forked from tildeverse/net
Merge pull request 'master' (#14) from clematis/net:master into master
Reviewed-on: tildeverse/net#14
This commit is contained in:
commit
790a5b065b
|
@ -43,6 +43,14 @@ PublicKey = OTp3CLRBXeECB0gEnDr2btL07Fs3am5eb5x7gf1LtEc=
|
|||
AllowedIPs = 10.0.0.27/32
|
||||
Endpoint = 139.99.134.13:764
|
||||
|
||||
# darksnow (clemat.is)
|
||||
[Peer]
|
||||
PublicKey = G/doxil/NgUO0TuNGde5JaE/a3nqp8vwRz4OJiAEYiI=
|
||||
AllowedIPs = 10.0.0.49/32, 10.0.49.0/24
|
||||
Endpoint = darksnow.clemat.is:54224
|
||||
|
||||
|
||||
|
||||
# You need to contact before adding your network to TildeNet.
|
||||
# You can find us at [ #tildenet on irc.tilde.chat] otherwise
|
||||
# ubergeek@thunix.net or ben@tilde.team.
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
How to create a wireguard tunnel to tildenet.
|
||||
https://intranet.tildeverse.org/
|
||||
https://tildegit.org/tildeverse/net/
|
||||
|
||||
|
||||
On your local system. (Example below is based on OpenBSD 6.9)
|
||||
|
||||
Wireguard is part of the base system. You still need to install 'wireguard-tools':
|
||||
|
||||
# pkg_add wireguard-tools
|
||||
|
||||
Accept packet forwarding in between interfaces:
|
||||
|
||||
# sysctl net.inet.ip.forwarding=1
|
||||
# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
|
||||
|
||||
|
||||
Note: 10.0.0.X/24 is being used for the tunnel in between tildes. Each tilde can then use 10.0.X.0/24 for their local clients.
|
||||
|
||||
|
||||
Create the configuration folder:
|
||||
|
||||
mkdir /etc/wireguard
|
||||
chmod 700 /etc/wireguard
|
||||
cd /etc/wireguard
|
||||
|
||||
Generate your server keypair
|
||||
wg genkey > secret.key
|
||||
chmod 600 secret.key
|
||||
wg pubkey < secret.key > public.key
|
||||
|
||||
Create your tunnel/interface config file: /etc/wireguard/wg0.conf
|
||||
|
||||
Based on : https://tildegit.org/tildeverse/net/src/branch/master/peers.txt
|
||||
|
||||
Pickup your IP range for your tilde and the associate tunnel IP
|
||||
|
||||
PrivateKey is the content of your /etc/wireguard/secret.key
|
||||
|
||||
Address = the ip you've choosen for this server
|
||||
|
||||
For the other tilde to add you as [Peer] open a PR against https://tildegit.org/tildeverse/net
|
||||
|
||||
// need an account on tildegit which has to be from a known tilde email@.
|
||||
|
||||
|
||||
The PR should contain your local tunnel IP (10.0.0.X/32 that will be their AllowedIPs and 10.0.X.0/24 for your local tilde peers) and your Endpoint being your public IP or hostname with the port WG is listening to. Just as the other are formated.
|
||||
|
||||
|
||||
Back to your system, setup /etc/hostname.wg0:
|
||||
|
||||
inet 10.0.0.49 255.255.255.0 NONE
|
||||
up
|
||||
!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
|
||||
|
||||
|
||||
Update your PF config by adding to /etc/pf.conf:
|
||||
|
||||
# wireguard setup for tildenet
|
||||
pass in on wg0
|
||||
pass in inet proto udp from any to any port 54224
|
||||
pass out on egress inet from (wg0:network) nat-to (em0:0)
|
||||
|
||||
(em0 being your interface name then pfctl -f /etc/pf.conf)
|
||||
|
Loading…
Reference in New Issue