counterweight/superhog-infra-repo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

more VPN stuff

Browse source
This commit is contained in:
Pablo Martin 2024-02-07 14:50:07 +01:00
parent 5ced274e4a
commit 54acad43b7
1 changed files with 18 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

21
human-script.md
View file

@ -76,7 +76,7 @@ Follow this to deploy the entire data infra.
- Source: Any - Source: Any
- Source port ranges: * - Source port ranges: *
- Destination: the addresss range for the `jumphost-subnet`. In this example, `10.69.0.0/29`. - Destination: the addresss range for the `jumphost-subnet`. In this example, `10.69.0.0/29`.
- Destination port ranges: 51420 - Destination port ranges: 52420
- Protocol: UDP - Protocol: UDP
- Action: Allow - Action: Allow
- Priority: 100 - Priority: 100
@ -243,7 +243,7 @@ Follow this to deploy the entire data infra.
- Connect through SSH - Connect through SSH
- We will now set up a VPN server and client with Wireguard - We will now set up a VPN server and client with Wireguard
- Run the following script (requires `sudo`) to install wireguard and configure it - Run the following script (requires `sudo`) to install wireguard and configure it
- *Note: the IPs chosen for the VPN can absolutely be changed. Just make sure they are consistent across the server and client configurations of the VPN.* - *Note: the IPs chosen for the VPN can absolutely be changed. Just make sure they are consistent across the server and client configurations of the VPN.*
```bash ```bash
echo "Installing Wireguard." echo "Installing Wireguard."
@ -284,6 +284,7 @@ Follow this to deploy the entire data infra.
echo "Configuration for client, copy paste in your machine." echo "Configuration for client, copy paste in your machine."
cat << EOF cat << EOF
##############################
[Interface] [Interface]
# Jumphost VPN # Jumphost VPN
PrivateKey = ${CLIENT_PRIVATE_KEY} PrivateKey = ${CLIENT_PRIVATE_KEY}
@ -294,12 +295,26 @@ Follow this to deploy the entire data infra.
PublicKey = ${SERVER_PUBLIC_KEY} PublicKey = ${SERVER_PUBLIC_KEY}
AllowedIPs = 192.168.69.1/32 AllowedIPs = 192.168.69.1/32
Endpoint = <fill-public-ip-here>:52420 Endpoint = <fill-public-ip-here>:52420
##############################
EOF EOF
echo "Setting the Wireguard server as a system service."
systemctl enable wg-quick@wg0.service
echo "Starting Wireguard server."
systemctl start wg-quick@wg0.service
echo "Finished." echo "Finished."
``` ```
- CONTINUE HERE, INSTRUCTIONS ON HOW TO RAISE WG DAEMONS AND TEST
- You should copy the client config that the script will produce and set up the Wireguard config on your local machine.
- Once you've done so, start Wireguard on the client and try to ping the server from the client with the Wireguard VPN IP. If it reaches, the VPN is working fine.
- #TODO
- Allowing ip4 forward on network interface of jumphost in Azure
-
### 3.3 Configure a DNS Server ### 3.3 Configure a DNS Server