diff --git a/human-script.md b/human-script.md index eb003fe..527cdc6 100644 --- a/human-script.md +++ b/human-script.md @@ -76,7 +76,7 @@ Follow this to deploy the entire data infra. - Source: Any - Source port ranges: * - Destination: the addresss range for the `jumphost-subnet`. In this example, `10.69.0.0/29`. - - Destination port ranges: 51420 + - Destination port ranges: 52420 - Protocol: UDP - Action: Allow - Priority: 100 @@ -243,7 +243,7 @@ Follow this to deploy the entire data infra. - Connect through SSH - We will now set up a VPN server and client with Wireguard - Run the following script (requires `sudo`) to install wireguard and configure it - - *Note: the IPs chosen for the VPN can absolutely be changed. Just make sure they are consistent across the server and client configurations of the VPN.* + - *Note: the IPs chosen for the VPN can absolutely be changed. Just make sure they are consistent across the server and client configurations of the VPN.* ```bash echo "Installing Wireguard." @@ -284,6 +284,7 @@ Follow this to deploy the entire data infra. echo "Configuration for client, copy paste in your machine." cat << EOF + ############################## [Interface] # Jumphost VPN PrivateKey = ${CLIENT_PRIVATE_KEY} @@ -294,12 +295,26 @@ Follow this to deploy the entire data infra. PublicKey = ${SERVER_PUBLIC_KEY} AllowedIPs = 192.168.69.1/32 Endpoint = :52420 + ############################## EOF + echo "Setting the Wireguard server as a system service." + systemctl enable wg-quick@wg0.service + + echo "Starting Wireguard server." + systemctl start wg-quick@wg0.service + echo "Finished." ``` - - CONTINUE HERE, INSTRUCTIONS ON HOW TO RAISE WG DAEMONS AND TEST + +- You should copy the client config that the script will produce and set up the Wireguard config on your local machine. +- Once you've done so, start Wireguard on the client and try to ping the server from the client with the Wireguard VPN IP. If it reaches, the VPN is working fine. + +- #TODO + - Allowing ip4 forward on network interface of jumphost in Azure + + - ### 3.3 Configure a DNS Server