The ungleich VPN infrastructure » History » Revision 7
Revision 6 (Nico Schottelius, 01/23/2019 03:28 PM) → Revision 7/31 (Nico Schottelius, 01/23/2019 03:35 PM)
h1. The ungleich VPN infrastructure {{toc}} h2. Wireguard on vpn-2a0ae5c1.ungleich.ch * Server: vpn-2a0ae5c1.ungleich.ch * Port: 51820 * Requires a public key * Client network: 2a0a:e5c1:100::/40 * Client network size: /48 h3. Sample client configuration: /etc/wireguard/wg0.conf: <pre> [Interface] PrivateKey = YOURKEYHERE ListenPort = 51280 [Peer] PublicKey = 94WZhiEjyWnnymzA5OQcR34/IKkv1dgHf2JPsi5KzGU= Endpoint = vpn-2a0ae5c1.ungleich.ch:51820 AllowedIPs = ::/0 </pre> Commands for setting it up <pre> MY_NET=2a0a:e5c1:XXXX::1/48 ip link add dev wg0 type wireguard # Replace with your range ip addr add $MY_NET dev wg0 # Add routing ip route add 2a0a:e5c1:100::/40 dev wg0 ip route add ::/0 via 2a0a:e5c1:100::1 # Configure the interface wg setconf wg0 /etc/wireguard/wg0.conf # Bring it up ip link set wg0 up </pre> Debugging * wg show * ping 2a0a:e5c1:100::1 h3. Sample server configuration /etc/wireguard/wg0.conf: <pre> [Interface] ListenPort = 51820 PrivateKey = SERVERKEYHERE OEZPTrd6eh8rfh/jhZYyikboPT3fClRJjOjx4iA5NFg= # Nico, 2019-01-23 [Peer] PublicKey = kL1S/Ipq6NkFf1MAsNRou4b9VoUsnnb4ZxgiBrH0zA8= AllowedIPs = 2a0a:e5c1:101::/48 # Customer networks below # ... </pre> Sample server rc.local: <pre> ip link add dev wg0 type wireguard ip addr add 2a0a:e5c1:100::1/40 dev wg0 wg setconf wg0 /etc/wireguard/wg0.conf ip link set wg0 up </pre> h2. OpenVPN on openvpn.ungleich.ch * Server: openvpn.ungleich.ch * Port: 1195 * Requires a certificate * Address range: 2a0a:e5c0:3::/48 ** Client networks are /64