Bureaucrats, Check users, Interface administrators, Push subscription managers, Suppressors, Administrators
415
edits
CollabNet Guide: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(fix formatting) |
No edit summary |
||
|
= Prerequisites =
*
* A host running a Linux distribution
* Basic computer and command line literacy. Nobody is going to hold your hand
=== VPN ===
If you don't want users to be able to make traffic from your IP address (you almost definitely do not), you should set up a VPN, for all your users' traffic to be run through. You'll need a VPN that supports wireguard (and additionally you'll want to make sure that this usecase is allowed by their Terms of Service). Here are a few:
* [https://mullvad.net/en Mullvad] ($5 a month)
* [https://protonvpn.com/ ProtonVPN] (Premium plan is $10 a month, however their free plan allows WireGuard making this one preferable if you don't want to spend money)
Once you have your VPN picked out, register an account and generate a WireGuard profile. This varies by VPN but its usually in the Downloads section or its own category. It should give you a wireguard configuration either as a downloadable file or to copy and paste.
Next, install wireguard into your router:
{{code|
sudo apt-get install wireguard-tools
}}
Once this is installed, paste the contents of your WireGuard configuration into <code>/etc/wireguard/wg.conf</code>. An example file looks like this:
{{code|<nowiki>
[Interface]
PrivateKey = ThisIsAnExampleDontActuallyUseThis=
Address = 10.65.2.87/32,fc00:bbbb:bbbb:bb01::2:256/128
DNS = 10.64.0.1
[Peer]
PublicKey = gH/ThisIsAnExampleDontActuallyUseThis=
Endpoint = 1.1.1.1:51820
AllowedIPs = 0.0.0.0/0, ::0/0
</nowiki>}}
With that all set, you can now enable the VPN with the following command:
{{code|
sudo systemctl enable --now wg-quick@wg
}}
If all went well, you should now be connected to the VPN:
{{code|<nowiki>
$ curl ipinfo.io/what-is-my-ip
{
"ip": "143.244.47.86",
"hostname": "unn-143-244-47-86.datapacket.com",
"city": "Weehawken",
"region": "New Jersey",
"country": "US",
"loc": "40.7696,-74.0204",
"org": "AS212238 Datacamp Limited",
"postal": "07086",
"timezone": "America/New_York",
"readme": "https://ipinfo.io/missingauth"
}
</nowiki>}}
The last step is to connect the VMs to the VPN. First, get your private IP on the vpn network:
{{code|<nowiki>
$ ip a
(...)
7: wg: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.65.2.87/32 <---- THIS RIGHT HERE scope global wg
</nowiki>}}
As we can see, our private IP in this example is <code>10.65.2.87</code>. All we have to do is open nftables.conf and set <code>WAN</code> to <code>wg</code>, and <code>SNAT</code> to this private IP:
{{code|<nowiki>
/etc/nftables.conf
(...)
define SNAT = 10.65.2.87
(...)
define WAN = wg
</nowiki>}}
Reload your nftables configuration:
{{code|
sudo nft -f /etc/nftables.conf
}}
If all went well, your VMs should now be connected to the VPN
=== E2Guardian ===
TODO
| |||