[Libre-soc-bugs] [Bug 190] Setup Gitlab CI Runner for Kazan on a computer
bugzilla-daemon at libre-soc.org
bugzilla-daemon at libre-soc.org
Wed Jun 8 08:47:45 BST 2022
https://bugs.libre-soc.org/show_bug.cgi?id=190
--- Comment #67 from Jacob Lifshay <programmerjake at gmail.com> ---
Since the openvpn connection between my build server and libre-soc.org is
borked, I thought I'd come up with a better alternative:
I created a script for setting up wireguard:
https://git.libre-soc.org/?p=utils.git;a=blob;f=wg-setup.sh;h=299f5c08fc2a15112b799d69f67da132129ee322;hb=431799b73339f28ec914cea711c1af9d87533bc2
I tested it connecting my desktop and file server, trying both ways of which
one is server and which one is client.
The script supports multiple clients, but I didn't test that other than seeing
if it does the correct modifications to the config file.
I set it to use pre-shared keys as an extra layer of security on top of the
public/private keys.
I also set it to send keep-alive packets every 25s so it works better with
NATs.
Show Usage:
./wg-setup.sh
It works:
on both server and client:
sudo apt install wireguard
on the server:
# create the config for wg0 that listens on
# udp port 8995 (picked randomly) and has the server be 10.255.255.1
sudo ./wg-setup.sh init-server wg0 8995 10.255.255.1/32
# allow udp port 8995 through the server's firewall,
# here I'm using ufw, adjust as needed.
sudo ufw allow 8995/udp
# create the config for the client in client.conf, adds the peering
# info to the server's config for wg0. the client will initially
# connect to the server at server.example.com. the client
# will be 10.255.255.2.
sudo ./wg-setup.sh add-client wg0 server.example.com client.conf
10.255.255.2/32
now, move client.conf to the client, chmod 600, chown root:root, and move it to
/etc/wireguard/wg0.conf
now, if you like systemd, run on both server and client:
systemctl start wg-quick at wg0
otherwise, you can start it manually:
wg-quick up wg0
or look up how wg-quick works with sysv init.
If you're using openrc (idk if that's part of sysv init), afaict you can use
this init script:
https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/wireguard-tools/files/wg-quick.init
and symlink to it:
ln -s /path/to/wg-quick.init /etc/init.d/wg-quick.vpn0
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the libre-soc-bugs
mailing list