Project

General

Profile

The ungleich VPN infrastructure » History » Revision 4

Revision 3 (Nico Schottelius, 01/23/2019 03:15 PM) → Revision 4/31 (Nico Schottelius, 01/23/2019 03:25 PM)

h1. The ungleich VPN infrastructure 

 h2. Wireguard on vpn-2a0ae5c1.ungleich.ch 

 * Server: vpn-2a0ae5c1.ungleich.ch 
 * Port: 51820 
 * Requires a public key 
 * Client network:  
 * Client network size: /48 

 h3. Sample server configuration 

 /etc/wireguard/wg0.conf: 

 <pre> 
 [Interface] 
 ListenPort = 51820 
 PrivateKey = OEZPTrd6eh8rfh/jhZYyikboPT3fClRJjOjx4iA5NFg= 

 # Nico, 2019-01-23 
 [Peer] 
 PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8= 
 AllowedIPs = 2a0a:e5c1:101::/48 

 # Customer networks below 
 # ... 
 </pre> 

 Sample server rc.local: 

 <pre> 
 ip link add dev wg0 type wireguard 
 ip addr add 2a0a:e5c1:100::1/40 dev wg0 
 wg setconf wg0 /etc/wireguard/wg0.conf 
 ip link set wg0 up 

 </pre> 

 



 h3. Sample client configuration: 

 /etc/wireguard/wg0.conf: 

 <pre> 
 [Interface] 
 PrivateKey = YOURKEYHERE 
 ListenPort = 51280 

 [Peer] 
 PublicKey = 94WZhiEjyWnnymzA5OQcR34/IKkv1dgHf2JPsi5KzGU= 
 Endpoint = vpn-2a0ae5c1.ungleich.ch:51820 
 AllowedIPs = ::/0 
 </pre> 

 Commands for setting it up 

 <pre> 
 MY_NET=2a0a:e5c1:XXXX::1/48 

 ip link add dev wg0 type wireguard 

 # Replace with your range 
 ip addr add $MY_NET dev wg0 

 # Add routing 
 ip route add 2a0a:e5c1:100::/40 dev wg0 
 ip route add ::/0 via 2a0a:e5c1:100::1 

 # Configure the interface 
 wg setconf wg0 /etc/wireguard/wg0.conf 

 # Bring it up 
 ip link set wg0 up 
 </pre> 

 Debugging 

 * wg show 
 * ping 2a0a:e5c1:100::1 


 


 h2. OpenVPN on openvpn.ungleich.ch 

 * Server: openvpn.ungleich.ch 
 * Port: 1195 
 * Requires a certificate 
 * Address range: 2a0a:e5c0:3::/48 
 ** Client networks are /64