Anyways, VPN war switched to 3 options: set up a container, set up another virtual machine, or set up another dedicated raspberry pi.

There is a supposedly baked protonvpn for docker.

https://github.com/tprasadtp/protonvpn-docker

Sadly, docker still hangs.


LXC is largely accepted as the most popular container tool nowadays.  The mane problem users encounter is lxc-create dying with

Unable to fetch GPG key from keyserver.

It seems all the keyservers were shut down at some point.  The current recommendation is passing -- --no-validate

lxc-create  -t download -n privileged-container -- --no-validate

Then it prints a list & you have to specify an image from the list with 3 prompts:

Distribution: ubuntu
Release: xenial
Architecture: amd64

privileged-container is the name of the container.  There is no lxc-rename or lxc-move.  The only way to rename it is to copy & delete.

lxc-copy --name privileged-container --newname ubunt
lxc-destroy --name privileged-container

The start command lxc-start -n ubunt throws

 failed to attach 'vethEFO7AL' to the bridge 'lxcbr0': Operation not permitted

The kernel needs to have CONFIG_BRIDGE enabled.  Networking support → Networking options -> 802.1d Ethernet Bridging

modprobe bridge
Then the bridge needs to be created: brctl addbr lxcbr0

Then you can get a console with lxc-attach -n ubunt

Now this image has no networking enabled.  You have to set eth0 to manual in /etc/network/interfaces

In the image configuration file /var/lib/lxc/ubunt/config you need to add the address  lxc.network.ipv4 = 10.0.10.26/24  the gateway lxc.network.ipv4.gateway = 10.0.10.1 

Then add a nameserver line to /etc/resolvconf/resolv.conf.d/head

The bridge has to be manually enabled in the host: ip link set lxcbr0 up

The object of the game is for the container to appear as another confuser on the LAN.  Unassign the host address from the host: ifconfig enp6s0 0.0.0.0

Then attach the host to the bridge: brctl addif lxcbr0 enp6s0

Assign the host address to the bridge: ifconfig lxcbr0 10.0.10.25 netmask 255.255.255.0

The routing table should have the default gateway accessed through the bridge: route add default gw xena

The root filesystem of the container is /var/lib/lxc/ubunt/rootfs.  No NFS is required like it was with virtualbox.



The last animal has finally unlocked containers.  They're a lot more efficient than the virtual machines lions were using.  The mane issues were just getting through the setup bugs & the networking.  The next step is just replacing the 125 GB of Linux virtual machines.  The windows VM needs to stay.

Of course, containers have improved significantly in the last 3 years.  There's a lot more documentation & a lot more images.  The images are a lot better.  A lot of endemic problems like users getting locked out of their containers have been solved.



There's a hit about using protonvpn with openvpn: https://protonvpn.com/support/linux-openvpn/

You have to download a .ovpn file from https://account.protonvpn.com/downloads

Copy the username & password to a new userpass file, then fire away: openvpn --config ovpn_file --auth-user-pass userpass

ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

The kernel needs IP tunneling enabled. Device Drivers → Network device support -> Universal TUN/TAP device driver support

modprobe tun
mkdir /dev/net
mknod /dev/net/tun c 10 200

Then you get 
write to TUN/TAP : Invalid argument (code=22)

Another hit says add --comp-lzo to the openvpn command

openvpn --config ovpn_file --auth-user-pass userpass --comp-lzo

This gets all the way to a connection but corrupts resolv.conf.  You have to delete the host DNS from resolv.conf

traceroute shows some subtle differences with the VPN in the container:

root@ubunt:/root% traceroute heroinewarrior.com



1 * * *
2 unn-156-146-54-93.cdn77.com (156.146.54.93) 14.879 ms 14.880 ms unn-156-146-54-92.cdn77.com (156.146.54.92) 14.850 ms
3 vl203.sjc-eq10-core-1.cdn77.com (138.199.0.194) 14.872 ms 14.877 ms vl201.sjc-eq10-core-1.cdn77.com (138.199.0.192) 14.864 ms

Without the VPN or outside the container:

1 * * *
2 10.0.0.1 (10.0.0.1) 4.714 ms 4.725 ms 4.722 ms
3 10.60.140.2 (10.60.140.2) 75.990 ms 10.60.140.3 (10.60.140.3) 18.855 ms 19.021 ms

After such a great challenge, lions have enough sunk costs to feel better about paying for a VPN.


The next steps are creating a kill switch so a VPN outage doesn't revert to 10.0.0.1, automatically selecting a server based on load, accessing the host filesystem from the container, fixing the DNS issue.  It should probably be on a machine which is always on.  Xena needs more storage.




Comments

Post a Comment

Popular posts from this blog

snow white

Image
    It was time to take on the lion kingdom's 1st 1 star movie. It honestly wasn't as bad as the Dictator, Bedazzled, Monty Python.  Most of the hate was from comparing it to the classic.  Visuals were good for animals who are into castles.  Wonder Heroine as the villain was a good twist.  It was bat shit boring.  Tedious jobs like dialog writing are all automated now & that's definitely not as bad as other movies.  Automated 3D model generation has made modern visuals very lavish.  If only that level of detail could be done in realtime for VR goggles.    Zegler was back from her previous engagement in district 12.   The mane redeeming factor for lions was evil Wonder Heroine.     & finally the Joan of Arc scene everyone hated.    & the ending just fizzled.  It seems they're trying to depart from the physicality of past heroine warriors & make them more like housewives.  It's h...
Read more
Image
 Finally tracked down the Sun bootloader font from many decades ago & put it in Cinelerra as gallant12x22.  Put Sun Gallant Demi into the goog to get useful results. https://github.com/dim13/gallant/tree/master/ttf   It's a fixed point font in an archaic format.  Some guy converted it into a TTF with a lot of antialiasing.  He has a PNG image showing no antialiasing.  It has to be set to size 22 & requires a threshold to get rid of the antialiasing.  Freetype might be shifting it 1/2 pixel vertically. It had a kind of curiosity value, but lions have had no need for any fixed point fonts besides the 24pt Sony of CAEDM fame. Another hit said it was 1 of the fonts available in kernel framebuffer mode.  Lions haven't used kernel framebuffer mode in decades.  It could possibly replace 24pt Sony if lions wrote a fixed point converter. As for the other Sun lore, there's some potato cam footage of the Sun flight simulator, Aviator.  You ...
Read more
Image
 https://finance.yahoo.com/personal-finance/investing/article/as-the-average-retirement-age-continues-to-rise-will-passive-income-be-the-solution-162047139.html Cutting through another load of AI filler, Boston College & Grok say the retirement age is rising yet all the gootube commenters say the retirement age is falling.  Always bad news from organized media.  Always good news from the internet demographic.  Suspect the internet is still manely the geeks, technology professionals, high earners with the means to be online most hours.  So the stonk market melted up when the government shut down & crashed when the government reopened.  Only the government can make the stonk market crash. It wasn't government pension funds but government borrowing. --------------------------------------------------    https://growmane.blogspot.com/2025/02/s-bear-market-being-what-it-is-apple.html Then lions realized the natural spoken language interfaces ...
Read more