Skip to content

nycmeshnet/vpn-infra

BranchesTags

Repository files navigation

vpn-infra

Adding a config

Location Public IP Allocated Range Public Key
SN3 199.170.132.43 10.70.249.0/24 & 10.70.250.0/24 HCYsMu1Wztk8ape2WP5HYiFZnNpn07guRNvKZw/e0mk=
SN10 23.158.16.28 10.70.247.0/24 wFQXW68D0ePLU39A1yfuIRH7oyH3ZIfb424OczjI7Ak=
SN11 208.68.5.2 10.70.246.0/24 5wOBTSB3kH7CdZfBZAw8iomGQbS0POlmOLx2MFmzhFg=

NOTE: Site-to-site configurations should use allocated IP range 10.70.183.0/24 on both sides of the link.

Add a road warrior config

  1. Generate a public private keypair. wg genkey | tee yourname_privatekey | wg pubkey > yourname_publickey
  2. Add a new entry to ansible/wireguard_sn3.yaml for SN3, or ansible/wireguard_sn10.yaml for SN10
Key Description Restrictions
NAME Name of the interface Should be letters and numbers
PORT Port number for the wireguard interface Should be a unique number
PEER_PUBLIC_KEY Your public key Should be a wireguard public key
INTERFACE_ADDRESS Address for the wireguard interface Should be a unique /31 in the assigned range (10.70.250.0/24).
PEER_ALLOWED_IPS IPs allowed to connect. Default 0.0.0.0/0. IP range
PEER_PERSISTENT_KEEPALIVE Persistent keepalive. Default 25. Integer
PEER_ENDPOINT Optional - adds Endpoint for use as a client. String (e.g. 199.170.132.43:51820)
BFD_ENABLE Optional - enables BFD for interface. Default false Bool (true/false)
BFD_INTERVAL Optional - sets BFD interval. Default 200ms String (e.g. 200ms)
BFD_MULTIPLIER Optional - sets BFD multiplier. Default 5 Integer

  1. Open a pull request in this repository with your changes.

  2. After your pull request is created, a build will automatically run. If it fails, correct the configuration issue.

  3. A volunteer will merge your pull request, you can then set up your device and start using it.

Add a remote hub config

IMPORTANT COSTING NOTES:

  • If this is a fully remote node/hub (no OTA mesh connectivity), please use a cost of 100 or more to not cause bridging issues, especially if configuring your node/hub for multiple SNs
  • If this is a VPN backup for an OTA-connected hub, please consult in the #architecture channel or applicable hub channel before setting costs and merging.
  1. Generate a public private keypair. wg genkey | tee nn000_privatekey | wg pubkey > nn000_publickey
  2. Add a new entry to ansible/wireguard_sn3.yaml for SN3, or ansible/wireguard_sn10.yaml for SN10
Key Description Restrictions
NAME Name of the interface Should be nn000 where 000 is your NN
PORT Port number for the wireguard interface Should be a unique number
PEER_PUBLIC_KEY Your public key Should be a wireguard public key
INTERFACE_ADDRESS Address for the wireguard interface Should be a unique /30 in the assigned range (10.70.250.0/24).
NEIGHBORS Neighbor IP address An IP address
TX_LENGTH MTU. The default is 1420. Should be a unique number
COST The OSPF cost of the link from the VPN server to your remote hub. The default is 100. Should be a unique number
PEER_ALLOWED_IPS IPs allowed to connect. Default 0.0.0.0/0. IP range
PEER_PERSISTENT_KEEPALIVE Persistent keepalive. Default 25. Integer
PEER_ENDPOINT Optional - adds Endpoint for use as a client. String (e.g. 199.170.132.43:51820)
BFD_ENABLE Optional - enables BFD for interface. Default false Bool (true/false)
BFD_INTERVAL Optional - sets BFD interval. Default 200ms String (e.g. 200ms)
BFD_MULTIPLIER Optional - sets BFD multiplier. Default 5 Integer

  1. Open a pull request in this repository with your changes.

  2. After your pull request is created, a build will automatically run. If it fails, correct the configuration issue.

  3. A volunteer will merge your pull request, you can then set up your device and start using it.

About

NYC Mesh VPN Infrastructure as Code

Topics

ansible terraform wireguard

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

20 forks
Report repository

Contributors 21
+ 7 contributors

Languages