Actions
The ungleich VPN infrastructure » History » Revision 12
« Previous |
Revision 12/31
(diff)
| Next »
Nico Schottelius, 01/25/2019 06:02 PM
The ungleich VPN infrastructure¶
- Table of contents
- The ungleich VPN infrastructure
Status¶
This document is IN PRODUCTION.
Wireguard on vpn-2a0ae5c1.ungleich.ch¶
- Server: vpn-2a0ae5c1.ungleich.ch
- Port: 51820
- Requires a public key
- Client network: 2a0a:e5c1:100::/40
- Client network size: /48
How to add a new customer connection¶
- Get the public key of the customer
- Edit dot-cdist/type/__ungleich_wireguard/manifest and add the new network definition at the end of the file
- Let the customer know their network
Sample clustomer client configuration¶
- Install wireguard
- Create your private key:
umask 077; wg genkey > privkey
- Get your public key:
wg pubkey < privkey
- You need to send this pubkey to ungleich
- You will get your network definition after we have received your public key
- Create /etc/wireguard/wg0.conf
[Interface] PrivateKey = YOURKEYHERE Address = YOURIPv6IPADDRESSHERE/48 ListenPort = 51280 [Peer] PublicKey = hi60lGP+xEUQ+kVnqA7PlJAO1SVqTS1W36g0LhFP0xQ= Endpoint = vpn-2a0ae5c1.ungleich.ch:51820 AllowedIPs = ::/0
Commands for setting it up
MY_NET=2a0a:e5c1:XXXX::1/48 ip link add dev wg0 type wireguard # Replace with your range ip addr add $MY_NET dev wg0 # Add routing ip route add 2a0a:e5c1:100::/40 dev wg0 ip route add ::/0 via 2a0a:e5c1:100::1 # Configure the interface wg setconf wg0 /etc/wireguard/wg0.conf # Bring it up ip link set wg0 up
Once it runs, you can also use wg-quick
to get it up faster:
wg-quick up wg0
(this just requires a configuration file named /etc/wireguard/wg0.conf to be existing)
Debugging
- wg show
- ping 2a0a:e5c1:100::1
Sample server configuration¶
This is just for reference - as a client you don't need this configuration
/etc/wireguard/wg0.conf:
[Interface] ListenPort = 51820 PrivateKey = SERVERKEYHERE # Nico, 2019-01-23 [Peer] PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8= AllowedIPs = 2a0a:e5c1:101::/48 # Customer networks below # ...
Sample server rc.local:
ip link add dev wg0 type wireguard ip addr add 2a0a:e5c1:100::1/40 dev wg0 wg setconf wg0 /etc/wireguard/wg0.conf ip link set wg0 up
OpenVPN on openvpn.ungleich.ch¶
- Server: openvpn.ungleich.ch
- Port: 1195
- Requires a certificate
- Address range: 2a0a:e5c0:3::/48
- Client networks are /64
Updated by Nico Schottelius almost 6 years ago · 12 revisions