test conversion back to markdown

1 files changed, 0 insertions, 143 deletions

diff --git a/content/blog/2023-07-12-wireguard-lan.org b/content/blog/2023-07-12-wireguard-lan.org
deleted file mode 100644
index 17696de..0000000
--- a/content/blog/2023-07-12-wireguard-lan.org
+++ /dev/null
@@ -1,143 +0,0 @@
-#+title: Enable LAN Access in Mullvad Wireguard Conf Files
-#+date: 2023-07-12
-#+description: Learn how to enable LAN access manually in Mullvad configuration files.
-#+filetags: :linux:
-
-* Download Configuration Files from Mullvad
-To begin, you'll need
-[[https://mullvad.net/account/wireguard-config][Wireguard configuration
-files from Mullvad]]. You can choose any of the options as you download
-them. For example, I enabled the kill switch, selected all countries,
-and selected a few content filters.
-
-Once downloaded, unzip the files and move them to the Wireguard folder
-on your system.
-
-#+begin_src sh
-cd ~/Downloads
-unzip mullvad_wireguard_linux_all_all.zip
-doas mv *.conf /etc/wireguard/
-#+end_src
-
-** Configuration File Layout
-The default configuration files will look something like this:
-
-#+begin_src conf
-[Interface]
-# Device: <redacted>
-PrivateKey = <redacted>
-Address = <redacted>
-DNS = <redacted>
-PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
-PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
-
-[Peer]
-PublicKey = <redacted>
-AllowedIPs = <redacted>
-Endpoint = <redacted>
-#+end_src
-
-#+begin_quote
-Note: If you didn't select the kill switch option, you won't see the
-=PostUp= and =PreDown= lines. In this case, you'll need to modify the
-script below to simply append those lines to the =[Interface]= block.
-#+end_quote
-
-* Editing the Configuration Files
-Once you have the files, you'll need to edit them and replace the
-=PostUp= and =PreDown= lines to enable LAN access.
-
-I recommend that you do this process as root, since you'll need to be
-able to access files in =/etc/wireguard=, which are generally owned by
-root. You can also try using =sudo= or =doas=, but I didn't test that
-scenario so you may need to adjust, as necessary.
-
-#+begin_src sh
-su
-#+end_src
-
-Create the Python file that we'll be using to update the Wireguard
-configuration files.
-
-#+begin_src sh
-nano replace.py
-#+end_src
-
-Within the Python file, copy and paste the logic below. This script will
-open a directory, loop through every configuration file within the
-directory, and replace the =PostUp= and =PreDown= lines with the new
-LAN-enabled iptables commands.
-
-#+begin_quote
-Note: If your LAN is on a subnet other than =192.168.1.0/24=, you'll
-need to update the Python script below appropriately.
-
-#+end_quote
-
-#+begin_src python
-import os
-import fileinput
-
-print("--- starting ---")
-
-dir = "/etc/wireguard/"
-
-for file in os.listdir(dir):
-    print(os.path.join(dir, file))
-    for line in fileinput.input(os.path.join(dir, file), inplace=True):
-        if "PostUp" in line:
-            print("PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 192.168.1.0/24 -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT")
-        elif "PreDown" in line:
-            print("PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 192.168.1.0/24 -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT")
-        else:
-            print(line, end="")
-
-print("--- done ---")
-#+end_src
-
-Once you're done, save and close the file. You can now run the Python
-script and watch as each file is updated.
-
-#+begin_src sh
-python3 replace.py
-#+end_src
-
-To confirm it worked, you can =cat= one of the configuration files to
-inspect the new logic and connect to one to test it out.
-
-#+begin_src sh
-cat /etc/wireguard/us-chi-wg-001.conf
-#+end_src
-
-The configuration files should now look like this:
-
-#+begin_src conf
-[Interface]
-# Device: <redacted>
-PrivateKey = <redacted>
-Address = <redacted>
-DNS = <redacted>
-PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 192.168.1.0/24 -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
-PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d 192.168.1.0/24 -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
-
-[Peer]
-PublicKey = <redacted>
-AllowedIPs = <redacted>
-Endpoint = <redacted>
-#+end_src
-
-If you connect to a Wireguard interface, such as =us-chi-wg-001=, you
-can test your SSH functionality and see that it works even while on the
-VPN.
-
-#+begin_src sh
-wg-quick up us-chi-wg-001
-ssh user@lan-host
-#+end_src
-
-To confirm your VPN connection, you can curl Mullvad's connection API:
-
-#+begin_src sh
-curl https://am.i.mullvad.net/connected
-# You are connected to Mullvad (server us-chi-wg-001). Your IP address is <redacted>
-#+end_src