BIG THANKS Brian, for all your hard work and clear explanations you have in your video's. Very much appreciated!! Keep up the good work and stay safe my friend. Greetings from The Netherlands
That should amazing, I'm actually running pfsense but I can use Netmaker as an alternative to manage my VPN access outside of the pfsense box to have better distribution and also can always have access to my network also if the pfsense services go down preparing an LTE connection.
Great video as always... Thanks!!! I just got a bit lost with the "egress" and "ingress" concepts, perhaps a diagram would help for better understanding. Would be possible to have the server deployed in the home network and external clients like family phones connect in (like as using openvpn)?
Yeah. Ingress is a route into the wireguard network from an external client (one not using the netclient form netmaker), and egress is a point inside your network where you allow traffic to leave the wireguard network and access other machines on your LAN. Running the server inside your home network is possible, but it's best to have a static public IP, and you will have to open ports on your home firewall, so not an ideal setup IMO.
superb video! I've been following it and only ran into one issue using your blog. The x to make the script executable is a capital, when it should be a lowercase x. Took me a while to find why it was not working :-). Please keep making these!
It's just a pity that security functions such as 2FA can only be used in the Enterprise version - not even for the admin login. A clear devaluation of the free version
I understand your viewpoint, but also understand the need to support the project. I know Alex is just starting with the Pro idea, so he may be open to suggestions on ways you think he could better monetize. Separating out an option for 2FA in a separate plan or something.
@@AwesomeOpenSource It is ok to move multiple features to a cost plan, but when someone uses such a solution, security is high priority, so moving 2fa out to the costs plan is not only a bad idea, it makes such a tool less secure and therefore not realy useful, regardless the good stuff. I do not want to use any application on a cloud server without multi factor > totp or yubiky.
I completely understand where you are coming from. I have found Alex (the project owner) to be a super understanding and good guy. I highly recommend you reach out and have a conversation about your concerns. Maybe he'll put that into the free offering. It never hurts to ask.
This really looks great. One question. What IP appears to be sending the requests with the Site to site configuration? I'm trying to expose some self hosted appliances that require quite a lot of ports and are commonly being targeted by bots trying to guess passwords. When using WG it appears to the server on the LAN that the request is coming from the VPN tunnel instead of an Internet IP which makes it immpossible to ban. I'm using the VPS to get a public IP because the servers are behind CGNAT and there is no way the ISP provides me with an static IP.
It will still appear to be from the server IP. I have a follow up video on using Netmaker with NginX Proxy Manager to do reverse proxying in this way, and you should be able to use ACLs to help slow that down a bit. Note, the video is coming out soon, not out yet.
@@AwesomeOpenSource I really appreciate that. It is drivin slightly nuts trying to figure that. Specially because the servers main workloads are for Internal LAN and I can't just move them to a cloud service.
Great video! My ISP is one of the major wireless carriers, so I'm stuck behind a CG-NAT (double NAT). I currently have a peer to peer wireguard setup that peers with a VPS so that I can bypass the CG-NAT and host web services locally. In order to accomplish this I got really lucky and I was able to get some iptables rules from the self hosting community that allows me to forward all traffic on port 80 and 443 to my internal server. This solution has worked, but it's all manual and difficult to scale. In your opinion, do you think I'd be able to replace my current setup with Netmaker? It looks like I should be able to just create the server on the VPS, and then the netclient on my internal device, and just pass thru all traffic on 80 and 443?
Thank you so much for this great video! What if we'd set up the netmaker server not in the cloud, but in our own homelab (e.g. behind an nginx reverse proxy which is also hosted at home? If that would be possible and wouldn't that be worth another great video?
Let me see what I can do. It would require port forwarding, so I was trying to show some options to not open ports, but still serve things up more securely, but i can see the benefit of having this type of setup as well. Great suggestion.
That's what I'm currently trying to do, but I keep getting an iptables fatal error when I try to spin up the netmaker installer and I'm just, I'm just tired and I have no idea what to do anymore
I have a question, hopefully not to basic. I have a Main Data Center with two(2) ISP backhauls for remote users. One an Internet Service with Public IPs and the other an MPLS Provider. I have 3 remote Branches with the 2 Services Serving them for remote connectivity. What I would like to achieve is to aggregate the links at the branch level using OpnSense gateways to utilize either of the links and have those OpnSence remote routers managed from a Netmaker Server at the Main DC... is this possible?
Was probably running KDE when I made this video. Wireguard itself doesn't have GUIs for Linux, but there are several third party gui options out there on GitHub for it if you want it. I've made one, that I continue to work on, but it's really just for me. You're welcome to try it if you want. gitlab.com/bmcgonag/wg-gui
Hi @AwesomeOpenSource if i understand correctly you installed netmaker client also on the proxmox machine or else it would not be available to access right?
So, there are a few ways you can set things up. In my case, I installed the client as an exit node on the remote network in an LXC VM on the network. I was then able to access any machine on that remote network through the Wireguard Tunnel that Netmaker creates. Not sure if that help you or not.
Nothing that I've found. I think you could do SSH forwarding, but not really the same. I think the rds terminal server allows you to install an application and make it available to multiple users at once.
Unfortunately, most of the features are behind a paywall.. For example, why relay feature are only in Pro servers? It makes no sense using the product in free version when your case is using your server behind CGNAT or just without a dedicated ip address. The tailscale/netbird/zerotier comes with free plan with relay servers included, but NetMaker has an open-source solution! Why not using this in free plan with your own relay server???
Yeah, I'm not sure what the decisions are behind that, but in order to keep Open Source open, it takes a ton of effort, and eventually that equals time and money.
so hard to install this app i try following your steps one by one and i found in netmaker the quick install steps are changed can you please re install app again with the quick install on netmaker
Thank you for your excellent explanation. I installed and set up my Netmaker server using this video tutorial. Could you kindly guide me with a task I'm trying to achieve with Netmaker? I'm trying to connect a WireGuard server to another Wireugard server (which I will set up) and allow clients to connect to the primary server, but have their traffic go to the web through the second server and essentially access the internet through the second server. The first server will act as a tunneling method to just move the client traffic to the other network and let the client have the second server's IP address and internet connectivity.
@@AwesomeOpenSource Censorship is the main reason for the extra hop. Connecting directly to the internet is not possible in Iran, and all the ports and outbound traffic to the outside of the country has been impacted by censorship. However VPS servers within the country have much better access to the global internet and hence connecting to the local regional servers and tunneling to the outside will result in much better outcome.
I gotcha. Here's how I think you should try this. Install Netmaker on both VPS (Hop 1, in country), Hop 2 (out of country). Next, create a network in each. Add the netmaker client on each server, and setup the two servers as clients of each other, so Hop 2 is a client of Hop 1 server, and Hop 1 is a client of hop 2 server. Install the client on your local machine, and add it as a client of the Hop 1 server network. Now, limit hop 1 networks to the IP range of Hop1 and Hop2 only. So, your local client won't try to egress from hop1. Instead, make hope 1 as the client of hop 2, the ingress node of Hop 2 server, and see if when you try to reach a known site, you get the appropriate public IP address back. Mapped out, it's local client -- Hop 1 (ingress) -- Hop 2 -- internet. The routing on it may be a little weird, and may take some playing around. You could also ask over at the Netmaker discord channel.
I don't have the time to take a look but if you have some, you can just check the docker image for the server side and use commands in your server instead of using the dockerfile
@@haydenc2742 But it also hides how services really work and puts them behind an obfuscated layer of overlays that I have no control over. TO me, docker is far from optimal.
Hi, sorry for for off topic, but can you do a video on something alternative to: Dashy, Homer, Heimdail; that provides instead of web links to add bash scripts. For instance lets say you have custom way to reset the ssl certificates other needs + login.
@@AwesomeOpenSource I think I got it, something like supervisord, but cooler UI + authorization system, if it looks like Dashy will be cool. I will try now to create a quick Django project that: - parses tasks conf files - checks task status - start/reload/stop/restart actions if it takes me 2 hours I will use that. And in the background I will use the rpc API of supervisord. My requirements are more like one time execute job, rather than to run the process as a daemon, but it will do I guess.
I had the same error, and I've gave up, its a one of the bugs in netmaker. It fixed after few restarts of docker, but then letsencrypt will ban you domain. I've tried to ask community but they doesn't know what is happening. Dont use it right now, Its still too bugy to use
@@demanuDJ Like you said it worked out of nowhere, then again as you say I think its too buggy still. I´m going for regular wireguard on ubuntu for now. Thanks for the feedback.
Sorry you guys are seeing these issues. I had no issues from the beginning. It would be helpful to go to the netmaker github and submit an issue ticket. They may ask you to pull some logs, but that's the only way to make software get better over time.
Nice video. I've been using Wireguard as my main VPN (Self hosted) for a long time. But, there's a catch, ultimately I've noticed that WG leaks my IP, no matter what I do, the big G knows my local IP in every search or network use. This is not present when I use Cloud flare Warp or PIA vpn, it always throw a different browsing experience even G shows my location as the one I select as location. Do you know any way to replicate this behavior (PIA or WARP) in a self hosted Wireguard?
I think you have some fundamental misunderstanding about VPNs. Fundamentally all a vpn is, is a secure way of virtually plugging your computer into a remote network as if you had a second network card connected to a super long ethernet cable connected to another network card at the other end. That's it, nothing more. It has nothing explicitly to do with "hiding" your ip address or anything else. In most cases you wouldn't actually route your general internet traffic over the vpn at all, generally people will create a vpn to access a remote network, for example the only port I have open to the outside world here at home is my wireguard server. Once I connect to that, I can then ssh or rdp into my servers, workstations and such. If you did route all your internet traffic over the vpn, the ip address that websites would see should be that of your vpn server. So if you wanted websites to see an ip address outside of the country in which you live, you would need a server in the country you want to appear as. Your commercial vpn services have many endpoints all over the world, and that's what allows you to pick what location you wish to appear as. It should also be noted that so called "private" vpn services will hide your traffic from your isp, but does not hide your traffic from the vpn provider, and like isp's, they *definitely* are tapped by whatever government is interested. However most web traffic is encrypted anyway, so your isp can't see that regardless. Plus vpn has nothing automatically to do with DNS either, so if you are using a vpn, but are doing dns queries via your isp, then they will still be logging and selling data on what sites you look up. So in short, it all depends on what you want to accomplish. Commercial VPN services that you see being shilled all over youtube sell themselves by flat out lieing about about security benefits.
Probably more just the video making it seem lengthy, it's really quite quick. I had a server up and running in about 5 minutes the other day. OF course, if you're comparing to using paid options, you pay them, download their config or client, and connect, so it's pretty ft, but if you want to self host it all, then it takes a bit more setup initially.
Hi, Brian.Great video.I need some clarification On how to set up netmaker.I have my proxmox server.And then I will have a VPS.I am trying to set it up so that I can run remotely or rust desk.On my proxmox .And not have to open ports the will I need two droplets or one? And where's the server. Go on the VPS or on the proxmox box also if i am not running a dns server what options do i have? Thank you for any help you can give me to give me pointed in the right direction.Thanks.
Please make a updated video on this! your video and instructions are all out of date. Yes, I could read the new instructions but I'm a visual person and prefer a video.
@AwesomeOpenSource Oh sweet I didn't think you would even read this... Thank you! Also love what you do, I watch tons of your videos. Can you make a video on cosmos server and wazuh please?
Thanks. I try to read (and when I have any kind of answer) answer all of my comments on the channel. There are those that I simply don't understand sometimes, but I do try to respond to as many as I can. As for Netmaker, Alex (the original creator of it) is awesome, and I know he's also been working on his own videos, but it is about time for me to see if he'll come back on my channel and walk me through an update.
@@AwesomeOpenSource all self hosted vpn server using wireguard can connect with same wireguard tunnel? and use wireguard app on play store? man, i didnt know this and never think of this
@@AwesomeOpenSource how would i go about this if i had a dynamic ip that isp changes? i have heard i can use duckdns and use script to update for ip changes on my router
You can use DuckDNS, or there are a lot of docker containers for updating registrars A-records for places like Godaddy, Cloudflare etc, if you prefer to use your own domain. Lastly, you soudl just do like I did and setup an inexpensive VPS to host the server on.
@@AwesomeOpenSource Sorry about my negative reaction and apologies to Alex. I didn't realize it was only a small part of an otherwise great quality video.
BIG THANKS Brian, for all your hard work and clear explanations you have in your video's. Very much appreciated!! Keep up the good work and stay safe my friend. Greetings from The Netherlands
My pleasure! Thank you so much.
That should amazing, I'm actually running pfsense but I can use Netmaker as an alternative to manage my VPN access outside of the pfsense box to have better distribution and also can always have access to my network also if the pfsense services go down preparing an LTE connection.
Absolutely, just what I'm doing as a backup to my other VPN option for a client now.
Great video! Been using this service for a while and it’s been amazing.
Great to hear!
Great video as always... Thanks!!!
I just got a bit lost with the "egress" and "ingress" concepts, perhaps a diagram would help for better understanding.
Would be possible to have the server deployed in the home network and external clients like family phones connect in (like as using openvpn)?
Yeah. Ingress is a route into the wireguard network from an external client (one not using the netclient form netmaker), and egress is a point inside your network where you allow traffic to leave the wireguard network and access other machines on your LAN. Running the server inside your home network is possible, but it's best to have a static public IP, and you will have to open ports on your home firewall, so not an ideal setup IMO.
@@AwesomeOpenSource Thank you for the explanation.
superb video! I've been following it and only ran into one issue using your blog. The x to make the script executable is a capital, when it should be a lowercase x. Took me a while to find why it was not working :-). Please keep making these!
Sorry for that, and thanks for letting me know, I'll go fix it.
@@AwesomeOpenSource np, it was not meant as a criticism, just helping other people along🙏
netmaker is very powerful, thanks for share
You are welcome! It is some truly Awesome Open Source softwrae.
Nice product and video, TNX.
You bet.
Thanks for this video and this nice wireguard-application! I'll try it out more in the next few days!
It's just a pity that security functions such as 2FA can only be used in the Enterprise version - not even for the admin login. A clear devaluation of the free version
It's really great stuff.
I understand your viewpoint, but also understand the need to support the project. I know Alex is just starting with the Pro idea, so he may be open to suggestions on ways you think he could better monetize. Separating out an option for 2FA in a separate plan or something.
@@AwesomeOpenSource It is ok to move multiple features to a cost plan, but when someone uses such a solution, security is high priority, so moving 2fa out to the costs plan is not only a bad idea, it makes such a tool less secure and therefore not realy useful, regardless the good stuff. I do not want to use any application on a cloud server without multi factor > totp or yubiky.
I completely understand where you are coming from. I have found Alex (the project owner) to be a super understanding and good guy. I highly recommend you reach out and have a conversation about your concerns. Maybe he'll put that into the free offering. It never hurts to ask.
Thanks a lot for this! pro tip: Use Ctrl+L to clear your console :)
Thank you as well.
ahaha. I was looking for something like this. Thank you for the video.
Glad I could help!
Hi Bryan, could you make a video of headscale is a fork of tailscale. Thank you very much for your valuable time.
Headscale is on my list to cover.
This really looks great. One question.
What IP appears to be sending the requests with the Site to site configuration?
I'm trying to expose some self hosted appliances that require quite a lot of ports and are commonly being targeted by bots trying to guess passwords. When using WG it appears to the server on the LAN that the request is coming from the VPN tunnel instead of an Internet IP which makes it immpossible to ban.
I'm using the VPS to get a public IP because the servers are behind CGNAT and there is no way the ISP provides me with an static IP.
It will still appear to be from the server IP. I have a follow up video on using Netmaker with NginX Proxy Manager to do reverse proxying in this way, and you should be able to use ACLs to help slow that down a bit. Note, the video is coming out soon, not out yet.
@@AwesomeOpenSource I really appreciate that. It is drivin slightly nuts trying to figure that. Specially because the servers main workloads are for Internal LAN and I can't just move them to a cloud service.
Great video! My ISP is one of the major wireless carriers, so I'm stuck behind a CG-NAT (double NAT). I currently have a peer to peer wireguard setup that peers with a VPS so that I can bypass the CG-NAT and host web services locally. In order to accomplish this I got really lucky and I was able to get some iptables rules from the self hosting community that allows me to forward all traffic on port 80 and 443 to my internal server. This solution has worked, but it's all manual and difficult to scale. In your opinion, do you think I'd be able to replace my current setup with Netmaker? It looks like I should be able to just create the server on the VPS, and then the netclient on my internal device, and just pass thru all traffic on 80 and 443?
Yep, it should work. You'd set your internal client as an egress gateway, and your main server (VPS) as the ingress, and you should be set to go.
Thank you so much for this great video! What if we'd set up the netmaker server not in the cloud, but in our own homelab (e.g. behind an nginx reverse proxy which is also hosted at home? If that would be possible and wouldn't that be worth another great video?
Let me see what I can do. It would require port forwarding, so I was trying to show some options to not open ports, but still serve things up more securely, but i can see the benefit of having this type of setup as well. Great suggestion.
That's what I'm currently trying to do, but I keep getting an iptables fatal error when I try to spin up the netmaker installer and I'm just, I'm just tired and I have no idea what to do anymore
I have a question, hopefully not to basic. I have a Main Data Center with two(2) ISP backhauls for remote users. One an Internet Service with Public IPs and the other an MPLS Provider. I have 3 remote Branches with the 2 Services Serving them for remote connectivity. What I would like to achieve is to aggregate the links at the branch level using OpnSense gateways to utilize either of the links and have those OpnSence remote routers managed from a Netmaker Server at the Main DC... is this possible?
This is... 🤯 AWESOME...
You are quite welcome.
does WireGuard has Linux client UI like that ? its look like a windows app, also you seem to be running KDE. I'm not sure though.
Was probably running KDE when I made this video. Wireguard itself doesn't have GUIs for Linux, but there are several third party gui options out there on GitHub for it if you want it. I've made one, that I continue to work on, but it's really just for me. You're welcome to try it if you want. gitlab.com/bmcgonag/wg-gui
Hi @AwesomeOpenSource if i understand correctly you installed netmaker client also on the proxmox machine or else it would not be available to access right?
So, there are a few ways you can set things up. In my case, I installed the client as an exit node on the remote network in an LXC VM on the network. I was then able to access any machine on that remote network through the Wireguard Tunnel that Netmaker creates. Not sure if that help you or not.
@@AwesomeOpenSource yes it helped. That machine kinda.... became like your router for that network.
Is there any open source for rds terminal server for publishing thick client application as remote app.
Nothing that I've found. I think you could do SSH forwarding, but not really the same. I think the rds terminal server allows you to install an application and make it available to multiple users at once.
Unfortunately, most of the features are behind a paywall..
For example, why relay feature are only in Pro servers? It makes no sense using the product in free version when your case is using your server behind CGNAT or just without a dedicated ip address. The tailscale/netbird/zerotier comes with free plan with relay servers included, but NetMaker has an open-source solution! Why not using this in free plan with your own relay server???
Yeah, I'm not sure what the decisions are behind that, but in order to keep Open Source open, it takes a ton of effort, and eventually that equals time and money.
so hard to install this app
i try following your steps one by one and i found in netmaker the quick install steps are changed
can you please re install app again with the quick install on netmaker
Thank you for your excellent explanation. I installed and set up my Netmaker server using this video tutorial.
Could you kindly guide me with a task I'm trying to achieve with Netmaker? I'm trying to connect a WireGuard server to another Wireugard server (which I will set up) and allow clients to connect to the primary server, but have their traffic go to the web through the second server and essentially access the internet through the second server. The first server will act as a tunneling method to just move the client traffic to the other network and let the client have the second server's IP address and internet connectivity.
I'd have to think about that a bit, but why the extra hop? Why not just connect the client to the server that will give internet access?
@@AwesomeOpenSource Censorship is the main reason for the extra hop. Connecting directly to the internet is not possible in Iran, and all the ports and outbound traffic to the outside of the country has been impacted by censorship. However VPS servers within the country have much better access to the global internet and hence connecting to the local regional servers and tunneling to the outside will result in much better outcome.
I gotcha. Here's how I think you should try this. Install Netmaker on both VPS (Hop 1, in country), Hop 2 (out of country). Next, create a network in each. Add the netmaker client on each server, and setup the two servers as clients of each other, so Hop 2 is a client of Hop 1 server, and Hop 1 is a client of hop 2 server. Install the client on your local machine, and add it as a client of the Hop 1 server network. Now, limit hop 1 networks to the IP range of Hop1 and Hop2 only. So, your local client won't try to egress from hop1. Instead, make hope 1 as the client of hop 2, the ingress node of Hop 2 server, and see if when you try to reach a known site, you get the appropriate public IP address back.
Mapped out, it's
local client -- Hop 1 (ingress) -- Hop 2 -- internet. The routing on it may be a little weird, and may take some playing around. You could also ask over at the Netmaker discord channel.
works perfectly, thank you
Glad it helped
what happens if i have egress on two different nodes with same ip range ?
In the same network, no issue. On different networks..you should change the range on one of them to avoid issues I imagine.
Is it possible to set up the server side without using docker? Any hints how?
I don't have the time to take a look but if you have some, you can just check the docker image for the server side and use commands in your server instead of using the dockerfile
netmaker.readthedocs.io/en/v0.7.2/server-installation.html will give you the advanced installation instructions for Netmaker.
@@AwesomeOpenSource Ah, thanks for the pointer to the docs. I'll try it out on a couple of x86 OpenWrt LXC containers.
docker would be optimal, especially since it can run internally on practically any linux distro due to the flexibility of docker
@@haydenc2742 But it also hides how services really work and puts them behind an obfuscated layer of overlays that I have no control over. TO me, docker is far from optimal.
does netmaker's server dashboard is opensource too ?
Yes.
why don't you open yml file with nano and change whatever required at once?? really bizarre
What if you have more that one Public IP?
I'm not sure, but I imagine you can assign it to which IP you prefer it use.
ingrees and egrees same like route the network yes ?
Yes. Ingress to the network, and egress out to another network.
Hi, sorry for for off topic, but can you do a video on something alternative to: Dashy, Homer, Heimdail; that provides instead of web links to add bash scripts. For instance lets say you have custom way to reset the ssl certificates other needs + login.
Let me see what I can find. If you have something in mind, let me know.
@@AwesomeOpenSource I think I got it, something like supervisord, but cooler UI + authorization system, if it looks like Dashy will be cool. I will try now to create a quick Django project that:
- parses tasks conf files
- checks task status
- start/reload/stop/restart actions
if it takes me 2 hours I will use that.
And in the background I will use the rpc API of supervisord.
My requirements are more like one time execute job, rather than to run the process as a daemon, but it will do I guess.
When accesing the dashboard and creating an Admin, I am getting a could not reach server error...
I had the same error, and I've gave up, its a one of the bugs in netmaker. It fixed after few restarts of docker, but then letsencrypt will ban you domain. I've tried to ask community but they doesn't know what is happening. Dont use it right now, Its still too bugy to use
@@demanuDJ Like you said it worked out of nowhere, then again as you say I think its too buggy still. I´m going for regular wireguard on ubuntu for now. Thanks for the feedback.
Sorry you guys are seeing these issues. I had no issues from the beginning. It would be helpful to go to the netmaker github and submit an issue ticket. They may ask you to pull some logs, but that's the only way to make software get better over time.
Nice video. I've been using Wireguard as my main VPN (Self hosted) for a long time. But, there's a catch, ultimately I've noticed that WG leaks my IP, no matter what I do, the big G knows my local IP in every search or network use. This is not present when I use Cloud flare Warp or PIA vpn, it always throw a different browsing experience even G shows my location as the one I select as location. Do you know any way to replicate this behavior (PIA or WARP) in a self hosted Wireguard?
I'd be interested to know if you see the same issu in using Netmaker instead.
I'll implement this option later today. Will report back. Cheers
Sounds like you have split tunnel set up.
I think you have some fundamental misunderstanding about VPNs. Fundamentally all a vpn is, is a secure way of virtually plugging your computer into a remote network as if you had a second network card connected to a super long ethernet cable connected to another network card at the other end. That's it, nothing more. It has nothing explicitly to do with "hiding" your ip address or anything else. In most cases you wouldn't actually route your general internet traffic over the vpn at all, generally people will create a vpn to access a remote network, for example the only port I have open to the outside world here at home is my wireguard server. Once I connect to that, I can then ssh or rdp into my servers, workstations and such.
If you did route all your internet traffic over the vpn, the ip address that websites would see should be that of your vpn server. So if you wanted websites to see an ip address outside of the country in which you live, you would need a server in the country you want to appear as. Your commercial vpn services have many endpoints all over the world, and that's what allows you to pick what location you wish to appear as. It should also be noted that so called "private" vpn services will hide your traffic from your isp, but does not hide your traffic from the vpn provider, and like isp's, they *definitely* are tapped by whatever government is interested. However most web traffic is encrypted anyway, so your isp can't see that regardless. Plus vpn has nothing automatically to do with DNS either, so if you are using a vpn, but are doing dns queries via your isp, then they will still be logging and selling data on what sites you look up.
So in short, it all depends on what you want to accomplish. Commercial VPN services that you see being shilled all over youtube sell themselves by flat out lieing about about security benefits.
@@AwesomeOpenSource heard of wirebird? can you cover it's use please?
Lengthy process to access a web server through the internet
Probably more just the video making it seem lengthy, it's really quite quick. I had a server up and running in about 5 minutes the other day. OF course, if you're comparing to using paid options, you pay them, download their config or client, and connect, so it's pretty ft, but if you want to self host it all, then it takes a bit more setup initially.
New Netmaker yml file not working....
Definitely go get their file It is much more likely to work as the video ages. Concepts are still the same.
Hi, Brian.Great video.I need some clarification On how to set up netmaker.I have my proxmox server.And then I will have a VPS.I am trying to set it up so that I can run remotely or rust desk.On my proxmox .And not have to open ports the will I need two droplets or one? And where's the server. Go on the VPS or on the proxmox box also if i am not running a dns server what options do i have? Thank you for any help you can give me to give me pointed in the right direction.Thanks.
Great question. I have a video that shows how to do what you're asking I think. Check this one out. th-cam.com/video/CGw4Kc424VE/w-d-xo.html
Shame it won't work with dynamic dns
I think you could replace Dynamic DNS with this running ona cheap VPS though.
Please make a updated video on this! your video and instructions are all out of date. Yes, I could read the new instructions but I'm a visual person and prefer a video.
Let me see what I can do.
@AwesomeOpenSource Oh sweet I didn't think you would even read this... Thank you! Also love what you do, I watch tons of your videos. Can you make a video on cosmos server and wazuh please?
Thanks. I try to read (and when I have any kind of answer) answer all of my comments on the channel. There are those that I simply don't understand sometimes, but I do try to respond to as many as I can. As for Netmaker, Alex (the original creator of it) is awesome, and I know he's also been working on his own videos, but it is about time for me to see if he'll come back on my channel and walk me through an update.
no android app
You add Android or iOS as an "external" client, then just use the Wireguard app.
@@AwesomeOpenSource all self hosted vpn server using wireguard can connect with same wireguard tunnel? and use wireguard app on play store? man, i didnt know this and never think of this
👍👍👍
Thank you!
Shame it doesn't support arm64 yet...
He has clients for Arm64, just not sure about a build for the server. But always worth asking on their Github for the additional build.
@@AwesomeOpenSource how would i go about this if i had a dynamic ip that isp changes? i have heard i can use duckdns and use script to update for ip changes on my router
You can use DuckDNS, or there are a lot of docker containers for updating registrars A-records for places like Godaddy, Cloudflare etc, if you prefer to use your own domain. Lastly, you soudl just do like I did and setup an inexpensive VPS to host the server on.
all workеd
That's Awesome!
Wow
Indeed!
Sorry Alex, but your audio is so bad it makes this valuable video almost useless.
Actually, the audio wasn't on Alex's end. It was some issue I have with OBS when trying to record while in a video call. Not sure why it does that.
@@AwesomeOpenSource Sorry about my negative reaction and apologies to Alex. I didn't realize it was only a small part of an otherwise great quality video.
The audio was so bad i had to stop listening
That was an issue on my end. The recording software messed up during streaming. Apologies.