Tag Archives: Network

Network

WireGuard VPN

WireGuard VPN
Our Unifi system can support several different VPN configurations. We used the VPN server built into our Unifi Dream Machine SE and configured it to use Wireguard clients on our iPhones, iPads, macOS laptops, and Windows laptops. The Unifi system makes setting up our WireGuard VPNs simple.

The following video explains the various VPN options and how to configure them.


5 Types of VPNs on Unifi and How To Configure Them

We use DDNS to ensure that our domains point to our router when our ISPs change our IP address. After the clients are installed, they are updated to point at our network’s current IP.

Docker, Network

Iperf3

Iperf3
Iperf3

Iperf3 is a common tool for network performance testing. We run an Iperf3 server in a Docker container. You can find information on how to set up and use Iperf3 here.

Docker, Network

Pihole with a Cloudflare Tunnel

Pihole in Docker

We are running three Pihole installations, which enable load balancing and high availability for our DNS services. We also use a Cloudflare encrypted tunnel to protect information in external DNS queries via the Internet.

Our three instances are deployed on a combination of Docker host VMs in our Proxmox Cluster and a stand-alone Raspberry Pi Docker host.

Deploy Pihole with a Cloudflare Tunnel

Our software service stack for our dockerPiHole installs Pi includes the following applications:

Our combined stack was created using  information in the following video:


Deploy PiHole with Cloudflare Tunnel in Docker

Ubuntu Port 53 Fix

Unubtu VMs include a DNS caching server on port 53, which prevents Pihole from being deployed. To fix this, run the commands at this link on the host Ubuntu VM before installing the Pihole and Cloudflare Tunnel containers.

Scheduled Block List Updates

We must update our block lists by doing a Gravity pull. We do this daily via a cron job. This can be configured on the RPi host using the following commands –

# Edit the user crontab
sudo crontab -u <user-id> -e

# The following to the user crontab
min hr * * * su ubuntu -c /usr/bin/docker exec pihole pihole -g | /usr/bin/mailx -s"RPi Docker - Gravity Pull" your-email@mydomain.com
Docker, Network

Cloudflare DDNS

Cloudflare DDNS

We use Cloudflare to host our domains and the associated external DNS records. Cloudflare provides excellent security and scaling features and is free for our use cases.

We do not have a static IP address from either of our ISPs. This, coupled with the potential of a failover from our primary to our secondary ISP, requires us to use DDNS to keep the IPs for our domains up to date in Cloudflare’s DNS.

We run a docker container for each domain that periodically checks to see if our external IP address has changed and updates our DNS records in Cloudflare.  The repository for this container can be found here.

Deploying the DDNS update container is done via a simple docker compose yml –

version: '2'
services:
  cloudflare-ddns:
    image: oznu/cloudflare-ddns:latest
    restart: unless-stopped
    container_name: your-container-name
    environment:
        - API_KEY=YOUR-CF-API-KEY
        - ZONE=yourdomain.com
        - PROXIED=true
        # Runs every 5 minutes
        - CRON=*/5 * * * *

You’ll need a separate container for each DNS Zone you host on Cloudflare.