more VPN stuff

human-script.md

@@ -76,7 +76,7 @@ Follow this to deploy the entire data infra.
       - Source: Any
       - Source port ranges: *
       - Destination: the addresss range for the `jumphost-subnet`. In this example, `10.69.0.0/29`.
-      - Destination port ranges: 51420
+      - Destination port ranges: 52420
       - Protocol: UDP
       - Action: Allow
       - Priority: 100
@@ -284,6 +284,7 @@ Follow this to deploy the entire data infra.
 
   echo "Configuration for client, copy paste in your machine."
   cat << EOF
+  ##############################
   [Interface]
   # Jumphost VPN
   PrivateKey = ${CLIENT_PRIVATE_KEY}
@@ -294,12 +295,26 @@ Follow this to deploy the entire data infra.
   PublicKey = ${SERVER_PUBLIC_KEY}
   AllowedIPs = 192.168.69.1/32
   Endpoint = <fill-public-ip-here>:52420
+  ##############################
 
   EOF
 
+  echo "Setting the Wireguard server as a system service."
+  systemctl enable wg-quick@wg0.service
+
+  echo "Starting Wireguard server."
+  systemctl start wg-quick@wg0.service
+
   echo "Finished."
   ```
-  - CONTINUE HERE, INSTRUCTIONS ON HOW TO RAISE WG DAEMONS AND TEST
+
+- You should copy the client config that the script will produce and set up the Wireguard config on your local machine.
+- Once you've done so, start Wireguard on the client and try to ping the server from the client with the Wireguard VPN IP. If it reaches, the VPN is working fine.
+
+- #TODO
+  - Allowing ip4 forward on network interface of jumphost in Azure
+
+  -
 
 ### 3.3 Configure a DNS Server