pages

notion_data_team_no_files/Add a new device to the Data VPN 1350446ff9c9800abb08ec761bf8ad7f.md

@@ -0,0 +1,41 @@
+# Add a new device to the Data VPN
+
+## Create a new key pair
+
+You can create private keys on a bash terminal with `wg genkey`
+To get the related pubkey, you can run `wg pubkey <pasted-private-key-here>` 
+
+## Add entry in the jumphost config file
+
+In the jumphost server, modify `/etc/wireguard/wg0.conf` and add a new entry for the peer following this structure:
+
+```bash
+[Peer]
+# Probably leave a comment to inform who this is for
+PublicKey = <copy-paste-public-key-here>
+AllowedIPs = 192.168.70.XXX/32 # Replace XXX with the an available value
+```
+
+Make sure to not generate IP collisions: each `Peer` entry should have a unique `AllowedIPs` value that no other entry is using.
+
+Finally, restart the server so that changes take effect with: `sudo systemctl restart wg-quick@wg0.service`
+
+You can verify that Wireguard is running properly again with: `sudo systemctl status wg-quick@wg0.service`
+
+## Provide user with their private configuration and keys
+
+Next, provide the user with this block of configuration so they can create an entry in their local Wireguard client:
+
+```bash
+[Interface]
+PrivateKey = <copy-paste-private-key-here>
+Address = 192.168.70.1/32
+DNS = 192.168.69.1
+
+[Peer]
+PublicKey = bKr79c5XbzudWeUjiwXcxsy1mrrEnrO4xSrNAUZv2GE= # Jumphost public key goes here. This is a valid value as I'm writing this guide, but it might change in the future!
+AllowedIPs = 192.168.69.1/32, 10.69.0.0/24, 52.146.133.0/24
+Endpoint = 172.166.88.95:52420
+```
+
+Besides this config snippet, also provide the public and private keys to the user and instruct them to keep them stored in their password manager.