A few questions

[canusuck]

I have a few questions about Streisand.

1. WireGuard - how fix dns leaks?
2. Other protocols also observe dnsleaks .. Help solve this problem or tell me.

2.1. DNS Leaks goes constantly from google dns where to look? 2.2. Do I need to install dnsmasq on the host machine? If you need then how to set up?

3. How can I change ports, where can I look?
4. vpn_in and vpn_out how best to do doublevpn?
5. How to change passwords / logins / shared key, etc. how and where I can set my values, or randomize.

Thank you in advance.

[cpu]

WireGuard - how fix dns leaks? Other protocols also observe dnsleaks .. Help solve this problem or tell me.

You need to provide more information. Please provide the following:

Expected behavior:

Actual Behavior:

Steps to Reproduce:

[ contents of streisand-diagnostics.md here ]

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output):

Target Cloud Provider:

Operating System of target host:

Operating System of client:

Version of Ansible, using ansible --version :

Output from git rev-parse HEAD in your Streisand directory :

We also need to know about your client operating system & the contents of /etc/resolv.conf after you bring up the wireguard interface on the client.

2.2. Do I need to install dnsmasq on the host machine? If you need then how to set up?

When you say "Host machine" you mean the Streisand server? No. It already has dnsmasq. I can't advise on your client machine because you haven't provided enough information to help.

How can I change ports, where can I look?

This isn't supported. You'll have to fork the project, read the source code, and make the changes yourself.

vpn_in and vpn_out how best to do doublevpn?

I answered this question in https://github.com/StreisandEffect/discussions/issues/79 - this isn't supported and we don't have the resources to help.

How to change passwords / logins / shared key, etc. how and where I can set my values, or randomize.

This isn't supported. I recommend you destroy your Streisand server and re-provision a fresh one to get new secrets. They will be randomized automatically.

[canusuck]

We also need to know about your client operating system & the contents of /etc/resolv.conf after you bring up the wireguard interface on the client.

# cat /etc/resolv.conf
# Generated by SolusVM
nameserver 8.8.8.8
nameserver 8.8.4.4

When you say "Host machine" you mean the Streisand server? No. It already has dnsmasq. I can't advise on your client machine because you haven't provided enough information to help. No, client machine.. sry

This isn't supported. You'll have to fork the project, read the source code, and make the changes yourself. That is, if I change the ports, the VPN will not work? Is it tied to these ports? And if I change them we will admit to 443 that it will not work?

I would be grateful if you show these lines in the source code, if possible.

This isn't supported. I recommend you destroy your Streisand server and re-provision a fresh one to get new secrets. They will be randomized automatically.

I would like to change the name of Streisand to more complex. And also the generation of passwords for more complex. How can i do this. Could you show where to look in the code.

And a few more questions:

1. How many people can simultaneously connect using the L2TP / IPsec protocol?
2. How to get rid of DNSLeaks? For example, I have a server in Sweden, how can I receive only DNS Sweden?
3. How to connect correctly to Linux?
4. Is ikev2 safer than l2tp? Is it faster? How much can it be used at the same time?

Thank you in advance for your response.

[nickolasclarke]

@canusuck

would be grateful if you show these lines in the source code, if possible.

unforunately they are not found in a single place. Ports are managed in the role playbook for each respective service, as opposed to a playbook only for firewall management. You'll need to poke through each of the roles that you want to modify and find the port changes you would like to make. Alternatively, you could modify the ports after the fact on the machine itself, as there will be more documentation for each service on their respective websites/man pages.

I would like to change the name of Streisand to more complex. And also the generation of passwords for more complex. How can i do this. Could you show where to look in the code.

like above, this is handled in each role playbook, not all in one place, you'll need to poke through the code yourself.

How many people can simultaneously connect using the L2TP / IPsec protocol? this is more a function of which platform or server you are deploying on, not the code.

How to connect correctly to Linux?

this is not clear. There are instructions on how to connect to each service from different types of clients (android/ios/macOS/windows/Linux) in the documentation that is generated by the project.

[nopdotcom]

If you'd like stronger or weaker passwords, alter playbooks/roles/common/vars/main.yml

[nopdotcom]

One note on the passphrases: the wordlist we're using has 2048 entries, aka 11 bits. In general, it's easier for English-speakers to remember (and type!) longer but simpler passphrases. For example, the gateway password we use has (6×11) 66 bits of machine-generated randomness. We used to use four words from a bigger dictionary, but the entropy was about the same with the easier words.

I suggest you not just increase the size of the wordlist, but it's your fork. :-)

[canusuck]

But I just want to know how I can change these lines.

> IPsec pre-shared key: interrupt-Pemba-newspaperwoman
> CHAP user: streisand
> CHAP pass: monsignor-braillers

I want to specify all these lines myself.

I want to use my username.

I also wanted to use other ports, 500/1701/4500 I would like to change them. How can I do.

Show me where to look and what to rule, please.

Thank you in advance for support

[nickolasclarke]

@canusuck changing them after the fact is something you'll need to do on the server itself. IPsec is handled by libreswan, which has the following in their README.

Configuration

Most of the libreswan configuration is stored in /etc/ipsec.conf and /etc/ipsec.secrets. Include files may >be present in /etc/ipsec.d/ See the respective man pages for more information.

You can learn more about libreswan an how its configured here on their project page

As for ports, I'm not sure which ones those are for off the top of my head, but considering you are asking about IPSec above, it's likely handled by the streisand/playbooks/roles/l2tp-ipsec/vars/main.yml playbook. I dont know off the top of my head if those ports are used by another service in tandem.

In general, we don't have the manpower to help people do customization to their servers after deployment that diverge from the pre-determined scope. In general, you'd be better off learning more about the individual services you are interested in customizing, and using their docs / communities to get further help.

[cpu]

I think the questions in this thread have been answered. I'm going to close it now. Thanks!