- My roommate, Nate, has wanted to put a TV in the livingroom and connect it to a laptop to watch stuff on YouTube because he wanted to have another place other than his room where he could sit comfortably, maybe with others, and watch something. I had the idea of connecting it to my server so that we could watch anything I have on my server too. This turned out to be way more complicated than I thought and it took me a couple of days to figure out why I was having so much trouble. But I have done all of this before. What is the problem? Why was I so hazy on this?
- I tried to connect his laptop through Samba to my server. It's on the same network, what's the problem? I opened file explorer and right-clicked on This PC, selected Map to Network Drive, a window popped up asking what drive letter to assign it on my local machine and also what folder, and there was a button to browse to the folder. I seemed to recall that I was supposed to type "\\" and then the network name of my server. I did. I typed "\\<my servers ip address here>\<insert folder name here>", no spaces in the command. I dug up my credentials for my server so I could log in. I did so successfully. And then it told me that there was a network error. It took me until the next day to realize that I had my own router in my room and in order to use my file server, I would need to do one of two things. One of these thoughts was a flash in the pan and I paid little attention to it. I could just connect my roommates laptop to my bedroom WIFI router. No VPN would be necessary because it is on the same network. But I preferred to have the computer connect to my other roommates router because mine was upstairs and the signal would probably suffer, and my roommates router was right next to the laptop in the livingroom that I was working on. So I realized I had to add it to the VPN so it would have the best WIFI connection.
- I thought, not too big of a problem, I already did that multiple times now. Shouldn't be too much trouble. I'll do it when I get home next. I got home from school late and decided that for the ten minutes my cat would be outside in the cold to go to the bathroom, I would just go ahead and set up the VPN for this laptop real quick, just knock it out. I was on that couch troubleshooting for the next two or three hours. Nate got home and walked in and let my cat in for me.
- I tried everything, I even figured out how to replicate most of the process without Doug's help whatsoever. But I installed Wireshark on Nates laptop and used my laptop to SSH into my server and after a tremendous amount of troubleshooting, I finally discovered something.
"Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows
PS C:\Users\Christian> ssh fileserver1@192.168.50.153
fileserver1@192.168.50.153's password:
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-91-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
Last login: Sun Dec 17 02:14:17 2023 from 10.237.105.3
fileserver1@MinasTirith:~$ pivpn -a
[sudo] password for fileserver1:
Enter a Name for the Client: DESKTOP-38AD3SM
::: Client Keys generated
::: Client config generated
::: Updated server config
::: Updated hosts file for Pi-hole
::: WireGuard reloaded
======================================================================
::: Done! DESKTOP-38AD3SM.conf successfully created!
::: DESKTOP-38AD3SM.conf was copied to /home/fileserver1/configs for easytransfer.
::: Please use this profile only on one device and create additional
::: profiles for other devices. You can also use pivpn -qr
::: to generate a QR Code you can scan with the mobile app.
======================================================================
fileserver1@MinasTirith:~/configs$ cd
fileserver1@MinasTirith:~$ pivpn
::: Control all PiVPN specific functions!
:::
::: Usage: pivpn <command> [option]
:::
::: Commands:
::: -a, add Create a client conf profile
::: -c, clients List any connected clients to the server
::: -d, debug Start a debugging session if having trouble
::: -l, list List all clients
::: -qr, qrcode Show the qrcode of a client for use with the mobile app
::: -r, remove Remove a client
::: -off, off Disable a client
::: -on, on Enable a client
::: -h, help Show this help dialog
::: -u, uninstall Uninstall pivpn from your system!
::: -up, update Updates PiVPN Scripts
::: -bk, backup Backup VPN configs and user profiles
fileserver1@MinasTirith:~$ -l
-bash: -l: command not found
fileserver1@MinasTirith:~$ -h
-bash: -h: command not found
fileserver1@MinasTirith:~$ -qr
-bash: -qr: command not found
fileserver1@MinasTirith:~$ pivpn -qr DESKTOP-38AD3SM
::: Showing client DESKTOP-38AD3SM below
=====================================================================
QR CODE WAS SHOWN HERE!
=====================================================================
fileserver1@MinasTirith:~$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether d4:3d:7e:93:e8:5b brd ff:ff:ff:ff:ff:ff
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/none
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:cd:bb:30:89 brd ff:ff:ff:ff:ff:ff
fileserver1@MinasTirith:~$ pivpn DESKTOP-38AD3SM sudo wg-quick up wg0 > /path/to/your/config/file.conf
-bash: /path/to/your/config/file.conf: No such file or directory
fileserver1@MinasTirith:~$ pivpn sudo wg-quick up wg0 > /path/to/your/config/file.conf
-bash: /path/to/your/config/file.conf: No such file or directory
fileserver1@MinasTirith:~$ pivpn sudo wg-quick up wg0/path/to/your/config/file.conf
::: Control all PiVPN specific functions!
:::
::: Usage: pivpn <command> [option]
:::
::: Commands:
::: -a, add Create a client conf profile
::: -c, clients List any connected clients to the server
::: -d, debug Start a debugging session if having trouble
::: -l, list List all clients
::: -qr, qrcode Show the qrcode of a client for use with the mobile app
::: -r, remove Remove a client
::: -off, off Disable a client
::: -on, on Enable a client
::: -h, help Show this help dialog
::: -u, uninstall Uninstall pivpn from your system!
::: -up, update Updates PiVPN Scripts
::: -bk, backup Backup VPN configs and user profiles
"
- If none of this was easy to translate, I discovered a long way through the process but roughly halfway through this CLI session that I needed to type pivpn at the beginning of every command related to the VPN commands. I thought you just typed pivpn and then you were in the program and could type any related command at that point and it would work but there was a point where no matter what I typed after looking at the commands that were listed under "help", it would keep telling me every single time that the command I had just typed wasn't recognized. Why? You just told me these are the commands to use. How can they possibly be unrecognized? You're supposed to type pivpn, a space after that, and then type the command. Then it started working just fine. That wasn't it. Once I figured that out, there were plenty of other problems. I managed to create a new VPN addition using pivpn -a. Then I typed the name of the compter I was trying to add because I didn't realize this was just what I wanted to call the VPN tunnel, not the means by which the computer would be added to the VPN. So I typed DESKTOP-38AD3SM. It told me:
"
::: Client Keys generated
::: Client config generated
::: Updated server config
::: Updated hosts file for Pi-hole
::: WireGuard reloaded
======================================================================
::: Done! DESKTOP-38AD3SM.conf successfully created!
::: DESKTOP-38AD3SM.conf was copied to /home/fileserver1/configs for easytransfer.
::: Please use this profile only on one device and create additional
::: profiles for other devices. You can also use pivpn -qr
::: to generate a QR Code you can scan with the mobile app.
======================================================================"
- I was so excited and then I thought, this is where it works! But then I realized that there was still nothing in WireGuard. How does this work. I saw the thing in there where it said I could type -qr for a qr code to connect a smartphone, but the laptop wasn't a smartphone and so this was not helpful information. I spent maybe an hour and a half on this.
- I kept finding online that PiVPN was creating a file that I somehow needed to transfer to WireGuard and I had no idea how to do that because I was doing everything through a CLI. How do you transfer files through a command line interface?
- I had put my laptop to sleep twice before I remembered to try connecting his laptop to my bedroom WIFI. It worked. I entered the credentials for Samba to map the network drive on my server, and it worked. Nate and I watched something for twenty minutes together and went to bed.
- I woke up this morning and realized I hadn't watched any YouTube videos on how to connect the VPN tunnel to the laptop. Crosstalk Solutions on YouTube had a video on this very thing called PiVPN + WireGuard Complete Setup - Build Your Own VPN Server!
- At about 14 minutes and 59 seconds, there's a chapter for this video labelled Add VPN Users. This cleared things right up. How could I not think of this last night? Why wasn't this solution so obvious?
- He said something I didn't realize too, that you could just re-use these VPN tunnels on multiple devices. HOWEVER...however, you don't want to do that because if say you lost a device such as your phone and it was using the same tunnel as your computer, you want to be able to disable that tunnel from the CLI and only have it affect that one device, not all of the devices because they are sharing tunnels. I never learned that before. I thought a tunnel could only support one device. So what do I know. But I never would have realized this anyway and then done otherwise, so that's a good thing I guess.
- Then at 17 minutes and about 21 seconds in a chapter called Connect Devices, he said to go into WireGuard on the desktop and select Import Tunnel(s) From File. Click the button. Importing this file is the thing I was having so much trouble with because all my research pointed to this very solution but I refused to look further into it because it sounded daunting, but worse, it sounded absolutely not like what Doug and I had done when we connected my phone and laptop to this VPN. In the video, Crosstalk Solutions said that we need a way to copy those files off the VPN server, and so we need to use something like WinSCP. This is a program that is used for situations like this. Now as I looked at this I discovered that this doesn't look familiar to me at all so whatever Doug had me do, this must be different. I look forward to him getting back from his vacation and class to start back up again after Christmas and New Years break to tell me.<<<<<<<<<______________________________________
- Under the session area of the window the appears, you go to the dropdown menu at the top of the screen and select SCP. He explained that this is sort of a way to log into a Linux device with a Windows file browser. In the Host name field you enter the IP address of the server. For the Port number you use 22 for SSH. You enter the username of the PiVPN and the password and then click login. Press update and then accept, if not already logged in. A window similar to File Explorer will appear, but with two windows in tandem. In the right-hand window, click on the configs folder. Within the folder will be the tunnels you created for each device and you select the one named whatever you named the tunnel when you added it to PiVPN. In the video however, he dragged the desired file over towards the edge of the left-hand window, which was set to Desktop of his Windows machine he was trying to add to the tunnel. So when he went to the main WireGuard window, he selected Import tunnel(s) From File again and he browsed to the file he copied to his desktop.
- He also happened to say that if you ping your devices while connected to the VPN and you get nothing, what you can do is type in the CLI for the VPN: "pivpn -d", this will debug. It will run some checks and can tell you things that can be resolved if they weren't already. Like it might say that the Iptables MASQUERADE rule is not set for example, and there are others it can resolve. It'll ask Y/N if you want to fix it. Make sure to reboot when done.
This has been Truncat3d 00000000111100010100110______________end of line
