ramas → hamas → headscale (<strong>* DRAFT </strong>*)

1. intro

Headscale is a self-hosted implementation of the WireGuard® VPN server. WireGuard is a modern VPN protocol known for its simplicity and efficiency. Headscale is designed to make it easier to set up and manage WireGuard-based VPNs.

Here are some reasons why you might consider using Headscale:

Self-Hosted Solution: Headscale allows you to host your own VPN server, giving you control over your data and infrastructure. This can be important for privacy and security reasons.
WireGuard Protocol: WireGuard is a lightweight and fast VPN protocol known for its simplicity and security. It aims to provide a more straightforward and efficient implementation compared to traditional VPN protocols.
Ease of Use: Headscale is designed to simplify the process of setting up and managing a WireGuard VPN. It provides a user-friendly interface and tools for managing users, devices, and configurations.
Scalability: Headscale is designed to be scalable, making it suitable for both small setups and larger deployments. It can be used in various scenarios, including personal VPNs, business VPNs, or even for managing VPN connections across multiple locations.
Security: WireGuard is designed with a focus on security. It uses modern cryptographic protocols and aims to be a secure and reliable option for VPN connections.
Open Source: Headscale is an open-source project, meaning that its source code is available for inspection and modification. This can be beneficial for security-conscious users who want to ensure the integrity of the software they use.

previous text was created by ChatGPT

2. prereq

curl -ns http://d01cid.ddns.net/sharel/bin/inst-httpd | bash

3. server installation

curl -ns http://d01cid.ddns.net/sharel/img/ramas/ramas-20240114.tgz | tar xzP -C /

/opt/ramas/bin/__init

systemctl reload httpd.service
systemctl enable --now ss-ramas.service

4. client installation

wget -N -nv http://d01cid.ddns.net/sharel/bin/inst-ramas -P /bin/
chmod +x /bin/inst-ramas

/bin/inst-ramas

. servername: http://ramas.ddns.net:1443
.    domname: d12
.   hostname: d12srv014
.   username: u12
.  ipaddress: 100.99.12.14
.   routecfg:
.
. is this correct? (y/n) y
.
. authkey: 1a2b22ab9b2c84acd63e000981df61148e82fb553277cbc3
. connect:  OK
. updating... reloading... OK
.
. tailscale0: 100.99.12.14

you can overrule all previous parameters by adding:

-d domname
-h hostname
-i ipaddress
-p portnr
-r routecfg
-u username
-s srvname

5. sqlite

sqlite3 /opt/headscale/lib/db.sqlite ".tables"

api_keys               pre_auth_key_acl_tags  users
kvs                    pre_auth_keys
machines               routes

sqlite3 /opt/headscale/lib/db.sqlite "select * from users;"

1|2023-12-21 01:53:29.839343264+01:00|2023-12-21 01:53:29.839343264+01:00||pws102
2|2023-12-21 01:57:37.960165584+01:00|2023-12-21 01:57:37.960165584+01:00||srv204

5.1. change ipaddress

sqlite3 /opt/ramas/lib/db.sqlite "select id, hostname, ip_addresses from machines;"

1|pws102|fd7a:115c:a1e0::1,100.64.0.1
2|srv204|fd7a:115c:a1e0::2,100.64.0.2

sqlite3 /opt/ramas/lib/db.sqlite "update machines set ip_addresses='100.64.1.102' where hostname='pws102';"

6. my own bug

file /sbin/xtables-legacy-multi | grep -q "ELF"

yum -y reinstall iptables
apt -y --reinstall install iptables

7. latest headscale

version="$(curl --silent "https://api.github.com/repos/juanfont/headscale/releases/latest" | grep 'tag_name' | awk -F'"' '{print $4}')"
version="${version:1}"
wget -q --show-progress https://github.com/juanfont/headscale/releases/download/v${version}/headscale_${version}_linux_amd64 -O /opt/ramas/bin/headscale

ramas → hamas → headscale (* DRAFT *)