The ungleich VPN infrastructure¶

• Table of contents
• The ungleich VPN infrastructure
  • Status
  • Infrastructure
  • How to add a new customer connection
  • Sample server configuration

This document only concerns server-side configuration and is intended for ungleich staff. See Ungleich IPv6 wireguard VPN page for end-user/customer documentation.

Status¶

This document is IN PRODUCTION.

Infrastructure¶

Server: vpn-2a0ae5c1.ungleich.ch
Port: 51820

How to add a new customer connection¶

• Get the public key of the customer
• Edit dot-cdist/type/__ungleich_wireguard/manifest and add the new network definition at the end of the file
• Let the customer know their network

Sample server configuration¶

This is just for reference - as a client you don't need this configuration

/etc/wireguard/wg0.conf:

[Interface]
ListenPort = 51820
PrivateKey = SERVERKEYHERE

# Nico, 2019-01-23
[Peer]
PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8=
AllowedIPs = 2a0a:e5c1:101::/48

# Customer networks below
# ...

Sample server rc.local:

ip link add dev wg0 type wireguard
ip addr add 2a0a:e5c1:100::1/40 dev wg0
wg setconf wg0 /etc/wireguard/wg0.conf
ip link set wg0 up