mikeconrad/hackanooga.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleaned up some more wordpress issues

Browse Source
This commit is contained in:
Mike Conrad
2025-02-19 19:10:33 -05:00
parent 1fa31b4ace
commit 2ba204da15
14 changed files with 90 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
content/post/2024-09-25-standing-up-a-wireguard-vpn.md
View File

@ -24,7 +24,7 @@ I have written some very basic Terraform to get us started. The Terraform is ver
First create our main.tf with the following contents:
```
```t
# main.tf
# Attach an SSH key to our droplet
resource "digitalocean_ssh_key" "default" {
@ -49,7 +49,7 @@ output "droplet_output" {
Next create a terraform.tf file in the same directory with the following contents:
```
```t
terraform {
required_providers {
digitalocean = {
@ -61,24 +61,23 @@ terraform {
provider "digitalocean" {
}
```
Now we will need to create the ssh key that we defined in our Terraform code.
```
```shell
$ ssh-keygen -t rsa -C "WireguardVPN" -f ./tf-digitalocean -q -N ""
```
Next we need to set an environment variable for our DigitalOcean access token.
```
```shell
$ export DIGITALOCEAN_ACCESS_TOKEN=dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
Now we are ready to initialize our Terraform and apply it:
```
```shell
$ terraform init
$ terraform apply
@ -157,7 +156,7 @@ droplet_output = "159.223.113.207"
All pretty standard stuff. Nice! It only took about 30 seconds or so on my machine to spin up a droplet and start provisioning it. It is worth noting that the setup script will take a few minutes to run. Before we log into our new droplet, lets take a quick look at the setup script that we are running.
```
```shell
#!/usr/bin/env sh
set -e
set -u
@ -240,7 +239,7 @@ On the “client” side:
Now that we have our configs in place, we need to copy the client config to our local machine. The following command should work as long as you make sure to replace the IP address with the IP address of your newly created droplet:
```
```shell
## Make sure you have Wireguard installed on your local machine as well.
## https://wireguard.com/install
@ -250,7 +249,7 @@ $ ssh -i tf-digitalocean root@157.230.177.54 -- cat /root/wireguard-conf/client-
Before we try to connect, lets log into the server and make sure everything is set up correctly:
```
```shell
$ ssh -i tf-digitalocean root@159.223.113.207
Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-113-generic x86_64)
@ -280,13 +279,11 @@ Run 'do-release-upgrade' to upgrade to it.
Last login: Wed Sep 25 13:16:25 2024 from 74.221.191.214
root@wireguard:~#
```
Awesome! We are connected. Now lets check the wireguard interface using the `wg` command. If our config was correct, we should see an interface line and 1 peer line like so. If the peer line is missing then something is wrong with the configuration. Most likely a mismatch between public/private key.:
```
```shell
root@wireguard:~# wg
interface: do
public key: fTvqo/cZVofJ9IZgWHwU6XKcIwM/EcxUsMw4voeS/Hg=
@ -300,7 +297,7 @@ root@wireguard:~#
So now we should be ready to go! On your local machine go ahead and try it out:
```
```shell
## Start the interface with wg-quick up [interface_name]
$ sudo wg-quick up do
[sudo] password for mikeconrad:
@ -347,14 +344,11 @@ rtt min/avg/max/mdev = 27.991/27.991/27.991/0.000 ms
## Verify our traffic is actually going over the tunnel.
$ curl icanhazip.com
157.230.177.54
```
We should also be able to ssh into our instance over the VPN using the `10.66.66.1` address:
```
```shell
$ ssh -i tf-digitalocean root@10.66.66.1
The authenticity of host '10.66.66.1 (10.66.66.1)' can't be established.
ED25519 key fingerprint is SHA256:E7BKSO3qP+iVVXfb/tLaUfKIc4RvtZ0k248epdE04m8.
@ -389,7 +383,6 @@ Run 'do-release-upgrade' to upgrade to it.
root@wireguard:~#
```
Looks like everything is working! If you run the script from the repo you will have a fully functioning Wireguard VPN in less than 5 minutes! Pretty cool stuff! This article was not meant to be exhaustive but instead a simple primer to get your feet wet. The setup script I used is heavily inspired by [angristan/wireguard-install](https://github.com/angristan/wireguard-install). Another great resource is the [Unofficial docs repo](https://github.com/pirate/wireguard-docs).