Getting on the self-hosted train again

Map of the fediverse.space

A long time ago, accessing cubicgarden.com meant accessing my direct server sitting in my home. I use to run Blojsom on top of Resin server. I was self hosting from my 512k ADSL line with 256k up (remember how fast that use to be to!?)

There were a lot of problems I grant you that but it mainly worked ok, although I didn’t like the sysadmin side of it all, as I was using Windows 2000 as the operating system. At some point I decided to switch to wordpress only because PHP hosting was cheaper than Java, although I got some incredible breaks during my time. In 2014 I moved my blog to WPengine thanks to dotBen

That was a while ago and since then I have massively upgraded my connection speed to 1gigabit up and down thanks to Hyperoptic and upgraded my server quite a bit (6 core AMD with 16 gig of memory). The first thing I did was installed Plex server.

Since then I have been slowly adding more services to my server. I guess the most noteworthy ones being tiny tiny rss, icecast2, plex and zerotier vpn (which I’m considering changing to wireguard with the recent announcements). Tiny tiny RSS is useful as I don’t like what feedly and others are doing with my data. Zerotier VPN is very cool and very much like the old and forgotten Hamachi. Because it uses internal ip addresses (non-addressable?) any device I have it connected with can access those addresses like they are on a internal network. This ultimately means I can access all my services including tiny tiny rss without opening up ports on my firewall and exposing it to the internet.

Anyway I’ve been thinking about adding more services to my server including Wekan (alternative to trello), Pixelfed (feiverse instagram), wisemapping (web based mindmapping tool), wallabag (alternative to instapaper), standardnotes server, mastodon (fediverse twitter), funkwhale (fediverse spoitfy), language tool (alternative to grammerly) and matrix (powerful alternative to slack).

Doing it under Ubuntu isn’t a problem as theres lots of tutorials and theres plenty which use Docker to manage everything.

But there is issue it seems when installing multiple services on top of each other. Most of the tutorials require a Apache or Ngnix then some SQL database. The tutorials are written like you are running just one service alone and things become more tricky when you have services using certain ports, etc. Trying to move the ports, database tables is sometimes tricky to follow.

Right now, I’m focused on doing one service at a time or really getting to grips with Docker which was meant to make this easier to deal with???

Ok so why selfhosting (and there is a lot of self-hosting services as I found here) and all the hassle?

I found something which sums it up nicely from a different but connected context.

Decentralized, peer-to-peer networks are evolutionarily superior to the bastardized corporate ‘sharing economy’ platforms like Uber and Lyft. Their billion-dollar budgets won’t save them from the inevitability of the blockchain-based peer-to-peer economy.

The decentralization revolution is here.

Open hamachi replacement?

Fiber optic bokeh

I wrote this 6 years ago, while looking at VPNs…

I use to love Hamachi, it use to simply work and it was very secure. The only problem is it got picked up by log me in and therefore hasn’t been developed in the way I would have liked. The Windows version has been developed but the linux and mac version are lagging behind in the lab. I also would like to see a Android app like how someone created a Windows mobile version.

Its been a while since I looked at VPNs for different purposes including privacy, anonymity, tunnelling, etc. I really wanted something like Hamachi mainly because Tor can do so much around anonymity, but there are things which I’d like to do like I was on my own network (tunnelling). Hamachi worked very simply and made something quite complex very simple.

I was looking at a few options including Bitmask, FreeLAN, Tinc VPN, WireGuard and ZeroTier. It needed to be open source or actually free software licensed. It needs to run on Linux and Android at least. I don’t mind if its got a commercial service, but I should be able to migrate away without having to replace everything again. It should also be straight forward, extensible, secure and work closely like standard networks. This is why I loved Hamachi, once you had a 5.x.x.x address, everything else just clicked.

I tried all but the ones which stuck out for me are Bitmask which is trying to build a complete system including secure email, vpn and hosting. I originally looked at Zeronet for the hosting side of things and I keep looking at GPG for secure email but its not high on my list currently. Bitmask seems too much, its a client of the LEAP project. One to keep an eye on in the future. FreeLan looked like a perfect replacement for Hamachi but having no gui was a real pain. I don’t mind messing with config files but sometimes I’d like to see whats happening without scrolling through the terminal. Tinc and Wireguard were cool but ZeroTier was ideal.

Zerotier runs on everything, the client is actually GPL v3. Its mainly command line/terminal for linux but easily installed and although you can do everything that way. Its not completely decentralised as you have a server which points the clients at each other. Once thats done, they can talk without the pointer. You can also setup your own server of course. At the server end, its The server allows you to configure the network which the clients join. You can also reject clients, add certs, etc. Its all so easy with a browser interface.

Now I’m connected over this VPN, I can do things like SSH, access my router settings without going via the WAN interface (something I hated about Hyperoptic’s router as its administrative login was on a WAN/public interface). This also means I don’t need to worry so much about securing PlexPy, Sickrage, etc, etc. This saves messing with certs. You can share networks across this too, allowing you to route networks; very useful when trying to get around web blocking, For example I was surprised my 3 tethered 4G connection was restricted to only ports 80 & 443 while roaming abroad.

ZeroTier seems to have everything at the moment, I am impressed and doesn’t take many resources which is great for mobile devices. Its simply another network but heavily encrypted.

Highly recommended so far…

Simple VPN – Hamachi vs Remobo vs Wippien

I use to love Hamachi, it use to simply work and it was very secure. The only problem is it got picked up by log me in and therefore hasn’t been developed in the way I would have liked. The Windows version has been developed but the linux and mac version are lagging behind in the lab. I also would like to see a Android app like how someone created a Windows mobile version.

So I looked into alternatives because to be frank, I still don’t really understand PPTP VPN or IPSEC VPN.

The two I’ve seen which are similar to Hamachi is n2n, Remobo and Wippien.

  • N2N – I just don’t quite get. It sounds fantastic but not at a mature enough stage right now. It requires a lot of manual effort to get up and running. And to be fair it didn’t work for me.
  • Remobo – Has a Gui but for some reason it won’t auto-loggin on ubuntu in so I have to enter the details each time I reboot. This is not great when you have it running on a server with limited access like no monitor. Once they fix that problem and finish the command line version, I may consider switching.
  • Wippien – Seems pretty good it uses xmpp to do the connection but you can’t join the network on the linux version because you can add new users. So unfortunately I wasn’t able to use it or test it. Very frustrating because I had high hopes for this one.

So right now, I’m going to stick with Hamachi but my eyes are certainly looking else where. Wippien and Remobo once mature and add real support for Linux, then Hamachi should be worried, theres some stiff competition coming.

Boxee is now my mediaplayer while at work

Boxee on the desktop

I’ve been playing with the beta version of Boxee and I’m more and more enjoying it. During work, its got the perfect interface for playing back tunes but I also discover I could also connect to my shares at home easily using Hamachi VPN. Simply pop in the ip address of your remote machine and thats it. Because Hamachi uses a 5.x.x.x address, Boxee connects and the locally running Hamachi takes over the connection. Not only that, because Hamachi’s central server is only used to connect the two points, all traffic is routed as directly as possible. Aka the lag time I’m getting is super low due to the 1meg upstream link at home and super fast connection at work. Fast enough to even play some of films if I really wanted to. I also suspect when away off site I can use my 3g/HSDPA connection to do the same with no changes to Hamachi or Boxee.

Boxee with Hamachi VPN

I know a lot of people don’t like Hamachi but to be fair I run it on almost every machine I own and enjoy how simple it makes VPN and tunneling. I’ve still had no luck with L2L: layer two but yet to try Wippen which I hear is the truly open version of Hamachi.

I could use XBMC to do the same but I actually prefer boxee’s interface for my laptop and xbmc’s for large displays. Also the social features in Boxee means if I quickly hear a tune I like or something, within a few clicks its shared and i’m back to work again. Now if only mix podcasts came with tracks…

VPN tunnel your way to safe ground with Hamachi

Hamachi on windows

What is Hamachi?

Hamachi is a UDP-based virtual private networking system. Its peers utilize the help of a 3rd node called mediation server to locate each other and to boot strap the connection between themselves. The connection itself is direct and once it's established no traffic flows through our servers.

Hamachi is not just truly peer-to-peer, it is verifiably secure peer-to-peer.

Believe it or not, but we are able to successfully mediate p2p connections in roughly 97% of all cases we dealt with so far (few tens of thousands as of early March). This includes peers sitting behind different firewalls and/or broadband routers (aka NAT devices).

Oh my goodness, if you have not tried out Hamachi and want access to your home network from elsewhere. You need to try it out! I heard it about it ages ago but dismissed it because I didnt really see the need. Well that was before I learned about how insecure Wifi can be. So during hearing this week's Security Now podcast

I spent a hour checking out Hamachi. At the moment it runs on Windows and Linux but after verison 1.0 (there currently 0.99) it will be developed for the Mac too. I dont see why you cant run the Linux version on a Mac command line but I'm sure there is a reason. So anyhow once you got it installed you can follow the Wizard which is a little too simple but good for those not deeply into networking, its easy to escape at anytime.
Once your setup its just a matter of making a new network or joining another one. You can easily make one and the the security is then all hanged off your stupidly impossible to crack password. GRC recommends some 63 character password string which can be generated here at the High security password generator. I actually went for a stupid 96 ASCII character password with all types of characters. I'll switch it down to 63 because Hamachi uses a 256bit AES crypto for authentication. After setting the password and name of the network you can go to another machine and do the same but this time hit join and enter the same details.

Before you know it your on a new type of network. Actually a 5.x.x.x IP address. I didnt even know you could actually have one of those for a network, I always thought 10.x.x.x was the lowest things went. Ok so once you got two machines on the same p2p network your away. I was able to tunnel out of my work network and on my own computer at home and launch VNC and access the net and machines attached to the same physical network. Everything is accessable and the speed is amazing. Oh yeah by the way, I only had to open one port on Smoothwall for it to work, most firewalls and NAT environments can be traversed without opening ports and port forwarding according to the Hamachi creators. I did nothing to the work network, like Skype it just worked. Crazy but true. I also tried using Hamachi with some of the sniffing tools out there and glad to say it works perfectly. All traffic is secured and even insecure connections like POP3 retrivial can not be discovered as it all looks like normal web traffic. Honestly I cant wait for version 1.0 of Hamachi. Its solved so many of my problems its untrue.

Comments [Comments]
Trackbacks [0]