2023-11-02 - File Server / Pi Hole / Pi VPN All-In-One

•  Showed my mom who I intend to share file server with this really cool thing that's replacing all of our free, low memory, only-3-device-per-account Dropbox accounts. I parked in her apartment's parking lot because her computer set up is messed up. I used my iPhone as a wireless hotspot, loaded up my laptop, turned on my VPN, accessed my file server, showed her her user folder and then showed her mine, I started playing a video off of it to show her how cool this was that I did not have this on my laptop but was grabbing it from home and playing it here in her parking lot. But it buffered. 
• decided I wanted to start thinking about how to improve the bandwidth of my network set up through my VPN, which currently uses a Pi Zero Wireless without an ethernet adapter to get the most out of it. I have a USB 2.0 to ethernet adapter for my Pi Zero, but its not going to give me that much bandwidth over USB 2.0. I've never seen speeds above about 30 Mbps and Doug said basically half that for both the up and down speeds together at the same time and its roughly the 13 Mbps down that I was already getting. 
• I thought about buying a Pi4 for an upgrade. Was going to install it on my old laptop which would surely be able to handle the load and although its an old ten plus year old laptop, it has 1Gbps ethernet. But I didn't want to lose my windows install because every once in a while it is useful to have a separate device other than my desktop or laptop. I thought about doing a VirtualBox with Linux installed with Pi Hole running on that and Doug recommended against it. Better to have it running directly on the metal than a number of layers away from it. And I think he might have said something on another topic about my server, and I had already found that basic Linux can run Pi Hole, it doesn't have to be Raspbian. It just has to be most versions of Linux. And then my eyes widened. Can my server do the pi hole and pi VPN? He said yes. So here we are. File server part two except its not file server its really just all in one now. 
• I fugure I've done this already so this shouldn't be very hard. Turns out because Doug has been having me focus more on what the commands I type in Linux mean, rather than just looking them up because I have particular ideas about how I want my set up to work, so I should know what commands to use. So now that I am putting a more granular focus on each thing im doing, its like I have done this already but if you were working with me tonight on project day in class, you would probably ask, have you done this before? I would say yes and you would be like, then why don't you know what to do here, and there, and in this thing over here? And I would say, well because last time I just ran through it. I can do it but it would be like installing windows on a new machine and not changing your wallpaper, or setting times for virus protection to scan that bothers you the least like at night or something, and not setting power settings like when to sleep, hibernate, turen the screen off, so on, not setting screen savers, not installing the particular picture viewing, video or audio file playing or internet browsing applications you would prefer to install. So the route im taking this time guarantees i know how to get the particulars that I want without help this time. 
• I actually started the process without talking to my instructor at all. I started with updating linux, then upgrading linux. Then I installed curl, which I do not remember doing last time at all. I would have eventually learned that most likely. I installed curl, then I used the pi hole curl command again, and I only stopped and restarted like eight times because I wanted to record every screen that asked me a question so I could know every detail this time. 
• Then a classmate named Ronald was looking at class project tickets and saw mine that I had juts posted and was thinking about doing it. But then I told him hey yeah thats mine. So he joined me and I explained everything. He eventually had to go back to doing his own thing. 
• When at the end of asking a bunch of questions, it gave me that password that you need to log into the Pi Hole web interface, which you must record if you want to access it at all and maintain it or anything, I recorded it and then Doug was like, oh yeah hey, lets change that password now. So we typed "Pi Hole -a -p". he recommended I just use the same password for the web server Pi Hole interface as last time so I just grabbed the same password for less confusion since after all, there is a lot of encryption before this password already, and I'm literally just replacing my Pi zero with this new configuration. 
• I entered my servers IP address into my web browser and it gave me a placeholder page for my query.
• Doug got passed this instantly however, by adding "/admin/" to the end of it. and we got the Pi Hole web interface page. 
• i logged into the new Pi Hole web interface and added the blocklist project stuff to it, i changed the DNS server address in my router to my servers IP address. then i installed PiVPN.
• I had lots of questions for Doug in this process because this part was sort of expedited for me last time. Just say yes and click default a lot, doug said. 
• PiVPN is isntalled. All my devices are now using my Pi Hole as the DNS server. But I am not using the VPN I installed yet. 
• I need to go pivpn -a to add devices and I need to reconfigure my router, not my roommates router, to point the port forward towards my server instead of my raspberry pi Zero. 
• then I need to configure the two different kinds of vpn tunnels for different purposes (half tunnel and full tunnel)
• So I've been needing to ask Doug about this for a while and even on multiple blod posts and finally we got to it now. So, here's the deal. When you use WireGuard, you can set what the sllowed IP addresses are. What this means is if you have it set to default which is just a bunch of 0's and colins and a couoke of slashes and another 0, this is CIDR notation, which is shorthand for sayong all IP addresses are allowed, because /0 means none of the bits in the IP address are locked down. If you have all allowed IP addresses like in the case of entering a /0, this means that everything, every single query from the device will be put through the VPN tunnel, which means you have a full tunnel. All of the data will go out from my devices to the internet through the VPN, to my server that's hosting the VPN, and say it's a google query, then it will then travel out of my server and network back to the internet ot do the actual query, the results will then be sent to my server, and then those results will be sent back through the VPN from my server to my devices that performed the query in the first place. So if you have a half tunnel, you will then specify the private network that your VPN server is on, so the whole range for that subnet that your server is on, and then the whole subnet range that the VPN will be using to route traffic over the virtual network it is creating for your remote devices. The VPN acts like another router in your network that then has all the remote devices connected to it. 

This has been Truncat3d 00000000111100010100110______________end of line