Wireguard
WireGuard is not based on a client-server structure, which is perfect for this use-case. WireGuard used a peer-to-peer architecture.
This means it can be used without a static server. When a node disconnects only the connection drops. If the other node has other peer-to-peer connections, the vNet will still be up. (Mesh Topology).
This comes with a downside that every node must be connected manually to each node. There are distributed VPN services like VPN0, however for this use-case we will only use peer-to-peer VPN connections. This is because adding another node to the network is highly unlikely at the moment.
Setting up WireGuard
Installing
WireGuard is not yet added to the kernel, therefore we need the Header packets.
Add wireguard to the boot options
Load the module
Setting up the VPN
Make sure that both servers (nodes) have a static IP. In the example we configured a vNet with static IPs so we are good to go.
Create Public and Private Keys
Don't create another psk key on the other node. Copy it from the other one.
Make sure only the root can read those files
Create Network Interface
Start the interface
Check everything
save the Listening Port for later peering
Peer the clients
Copy the preshared key (psk.key) of the first node to the other node. On both servers, the psk must be the same.
Do the previous steps on the other node aswell. Then come back and do also this step on both nodes
VNETIP The configured vnet ipaddress of the other client
Preshared Key the file in /etc/wireguard/psk.key
LISTENPORT The listen port of the other client
Setting Static Configuration
This is important, because the top configuration is only active while the node is not restarted.
Create /etc/wireguard/wg0.conf:
create a script that peers the connections and add it to crontab for every restart /etc/wireguard/peer_wireguard.sh
List of sources
[^1]: wiki.ubuntuusers.de - https://wiki.ubuntuusers.de/WireGuard/
Last updated