Networking

18
Jan
2022

How to fix Tasmota Upload Failed: Upload buffer miscompare on Nous A1T

Problem:

When trying to do a Tasmota firmware upgrade on the Nous A1T, you see this error message:

Upload Failed
Upload buffer miscompare


Solution:

This issue occurs because in the default configuration there is not enough flash space to flash the firmware.
However, this is easy to fix: First, flash the tasmota-minimal.bin.gz firmware, then flash the regular tasmota.bin.gz firmware using the webinterface of the minimal firmware.

Download link for the minimal firmware
Download link for the regular firmware

After that, upgrades will work just fine.

Posted by Uli Köhler in Home-Assistant, MQTT
18
Jan
2022

How to fix Tasmota MQT: Connect failed to …, rc 5

Problem:

On the Tasmota console, you see an error message like

17:56:11.326 MQT: Connect failed to 10.19.50.10:1883, rc 5. Retry in 50 sec

Solution:

Your MQTT username/password is wrong. Check if they match what you have configured in your server in the Tasmota MQTT configuration page.

Posted by Uli Köhler in MQTT
16
Jan
2022

How to install Tailscale on Ubuntu in less than 1 minute

Just run this sequence of commands to install tailscale. This will automatically determine the correct Ubuntu version

#!/bin/bash
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/$(lsb_release -sc).gpg | sudo apt-key add -
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/$(lsb_release -sc).list | sudo tee /etc/apt/sources.list.d/tailscale.list
sudo apt-get update
sudo apt-get install tailscale

 

Posted by Uli Köhler in Networking, Wireguard
16
Jan
2022

How to setup headscale server in 5 minutes using docker-compose

This headscale setup is using sqlite – with a much lighter memory & CPU footprint than PostgreSQL for simple usecases, I recommend this for almost any installation: Headscale doesn’t have to manage that many requests and using sqlite3 is fine for all but the most demanding setups.

First, create the directory where headscale and all the data will reside in (we use /opt/headscale in this example).

sudo mkdir -p /opt/headscale

Now run the following script in /opt/headscale to initialize the files and directories headscale requires:

#!/bin/bash
mkdir -p ./config
touch ./config/db.sqlite
curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o ./config/config.yaml

docker-compose config

Now it’s time to create /opt/headscale/docker-compose.yml:

version: '3.5'
services:
  headscale:
    image: headscale/headscale:latest
    volumes:
      - ./config:/etc/headscale/
      - ./data:/var/lib/headscale
    ports:
      - 27896:8080
    command: headscale serve
    restart: unless-stopped

This will configure headscale to run its HTTP server on port 27896. You can reverse proxy this port to the domain of your choice.

Configuration

Now we should edit the server name in config/config.yaml:

server_url: https://headscale.mydomain.com

Autostart

Using the method described in our previous post Create a systemd service for your docker-compose project in 10 seconds we will now setup autostart on boot for headscale using systemd. This command will also start it immediately:

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

How to view the logs

Use this command to view & follow the logs:

docker-compose logs -f

 

Example output

headscale_1  | [GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
headscale_1  | 
headscale_1  | [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
headscale_1  |  - using env:    export GIN_MODE=release
headscale_1  |  - using code:   gin.SetMode(gin.ReleaseMode)
headscale_1  | 
headscale_1  | [GIN-debug] GET    /metrics                  --> github.com/zsais/go-gin-prometheus.prometheusHandler.func1 (4 handlers)
headscale_1  | [GIN-debug] GET    /health                   --> github.com/juanfont/headscale.(*Headscale).Serve.func2 (4 handlers)
headscale_1  | [GIN-debug] GET    /key                      --> github.com/juanfont/headscale.(*Headscale).KeyHandler-fm (4 handlers)
headscale_1  | [GIN-debug] GET    /register                 --> github.com/juanfont/headscale.(*Headscale).RegisterWebAPI-fm (4 handlers)
headscale_1  | [GIN-debug] POST   /machine/:id/map          --> github.com/juanfont/headscale.(*Headscale).PollNetMapHandler-fm (4 handlers)
headscale_1  | [GIN-debug] POST   /machine/:id              --> github.com/juanfont/headscale.(*Headscale).RegistrationHandler-fm (4 handlers)
headscale_1  | [GIN-debug] GET    /oidc/register/:mkey      --> github.com/juanfont/headscale.(*Headscale).RegisterOIDC-fm (4 handlers)
headscale_1  | [GIN-debug] GET    /oidc/callback            --> github.com/juanfont/headscale.(*Headscale).OIDCCallback-fm (4 handlers)
headscale_1  | [GIN-debug] GET    /apple                    --> github.com/juanfont/headscale.(*Headscale).AppleMobileConfig-fm (4 handlers)
headscale_1  | [GIN-debug] GET    /apple/:platform          --> github.com/juanfont/headscale.(*Headscale).ApplePlatformConfig-fm (4 handlers)
headscale_1  | [GIN-debug] GET    /swagger                  --> github.com/juanfont/headscale.SwaggerUI (4 handlers)
headscale_1  | [GIN-debug] GET    /swagger/v1/openapiv2.json --> github.com/juanfont/headscale.SwaggerAPIv1 (4 handlers)
headscale_1  | [GIN-debug] GET    /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] POST   /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] PUT    /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] PATCH  /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] HEAD   /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] OPTIONS /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] DELETE /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] CONNECT /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | [GIN-debug] TRACE  /api/v1/*any              --> github.com/gin-gonic/gin.WrapF.func1 (5 handlers)
headscale_1  | 2022-01-16T19:04:04Z WRN Listening without TLS but ServerURL does not start with http://
headscale_1  | 2022-01-16T19:04:04Z INF listening and serving (multiplexed HTTP and gRPC) on: 0.0.0.0:8080
headscale_1  | 2022-01-16T19:04:04Z INF Setting up a DERPMap update worker frequency=86400000

 

Posted by Uli Köhler in Networking, Wireguard
16
Jan
2022

Traefik wildcard Lets Encrypt certificate reverse proxy example

The following example builds on our config from Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges

This config (placed in /etc/traefik/conf/myservice.toml – which is mapped to ./conf/myservice.toml i.e. /opt/traefik/conf/myservice.toml in our docker-compose example) generates a wildcard certificate for *.mydomain.com (also including just mydomain.com) using the cloudflare certificate provider and uses said wildcard certificate for myservice.mydomain.com and any other *.mydomain.com backends you have configured.

This config will reverse proxy all traffic on myservice.mydomain.com to 192.168.178.233:8080

# Host
[http.routers.myservice]
rule = "Host(`myservice.mydomain.com`)"
service = "myservice"

# Backend
[http.services]
[http.services.myservice.loadBalancer]
[[http.services.myservice.loadBalancer.servers]]
url = "http://192.168.178.233:8080/"

# Certificates
[http.routers.myservice.tls]
certresolver = "cloudflare"
[[http.routers.myservice.tls.domains]]
main = "mydomain.com"
sans = ["*.mydomain.com"]

Note that cloudflare in certresolver = "cloudflare" refers to the provider configured using

--certificatesresolvers.cloudflare....

but you can choose any other name with the cloudflare method such as --certificatesresolvers.myprovider.acme.dnschallenge.provider=cloudflare in which case the provider will be referred to as myprovider !

Posted by Uli Köhler in Networking, Traefik
16
Jan
2022

Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges

This is my setup using docker-compose to start Traefik, supporting all major encryption providers. I recommend to create the /opt/traefikdirectory and save the following file as /opt/traefik/docker-compose.yml. This config has the fileand docker providers enabled by default.

version: "3.3"
services:
  traefik:
    image: "traefik:v2.5"
    network_mode: "host" 
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/etc/traefik/conf"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--log.level=info"
      - "--serversTransport.insecureSkipVerify=true"
#      - "--pilot.token=PILOT_TOKEN_HERE"
#
      - "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "[email protected]in.com"
      - "--certificatesresolvers.cloudflare.acme.KeyType=EC256"
      - "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge=true"
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.cloudflare-staging.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--certificatesresolvers.cloudflare-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--[email protected]mydomain.com"
      - "--certificatesresolvers.cloudflare-staging.acme.KeyType=EC256"
      - "--certificatesresolvers.cloudflare-staging.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "[email protected]"
      - "--certificatesresolvers.alpn.acme.KeyType=EC256"
      - "--certificatesresolvers.alpn.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.alpn-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.alpn-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "[email protected]main.com"
      - "--certificatesresolvers.alpn-staging.acme.KeyType=EC256"
      - "--certificatesresolvers.alpn-staging.acme.storage=/letsencrypt/acme.json"
    environment:
      - [email protected]
      - CLOUDFLARE_API_KEY=XYZABC123
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./conf:/etc/traefik/conf:ro"

Replace [email protected] by the Email address to register certificates to. Also ensure to change

- [email protected]
- CLOUDFLARE_API_KEY=XYZABC123

Optionally, create a Pilot token and set it (don’t forget to un-comment the line) using

# - "--pilot.token=PILOT_TOKEN_HERE"

Now let’s make the service autostart on boot (and start it right now) using the method detailed in docker-compose systemd .service generator: Run the following in /opt/traefik

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

We will detail how to get access to the Traefik API in followup posts.

 

 

Posted by Uli Köhler in Networking, Traefik
16
Jan
2022

Oracle Cloud Always Free Tier ARM network ping

Also see: Oracle Cloud Always Free Tier ARM network speedtest

We tested Oracle Cloud free tier network performance on 2022-01-16 using:

  • Ubuntu 20.04
  • 3 cores, 23 GB memory => listed network bandwidth of 3 Gbps
  • We only tested Frankfurt AD2. In some less systematic tests using speedtest, AD2 performed significantly better in our speed tests

Ping to Cloudflare

[email protected]:~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=62 time=0.920 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=62 time=1.03 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=62 time=0.901 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=62 time=1.00 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=62 time=1.00 ms

Ping to Google

[email protected]:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=0.826 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=0.829 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=122 time=0.801 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=122 time=0.996 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=122 time=0.842 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=122 time=0.840 ms

Traceroute to Cloudflare

[email protected]:~$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  140.91.198.100 (140.91.198.100)  0.230 ms  0.175 ms 140.91.198.158 (140.91.198.158)  0.099 ms
 2  oracle-svc071177-lag003320.ip.twelve99-cust.net (213.248.69.249)  16.004 ms  50.135 ms  50.095 ms
 3  ffm-b11-link.ip.twelve99.net (213.248.69.248)  1.045 ms  1.132 ms  0.862 ms
 4  cloudflare-ic328337-ffm-b11.ip.twelve99-cust.net (62.115.144.199)  1.142 ms  7.372 ms  1.690 ms
 5  one.one.one.one (1.1.1.1)  0.733 ms  0.746 ms  0.724 ms

Traceroute to Google

[email protected]:~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  140.91.198.103 (140.91.198.103)  0.268 ms 140.91.198.98 (140.91.198.98)  0.224 ms 140.91.198.103 (140.91.198.103)  0.214 ms
 2  ipv4.de-cix.fra.de.as31898.oracle.com (80.81.196.168)  0.412 ms  1.479 ms 185.1.102.135 (185.1.102.135)  0.574 ms
 3  ipv4.de-cix.fra.de.as15169.google.com (80.81.193.108)  0.714 ms 185.1.102.59 (185.1.102.59)  1.172 ms  1.132 ms
 4  108.170.251.129 (108.170.251.129)  0.688 ms 108.170.251.193 (108.170.251.193)  1.110 ms 108.170.251.129 (108.170.251.129)  0.705 ms
 5  142.251.64.183 (142.251.64.183)  0.812 ms 142.250.62.151 (142.250.62.151)  1.061 ms 142.250.214.201 (142.250.214.201)  0.708 ms
 6  dns.google (8.8.8.8)  0.918 ms  0.885 ms  0.716 ms

 

Posted by Uli Köhler in Networking
16
Jan
2022

Oracle Cloud Always Free Tier ARM network speedtest

Also seeOracle Cloud Always Free Tier ARM network ping

We tested Oracle Cloud free tier network performance on 2022-01-16 using:

  • Ubuntu 20.04
  • 3 cores, 23 GB memory => listed network bandwidth of 3 Gbps
  • We only tested Frankfurt AD2. In some less systematic tests using speedtest, AD2 performed significantly better (900Mbps AD2 instead of around 600Mbps AD1&AD3).

Quick links:

Speedtest results

[email protected]:~$ speedtest
Retrieving speedtest.net configuration...
Testing from Oracle Corporation (141.144.237.76)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by teliko GmbH (Limburg) [50.94 km]: 2.456 ms
Testing download speed................................................................................
Download: 901.05 Mbit/s
Testing upload speed......................................................................................................
Upload: 918.25 Mbit/s

iperf egress results

[email protected]:~$ iperf3 -c speedtest.wtnet.de -p 5200 -P 10 -4
Connecting to host speedtest.wtnet.de, port 5200
[  5] local 10.0.0.130 port 45868 connected to 213.209.106.95 port 5200
[  7] local 10.0.0.130 port 45870 connected to 213.209.106.95 port 5200
[  9] local 10.0.0.130 port 45872 connected to 213.209.106.95 port 5200
[ 11] local 10.0.0.130 port 45874 connected to 213.209.106.95 port 5200
[ 13] local 10.0.0.130 port 45876 connected to 213.209.106.95 port 5200
[ 15] local 10.0.0.130 port 45878 connected to 213.209.106.95 port 5200
[ 17] local 10.0.0.130 port 45880 connected to 213.209.106.95 port 5200
[ 19] local 10.0.0.130 port 45882 connected to 213.209.106.95 port 5200
[ 21] local 10.0.0.130 port 45884 connected to 213.209.106.95 port 5200
[ 23] local 10.0.0.130 port 45886 connected to 213.209.106.95 port 5200
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  21.6 MBytes   181 Mbits/sec  1434    208 KBytes       
[  7]   0.00-1.00   sec  25.6 MBytes   214 Mbits/sec  2056   69.3 KBytes       
[  9]   0.00-1.00   sec  32.3 MBytes   271 Mbits/sec  2737    230 KBytes       
[ 11]   0.00-1.00   sec  13.1 MBytes   110 Mbits/sec  447   18.4 KBytes       
[ 13]   0.00-1.00   sec  24.4 MBytes   205 Mbits/sec  2349   65.0 KBytes       
[ 15]   0.00-1.00   sec  18.1 MBytes   152 Mbits/sec  1428   43.8 KBytes       
[ 17]   0.00-1.00   sec  17.3 MBytes   145 Mbits/sec  1146   77.8 KBytes       
[ 19]   0.00-1.00   sec  16.3 MBytes   136 Mbits/sec  1022   77.8 KBytes       
[ 21]   0.00-1.00   sec  18.1 MBytes   152 Mbits/sec  1260   79.2 KBytes       
[ 23]   0.00-1.00   sec  16.7 MBytes   140 Mbits/sec  1353   50.9 KBytes       
[SUM]   0.00-1.00   sec   203 MBytes  1.71 Gbits/sec  15232             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   1.00-2.00   sec  21.2 MBytes   178 Mbits/sec   15    123 KBytes       
[  7]   1.00-2.00   sec  7.50 MBytes  62.9 Mbits/sec   30   38.2 KBytes       
[  9]   1.00-2.00   sec  18.8 MBytes   157 Mbits/sec   47    150 KBytes       
[ 11]   1.00-2.00   sec  6.25 MBytes  52.4 Mbits/sec  584   83.4 KBytes       
[ 13]   1.00-2.00   sec  8.75 MBytes  73.4 Mbits/sec   78   80.6 KBytes       
[ 15]   1.00-2.00   sec  11.2 MBytes  94.4 Mbits/sec   45   59.4 KBytes       
[ 17]   1.00-2.00   sec  10.0 MBytes  83.9 Mbits/sec   73   93.3 KBytes       
[ 19]   1.00-2.00   sec  8.75 MBytes  73.4 Mbits/sec   40   73.5 KBytes       
[ 21]   1.00-2.00   sec  15.0 MBytes   126 Mbits/sec   16    140 KBytes       
[ 23]   1.00-2.00   sec  8.75 MBytes  73.4 Mbits/sec   19   76.4 KBytes       
[SUM]   1.00-2.00   sec   116 MBytes   975 Mbits/sec  947             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   2.00-3.00   sec  13.8 MBytes   115 Mbits/sec   37   99.0 KBytes       
[  7]   2.00-3.00   sec  8.75 MBytes  73.4 Mbits/sec   23   73.5 KBytes       
[  9]   2.00-3.00   sec  11.2 MBytes  94.4 Mbits/sec   28   74.9 KBytes       
[ 11]   2.00-3.00   sec  10.0 MBytes  83.9 Mbits/sec   44   65.0 KBytes       
[ 13]   2.00-3.00   sec  10.0 MBytes  83.9 Mbits/sec   53   65.0 KBytes       
[ 15]   2.00-3.00   sec  11.2 MBytes  94.4 Mbits/sec   21   90.5 KBytes       
[ 17]   2.00-3.00   sec  12.5 MBytes   105 Mbits/sec   24   79.2 KBytes       
[ 19]   2.00-3.00   sec  10.0 MBytes  83.9 Mbits/sec   30   84.8 KBytes       
[ 21]   2.00-3.00   sec  16.2 MBytes   136 Mbits/sec   55    105 KBytes       
[ 23]   2.00-3.00   sec  8.75 MBytes  73.4 Mbits/sec   26   69.3 KBytes       
[SUM]   2.00-3.00   sec   112 MBytes   944 Mbits/sec  341             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   3.00-4.00   sec  12.5 MBytes   105 Mbits/sec   44   84.8 KBytes       
[  7]   3.00-4.00   sec  11.2 MBytes  94.4 Mbits/sec   25   76.4 KBytes       
[  9]   3.00-4.00   sec  12.5 MBytes   105 Mbits/sec   34   99.0 KBytes       
[ 11]   3.00-4.00   sec  10.0 MBytes  83.9 Mbits/sec   21   73.5 KBytes       
[ 13]   3.00-4.00   sec  10.0 MBytes  83.9 Mbits/sec   62   70.7 KBytes       
[ 15]   3.00-4.00   sec  13.8 MBytes   115 Mbits/sec   84    117 KBytes       
[ 17]   3.00-4.00   sec  13.8 MBytes   115 Mbits/sec   22    105 KBytes       
[ 19]   3.00-4.00   sec  11.2 MBytes  94.4 Mbits/sec   20    110 KBytes       
[ 21]   3.00-4.00   sec  12.5 MBytes   105 Mbits/sec   26   70.7 KBytes       
[ 23]   3.00-4.00   sec  10.0 MBytes  83.9 Mbits/sec   46   73.5 KBytes       
[SUM]   3.00-4.00   sec   118 MBytes   986 Mbits/sec  384             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   4.00-5.00   sec  13.8 MBytes   115 Mbits/sec   10    105 KBytes       
[  7]   4.00-5.00   sec  11.2 MBytes  94.4 Mbits/sec   43    113 KBytes       
[  9]   4.00-5.00   sec  12.5 MBytes   105 Mbits/sec   34   63.6 KBytes       
[ 11]   4.00-5.00   sec  13.8 MBytes   115 Mbits/sec   34   96.2 KBytes       
[ 13]   4.00-5.00   sec  8.75 MBytes  73.4 Mbits/sec   58   69.3 KBytes       
[ 15]   4.00-5.00   sec  8.75 MBytes  73.4 Mbits/sec   61   45.2 KBytes       
[ 17]   4.00-5.00   sec  11.2 MBytes  94.4 Mbits/sec   30   67.9 KBytes       
[ 19]   4.00-5.00   sec  11.2 MBytes  94.4 Mbits/sec   73   74.9 KBytes       
[ 21]   4.00-5.00   sec  8.75 MBytes  73.4 Mbits/sec   25   63.6 KBytes       
[ 23]   4.00-5.00   sec  15.0 MBytes   126 Mbits/sec    1    123 KBytes       
[SUM]   4.00-5.00   sec   115 MBytes   965 Mbits/sec  369             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   5.00-6.00   sec  15.0 MBytes   126 Mbits/sec   28    117 KBytes       
[  7]   5.00-6.00   sec  16.2 MBytes   136 Mbits/sec    4    170 KBytes       
[  9]   5.00-6.00   sec  10.0 MBytes  83.9 Mbits/sec   64   77.8 KBytes       
[ 11]   5.00-6.00   sec  11.2 MBytes  94.4 Mbits/sec   34   99.0 KBytes       
[ 13]   5.00-6.00   sec  10.0 MBytes  83.9 Mbits/sec   27   79.2 KBytes       
[ 15]   5.00-6.00   sec  8.75 MBytes  73.4 Mbits/sec   17   63.6 KBytes       
[ 17]   5.00-6.00   sec  11.2 MBytes  94.4 Mbits/sec   21   93.3 KBytes       
[ 19]   5.00-6.00   sec  8.75 MBytes  73.4 Mbits/sec   47   59.4 KBytes       
[ 21]   5.00-6.00   sec  8.75 MBytes  73.4 Mbits/sec   32   55.1 KBytes       
[ 23]   5.00-6.00   sec  15.0 MBytes   126 Mbits/sec   72   87.7 KBytes       
[SUM]   5.00-6.00   sec   115 MBytes   965 Mbits/sec  346             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   6.00-7.00   sec  11.2 MBytes  94.4 Mbits/sec   78   73.5 KBytes       
[  7]   6.00-7.00   sec  16.2 MBytes   136 Mbits/sec   37    110 KBytes       
[  9]   6.00-7.00   sec  10.0 MBytes  83.9 Mbits/sec   53   39.6 KBytes       
[ 11]   6.00-7.00   sec  7.50 MBytes  62.9 Mbits/sec   43   53.7 KBytes       
[ 13]   6.00-7.00   sec  13.8 MBytes   115 Mbits/sec   16    106 KBytes       
[ 15]   6.00-7.00   sec  8.75 MBytes  73.4 Mbits/sec   20   59.4 KBytes       
[ 17]   6.00-7.00   sec  13.8 MBytes   115 Mbits/sec   34   72.1 KBytes       
[ 19]   6.00-7.00   sec  10.0 MBytes  83.9 Mbits/sec   45   46.7 KBytes       
[ 21]   6.00-7.00   sec  10.0 MBytes  83.9 Mbits/sec   32   74.9 KBytes       
[ 23]   6.00-7.00   sec  13.8 MBytes   115 Mbits/sec   15    154 KBytes       
[SUM]   6.00-7.00   sec   115 MBytes   965 Mbits/sec  373             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   7.00-8.00   sec  8.75 MBytes  73.4 Mbits/sec   44   45.2 KBytes       
[  7]   7.00-8.00   sec  17.5 MBytes   147 Mbits/sec   38    165 KBytes       
[  9]   7.00-8.00   sec  7.50 MBytes  62.9 Mbits/sec   29   72.1 KBytes       
[ 11]   7.00-8.00   sec  11.2 MBytes  94.4 Mbits/sec   21   86.3 KBytes       
[ 13]   7.00-8.00   sec  12.5 MBytes   105 Mbits/sec   29   93.3 KBytes       
[ 15]   7.00-8.00   sec  10.0 MBytes  83.9 Mbits/sec   16   99.0 KBytes       
[ 17]   7.00-8.00   sec  11.2 MBytes  94.4 Mbits/sec   53   70.7 KBytes       
[ 19]   7.00-8.00   sec  7.50 MBytes  62.9 Mbits/sec   45   63.6 KBytes       
[ 21]   7.00-8.00   sec  10.0 MBytes  83.9 Mbits/sec   43   62.2 KBytes       
[ 23]   7.00-8.00   sec  18.8 MBytes   157 Mbits/sec   32    151 KBytes       
[SUM]   7.00-8.00   sec   115 MBytes   965 Mbits/sec  350             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   8.00-9.00   sec  10.0 MBytes  83.9 Mbits/sec   25   80.6 KBytes       
[  7]   8.00-9.00   sec  18.8 MBytes   157 Mbits/sec   41    103 KBytes       
[  9]   8.00-9.00   sec  11.2 MBytes  94.4 Mbits/sec   34   72.1 KBytes       
[ 11]   8.00-9.00   sec  13.8 MBytes   115 Mbits/sec    5    158 KBytes       
[ 13]   8.00-9.00   sec  10.0 MBytes  83.9 Mbits/sec   68   67.9 KBytes       
[ 15]   8.00-9.00   sec  11.2 MBytes  94.4 Mbits/sec   58   65.0 KBytes       
[ 17]   8.00-9.00   sec  8.75 MBytes  73.4 Mbits/sec   33   65.0 KBytes       
[ 19]   8.00-9.00   sec  10.0 MBytes  83.9 Mbits/sec   19    105 KBytes       
[ 21]   8.00-9.00   sec  8.75 MBytes  73.4 Mbits/sec   30   58.0 KBytes       
[ 23]   8.00-9.00   sec  10.0 MBytes  83.9 Mbits/sec   40   76.4 KBytes       
[SUM]   8.00-9.00   sec   112 MBytes   944 Mbits/sec  353             
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   9.00-10.00  sec  12.5 MBytes   105 Mbits/sec   29    102 KBytes       
[  7]   9.00-10.00  sec  12.5 MBytes   105 Mbits/sec   57   89.1 KBytes       
[  9]   9.00-10.00  sec  10.0 MBytes  83.9 Mbits/sec   65   77.8 KBytes       
[ 11]   9.00-10.00  sec  13.8 MBytes   115 Mbits/sec   38   69.3 KBytes       
[ 13]   9.00-10.00  sec  12.5 MBytes   105 Mbits/sec   30   63.6 KBytes       
[ 15]   9.00-10.00  sec  10.0 MBytes  83.9 Mbits/sec   27   76.4 KBytes       
[ 17]   9.00-10.00  sec  10.0 MBytes  83.9 Mbits/sec   27    107 KBytes       
[ 19]   9.00-10.00  sec  16.2 MBytes   136 Mbits/sec   43    103 KBytes       
[ 21]   9.00-10.00  sec  10.0 MBytes  83.9 Mbits/sec   23   72.1 KBytes       
[ 23]   9.00-10.00  sec  10.0 MBytes  83.9 Mbits/sec   40   79.2 KBytes       
[SUM]   9.00-10.00  sec   118 MBytes   986 Mbits/sec  379             
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   140 MBytes   118 Mbits/sec  1744             sender
[  5]   0.00-10.01  sec   137 MBytes   115 Mbits/sec                  receiver
[  7]   0.00-10.00  sec   146 MBytes   122 Mbits/sec  2354             sender
[  7]   0.00-10.01  sec   142 MBytes   119 Mbits/sec                  receiver
[  9]   0.00-10.00  sec   136 MBytes   114 Mbits/sec  3125             sender
[  9]   0.00-10.01  sec   133 MBytes   112 Mbits/sec                  receiver
[ 11]   0.00-10.00  sec   111 MBytes  92.8 Mbits/sec  1271             sender
[ 11]   0.00-10.01  sec   107 MBytes  89.7 Mbits/sec                  receiver
[ 13]   0.00-10.00  sec   121 MBytes   101 Mbits/sec  2770             sender
[ 13]   0.00-10.01  sec   118 MBytes  98.7 Mbits/sec                  receiver
[ 15]   0.00-10.00  sec   112 MBytes  93.8 Mbits/sec  1777             sender
[ 15]   0.00-10.01  sec   109 MBytes  91.4 Mbits/sec                  receiver
[ 17]   0.00-10.00  sec   120 MBytes   101 Mbits/sec  1463             sender
[ 17]   0.00-10.01  sec   116 MBytes  97.4 Mbits/sec                  receiver
[ 19]   0.00-10.00  sec   110 MBytes  92.3 Mbits/sec  1384             sender
[ 19]   0.00-10.01  sec   107 MBytes  89.3 Mbits/sec                  receiver
[ 21]   0.00-10.00  sec   118 MBytes  99.0 Mbits/sec  1542             sender
[ 21]   0.00-10.01  sec   115 MBytes  96.1 Mbits/sec                  receiver
[ 23]   0.00-10.00  sec   127 MBytes   106 Mbits/sec  1644             sender
[ 23]   0.00-10.01  sec   124 MBytes   104 Mbits/sec                  receiver
[SUM]   0.00-10.00  sec  1.21 GBytes  1.04 Gbits/sec  19074             sender
[SUM]   0.00-10.01  sec  1.18 GBytes  1.01 Gbits/sec                  receiver

iperf Done.

iperf ingress results

[email protected]:~$ iperf3 -c speedtest.wtnet.de -p 5200 -P 10 -4 -R
Connecting to host speedtest.wtnet.de, port 5200
Reverse mode, remote host speedtest.wtnet.de is sending
[  5] local 10.0.0.130 port 45842 connected to 213.209.106.95 port 5200
[  7] local 10.0.0.130 port 45844 connected to 213.209.106.95 port 5200
[  9] local 10.0.0.130 port 45846 connected to 213.209.106.95 port 5200
[ 11] local 10.0.0.130 port 45848 connected to 213.209.106.95 port 5200
[ 13] local 10.0.0.130 port 45850 connected to 213.209.106.95 port 5200
[ 15] local 10.0.0.130 port 45852 connected to 213.209.106.95 port 5200
[ 17] local 10.0.0.130 port 45854 connected to 213.209.106.95 port 5200
[ 19] local 10.0.0.130 port 45856 connected to 213.209.106.95 port 5200
[ 21] local 10.0.0.130 port 45858 connected to 213.209.106.95 port 5200
[ 23] local 10.0.0.130 port 45860 connected to 213.209.106.95 port 5200
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   102 MBytes   854 Mbits/sec                  
[  7]   0.00-1.00   sec  17.3 MBytes   145 Mbits/sec                  
[  9]   0.00-1.00   sec  6.38 MBytes  53.5 Mbits/sec                  
[ 11]   0.00-1.00   sec  6.12 MBytes  51.3 Mbits/sec                  
[ 13]   0.00-1.00   sec  6.38 MBytes  53.5 Mbits/sec                  
[ 15]   0.00-1.00   sec  5.84 MBytes  49.0 Mbits/sec                  
[ 17]   0.00-1.00   sec  5.41 MBytes  45.4 Mbits/sec                  
[ 19]   0.00-1.00   sec  6.31 MBytes  52.9 Mbits/sec                  
[ 21]   0.00-1.00   sec  5.82 MBytes  48.8 Mbits/sec                  
[ 23]   0.00-1.00   sec  5.94 MBytes  49.8 Mbits/sec                  
[SUM]   0.00-1.00   sec   167 MBytes  1.40 Gbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   1.00-2.00   sec  14.3 MBytes   120 Mbits/sec                  
[  7]   1.00-2.00   sec  22.1 MBytes   185 Mbits/sec                  
[  9]   1.00-2.00   sec  11.5 MBytes  96.5 Mbits/sec                  
[ 11]   1.00-2.00   sec  9.54 MBytes  80.1 Mbits/sec                  
[ 13]   1.00-2.00   sec  9.46 MBytes  79.3 Mbits/sec                  
[ 15]   1.00-2.00   sec  7.94 MBytes  66.6 Mbits/sec                  
[ 17]   1.00-2.00   sec  7.42 MBytes  62.2 Mbits/sec                  
[ 19]   1.00-2.00   sec  9.59 MBytes  80.4 Mbits/sec                  
[ 21]   1.00-2.00   sec  13.2 MBytes   111 Mbits/sec                  
[ 23]   1.00-2.00   sec  9.74 MBytes  81.8 Mbits/sec                  
[SUM]   1.00-2.00   sec   115 MBytes   963 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   2.00-3.00   sec  8.18 MBytes  68.6 Mbits/sec                  
[  7]   2.00-3.00   sec  11.1 MBytes  92.8 Mbits/sec                  
[  9]   2.00-3.00   sec  14.9 MBytes   125 Mbits/sec                  
[ 11]   2.00-3.00   sec  15.1 MBytes   126 Mbits/sec                  
[ 13]   2.00-3.00   sec  10.8 MBytes  90.9 Mbits/sec                  
[ 15]   2.00-3.00   sec  8.65 MBytes  72.5 Mbits/sec                  
[ 17]   2.00-3.00   sec  10.9 MBytes  91.8 Mbits/sec                  
[ 19]   2.00-3.00   sec  11.5 MBytes  96.1 Mbits/sec                  
[ 21]   2.00-3.00   sec  13.2 MBytes   110 Mbits/sec                  
[ 23]   2.00-3.00   sec  10.5 MBytes  88.3 Mbits/sec                  
[SUM]   2.00-3.00   sec   115 MBytes   963 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   3.00-4.00   sec  12.1 MBytes   102 Mbits/sec                  
[  7]   3.00-4.00   sec  13.2 MBytes   110 Mbits/sec                  
[  9]   3.00-4.00   sec  11.0 MBytes  92.6 Mbits/sec                  
[ 11]   3.00-4.00   sec  13.0 MBytes   109 Mbits/sec                  
[ 13]   3.00-4.00   sec  11.6 MBytes  97.0 Mbits/sec                  
[ 15]   3.00-4.00   sec  10.2 MBytes  85.5 Mbits/sec                  
[ 17]   3.00-4.00   sec  10.4 MBytes  87.5 Mbits/sec                  
[ 19]   3.00-4.00   sec  8.71 MBytes  73.1 Mbits/sec                  
[ 21]   3.00-4.00   sec  14.7 MBytes   124 Mbits/sec                  
[ 23]   3.00-4.00   sec  9.66 MBytes  81.0 Mbits/sec                  
[SUM]   3.00-4.00   sec   115 MBytes   962 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   4.00-5.00   sec  13.8 MBytes   116 Mbits/sec                  
[  7]   4.00-5.00   sec  11.2 MBytes  94.0 Mbits/sec                  
[  9]   4.00-5.00   sec  8.76 MBytes  73.5 Mbits/sec                  
[ 11]   4.00-5.00   sec  11.6 MBytes  97.2 Mbits/sec                  
[ 13]   4.00-5.00   sec  14.9 MBytes   125 Mbits/sec                  
[ 15]   4.00-5.00   sec  9.05 MBytes  75.9 Mbits/sec                  
[ 17]   4.00-5.00   sec  12.4 MBytes   104 Mbits/sec                  
[ 19]   4.00-5.00   sec  9.99 MBytes  83.8 Mbits/sec                  
[ 21]   4.00-5.00   sec  13.8 MBytes   116 Mbits/sec                  
[ 23]   4.00-5.00   sec  10.3 MBytes  86.1 Mbits/sec                  
[SUM]   4.00-5.00   sec   116 MBytes   971 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   5.00-6.00   sec  13.3 MBytes   112 Mbits/sec                  
[  7]   5.00-6.00   sec  10.2 MBytes  85.5 Mbits/sec                  
[  9]   5.00-6.00   sec  12.2 MBytes   102 Mbits/sec                  
[ 11]   5.00-6.00   sec  11.2 MBytes  94.2 Mbits/sec                  
[ 13]   5.00-6.00   sec  16.0 MBytes   134 Mbits/sec                  
[ 15]   5.00-6.00   sec  8.12 MBytes  68.1 Mbits/sec                  
[ 17]   5.00-6.00   sec  10.1 MBytes  84.7 Mbits/sec                  
[ 19]   5.00-6.00   sec  11.7 MBytes  98.3 Mbits/sec                  
[ 21]   5.00-6.00   sec  11.4 MBytes  95.7 Mbits/sec                  
[ 23]   5.00-6.00   sec  10.9 MBytes  91.7 Mbits/sec                  
[SUM]   5.00-6.00   sec   115 MBytes   966 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   6.00-7.00   sec  16.5 MBytes   138 Mbits/sec                  
[  7]   6.00-7.00   sec  15.3 MBytes   128 Mbits/sec                  
[  9]   6.00-7.00   sec  10.8 MBytes  90.9 Mbits/sec                  
[ 11]   6.00-7.00   sec  7.67 MBytes  64.3 Mbits/sec                  
[ 13]   6.00-7.00   sec  8.88 MBytes  74.5 Mbits/sec                  
[ 15]   6.00-7.00   sec  9.65 MBytes  81.0 Mbits/sec                  
[ 17]   6.00-7.00   sec  8.26 MBytes  69.3 Mbits/sec                  
[ 19]   6.00-7.00   sec  12.8 MBytes   107 Mbits/sec                  
[ 21]   6.00-7.00   sec  15.8 MBytes   132 Mbits/sec                  
[ 23]   6.00-7.00   sec  8.70 MBytes  73.0 Mbits/sec                  
[SUM]   6.00-7.00   sec   114 MBytes   958 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   7.00-8.00   sec  8.85 MBytes  74.2 Mbits/sec                  
[  7]   7.00-8.00   sec  18.7 MBytes   157 Mbits/sec                  
[  9]   7.00-8.00   sec  7.53 MBytes  63.1 Mbits/sec                  
[ 11]   7.00-8.00   sec  9.67 MBytes  81.1 Mbits/sec                  
[ 13]   7.00-8.00   sec  5.62 MBytes  47.1 Mbits/sec                  
[ 15]   7.00-8.00   sec  14.6 MBytes   123 Mbits/sec                  
[ 17]   7.00-8.00   sec  10.7 MBytes  90.1 Mbits/sec                  
[ 19]   7.00-8.00   sec  10.6 MBytes  89.2 Mbits/sec                  
[ 21]   7.00-8.00   sec  22.3 MBytes   187 Mbits/sec                  
[ 23]   7.00-8.00   sec  6.36 MBytes  53.4 Mbits/sec                  
[SUM]   7.00-8.00   sec   115 MBytes   966 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   8.00-9.00   sec  13.8 MBytes   115 Mbits/sec                  
[  7]   8.00-9.00   sec  13.3 MBytes   111 Mbits/sec                  
[  9]   8.00-9.00   sec  9.93 MBytes  83.3 Mbits/sec                  
[ 11]   8.00-9.00   sec  13.6 MBytes   114 Mbits/sec                  
[ 13]   8.00-9.00   sec  8.48 MBytes  71.1 Mbits/sec                  
[ 15]   8.00-9.00   sec  13.7 MBytes   115 Mbits/sec                  
[ 17]   8.00-9.00   sec  12.6 MBytes   106 Mbits/sec                  
[ 19]   8.00-9.00   sec  8.90 MBytes  74.6 Mbits/sec                  
[ 21]   8.00-9.00   sec  11.4 MBytes  95.9 Mbits/sec                  
[ 23]   8.00-9.00   sec  10.1 MBytes  85.0 Mbits/sec                  
[SUM]   8.00-9.00   sec   116 MBytes   972 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   9.00-10.00  sec  15.4 MBytes   130 Mbits/sec                  
[  7]   9.00-10.00  sec  7.63 MBytes  64.0 Mbits/sec                  
[  9]   9.00-10.00  sec  9.52 MBytes  79.8 Mbits/sec                  
[ 11]   9.00-10.00  sec  18.8 MBytes   158 Mbits/sec                  
[ 13]   9.00-10.00  sec  16.5 MBytes   138 Mbits/sec                  
[ 15]   9.00-10.00  sec  8.81 MBytes  73.9 Mbits/sec                  
[ 17]   9.00-10.00  sec  8.84 MBytes  74.1 Mbits/sec                  
[ 19]   9.00-10.00  sec  10.9 MBytes  91.7 Mbits/sec                  
[ 21]   9.00-10.00  sec  7.89 MBytes  66.1 Mbits/sec                  
[ 23]   9.00-10.00  sec  9.79 MBytes  82.0 Mbits/sec                  
[SUM]   9.00-10.00  sec   114 MBytes   957 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.01  sec   221 MBytes   186 Mbits/sec  1160             sender
[  5]   0.00-10.00  sec   218 MBytes   183 Mbits/sec                  receiver
[  7]   0.00-10.01  sec   143 MBytes   119 Mbits/sec  990             sender
[  7]   0.00-10.00  sec   140 MBytes   117 Mbits/sec                  receiver
[  9]   0.00-10.01  sec   106 MBytes  88.5 Mbits/sec  430             sender
[  9]   0.00-10.00  sec   103 MBytes  86.0 Mbits/sec                  receiver
[ 11]   0.00-10.01  sec   120 MBytes   101 Mbits/sec  378             sender
[ 11]   0.00-10.00  sec   116 MBytes  97.6 Mbits/sec                  receiver
[ 13]   0.00-10.01  sec   112 MBytes  93.6 Mbits/sec  555             sender
[ 13]   0.00-10.00  sec   109 MBytes  91.1 Mbits/sec                  receiver
[ 15]   0.00-10.01  sec  99.5 MBytes  83.4 Mbits/sec  470             sender
[ 15]   0.00-10.00  sec  96.6 MBytes  81.1 Mbits/sec                  receiver
[ 17]   0.00-10.01  sec  99.7 MBytes  83.6 Mbits/sec  496             sender
[ 17]   0.00-10.00  sec  97.2 MBytes  81.5 Mbits/sec                  receiver
[ 19]   0.00-10.01  sec   103 MBytes  86.6 Mbits/sec  449             sender
[ 19]   0.00-10.00  sec   101 MBytes  84.7 Mbits/sec                  receiver
[ 21]   0.00-10.01  sec   133 MBytes   111 Mbits/sec  465             sender
[ 21]   0.00-10.00  sec   130 MBytes   109 Mbits/sec                  receiver
[ 23]   0.00-10.01  sec  94.1 MBytes  78.9 Mbits/sec  426             sender
[ 23]   0.00-10.00  sec  92.0 MBytes  77.2 Mbits/sec                  receiver
[SUM]   0.00-10.01  sec  1.20 GBytes  1.03 Gbits/sec  5819             sender
[SUM]   0.00-10.00  sec  1.17 GBytes  1.01 Gbits/sec                  receiver

iperf Done.
u

 

Posted by Uli Köhler in Networking
09
Jan
2022

NodeJS MQTT minimal subscribe example with JSON messages

const mqtt = require('mqtt')
const client = mqtt.connect('mqtt://user:[email protected]')

client.on('connect', () => {
  client.subscribe('mytopic');
})

client.on('message', (topic, message) => {
  console.log(topic, JSON.parse(message))
})

If required, you can install the mqtt library using

npm i --save mqtt

 

Posted by Uli Köhler in Javascript, MQTT, NodeJS
03
Jan
2022

iperf3 TCP minimal example commands

On the host sending the data:

iperf3 -s

On the host receiving the data:

iperf3 -c [IP address of host sending the data]

for example:

iperf3 -c 192.168.178.22

 

Posted by Uli Köhler in Networking
03
Jan
2022

TPLink WDR3600 OpenWRT wireguard throughput benchmark

TechOverflow tested Wireguard bandwidth / throughput on the TPLink WDR3600 with OpenWRT 21.02, based on a standard iperf3 TCP benchmark. We did not use Pre-shared keys in this setup.

So far we were able to verify that the Wireguard bandwidth is approximately 27Mbit/s (unidirectional), measured using iperf3.

Connecting to host 192.168.239.254, port 5201
[  5] local 10.9.1.104 port 57502 connected to 192.168.239.254 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  3.48 MBytes  29.2 Mbits/sec    0    215 KBytes       
[  5]   1.00-2.00   sec  3.86 MBytes  32.4 Mbits/sec    0    387 KBytes       
[  5]   2.00-3.00   sec  3.13 MBytes  26.2 Mbits/sec    0    470 KBytes       
[  5]   3.00-4.00   sec  3.37 MBytes  28.3 Mbits/sec    0    470 KBytes       
[  5]   4.00-5.00   sec  3.31 MBytes  27.8 Mbits/sec    0    470 KBytes       
[  5]   5.00-6.00   sec  3.31 MBytes  27.8 Mbits/sec    0    470 KBytes       
[  5]   6.00-7.00   sec  3.31 MBytes  27.8 Mbits/sec    0    470 KBytes       
[  5]   7.00-8.00   sec  2.76 MBytes  23.1 Mbits/sec    0    470 KBytes       
[  5]   8.00-9.00   sec  3.31 MBytes  27.8 Mbits/sec    0    470 KBytes       
[  5]   9.00-10.00  sec  2.76 MBytes  23.1 Mbits/sec    0    470 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  32.6 MBytes  27.4 Mbits/sec    0             sender
[  5]   0.00-10.14  sec  32.0 MBytes  26.4 Mbits/sec                  receiver

During the test, top consistently showed 0% idle CPU load, with the load being approximately 51% sys and 49% sirq.

The commands in use were

iperf3 -s

on the WDR3600 and

iperf -c [IP address of WDR3600]

on the client.

Posted by Uli Köhler in Networking, Wireguard
03
Jan
2022

How to fix iperf connect failed: Operation in progress

Problem:

When running iperf -c [IP address] you see this error message:

connect failed: Operation in progress

Solution:

You are running different iperf versions on the server and the client. Typically this error occurs if the client is running iperf 2.x whereas the server is running iperf 3.x.

Check using iperf --version. In my case, on the client, it was

iperf version 2.0.13 (21 Jan 2019) pthreads

on OpenWRT.

Posted by Uli Köhler in Networking
03
Jan
2022

How to install wireguard_watchdog on OpenWRT

Run this on your OpenWRT router to automatically re-resolve DNS names for peers.

/usr/bin/wireguard_watchdog is automatically installed with the standard wireguard package, so you only need to enable it to run every minute:

echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root

Source: This commit message.

Posted by Uli Köhler in Wireguard
31
Dec
2021

How to check if WireGuard client/peer is connected?

You can use wg show to check if a client is connected:

interface: Computer
  public key: X6NJW+IznvItD3B5TseUasRPjPzF0PkM5+GaLIjdBG4=
  private key: (hidden)
  listening port: 19628

peer: H3KaL/X94984cLDNWFsM4Hx6Rs/Ku0bW2ECkDUn7wFw=
  endpoint: 10.9.1.108:19628
  allowed ips: 10.217.59.2/32
  latest handshake: 27 seconds ago
  transfer: 13.19 MiB received, 12.70 MiB sent
  persistent keepalive: every 1 minute

Look for this line:

latest handshake: 27 seconds ago

If it’s less than two minutes old, the client is connected.

If the latest handshake line is missing entirely, the peer has never connected successfully!

If in doubt, you can often ping the client to verify. It depends on the client configuration and possibly firewall settings if it will answer the ping but it never hurts to try.

Posted by Uli Köhler in Networking, Wireguard
31
Dec
2021

ESP32 Wireguard example with HTTP access over Wireguard (PlatformIO)

In this example we will use Wireguard-ESP32-Arduino in order to make HTTP requests over Wireguard on the ESP32.

[env:esp32-gateway]
platform = espressif32
board = esp32-gateway
framework = arduino
monitor_speed = 115200
lib_deps =
    ciniml/[email protected]^0.1.5
#include <WiFi.h>
#include <WireGuard-ESP32.h>

// WiFi configuration --- UPDATE this configuration for your WiFi AP
char ssid[] = "MyWifiESSID";
char password[] = "my-wifi-password";

// WireGuard configuration --- UPDATE this configuration from JSON
char private_key[] = "gH2YqDa+St6x5eFhomVQDwtV1F0YMQd3HtOElPkZgVY=";
IPAddress local_ip(10, 217, 59, 2);
char public_key[] = "X6NJW+IznvItD3B5TseUasRPjPzF0PkM5+GaLIjdBG4=";
char endpoint_address[] = "192.168.178.133"; // IP of Wireguard endpoint to connect to.
int endpoint_port = 19628;

static WireGuard wg;

void setup()
{
    Serial.begin(115200);
    Serial.println("Connecting to the AP...");
    WiFi.begin(ssid, password);
    while( !WiFi.isConnected() ) {
        delay(100);
    }
    Serial.println(WiFi.localIP());
    Serial.println("Adjusting system time...");
    configTime(9 * 60 * 60, 0, "ntp.jst.mfeed.ad.jp", "ntp.nict.jp", "time.google.com");

    Serial.println("Connected. Initializing WireGuard...");
    wg.begin(
        local_ip,
        private_key,
        endpoint_address,
        public_key,
        endpoint_port);
}

void loop()
{
    WiFiClient client;

    /**
     * Connect to
     * python3 -m http.server
     */
    if( !client.connect("10.217.59.1", 8000) ) {
        Serial.println("Failed to connect...");
        delay(1000);
        return;
    } else { // Client connected successfully. Send dummy HTTP request.
        client.write("GET /wireguard-test HTTP/1.1\r\n");
        client.write("Host: wireguard.test.com\r\n");
        client.write("\r\n\r\n");
    }

}

Remember to replace 192.168.238.133 by the IP address of the computer your ESP32 should connect to (i.e. the computer running WireGuard). You also need to enter the correct Wifi credentials.

On the computer, deploy this WireGuard config:

[Interface]
# Name = Computer
PrivateKey = ONj6Iefel47uMKtWRCSMLan2UC5eW3Fj9Gsy9bqcyEc=
Address = 10.217.59.1/24
ListenPort = 19628

[Peer]
# Name = ESP32
PublicKey = H3KaL/X94984cLDNWFsM4Hx6Rs/Ku0bW2ECkDUn7wFw=
AllowedIPs = 10.217.59.2/32
PersistentKeepalive = 60

which is auto-generated by the following GuardMyWire config:

{
    "rules": {
        "Node": {
            "connect_to": ["*"],
            "keepalive": 60
        }
    },
    "peers": [
        {
            "name": "Computer",
            "endpoint": "192.168.178.233:19628",
            "addresses": [
                "10.217.59.1/24"
            ],
            "type": "Node",
            "interface_name": "wg0"
        }, {
            "name": "ESP32",
            "addresses": [
                "10.217.59.2/24"
            ],
            "type": "Node",
            "interface_name": "wg0"
        }
    ]
}

Enable this config and start a Python HTTP server to receive the requests using

python3 -m http.server

Now flash the firmware on the ESP32.

Using wg show you should see the ESP connecting:

interface: Computer
  public key: X6NJW+IznvItD3B5TseUasRPjPzF0PkM5+GaLIjdBG4=
  private key: (hidden)
  listening port: 19628

peer: H3KaL/X94984cLDNWFsM4Hx6Rs/Ku0bW2ECkDUn7wFw=
  endpoint: 10.9.1.108:19628
  allowed ips: 10.217.59.2/32
  latest handshake: 5 seconds ago
  transfer: 11.71 MiB received, 10.43 MiB sent
  persistent keepalive: every 1 minute

Look for the

latest handshake: 5 seconds ago

line.

On the shell running python3 -m http.server you should see the dummy HTTP requests:

10.217.59.2 - - [31/Dec/2021 02:36:48] "GET /wireguard-test HTTP/1.1" 404 -
10.217.59.2 - - [31/Dec/2021 02:36:48] code 404, message File not found
10.217.59.2 - - [31/Dec/2021 02:36:48] "GET /wireguard-test HTTP/1.1" 404 -
10.217.59.2 - - [31/Dec/2021 02:36:48] code 404, message File not found
10.217.59.2 - - [31/Dec/2021 02:36:48] "GET /wireguard-test HTTP/1.1" 404 -
10.217.59.2 - - [31/Dec/2021 02:36:48] code 404, message File not found
Posted by Uli Köhler in ESP8266/ESP32, PlatformIO, Wireguard
30
Dec
2021

Simple Unifi controller setup using docker-compose

This setup runs both MongoDB and unifi using network_mode: host, this is why we are running MongoDB on a nonstandard port (so it will not interfere with other MongoDB instances). This has the huge benefit of allowing direct Layer 2 network access allowing L2 access point adoption.

Create a directory such as /opt/unifi and create docker-compose.yml

version: '2.3'
services:
  mongo:
    image: mongo:3.6
    network_mode: host
    restart: always
    volumes:
      - ./mongo_db:/data/db
      - ./mongo/dbcfg:/data/configdb
    command: mongod --port 29718
  controller:
    image: "jacobalberty/unifi:latest"
    depends_on:
      - mongo
    init: true
    network_mode: host
    restart: always
    volumes:
      - ./unifi_dir:/unifi
      - ./unifi_data:/unifi/data
      - ./unifi_log:/unifi/log
      - ./unifi_cert:/unifi/cert
      - ./unifi_init:/unifi/init.d
      - ./unifi_run:/var/run/unifi
      - ./unifi_backup:/unifi/data/backup
    environment:
      - DB_URI=mongodb://localhost:29718/unifi
      - STATDB_URI=mongodb://localhost:29718/unifi_stat
      - DB_NAME=unifi
  logs:
    image: bash
    depends_on:
      - controller
    command: bash -c 'tail -F /unifi/log/*.log'
    restart: always
    volumes:
      - ./unifi_log:/unifi/log

Now create the directories with the correct permissions:

mkdir -p unifi_backup unifi_cert unifi_data unifi_dir unifi_init unifi_log unifi_run
chown -R 999:999 unifi_backup unifi_cert unifi_data unifi_dir unifi_init unifi_log unifi_run

Now you can use our script from Create a systemd service for your docker-compose project in 10 seconds to automatically start the controller on boot (and start it immediately):

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

Now access https://<IP of controller>:8443 to get started with the setup or import a backup.

Posted by Uli Köhler in Docker, Networking
29
Dec
2021

How to update WireGuard peer endpoint address using DNS on MikroTik RouterOS

Assuming your peer comment is peer1 and the correct endpoint DNS record is peer1.mydomain.com, you can use this RouterOS script to update the endpoint based on the DNS record:

:if ([interface wireguard peers get number=[find comment=peer1] value-name=endpoint-address] != [resolve peer1.mydomain.com]) do={interface wireguard peers set number=[find comment=peer1] endpoint-address=[/resolve peer1.mydomain.com]}

Related posts which might make that easier to understand:

Posted by Uli Köhler in MikroTik, Wireguard
29
Dec
2021

How to check if WireGuard Peer endpoint address equals DNS record using RouterOS scripting on MikroTik

Assuming your peer comment is peer1 and the correct endpoint DNS record is peer1.mydomain.com:

([interface wireguard peers get number=[find comment=peer1] value-name=endpoint-address] = [resolve peer1.mydomain.com])

This will return true if the peer endpoint is the same as the DNS record.

Example

[[email protected]] > :put ([interface wireguard peers get number=[find comment=peer1] value-name=endpoint-address] = [resolve peer1.mydomain.com])
true
Posted by Uli Köhler in MikroTik, Wireguard