Project

General

Profile

The ungleich VPN infrastructure » History » Version 10

Nico Schottelius, 01/23/2019 03:47 PM

1 1 Nico Schottelius
h1. The ungleich VPN infrastructure
2
3 5 Nico Schottelius
{{toc}}
4
5 1 Nico Schottelius
h2. Wireguard on vpn-2a0ae5c1.ungleich.ch
6
7
* Server: vpn-2a0ae5c1.ungleich.ch
8
* Port: 51820
9
* Requires a public key
10 7 Nico Schottelius
* Client network: 2a0a:e5c1:100::/40
11 1 Nico Schottelius
* Client network size: /48
12
13 9 Nico Schottelius
h3. How to add a new customer connection
14 1 Nico Schottelius
15 9 Nico Schottelius
* Get the public key of the customer
16
* Edit dot-cdist/type/__ungleich_wireguard/manifest and add the new network definition at the end of the file
17
* Let the customer know their network
18 1 Nico Schottelius
19
20 9 Nico Schottelius
h3. Sample clustomer client configuration
21
22
* "Install wireguard":https://www.wireguard.com/install/
23
* Create your private key: @umask 077; wg genkey > privkey@
24
* Get your public key: @wg pubkey < privkey@
25
** You need to send this pubkey to ungleich
26
* You will get your network definition after we have received your public key
27
* Create /etc/wireguard/wg0.conf
28
29 1 Nico Schottelius
<pre>
30
[Interface]
31
PrivateKey = YOURKEYHERE
32
ListenPort = 51280
33
34
[Peer]
35 9 Nico Schottelius
PublicKey = hi60lGP+xEUQ+kVnqA7PlJAO1SVqTS1W36g0LhFP0xQ=
36 1 Nico Schottelius
Endpoint = vpn-2a0ae5c1.ungleich.ch:51820
37
AllowedIPs = ::/0
38
</pre>
39
40
Commands for setting it up
41
42
<pre>
43
MY_NET=2a0a:e5c1:XXXX::1/48
44
45
ip link add dev wg0 type wireguard
46
47
# Replace with your range
48
ip addr add $MY_NET dev wg0
49
50
# Add routing
51
ip route add 2a0a:e5c1:100::/40 dev wg0
52
ip route add ::/0 via 2a0a:e5c1:100::1
53
54
# Configure the interface
55
wg setconf wg0 /etc/wireguard/wg0.conf
56
57
# Bring it up
58
ip link set wg0 up
59
</pre>
60
61
Debugging
62
63
* wg show
64
* ping 2a0a:e5c1:100::1
65 6 Nico Schottelius
66
h3. Sample server configuration
67 1 Nico Schottelius
68 10 Nico Schottelius
This is just for reference - as a client you don't need this configuration
69
70 6 Nico Schottelius
/etc/wireguard/wg0.conf:
71
72
<pre>
73
[Interface]
74
ListenPort = 51820
75 7 Nico Schottelius
PrivateKey = SERVERKEYHERE
76 6 Nico Schottelius
77
# Nico, 2019-01-23
78
[Peer]
79
PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8=
80
AllowedIPs = 2a0a:e5c1:101::/48
81
82
# Customer networks below
83
# ...
84
</pre>
85
86
Sample server rc.local:
87
88
<pre>
89
ip link add dev wg0 type wireguard
90
ip addr add 2a0a:e5c1:100::1/40 dev wg0
91
wg setconf wg0 /etc/wireguard/wg0.conf
92
ip link set wg0 up
93
94 1 Nico Schottelius
</pre>
95
96
h2. OpenVPN on openvpn.ungleich.ch
97
98
* Server: openvpn.ungleich.ch
99
* Port: 1195
100
* Requires a certificate
101
* Address range: 2a0a:e5c0:3::/48
102
** Client networks are /64