Networking notes

Created at 2024-10-26 22:57
Last edited at 2025-04-12 20:32

Networkmanager

Wireguard

Add connection

sudo nmcli connection import type wireguard file /etc/wireguard/pivpn.conf

Disable autoconnect

nmcli connection modify pivpn autoconnect no

Connect to the vpn

nmcli connection up pivpn

It might be necessary to restart the NetworkManager service for the new connection to work.

NGINX

Proxy

Create a site config

/etc/nginx/sites-available/redlib:

server {
    listen 80;
    listen [::]:80;

    server_name redlib.lan;

    location / {
        proxy_pass http://localhost:5001;
    }
}

Enable the site

sudo ln -sf /etc/nginx/sites-available/redlib /etc/nginx/sites-enabled/redlib

Restart the nginx service

sudo systemctl restart nginx.service

Lighttpd

Proxy

Create a module config

/etc/lighttpd/conf-available/15-redlib.conf:

server.modules += ( "mod_proxy" )

$HTTP["host"] =~ "redlib.lan" {
  proxy.server = ( "" =>  ( ( "host" => "192.168.0.111", "port" => "8080" ) ) )
}

Enable the module

sudo lighty-enable-mod

Reload the lighttpd service

sudo service lighttpd force-reload

PiVPN

Split tunneling

Get network addresses from pivpn setupVars.conf:

cat /etc/pivpn/wireguard/setupVars.conf

...

IPv4addr=<ip>/24
IPv4gw=<gw-ip>
pivpnNET=<ip>
subnetClass=24
pivpnNETv6="<ip>"
subnetClassv6=64

...

Set AllowedIPs in the wireguard client config based on the above values:

...

AllowedIPs = <IPv4gw>/24, <pivpnNET>/24, <pivpnNETv6>/64

...

This way all the traffic that wants to go to AllowedIPs will be routed through the VPN. The rest of the traffic will be routed as usual, without going through the VPN.

PiHole + PiVPN fix

I have PiHole and PiVPN installed together, with PiHole as the DNS server. With this setup I experienced connection issues when using split tunneling with the above configuration. The DNS resolution would stop working seemingly at random. Executing nmcli connection up pivpn would fix the issue for a short while.

Setting only the IP address of the raspberry pi in the AllowedIPs field, the issue is gone.

...

AllowedIPs = <IPv4addr>

...

Maybe one day I will debug what causes DNS resolution to fail with the first config, but this solution seemingly does not have any limitations that would affect my usage of the tunnel and it works consistently.

Some networking terms

PON

Passive Optical Network: A network that uses unpowered devices to carry signals.

GPON

Gigabit capable PON.

ONT/OLT/ONU

Optical Network Terminal / Optical Line Terminal / Optical Network Unit: Basically a modem for fibre-optic networks. The end of the line for the optical network.

Fibre media converter

A networking device that can convert between different media types, like twisted pair to fibre optic cabling.

PPPoE

Point-to-Point Protocol over Ethernet: Authenticates the user with a username and a password to the ISP.

Netcat

Send data from one device to an other on the same network

Start listening on the receiving end and write incoming data to ‘file’

nc -l -p 1234 > file < /dev/null

Estabilish connection on the sending end

nc 192.168.1.5 1234

Type something and press return. The line will be written to the file on the other end. Firewalls will of course block this if the port is not open.