The only thing left to do then was set up a bunch of port forwards from the VPN endpoint AND on the OpenWRT router, so I can get my bittorrent and SSH into the home LAN to work.
The FW rule set on Algo seemed simpler to work with than the one that came with Streisand too. Streisand used UFW ( uncomplicated Fw) to wrap te IPTables config which I found quite complicated. đ¤ˇâď¸
Algo had some just iptables rules stored using netfilter-persistent package, which seemed easier to modify
I would have liked to use ipsec. Because previously I was doing a site to site ipsec so all hosts connected via that subnet could get use of the vpn.
Anyway.. re-engineered the solution to use double NAT and wireguard PtP. Setting that up via Algo and OpenWRT was easy https://danrl.com/blog/2017/luci-proto-wireguard/ helped, and adding the new wireguard interface to the WAN zone on the openWRT firewall.
As far as I could tell the strongswan implementation in OpenWRT has no support of elliptic curves, and the certificates and keys generated by Algo were all ECDSA keys... So I gave up with that.
 ... sometimes the best humour comes through adversity!
My friend is struggling to navigate "Her Majesties Revenue and Customs" processes at the moment...Â
They just said to me... 'I wonder if "yes but I lost it" is a standard checkbox on forms about whether you have received something. Like, "Dear CEO of whatever, please be so kind as to fill in the waffer thin formette that we may have managed to send you. or there may be some difficulties in writing off quite so much of your corporate tax this year. Have you received the form?" Yes / No / Yes but I have lost it"... Or is it only the great unwashed who are a bunch of fucking flakes and have probably used it as bog roll because we are assumed to be too on crack to get to the shops to buy any)'
Currently I use ipsec, but think it would make more sense to automate the process of deploying the remote end with some scripts, and I don't feel like writing my own.Â
 Also wireguard seems like it would take a lot of the complexity out of building a ipsec configuration, so.. that's why I'm thinking about streisand and wireguard.
Enough is Enough: **#Signal fails: There is no substitute for real-world face-to-face relationships**
"Signal is an encrypted messaging service that has been around in different forms for about 10 years. Since then, I have seen the software widely adopted by anarchist networks across Canada and the United StâŚ"
What's the difference between things like vars.disk_partition and $disk_partion$ ... My question is ... why are sometimes variables required to be wrapped in "$"'s and sometimes not
I am trying to find the correct word to describe UK politics...
I had .. sterile and festering.. but they don't seem to go together.
It's more stasis... A time dilation caused by black hole of brexit sucking everything in..
If we ever escape it or pass through it or get the energy to turn our gaze away from it we will catch up with the stagnant cess pond that UK society has become.
As if a TV debate for Tory leadership matters to anyone apart from 100,000 geriatric Tory members