diff options
Diffstat (limited to 'content/posts/openbsd-wireguard-vpn-gateway')
| -rw-r--r-- | content/posts/openbsd-wireguard-vpn-gateway/index.org | 10 | ||||
| -rw-r--r-- | content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex | 26 |
2 files changed, 19 insertions, 17 deletions
diff --git a/content/posts/openbsd-wireguard-vpn-gateway/index.org b/content/posts/openbsd-wireguard-vpn-gateway/index.org index 3f27707..8a3ee30 100644 --- a/content/posts/openbsd-wireguard-vpn-gateway/index.org +++ b/content/posts/openbsd-wireguard-vpn-gateway/index.org @@ -39,7 +39,7 @@ Here's a diagram of what we're building. The first step in the process is getting the VPN profile from the VPN provider. It should look something like the following. -#+CAPTION: profile.conf +#+CAPTION: =profile.conf= #+begin_src conf [Interface] PrivateKey = PRIVATEKEY @@ -56,7 +56,7 @@ We then have to rewrite it into OpenBSD's =hostname.if(5)= format. We'll call it =/etc/hostname.wg0= to create a Wireguard interface and execute the following commands when it's created. -#+CAPTION: /etc/hostname.wg0 +#+CAPTION: =/etc/hostname.wg0= #+begin_src conf inet XX.XX.XX.XX/32 inet6 YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY/128 @@ -71,7 +71,7 @@ config file. Lines beginning with =!= are commands that are run as root when the interface is being created. In this case our new routing table (rtable) will be number 1. The default routing table is number 0. -#+CAPTION: /etc/hostname.wg0 +#+CAPTION: =/etc/hostname.wg0= #+begin_src conf inet XX.XX.XX.XX/32 inet6 YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY/128 @@ -89,7 +89,7 @@ interface names if we ever have to. We can bring up the interface using the command =sh /etc/netstart wg0=. -#+CAPTION: /etc/pf.conf +#+CAPTION: =/etc/pf.conf= #+begin_src conf set skip on lo @@ -140,7 +140,7 @@ We can apply the file without rebooting with the command =pfctl -f /etc/pf.conf= Finally we need to make sure our machine will forward traffic. We can do this by adding a line to our =sysctl.conf(5)= file. -#+CAPTION: /etc/sysctl.conf +#+CAPTION: =/etc/sysctl.conf= #+begin_src conf net.inet.ip.forwarding=1 #+end_src diff --git a/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex b/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex index 6271044..a14ab90 100644 --- a/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex +++ b/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex @@ -2,19 +2,21 @@ \usepackage{tikz} \begin{document} \begin{tikzpicture} - % \node (server) at (0,0) {server}; + \draw[red] (-4,4.5) -- +(1,0) node[right,node font=\tiny] {incoming}; + \draw[orange] (-4,4.25) -- +(1,0) node[right,node font=\tiny] {rtable 1}; + \draw (-4,4) -- +(1,0) node[right,node font=\tiny] {rtable 0}; \node (wg0) at (0,0) {wg0}; - \node (vio0) at (0, 1) {vio0}; - \node (pf) at (2, 1) {pf}; - \node (client) at (-2, 1) {client}; - \node (internet) at (3, 3) {internet}; - \node (program) at (4, 0) {program}; - \draw[->,blue] (client) -- (vio0); - \draw[->] (vio0) -- (pf); - \draw[->,orange] (pf) -- (wg0); - \draw[->,orange] (wg0) -- (vio0); - \draw[->,blue] (vio0) -- (internet); - \draw[->,orange] (program) -- (wg0); + \node (vio0) at (0, 2) {vio0}; + \node (pf) at (4, 2) {pf}; + \node (client) at (-4, 2) {client}; + \node (internet) at (0, 5) {internet}; + \draw (-1, 2.5) rectangle (5,-0.5); + \node (server) at (2,2.7) {VPN Server}; + \draw[->,red] (client) -- (vio0); + \draw[->,red] (vio0) -- (pf); + \draw[->,orange] (pf) -- node[above,sloped] {NAT} (wg0); + \draw[->] (wg0) -- (vio0); + \draw[->] (vio0) -- (internet); \end{tikzpicture} \end{document} %%% Local Variables: |