N0FUQ Net Wiki

User Tools

Site Tools

Trace:
about_my_setup

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
about_my_setup [2025/07/29 16:22] – created n0fuqabout_my_setup [2025/09/29 21:04] (current) n0fuq
Line 1: Line 1:
 ====== About My Setup ====== ====== About My Setup ======
  
-I've been asked by quite a few people if I could document what I've done and how I've configured Wireguard.+Prior Setup: 
 +- [[debian_12|Debian 12]]
  
-I'm currently running a Debian 12 colocated machine out of [[https://tier.net/|tier.net]] datacenter. I've been allocated a /24 BGP address space from AMPR. This is done from [[https://portal.ampr.org/|portal.ampr.org]]. It can take some time to get the BGP process completedif I'm not mistaken it took me a little over 2 months. +Switched to RHEL based setupmostly for ease of use in finding packagesMost of the Debian setup is essentially the sameOne frustrating thing is I can no longer manually edit the ''/etc/wireguard/'' configuration. You must now use ''nmtui'' or ''nmcli'' to add/modify/create VPN configs.
- +
-Any and all documentation on here will be related to Debian 12; though there is a good chance it's relevant for Ubuntu systems and any other OS based off Debian. +
- +
-One of the first things I do on my Debian based systems is setup unattended upgrades. Unfortunately this is a single system without HA (high availability). That means when a security update and/or kernel update comes around, the system will auto reboot on Monday's at 02:00 EST to apply the upgradesI'm not going to go into documentation on how to setup unattended-upgrades as there are plenty of sites documenting how it works. +
- +
-The first thing you need to do, is edit ''/etc/sysctl.conf''. You need so search for ''net.ipv4.ip_forward'' and uncomment the line and turn it on (=1). You'll also need to do the same for ''net.ipv4.conf.all.proxy_arp''. +
- +
-An example of my ''/etc/sysctl.conf'': +
- +
-<file> +
-net.ipv4.tcp_timestamps = 0 +
-net.ipv4.ip_forward=1 +
-net.ipv4.conf.all.proxy_arp=1 +
-</file> +
- +
-After making the necessary changes, you'll want to run the ''sysctl -p'' command. +
- +
-Next, you'll want to add your AMPRNet address to your network interface. You'll want to update your ''/etc/network/interfaces'' file. +
- +
-My enp1s0f0 ethernet is already configured, so what I'm going to do is add an alias (the :[number]). +
-<file> +
-auto enp1s0f0:+
-iface enp1s0f0:0 inet static +
- address 44.32.91.2/24 +
-    # Create a routing table for the second subnet +
-        up ip rule add from 44.32.91.2/32 table 2 +
-        up ip route add 44.32.91.0/24 dev enp1s0f0 scope link table 2 +
-        up ip route add default via 44.32.91.1 dev enp1s0f0 table 2 +
- post-up /sbin/ip route add 44.128.0.0/10 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true +
- post-up /sbin/ip route add 44.0.0.0/9 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true +
-        post-down /sbin/ip route del 44.128.0.0/10 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true +
-        post-down /sbin/ip route del 44.0.0.0/9 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true +
-</file> +
- +
-With this change I've applied the additional address to my interface as well as update all routing for AMPRNet 44.0.0.0/9 and 44.128.0.0/10 out via 44.32.91.1 (my ISPs router... they control this, not I) with a source address of 44.32.91.2 (the IP address of this machine). +
- +
-Go ahead and install the wireguard packages with ''apt-get -y install wireguard wireguard-tools''. At this point, you're ready to setup [[wireguard|wireguard]].+
about_my_setup.1753820532.txt.gz · Last modified: by n0fuq

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki