Project

General

Profile

Actions

The ungleich VPN infrastructure

This document only concerns server-side configuration and is intended for ungleich staff. See Ungleich IPv6 wireguard VPN page for end-user/customer documentation.

Status

This document is IN PRODUCTION.

Infrastructure

Server: vpn-2a0ae5c1.ungleich.ch
Port: 51820

How to add a new customer connection

  • Get the public key of the customer
  • Edit dot-cdist/type/__ungleich_wireguard/manifest and add the new network definition at the end of the file
  • Let the customer know their network

Sample server configuration

This is just for reference - as a client you don't need this configuration

/etc/wireguard/wg0.conf:

[Interface]
ListenPort = 51820
PrivateKey = SERVERKEYHERE

# Nico, 2019-01-23
[Peer]
PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8=
AllowedIPs = 2a0a:e5c1:101::/48

# Customer networks below
# ...

Sample server rc.local:

ip link add dev wg0 type wireguard
ip addr add 2a0a:e5c1:100::1/40 dev wg0
wg setconf wg0 /etc/wireguard/wg0.conf
ip link set wg0 up

Updated by Timothée Floure 3 months ago · 31 revisions