Differences

This shows you the differences between two versions of the page.

--- network:vpn:wireguard_access_ipv4_to_ipv6_tunnel [2023/08/16 00:04] – external edit (Unknown date) 127.0.0.1
+++ network:vpn:wireguard_access_ipv4_to_ipv6_tunnel [Unknown date] (current) – external edit (Unknown date) 127.0.0.1
@@ Line 11: / Line 11: @@
 tar -xf ../udp2raw_binaries*.tar.gz
 cp udp2raw_amd64_hw_aes /usr/bin
-setcap cap_net_raw+ep /usr/bin/udp2raw_amd64_hw_aes
+# This is for testing as a unpriviledged user see below
+setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /usr/bin/udp2raw_amd64_hw_aes
 cd ..
 rm -rf udp2raw
@@ Line 27: / Line 28: @@
 # Generate /usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple -g
 ExecStartPre=ip6tables -I INPUT -s $(MD_IPV6_PREFIX)::235 -p tcp -m tcp --sport 38864 -j DROP
-User=nobody
+DynamicUser=yes
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
 ExecStart=/usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple
 # As root ExecStart=/usr/bin/udp2raw_amd64_hw_aes -c -l 0.0.0.0:38865 -r [$(MD_IPV6_PREFIX)::235]:38864 -k 3886538864 --cipher-mode xor --auth-mode simple -a
 ExecReload=/bin/kill -HUP
-ExecStop=/bin/kill -s QUIT PrivateTmp=true
+ExecStop=/bin/kill -s QUIT
+PrivateTmp=true
 Restart=always
 [Install]