On Saturday, 6 June 2020 17:02:11 BST Ralph Corderoy wrote:
> > I'm not sure I fully understand nodogsplash, but I understood enough
> > 2-3 years ago to get the functionality I wanted. I want to retain
> > that functionality and also have the VPN.
>
> Which may not be possible.
Well. If it's not possible, I need to find out ASAP so that we can think of
another solution; (lending the on-site volunteer a configured laptop perhaps),
so he can do the things that I used to do. It's far from ideal because
rolling out updated software would require many SD Cards to be delivered to
WMT and substituted. Then, if the new code doesn't work, then the on-site
volunteer wouldn't have much chance of debugging it.
> Sorry, I've no idea. On your duplicate test rig, I'd disable
> nodogsplash and get other things working, e.g. a reverse-forwarding SSH
I have disabled nodogsplash (and flushed iptables) but I can't get it working
when I restart it even with Open VPN (PiVPN) uninstalled.
I'm going to have to start again and get VPN working first, as you suggest, and
then add nodogsplash afterwards. I have a backup of the SD Card with
nodogsplash working, but I neglected to take a backup of the basic Webserver,
without nodogsplash installed. Unless I can diagnose this, I'll have to
rebuild the SD Card from a clean install of the OS. That's why I wanted to
try some kind of VLAN; to avoid having to start from scratch if iptables was
the problem. (I thought that creating virtual interfaces would be a quick way
to prove that the firewall was or wasn't the issue. Clearly it's not going to
be quick. ;-( )
Maybe the problem isn't iptables and nodogsplash is being affected by something
else in OpenVPN, even after the PiVPN code has been uninstalled. Maybe I
should try to find out why nodogsplash doesn't work some other way, although
I'm not sure how.
> client and WireGuard. (I think I noticed PiVPN supports WireGuard.)
> Then, with two sets of working configurations, I'd try and get both
> going at once, being sure to limit the bits of the network each treats
> as theirs. If there's a conflict then that might be the time to
> complicate things further by adding virtual network devices, having
> understood the nature of the conflict.
If I had two sets of working configurations, then I wouldn't have a problem :-)
Re-reading what you said, I think you mean start with Open VPN and no
nodogsplash, dump the iptables config to disc, then uninstall / disable OpenVPN
and do the same with nodogsplash running. The trouble is I might have to do a
complete reinstall from scratch between each iteration if I can't find out why
nodogsplash breaks.
--
Terry Coles
--
Next meeting: Online, Jitsi, Tuesday, 2020-07-07 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
