From 79db9f1a55b4acee59023b194dcfde83fd850a2d Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Mon, 29 Jun 2026 13:22:24 -0500 Subject: [PATCH] Update MediaStack: NordVPN tunnel via CT110, exit IP 2.56.190.69 --- ai-memory/project_mediastack.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ai-memory/project_mediastack.md b/ai-memory/project_mediastack.md index b9033df..4772e07 100644 --- a/ai-memory/project_mediastack.md +++ b/ai-memory/project_mediastack.md @@ -30,14 +30,15 @@ All services run as root (NFS ACL requires root for writes). ### wg0 — Internet kill-switch (primary VPN) - **Interface:** `wg0` | **VPN IP:** `10.200.0.4/24` -- **Endpoint:** CT110 at `10.48.200.67:51821` → DO server (165.22.1.228) → internet -- **Exit IP:** `165.22.1.228` (DO server, verified 2026-06-24) +- **Endpoint:** CT110 at `10.48.200.67:51821` → NordVPN (us9156, 2.56.190.66:51820) → internet +- **Exit IP:** `2.56.190.69` (NordVPN US, verified 2026-06-29) - **Kill-switch:** iptables rules — REJECT all non-wg0 non-fwmark traffic; LAN 10.48.200.0/24 always allowed - **Config:** `/etc/wireguard/wg0.conf` — fwmark hardcoded as `51820` (not dynamic, avoids PostDown race) - **Auto-start:** `systemctl enable wg-quick@wg0` (enabled 2026-06-24) - **DNS:** `10.48.200.90` (PVE1 dnsmasq) - **MediaStack pubkey:** `CaG79S1fJeJDlYCMhHz8BrDfizBq+OiGnO5VzFIk3gE=` - **CT110 pubkey:** `Fqb1KLfHe1r3+Hwhem7YGZB2KikGYy/8pPsOIP4rn18=` (updated 2026-06-29 — old key was RXxD...) +- **NordVPN exit IP:** 2.56.190.69 (us9156.nordvpn.com) — verified 2026-06-29 ### wg1 — Jellyfin media access (NOT internet VPN) - MediaStack is WireGuard server on `wg1` (port 51820, 10.200.0.1/24)