wg-docker/README.md

# wg-docker [wip]

This repository contain a simple docker setup for wireguard.

requirements: debian|alpine, docker, wireguard, firefox, thunderbird, proxychains
space requirements:

alpine, docker images:
- alpine:3.16.3: 5.54MB
- wg-docker/alpine:0.0.1: 19.1MB

debian, docker images:
- debian:stable: 124MB
- wg-docker/debian:0.0.1: 270MB

## Build the image

```
docker build . -t wg-docker/alpine:0.0.1
docker build . -f Dockerfile.debian -t wg-docker/debian:0.0.1
```

## Usage
The usage would be similar to `wg-quick`

usage: wg-docker [up|shell|firefox|thunderbird] [profile_name]

### start the container with profile 'lattuga'
```
wg-docker up lattuga
```
### start the container and the firefox profile, proxied to container with profile lattuga
```
wg-docker firefox lattuga
```

### [wip] start the container and the thunderbird profile, proxied to container with profile lattuga

### [wip] start a shell proxied
```
wg-docker shell lattuga
```

for now start the container and then proxychains every command
```
wg-docker up lattuga
proxychains git clone ...
```

## ssh to container

```
ssh -ND 9999 root@172.20.0.10

-N :   Do not execute a remote command. This is useful for just forwarding ports.
-D :   Specifies a local “dynamic” application-level port forwarding.
       This works by allocating a socket to listen to port on the local
       side, optionally bound to the specified bind_address.  Whenever a
       connection is made to this port, the connection is forwarded over
       the secure channel, and the application protocol is then used to
       determine where to connect to from the remote machine.  Currently
       the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
       as a SOCKS server.
```

## Create a profile in firefox
In Firefox in [about:profiles]([about:profiles]) create a new profile and then go to 'settings', 'network settings' to manually setup the proxy to your choosen socks_port.

## Tips

### Vpn rotations
Use of healthcheck as scheduler to avoid installing crontab, and change configuration file every while (better would be a change of vpn-endpoint every firefox profile restart)


###
Paste your public ssh key in ./authorized_keys
or alternatively PermitRootLogin with password and initialize a password
```
sed -ie 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config;
echo 'test' | chpasswd
service ssh restart
```


## Why
Often I'm browsing some sites through torbrowser and I need at the same time to visit other sites, related to different contexts, and I prefer to open those pages with another network profile, es. via vpn.

I'm currently using mullvad as vpn provider so in this repository there are names of files related to mullvad, but it can be applied easily to other vpns providers that offer wireguard.

## Consulted Links
- [from ubuntu] https://github.com/linuxserver/docker-wireguard
- [from alpine] https://github.com/jordanpotter/docker-wireguard
- https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
- https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/
- https://tails.boum.org/support/faq/index.en.html#index20h2
- https://www.whonix.org/wiki/FAQ#How_does_Whonix_work?
- https://www.qubes-os.org/intro/
- https://www.whonix.org/wiki/Qubes
- https://packages.debian.org/bullseye/proxychains
- https://manpages.debian.org/bullseye/tsocks/tsocks.8.en.html

## Other similar needings
Common ways to visit a site that doesn't allow traffic from tor:

- web.archive.org, check if archive as a copy
paste the link after the / in the archive url https://web.archive.org/https://tor-blocking.website/path-to-resource

1.3G Whoonix size
init 2022-11-28 21:38:36 +01:00			`# wg-docker [wip]`

			`This repository contain a simple docker setup for wireguard.`

			`requirements: debian\|alpine, docker, wireguard, firefox, thunderbird, proxychains`
			`space requirements:`

			`alpine, docker images:`
			`- alpine:3.16.3: 5.54MB`
			`- wg-docker/alpine:0.0.1: 19.1MB`

			`debian, docker images:`
			`- debian:stable: 124MB`
			`- wg-docker/debian:0.0.1: 270MB`

			`## Build the image`

			```
			`docker build . -t wg-docker/alpine:0.0.1`
			`docker build . -f Dockerfile.debian -t wg-docker/debian:0.0.1`
			```

			`## Usage`
			The usage would be similar to `wg-quick`

			`usage: wg-docker [up\|shell\|firefox\|thunderbird] [profile_name]`

			`### start the container with profile 'lattuga'`
			```
			`wg-docker up lattuga`
			```
			`### start the container and the firefox profile, proxied to container with profile lattuga`
			```
			`wg-docker firefox lattuga`
			```

			`### [wip] start the container and the thunderbird profile, proxied to container with profile lattuga`

			`### [wip] start a shell proxied`
			```
			`wg-docker shell lattuga`
			```

			`for now start the container and then proxychains every command`
			```
			`wg-docker up lattuga`
			`proxychains git clone ...`
			```

			`## ssh to container`

			```
			`ssh -ND 9999 root@172.20.0.10`

			`-N : Do not execute a remote command. This is useful for just forwarding ports.`
			`-D : Specifies a local “dynamic” application-level port forwarding.`
			`This works by allocating a socket to listen to port on the local`
			`side, optionally bound to the specified bind_address. Whenever a`
			`connection is made to this port, the connection is forwarded over`
			`the secure channel, and the application protocol is then used to`
			`determine where to connect to from the remote machine. Currently`
			`the SOCKS4 and SOCKS5 protocols are supported, and ssh will act`
			`as a SOCKS server.`
			```

			`## Create a profile in firefox`
			`In Firefox in [about:profiles]([about:profiles]) create a new profile and then go to 'settings', 'network settings' to manually setup the proxy to your choosen socks_port.`

			`## Tips`

			`### Vpn rotations`
			`Use of healthcheck as scheduler to avoid installing crontab, and change configuration file every while (better would be a change of vpn-endpoint every firefox profile restart)`


			`###`
			`Paste your public ssh key in ./authorized_keys`
			`or alternatively PermitRootLogin with password and initialize a password`
			```
			`sed -ie 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config;`
			`echo 'test' \| chpasswd`
			`service ssh restart`
			```


			`## Why`
			`Often I'm browsing some sites through torbrowser and I need at the same time to visit other sites, related to different contexts, and I prefer to open those pages with another network profile, es. via vpn.`

			`I'm currently using mullvad as vpn provider so in this repository there are names of files related to mullvad, but it can be applied easily to other vpns providers that offer wireguard.`

			`## Consulted Links`
			`- [from ubuntu] https://github.com/linuxserver/docker-wireguard`
			`- [from alpine] https://github.com/jordanpotter/docker-wireguard`
			`- https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN`
			`- https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/`
			`- https://tails.boum.org/support/faq/index.en.html#index20h2`
			`- https://www.whonix.org/wiki/FAQ#How_does_Whonix_work?`
			`- https://www.qubes-os.org/intro/`
			`- https://www.whonix.org/wiki/Qubes`
			`- https://packages.debian.org/bullseye/proxychains`
			`- https://manpages.debian.org/bullseye/tsocks/tsocks.8.en.html`

			`## Other similar needings`
			`Common ways to visit a site that doesn't allow traffic from tor:`

			`- web.archive.org, check if archive as a copy`
			`paste the link after the / in the archive url https://web.archive.org/https://tor-blocking.website/path-to-resource`

			`1.3G Whoonix size`