Formerly know as u/Arjab.
Anarchist | Antifascist | Anticapitalist.
Arch Linux | FOSS | Piracy | Security & Privacy

Looking for a Mastodon instance?
Check out @serverbot@undefined.social.

  • 11 Posts
  • 57 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle


  • Immich has image and facial recognition by default and a very neat Android app. Also it’s running in my home server, which has more power if Immich needs it. In that case I’d say software should serve one purpose and serve that good. Immich is just for picture management and does that very good. Nextcloud is a cloud and the Photos app is just a small extra that can’t compete with a full-fledged software. Nextcloud runs fine on my Raspberry Pi 4, but it’s only used by me and three friends. It’s mainly limited by your network speed and disk speed I’d say. And I’m using an external hard drive without issues.

















  • So to confirm your behavior, you can tailscale ping each other fine and tailscale ping to the internal network. You cannot however ping from the OS to the remote internal network?

    Exactly.

    Have you checked your routing tables to make sure the tailscale client added the route properly?

    How do I do this? I use Headscale and headscale routes list shows the following:

    ID | Machine | Prefix           | Advertised | Enabled | Primary
    1  | server  | 0.0.0.0/0        | false      | false   | -
    2  | server  | ::/0             | false      | false   | -
    3  | server  | 192.168.178.0/24 | true       | true    | true
    

    Also have you checked your firewall rules? If you’re using ipfw or something, try just turning off iptables briefly and see if that lets you ping through.

    I’m not using a firewall, but the VPS is hosted on Hetzner, which has a firewall. But I already allowed UDP port 41641 and 41641. The wg0 rule is from the Wireguard setup I want to replace using Tailscale.

    # iptables --list-rules
    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -N DOCKER
    -N DOCKER-ISOLATION-STAGE-1
    -N DOCKER-ISOLATION-STAGE-2
    -N DOCKER-USER
    -A INPUT -s 100.64.0.0/10 -j ACCEPT
    -A FORWARD -j DOCKER-USER
    -A FORWARD -j DOCKER-ISOLATION-STAGE-1
    -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -o docker0 -j DOCKER
    -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
    -A FORWARD -i docker0 -o docker0 -j ACCEPT
    -A FORWARD -i wg0 -j ACCEPT
    -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
    -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 81 -j ACCEPT
    -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
    -A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9090 -j ACCEPT
    -A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
    -A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
    -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9001 -j ACCEPT
    -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
    -A DOCKER-ISOLATION-STAGE-1 -j RETURN
    -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
    -A DOCKER-ISOLATION-STAGE-2 -j RETURN
    -A DOCKER-USER -j RETURN