

There is no tailscale0, but also not on my home server which also runs Tailscale and which I can access remotely using my Android.
Could my existing Wireguard setup interfere with Tailscale?

dataprolet OP , 27 days ago

I'm not sure the Docker container is even using a tailscale interface, because there is none on my VPS or my home server.

And how do I see whether I have a device at /dev/net/tun?

dataprolet OP , 27 days ago

Are you sure Tailscale in Docker is creating a wg0 interface? Because I got a working connection between my smartphone and my home server and the home server is not showing any interface related to Tailscale?

default via 192.168.178.1 dev ens18 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.178.0/24 dev ens18 proto kernel scope link src 192.168.178.178 

dataprolet OP , 26 days ago

Yes I'm running it on Docker and therefore have the docker0 interface.

dataprolet , 29 days ago

VPS with public IPv4, Wireguard/Tailscale/Headscale and my own Domain.

dataprolet , 25 days ago

Headscale is pretty straight forward to set up and easy to use. And there are multiple WebGUIs available to choose from, if you need. If you have any questions, let me know.

dataprolet , 1 month ago

Good for you, but this is the wrong sub for you then.

dataprolet , 1 month ago

Is this as ad?

You could also use free LLMs, check out FMHY.

dataprolet , 1 month ago

If you're using compression, try compsize.

dataprolet OP , 1 month ago

It's not my website, but you can contact the owner here: https://selfh.st/contact/.

dataprolet OP , 1 month ago

In case this isn't clear, I do not support the opinion stated in the video. Might have been misleading.

dataprolet OP , 1 month ago

Why's that? Everything is political.

dataprolet , 1 month ago

Masbe try compsize:
https://github.com/kilobyte/compsize

dataprolet , 1 month ago

Secure file sending: croc
Dedjplication: Czkawka
Sorting tool: Phockup
OCR: OCRmyPDF

dataprolet , 2 months ago

Just use Btrfs subvolumes.

dataprolet , 2 months ago

You can't do LUKS on LVM either, right? Only LVM on LUKS, just like Btrfs on LUKS.

dataprolet , 2 months ago

The more you know.

dataprolet , 2 months ago

Recent video that explains Docker very well: https://www.youtube.com/watch?v=rIrNIzy6U_g

dataprolet , 2 months ago

+1 for Mull.

And yeah, on Android unfortunately you gotta choose between privacy (Firefox/Mull) or security (Chromium).

dataprolet OP , 2 months ago

Of course, but I don't know what it means or what to do with it otherwise I obviously wouldn't have create this post!?

dataprolet OP , 2 months ago

Here's the full log from /tmp/letsencrypt-log/letsencrypt.log.
https://notebin.de/?4859b67f1b29f0e2#8G6vSon5PUGUHoZvMYD3zKwx8hkJeCV9xQM4TWFSvudM

dataprolet OP , 2 months ago

I replaced my actual domain with "mydomain".

dataprolet OP , 2 months ago

Some contect, the tractor randomly appeared on an intersection in the middle of the city. My two teammates weren't able to see it and for them I appeared to be hovering mid air. It's obviously the rusty tractor, but why is it green? Where did it come from? And why couldn't my mates see it? We were in an empty lobby by ourselves by the way.
https://gta.fandom.com/wiki/Tractor

dataprolet OP , 2 months ago

I have like a dozen people using my Jellyfin and sometimes 3-4 people watch something at the same time which results in a lot of transcoding data. At the moment my transcoding directory (which is cleaned every 24 hours) is almost 8 GB big. I don't have the RAM to do this.

dataprolet OP , 2 months ago

Yeah, but the cleanup job doesn't seem to work reliably. I noticed because my home server ran out of disk space because the transcoding directory was over 30 GB in size.

dataprolet OP , 2 months ago

Every transcode could need as much disk space as the size of the file you're playing. If you have a media file that's bigger than your available RAM the transcode will propably cause problems because you will run out of RAM.

dataprolet OP , 2 months ago

Version 10.9 is not even released, right?

dataprolet OP , 2 months ago

I am using NPM, that doesn't help with my issue.

dataprolet OP , 2 months ago

I actually don't know. All I want to achieve is having access from my smartphone to my local network via the VPS, which is the only device with a public IP. So it's basically a point-to-site connection from my smartphone to my home server with the VPS in between.

And I just followed a tutorial and that's why I set up the 10.0.0.0/24 IP range.

dataprolet OP , 2 months ago

Looks perfect, thanks!

dataprolet OP , 2 months ago

Thanks, that did the trick!