Follow

tech rambling 

nice, I fixed my cursed script that handles the WireGuard routing between my sites so that it supports more than 1 WireGuard interface at each site.

Why do I need a script for that and what does it do?
...ok, so my main home server runs at my parents' place because of the better internet connection and I have a second server at my place. Geographically they are pretty close. I live in Hamburg, Germany, but the routing between the 2 ISPs always goes via Frankfurt, because that's the closest public internet exchange where both ISPs are connected. But then I had an idea: What if I rented a VPS that has public peering at the DE-CIX Hamburg and the ECIX-HAM? That way I could route the WireGuard traffic over the VPS with a simple NAT rule without terminating the tunnel at the VPS and the latency between the sites would decrease. Only problem was that one of the sites has a dynamic IP and I have to reflect the IP change in the firewall rule on the VPS. For that I have a second WireGuard connection directly to the VPS. But this connection is only for announcing the IP of the sites to the VPS. My script that runs on the VPS periodically calls "wg show <interface>" to list all connected peers. I then have defined a mapping between each peer's public key and the port that gets forwarded from the VPS to a site. That way I can look up the current IP of the peer and correlate it's public key with a port/firewall rule. If the current IP and the IP in the firewall rule mismatch, the firewall rule is updated.
With that I have decreased the latency from 30ms to just 5ms with a DSL connection and probably also confused everyone reading this :blobcatgoogly:

· · Web · 0 · 0 · 1
Sign in to participate in the conversation
Nekoverse

Nekoverse: Put on the cat ears and experience the cutest Mastodon instance there is! ~ Cuteness thanks to 甘城なつき/Nachoneko.