The ungleich VPN infrastructure » History » Revision 7
Revision 6 (Nico Schottelius, 01/23/2019 03:28 PM) → Revision 7/31 (Nico Schottelius, 01/23/2019 03:35 PM)
h1. The ungleich VPN infrastructure
{{toc}}
h2. Wireguard on vpn-2a0ae5c1.ungleich.ch
* Server: vpn-2a0ae5c1.ungleich.ch
* Port: 51820
* Requires a public key
* Client network: 2a0a:e5c1:100::/40
* Client network size: /48
h3. Sample client configuration:
/etc/wireguard/wg0.conf:
<pre>
[Interface]
PrivateKey = YOURKEYHERE
ListenPort = 51280
[Peer]
PublicKey = 94WZhiEjyWnnymzA5OQcR34/IKkv1dgHf2JPsi5KzGU=
Endpoint = vpn-2a0ae5c1.ungleich.ch:51820
AllowedIPs = ::/0
</pre>
Commands for setting it up
<pre>
MY_NET=2a0a:e5c1:XXXX::1/48
ip link add dev wg0 type wireguard
# Replace with your range
ip addr add $MY_NET dev wg0
# Add routing
ip route add 2a0a:e5c1:100::/40 dev wg0
ip route add ::/0 via 2a0a:e5c1:100::1
# Configure the interface
wg setconf wg0 /etc/wireguard/wg0.conf
# Bring it up
ip link set wg0 up
</pre>
Debugging
* wg show
* ping 2a0a:e5c1:100::1
h3. Sample server configuration
/etc/wireguard/wg0.conf:
<pre>
[Interface]
ListenPort = 51820
PrivateKey = SERVERKEYHERE OEZPTrd6eh8rfh/jhZYyikboPT3fClRJjOjx4iA5NFg=
# Nico, 2019-01-23
[Peer]
PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8=
AllowedIPs = 2a0a:e5c1:101::/48
# Customer networks below
# ...
</pre>
Sample server rc.local:
<pre>
ip link add dev wg0 type wireguard
ip addr add 2a0a:e5c1:100::1/40 dev wg0
wg setconf wg0 /etc/wireguard/wg0.conf
ip link set wg0 up
</pre>
h2. OpenVPN on openvpn.ungleich.ch
* Server: openvpn.ungleich.ch
* Port: 1195
* Requires a certificate
* Address range: 2a0a:e5c0:3::/48
** Client networks are /64