𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶 @ SeeJayEmm @lemmy.procrastinati.org

Mastodon: [@SeeJayEmm@noc.social](https://noc.social/users/SeeJayEmm)

---

Read more

Posts

20

Comments

545

Joined

2 yr. ago

I know this is the selfhosted community but if you’re new to this, you really shouldn’t be hosting email as it’s one of the hardest services to get “right”.

I've been self-hosting since I was on dial up but thanks for the assumption. I'm quite familiar with the nuances of hosting mail successfully and all my boxes are ticked. The monkey wrench was just that I didn't account for the source addressing and it screwing up my spam filter as I've never tried this specific scenario before.

No. That’s quite literally the point of a proxy. If you don’t want to be proxied, don’t use a proxy.

That was the thrust of my post. I just started with NPM because it was already there. I've been experimenting and researching since I posted this and I think my solution is to masquerade (NAT) the mailu host behind the VPS and explicitly forwarding the necessary ports. Unfortunately, iptables is one of my weak spots and the nuances of making iptables work in this situation is eluding me. That's really where I could use some guidance.

Thank you!

It should be clearly opt in, in my opinion. I don't believe it is here.

Is there a way to block these threads about threads?

If someone going through the effort to target you with a MitM over the Internet, that's not going to stop them.

Just diable the affected ciphers and/or update opened.

Why does a single player game have this much telemetry and how do I turn it off?

No, that's 0.99 and going up to a buck fifty.

This article is peppered with em.

The reason those companies, and not Tesla, know how to build cars that (in general) can drive from here to there without dropping a wheel or bursting into flames is not that they are staffed by a bunch of centenarian Lore Wizards who learned the secrets of auto manufacture back in nineteen-aught-dickity and now hide this sacred knowledge in a walled mountaintop abbey.

Did you read it? It's an opinion piece that references the Reuters report, and several articles, and is an absolute BLAST to read.

Well, that was a silly mistake. Thanks for noticing it. I rebuilt the client side several times yesterday, so I can't say for certain I made that typo each time, but it's possible.

I just blew out the whole thing, both sides, and rebuilt it from scratch using a different UDP port and it's all working now.

All I meant was, it hadn't occurred to me that the android app and wg-quick used the same file format. I can certainly give this a try.

Have you been down the MTU rabbit hole?

No. I'm going to look into that and do some testing today. Perhaps there's something wonky between my mobile and home ISPs in that regard.

Is wireguard hosted on opnsense, or an internal device that the port is being forwarded to? opnsense. I do have the interface and gw configured and was able to successfully connect when I did the test config from my VPS.

Also, if you see zero packets, then as others mentioned, try a different mtu. Some service providers (mobile, and even hotels) try to block all VPN traffic altogether and they do this by measuring the mtu of the packets.

I didn't think about MTU. I'll do some research and testing on this today.

A little tweaking might get it to work, although I’d expect this to have held true for the VPS too, honestly.

This is why I'm struggling. Every test I do is successful, by all rights this should be working. Phone to VPS, GOOD. VPS to opnsense, GOOD. Phone to VPS, BAD. Can I see packets from the phone to opnsense, YES, unless it's wireguard.

I'll experiment with MTU and see if that bears and fruit. Thanks.

I did configure the VPS to be a client to the opn router and that was able to connect just fine. What I really need is a way to arbitrarily test UDP from the phone, and/or a way to actually do a packet dump on it to see if anything is going out.

I have an network tools app that lets me test arbitrary ports and I do see those packets on a tcpdump, but this app (and you're suggestions above) are all TCP while Wireguard listens on UDP. I haven't come up with a way to test UDP from the phone yet.

I didn't think the wg-quick conf is compatible but I'll look into that in the am.

There's some confusion here. I'm running wireguard on my opnsense router and I'm trying to connect my Android phone to it.

I just used the VPS to help troubleshoot to show other clients can connect to opnsense AND the phone can connect to other servers but the phone and opn won't talk.

I know this screams config issue. I've gone over it and rebuilt it multiple times. I can't find anything wrong. Someone else asked to see configs so I'll post those tomorrow.

I'll have to do that in the morning.

My backup plan is to route the traffic through the VPS to the home network. I was hoping to avoid that hop.

It definitely not connecting. I get no handshake stats on either side and my tcpdump shows 0 packets to try and even initiate the tunnel.