Computernewb Wiki

CollabNet Guide: Difference between revisions

Page Discussion

CollabNet Guide (view source)

Revision as of 21:10, 15 June 2024

2 bytes removed ,  15 June
→‎VPN
VisualWikitext
No edit summary
(7 intermediate revisions by 2 users not shown)
This guide will walk you through setting up a Virtual Network for your VMs. This will allow you to route your VM traffic behind a VPN (strongly recommended for several reasons), filter web traffic, and prevent access to your local network from the VMs.
https://computernewb.com/w/index.php?title=CollabNet_Guide&action=edit
 
= Prerequisites =
* An hour or two of your time
{{code|
sudo systemctl restart systemd-networkd
}}
 
To make sure the bridge is started properly at system boot, run <code>sudo crontab -e</code> and add the following line to the bottom of the file that opens, then save it:
{{code|
@reboot sleep 10; ip link set collabnet up
}}
 
sudo apt-get purge -y ifupdown
sudo systemctl enable --now systemd-networkd
}}
 
We'll then disable systemd-resolved and set up a static DNS config
 
{{code|
# Systemd-resolved was removed in Debian 12, therefore if you are using Debian 12 or later you do not need to run this.
sudo systemctl disable --now systemd-resolved
sudo systemctl mask systemd-resolved
sudo rm /etc/resolv.conf # remove the symlink
sudo tee /etc/resolv.conf <<EOF
nameserver 1.1.1.1
nameserver 1.0.0.1
EOF
}}
 
Now, we can set up basic routing. First, install some required packages
{{code|
sudo apt-get install -y nftables dnsmasq curl resolvconfopenresolv
}}
 
If you don't want users to be able to make traffic from your IP address (you almost definitely do not), you should set up a VPN, for all your users' traffic to be run through. You'll need a VPN that supports wireguard (and additionally you'll want to make sure that this usecase is allowed by their Terms of Service). Here are a few:
 
* [https://protonvpn.com/ ProtonVPN] (Free plan allows WireGuard, premium plan $10/month)
* CloudFlare WARP: You can use the [https://github.com/ViRb3/wgcf wgcf] third party CLI tool to generate a WireGuard profile. Mileage may vary.
* [https://mullvad.net/en Mullvad] ($5 a month)
* [https://protonvpn.com/ ProtonVPN] (Premium plan is $10 a month, however their free plan allows WireGuard making this one preferable if you don't want to spend money)
 
Once you have your VPN picked out, register an account and generate a WireGuard profile. This varies by VPN but its usually in the Downloads section or its own category. It should give you a wireguard configuration either as a downloadable file or to copy and paste.
}}
If all went well, your VMs should now be connected to the VPN
 
== E2Guardian ==
E2Guardian can be used to implement network filtering on your VM. It supports transparent HTTP and HTTPS filtering making it ideal for a setup like CollabVM where the client can't be trusted to always use a proxy or DNS server. Here's how to set it up.
Run the following command:
{{code|
wget https://e2guardian.numsys.eu/v5.5/e2debian_bookworm_V5.5.5_202404055r_20240509.deb # IF THERE'S A NEWER VERSION AVAILABLE AT https://e2guardian.numsys.eu/, USE THAT INSTEAD
sudo apt-get install ./e2debian_bookworm_V5.5.5_20240209.deb
}}
Set e2guardian to automatically restart in case something fails:
# Run <code>sudo systemctl edit e2guardian</code>
# Add the following at the top of the file where indicated (read the comments!): {{code|<nowiki>
[Service]
Restart=always</nowiki>
}}
# Save the file
Install some other dependencies:
{{code|
useoriginalip = on
</nowiki>}}
{{ombox
| type = speedy
| image = [[File:Ambox_important_red.svg|40px]]
| text = If your router VM has 4GB of RAM or less, set the <code>httpworkers</code> option to <code>300</code> to avoid out-of-memory issues!
}}
 
Now open e2guardianf1.conf in an editor, then find and set the following values:
Copy <code>examplef1.story</code> to <code>group1.story</code>:
{{code|
cp -p examplef1.story group1.story
}}
=== Filter lists ===
Retrieved from "https://computernewb.com/wiki/Special:MobileDiff/3888...4115"