diff options
| -rw-r--r-- | etc/myconf/cfgl_meta | 3 | ||||
| -rw-r--r-- | etc/nftables.conf | 15 | ||||
| -rw-r--r-- | etc/sysctl.d/99-sysctl.conf | 7 | ||||
| -rw-r--r-- | etc/systemd/system/phantun_client.service | 13 | ||||
| -rw-r--r-- | home/xyz/.bitmonero/bitmonero.conf | 6 | ||||
| -rw-r--r-- | home/xyz/.config/myconf/pacman_Qqme | 1 | ||||
| -rw-r--r-- | home/xyz/.config/myconf/sye | 3 | ||||
| -rw-r--r-- | home/xyz/.config/newsboat/urls | 1 |
8 files changed, 42 insertions, 7 deletions
diff --git a/etc/myconf/cfgl_meta b/etc/myconf/cfgl_meta index 2f59bfb4..968f99bc 100644 --- a/etc/myconf/cfgl_meta +++ b/etc/myconf/cfgl_meta @@ -33,6 +33,8 @@ 755 root root //etc/ssh 644 root root //etc/ssh/sshd_config 440 root root //etc/sudoers +755 root root //etc/sysctl.d +644 root root //etc/sysctl.d/99-sysctl.conf 755 root root //etc/systemd 755 root root //etc/systemd/system 644 root root //etc/systemd/system/monerod@.service @@ -40,6 +42,7 @@ 777 root root //etc/systemd/system/multi-user.target.wants/monerod@xyz.service 755 root root //etc/systemd/system/paccache.service.d 644 root root //etc/systemd/system/paccache.service.d/20-remove-all-uninstalled.conf +644 root root //etc/systemd/system/phantun_client.service 755 root root //etc/udev 755 root root //etc/udev/rules.d 644 root root //etc/udev/rules.d/90-backlight.rules diff --git a/etc/nftables.conf b/etc/nftables.conf index 1ec682d9..1fec22e2 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -39,6 +39,10 @@ table inet my_table { type filter hook forward priority filter policy drop # Drop everything forwarded to us. We do not forward. That is routers job. + + # needed for phantun + iifname pt0 accept + oifname pt0 accept } chain my_output { @@ -47,3 +51,14 @@ table inet my_table { # Accept every outbound connection } } + +table inet nat { + # needed for phantun https://github.com/dndx/phantun + # note here is postrouting not prerouting, server side phantun config is prerouting instead + chain postrouting { + type nat hook postrouting priority srcnat + policy accept + iifname pt0 oif enp3s0 masquerade + iifname pt0 oif wlp2s0 masquerade + } +} diff --git a/etc/sysctl.d/99-sysctl.conf b/etc/sysctl.d/99-sysctl.conf new file mode 100644 index 00000000..b9677c02 --- /dev/null +++ b/etc/sysctl.d/99-sysctl.conf @@ -0,0 +1,7 @@ +# at least `net.ipv4.ip_forward = 1` is needed for wireguard masquerade? to work. Without will result into can't ping ips, can't curl websites, browser can't visit websites +# ka seems has this as default, maybe arch linux cloud-init image has this as default? +# https://forums.rockylinux.org/t/wireguard-masquerade-wont-work/7752 +# https://wiki.archlinux.org/title/Nftables#NAT_with_port_forwarding +# https://github.com/teddysun/across/blob/acef6b00a6ad062c0e99286ea136d1a246def644/wireguard.sh#L514-L522 +net.ipv4.ip_forward = 1 +net.ipv6.conf.all.forwarding = 1 diff --git a/etc/systemd/system/phantun_client.service b/etc/systemd/system/phantun_client.service new file mode 100644 index 00000000..550bf391 --- /dev/null +++ b/etc/systemd/system/phantun_client.service @@ -0,0 +1,13 @@ +[Unit] +Description=phantun client +After=network.target + +[Service] +Type=simple +Environment=RUST_LOG=info +ExecStart=/usr/bin/phantun_client --local [::1]:59083 --remote 104.224.159.210:59083 --tun-local 10.0.1.1 --tun-peer 10.0.1.2 --tun-local6 fdc9:281f:04d7:9eea::1 --tun-peer6 fdc9:281f:04d7:9eea::2 --tun pt0 +#ExecStart=/usr/bin/env RUST_LOG=info /usr/bin/phantun_client --local [::1]:59083 --remote 104.224.159.210:59083 --tun-local 10.0.1.1 --tun-peer 10.0.1.2 --tun-local6 fdc9:281f:04d7:9eea::1 --tun-peer6 fdc9:281f:04d7:9eea::2 --tun pt0 +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/home/xyz/.bitmonero/bitmonero.conf b/home/xyz/.bitmonero/bitmonero.conf index f5f2a1fc..08b96a8b 100644 --- a/home/xyz/.bitmonero/bitmonero.conf +++ b/home/xyz/.bitmonero/bitmonero.conf @@ -1,9 +1,3 @@ -# 80 KiB/s is about the actual upload speed, because I would like to contribute -# back but I don't want to make China ISP unhappy about me uploading too much. -# But my internet is very slow and recently internet became even worse, maybe -# ISP still does not like my upload speed, so I'm trying even lower upload -# speed limit like 10 KiB/s now. -limit-rate-up=10 # https://monerodocs.org/interacting/monero-config-file/#syntax # need =1 for options without value p2p-use-ipv6=1 diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index eb05a5cf..19075d7f 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -40,6 +40,7 @@ optimfrog-bin osmin paru-bin pass-rotate-git +phantun-git pipdeptree plplot qmmp-plugin-pack diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index 309900ab..857d5def 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -10,6 +10,7 @@ nftables.service enabled disabled nvidia-hibernate.service enabled disabled nvidia-resume.service enabled disabled nvidia-suspend.service enabled disabled +phantun_client.service enabled disabled sshd.service enabled disabled swgp-go.service enabled disabled systemd-resolved.service enabled enabled @@ -21,4 +22,4 @@ paccache.timer enabled disabled pacman-filesdb-refresh.timer enabled disabled units_currency.timer enabled disabled -21 unit files listed. +22 unit files listed. diff --git a/home/xyz/.config/newsboat/urls b/home/xyz/.config/newsboat/urls index 98cdffad..7c4f73eb 100644 --- a/home/xyz/.config/newsboat/urls +++ b/home/xyz/.config/newsboat/urls @@ -110,6 +110,7 @@ https://git.sr.ht/~mil/mepo/refs/rss.xml #https://www.paritybit.ca/feed.xml #https://a3nm.net/blog/feed.xml #https://myrtana.sk/allfeed.atom +#https://clehaxze.tw/atom.xml ---videos--- # free license, free software related or author like free software |