delicate pier
The GUI part starts up eventually but in the end these messages appear when the connection is being initiated:
"WireguardUtilsLinux" "Unable to read tunnel interface name"
"Daemon" "Interface creation failed."
"DaemonLocalServerConnection" "Failed to activate the interface"```
Is it possible at all to allow a program to create devices and how?
reef plinth
You can't create network devices from inside the vso-pico container
delicate pier
Does that mean it's a dead end and I won't be able to use that VPN solution?
reef plinth
If you want to only connect to one destination you could download the wire guard config file and import that one via settings
delicate pier
It's a modified WireGuard unfortunately, so I doubt the "regular" client can connect to a modified Amnezia WireGuard server.
I'm just trying to understand here if I hit some architectural roadblock, meaning immutable systems are simply not designed for that kind of behavior (from a user's perspective of course) or if there's a sane way to work around that.
ashen berry
It's a modified WireGuard unfortunately, so I doubt the "regular" client can con...
It's worth a try. You can import the config from the Networks panel in Settings.
ashen berry
I'm just trying to understand here if I hit some architectural roadblock, meanin...
Custom VPN solutions are one of the things that are really hard to use on immutable systems sadly.
reef plinth
https://amnezia.org/en/self-hosted they are advertising native clients for the self hosted version
delicate pier
I doubt it's even a standard WireGuard config. It goes like this: vpn://AAACmHjadZE9T8MwEED3_IrKa6Dq-asJa....
reef plinth
On an immutable system you are using docker containers to install stuff inside, because you can't install stuff in the immutable host os (at least easily). Docker containers can't change network stuff on the host.
Do they offer a .Deb file for installing it?
delicate pier
Unfortunately all they offer is a custom-made installer, no .deb and no AppImage.
Yes I vaguely remember something about Docker and network interfaces...
reef plinth
Maybe at least a browser addon?
delicate pier
Nothing of the sort.
reef plinth
Oh man, that's always a problem with does stupid VPN providers
Are you using a paid subscription or just the free version?
delicate pier
I'm using a self-hosted variant so there's my VPS out there and this client.
reef plinth
Why are you even then using this and not just plain simple wireguard
delicate pier
Because WireGuard is being actively blocked here, based on its signature which is easily detected by DPI boxes. WireGuard also seems to be the fastest of them all, but I think other regular protocols are also blocked, such as OpenVPN.
I've spent several days trying to understand what I was doing wrong with a regular WireGuard setup before I ran tcpdump and saw that blockade in all its glory.
ashen berry
I mean you can always make a https://github.com/vanilla-os/custom-image/ and upgrade to it if you want.
But I understand if that's too much work.
delicate pier
Yes, I was thinking about that, but it's really an overkill for just some VPN program... I was hoping for a more elegant solution, but if it's by design, I'm fine with that. If it's just like using (or rather not using) custom kernel modules (VirtualBox) because it goes against the principles of the OS, then it's not wise to do that.
I'm not too well-versed in all the intricacies of immutable systems, so trying to understand my limitations.
reef plinth
It's not a problem of immutability per design, as you can install it via a custom image or abroot if it would have been an official Debian package. It's a technical limitation of that system that allows you to install normal stuff despite immutability
Vanilla Os doesn't throw every weird vpns Provider client into its base image because that would be unwanted and unremovable by most of the normal users. Support for industry standard vpns is available per default.
delicate pier
I absolutely agree with that.
But can I simply repackage their custom installer into a .deb?
reef plinth
Is the custom installer a interactive gui process like you know (and hate 😂) from windows or just a shell script
delicate pier
It's a GUI installer. QT-based.
That seems to try to acquire root in the process (on non-immutable systems) but only acquires your current user on Vanilla and thinks it's fine.
reef plinth
If it doesn't have an unattended install mode then it's not really possible for vanilla os
And probably most other immutable distro depending on their way to implement immutability
delicate pier
I see, thanks, hitura. Just in case I ever stumble on a .deb client, what would my steps be to make it work?
reef plinth
Use the template function in the custom image repo, upload the deb file to your own repo, wait until image is built on GitHub, change image name via abroot config-editor and run ABRoot upgrade
delicate pier
So I will have a custom image then. What does it mean for upgrades?
reef plinth
Your custom image is basically based on top of the normal desktop image. There is a cronjob inside the repo which rebuilts the image weekly. Upgrade then works like normal from the user perspective
Only thing you need to do yourself is upload a new Deb file if you want to update the vpn
delicate pier
Just so I understand it correctly, you're talking about a github repo?
And the cronjob is whose?
reef plinth
And the cronjob is whose?
GitHubs, the action workflow allows you to schedule an action to run every x time
delicate pier
Ah so it pulls your source data, mingles it with my modifications and spews out an updated image?