N0FUQ Net Wiki

User Tools

Site Tools

Trace: about_my_setup
about_my_setup

This is an old revision of the document!

About My Setup

I've been asked by quite a few people if I could document what I've done and how I've configured Wireguard.

I'm currently running a Debian 12 colocated machine out of tier.net datacenter. I've been allocated a /24 BGP address space from AMPR. This is done from portal.ampr.org. It can take some time to get the BGP process completed, if I'm not mistaken it took me a little over 2 months.

Any and all documentation on here will be related to Debian 12; though there is a good chance it's relevant for Ubuntu systems and any other OS based off Debian.

One of the first things I do on my Debian based systems is setup unattended upgrades. Unfortunately this is a single system without HA (high availability). That means when a security update and/or kernel update comes around, the system will auto reboot on Monday's at 02:00 EST to apply the upgrades. I'm not going to go into documentation on how to setup unattended-upgrades as there are plenty of sites documenting how it works.

The first thing you need to do, is edit /etc/sysctl.conf. You need so search for net.ipv4.ip_forward and uncomment the line and turn it on (=1). You'll also need to do the same for net.ipv4.conf.all.proxy_arp.

An example of my /etc/sysctl.conf: 

net.ipv4.tcp_timestamps = 0
net.ipv4.ip_forward=1
net.ipv4.conf.all.proxy_arp=1

After making the necessary changes, you'll want to run the sysctl -p command.

Next, you'll want to add your AMPRNet address to your network interface. You'll want to update your /etc/network/interfaces file.

My enp1s0f0 ethernet is already configured, so what I'm going to do is add an alias (the :[number]). 

auto enp1s0f0:0
iface enp1s0f0:0 inet static
	address 44.32.91.2/24
    # Create a routing table for the second subnet
        up ip rule add from 44.32.91.2/32 table 2
        up ip route add 44.32.91.0/24 dev enp1s0f0 scope link table 2
        up ip route add default via 44.32.91.1 dev enp1s0f0 table 2
	post-up /sbin/ip route add 44.128.0.0/10 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true
	post-up /sbin/ip route add 44.0.0.0/9 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true
        post-down /sbin/ip route del 44.128.0.0/10 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true
        post-down /sbin/ip route del 44.0.0.0/9 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true

With this change I've applied the additional address to my interface as well as update all routing for AMPRNet 44.0.0.0/9 and 44.128.0.0/10 out via 44.32.91.1 (my ISPs router… they control this, not I) with a source address of 44.32.91.2 (the IP address of this machine).

Go ahead and install the wireguard packages with apt-get -y install wireguard wireguard-tools. At this point, you're ready to setup wireguard.

about_my_setup.1753820532.txt.gz · Last modified: by n0fuq

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki