The ungleich VPN infrastructure » History » Revision 12

« Previous | Revision 12/31 (diff) | Next »
Nico Schottelius, 01/25/2019 06:02 PM

The ungleich VPN infrastructure


This document is IN PRODUCTION.

Wireguard on

  • Server:
  • Port: 51820
  • Requires a public key
  • Client network: 2a0a:e5c1:100::/40
  • Client network size: /48

How to add a new customer connection

  • Get the public key of the customer
  • Edit dot-cdist/type/__ungleich_wireguard/manifest and add the new network definition at the end of the file
  • Let the customer know their network

Sample clustomer client configuration

  • Install wireguard
  • Create your private key: umask 077; wg genkey > privkey
  • Get your public key: wg pubkey < privkey
    • You need to send this pubkey to ungleich
  • You will get your network definition after we have received your public key
  • Create /etc/wireguard/wg0.conf
ListenPort = 51280

PublicKey = hi60lGP+xEUQ+kVnqA7PlJAO1SVqTS1W36g0LhFP0xQ=
Endpoint =
AllowedIPs = ::/0

Commands for setting it up


ip link add dev wg0 type wireguard

# Replace with your range
ip addr add $MY_NET dev wg0

# Add routing
ip route add 2a0a:e5c1:100::/40 dev wg0
ip route add ::/0 via 2a0a:e5c1:100::1

# Configure the interface
wg setconf wg0 /etc/wireguard/wg0.conf

# Bring it up
ip link set wg0 up

Once it runs, you can also use wg-quick to get it up faster:

wg-quick up wg0

(this just requires a configuration file named /etc/wireguard/wg0.conf to be existing)


  • wg show
  • ping 2a0a:e5c1:100::1

Sample server configuration

This is just for reference - as a client you don't need this configuration


ListenPort = 51820

# Nico, 2019-01-23
PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8=
AllowedIPs = 2a0a:e5c1:101::/48

# Customer networks below
# ...

Sample server rc.local:

ip link add dev wg0 type wireguard
ip addr add 2a0a:e5c1:100::1/40 dev wg0
wg setconf wg0 /etc/wireguard/wg0.conf
ip link set wg0 up

OpenVPN on

  • Server:
  • Port: 1195
  • Requires a certificate
  • Address range: 2a0a:e5c0:3::/48
    • Client networks are /64

Updated by Nico Schottelius about 4 years ago · 12 revisions