1.6 KiB
Add a new device to the Data VPN
Create a new key pair
You can create private keys on a bash terminal with wg genkey
To get the related pubkey, you can run wg pubkey <pasted-private-key-here>
Add entry in the jumphost config file
In the jumphost server, modify /etc/wireguard/wg0.conf and add a new entry for the peer following this structure:
[Peer]
# Probably leave a comment to inform who this is for
PublicKey = <copy-paste-public-key-here>
AllowedIPs = 192.168.70.XXX/32 # Replace XXX with the an available value
Make sure to not generate IP collisions: each Peer entry should have a unique AllowedIPs value that no other entry is using.
Finally, restart the server so that changes take effect with: sudo systemctl restart wg-quick@wg0.service
You can verify that Wireguard is running properly again with: sudo systemctl status wg-quick@wg0.service
Provide user with their private configuration and keys
Next, provide the user with this block of configuration so they can create an entry in their local Wireguard client:
[Interface]
PrivateKey = <copy-paste-private-key-here>
Address = 192.168.70.1/32
DNS = 192.168.69.1
[Peer]
PublicKey = bKr79c5XbzudWeUjiwXcxsy1mrrEnrO4xSrNAUZv2GE= # Jumphost public key goes here. This is a valid value as I'm writing this guide, but it might change in the future!
AllowedIPs = 192.168.69.1/32, 10.69.0.0/24, 52.146.133.0/24
Endpoint = 172.166.88.95:52420
Besides this config snippet, also provide the public and private keys to the user and instruct them to keep them stored in their password manager.