Wireguard Roadwarrior setup using Ubuntu Server 18.04, Pi-hole and Google Wifi (with some double NAT)
Wireguard has had a lot of press because of its addition to the Linux Kernel. With this in mind I look to setup a Roadwarrior setup
This is a working page, I’ll be adding things as I find them, it’s things I found out about the ChromeOS Linux shell (Crostini).
The Linux shell is an amazing thing and I’m just starting to learn what can be one using it in Crostini.
I’m running on a UK HP Chromebook X2 in the Beta Channel
As was pointed out you don’t need to be in the beta channel of ChromeOS if you are running 71 or above, at the time of writing however some of the features like mounting the SD card in the Linux container were only available in Beta.
I’m running in the Beta Channel on 73.0.3683.48 (Official Build) beta (64-bit)
A few useful tools to get you going
apt -y install apt-file bc bash-completion cron gnupg2 jq whois zip tree python-boto gnome-terminal tmux file autossh dnsutils elinks netcat nautilus build-essential awscli nautilus wget curl git-all gdebi-core
A question I had early on was how to access web services installed in Crostini in the Chrome Browser.
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether nn:nn:nn:nn:nn:nn brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 100.115.92.204/28 brd 100.115.92.207 scope global eth0
valid_lft forever preferred_lft forever
the external IP address
in the browser would access a webserver installed using crostini
If you want to use DNS names as the IP will change Crostini has some baked in DNS which can be used
Within the Crostini shell
Will ping localhost 127.0.0.1
Will ping the hostname address (in this case 100.115.92.204)
From the Chrome browser opening
will open 100.115.92.204
Docker is an amazing tool, at the time of writing installing it however from the local repository didn’t work
Head over to https://github.com/abiosoft/crostini-docker
Use git clone to clone the repo
cd to the crostini-docker folder
This will install a working docker session
service status docker <- will show if docker is running
systemctl enable docker <- Enable docker on Crostini start.
Portainer is a good web interface for Docker
docker volume create portainer_data
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
Open Portainer at
Cockpit makes GNU/Linux discoverable. See your server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs.
echo 'deb http://deb.debian.org/debian stretch-backports main' > \
sudo apt-get install cockpit
From version 73 of ChromeOS its possible to mount an External SD car in Read/Write mode within Crostini
Right Click on the SD Card
Click on Manage Linux Sharing
Shared folders are available in Linux at /mnt/chromeos. To share, right-click on a folder in Files app, then select ‘Share with Linux’. Removing folders from here will stop sharing but will not delete files.
My SD Card is mounted as Data
Android Download OpenVPN Photos uac00091.pfx
ASR problems.jpg docker HomeCerts Payslip squid.bak wallpaper
Earlier gnome-terminal was installed however the gnome terminal icon doesn’t appear.
Comment=Use the command line
Note: Copy an paste might not work here
Tmux should have been installed earlier if not:
sudo apt -t stretch-backports install tmux
Start tmux by typing
tmux, then press
ctrl+b to enter command mode.
" splits the window horizontally and
% splits it vertically. To move around, press
For more customization, make a
.tmux.conf in the home directory and add:
# Enable mouse mode (tmux 2.1 and above)
set -g mouse on
This can either be one by downloading the VSCode Deb file from
sudo apt-get update && sudo apt-get upgradesudo wget https://az764295.vo.msecnd.net/stable/f46c4c469d6e6d8c46f268d1553c5dc4b475840f/code_1.27.2-1536736588_amd64.debsudo dpkg -i code*-1536736588.deb# It will fail so need to re-run
sudo apt -f install
sudo apt-get update
sudo dpkg -i code*-1536736588.deb
As someone learning Ansible this was quite useful
# Install Ansible
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install ansible
There may be a reason you want to test some powershell code, this can be done
sudo apt install curl gnupg apt-transport-https liblttng-ust-ctl2 liblttng-ust0 libunwind8 liburcu4 wgetcurl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main" > /etc/apt/sources.list.d/microsoft.list'sudo apt-get update
sudo apt-get install -y powershell
sudo apt-get install -f
# Install and configure Terraform
# Check for latest release https://releases.hashicorp.com/terraform/sudo apt-get install wget git unzip gnupg python3 python3-pip -y
sudo apt-get update && sudo apt-get upgradesudo wget
https://releases.hashicorp.com/terraform/0.11.8/terraform_0.11.8_linux_amd64.zipsudo unzip terraform_0.11.18_linux_amd64.zipsudo mv terraform /usr/local/bin/terraform –version
From this point on i take no responsibility of you start getting any problems this is me experimenting..
The service sshd is enabled on the chromeOS Linux container, however, by default, it's listening to Port 2222 which seems to be something used to enable the files app to mount the SD card on the Crostini app. (conjecture based on some posts).
I wanted to do this to get Jenkins working in docker with a Jenkins Agent running on the container.
There is a file which exists will stop sshd running in
We can, however, run sshd as expected on port 22
rm -v /etc/ssh/sshd_not_to_be_runservice sshd restart
Check SSHD is now running
service sshd status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-03-02 13:51:22 UTC; 7min ago
Process: 2424 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
I strongly suggest setting up an ssh user at this point, as assigning a password to your username might cause issues