From a7ff1b1ff9fa6eea8301088b2d98cf7536771694 Mon Sep 17 00:00:00 2001 From: Dante Catalfamo Date: Sat, 30 Dec 2023 01:32:54 -0500 Subject: openbsd-wireguard-gateway: Update diagram and caption paths --- .../posts/openbsd-wireguard-vpn-gateway/index.org | 10 ++++----- .../openbsd-wireguard-vpn-gateway/tex/diagram.tex | 26 ++++++++++++---------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/content/posts/openbsd-wireguard-vpn-gateway/index.org b/content/posts/openbsd-wireguard-vpn-gateway/index.org index 3f27707..8a3ee30 100644 --- a/content/posts/openbsd-wireguard-vpn-gateway/index.org +++ b/content/posts/openbsd-wireguard-vpn-gateway/index.org @@ -39,7 +39,7 @@ Here's a diagram of what we're building. The first step in the process is getting the VPN profile from the VPN provider. It should look something like the following. -#+CAPTION: profile.conf +#+CAPTION: =profile.conf= #+begin_src conf [Interface] PrivateKey = PRIVATEKEY @@ -56,7 +56,7 @@ We then have to rewrite it into OpenBSD's =hostname.if(5)= format. We'll call it =/etc/hostname.wg0= to create a Wireguard interface and execute the following commands when it's created. -#+CAPTION: /etc/hostname.wg0 +#+CAPTION: =/etc/hostname.wg0= #+begin_src conf inet XX.XX.XX.XX/32 inet6 YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY/128 @@ -71,7 +71,7 @@ config file. Lines beginning with =!= are commands that are run as root when the interface is being created. In this case our new routing table (rtable) will be number 1. The default routing table is number 0. -#+CAPTION: /etc/hostname.wg0 +#+CAPTION: =/etc/hostname.wg0= #+begin_src conf inet XX.XX.XX.XX/32 inet6 YYYY:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY/128 @@ -89,7 +89,7 @@ interface names if we ever have to. We can bring up the interface using the command =sh /etc/netstart wg0=. -#+CAPTION: /etc/pf.conf +#+CAPTION: =/etc/pf.conf= #+begin_src conf set skip on lo @@ -140,7 +140,7 @@ We can apply the file without rebooting with the command =pfctl -f /etc/pf.conf= Finally we need to make sure our machine will forward traffic. We can do this by adding a line to our =sysctl.conf(5)= file. -#+CAPTION: /etc/sysctl.conf +#+CAPTION: =/etc/sysctl.conf= #+begin_src conf net.inet.ip.forwarding=1 #+end_src diff --git a/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex b/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex index 6271044..a14ab90 100644 --- a/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex +++ b/content/posts/openbsd-wireguard-vpn-gateway/tex/diagram.tex @@ -2,19 +2,21 @@ \usepackage{tikz} \begin{document} \begin{tikzpicture} - % \node (server) at (0,0) {server}; + \draw[red] (-4,4.5) -- +(1,0) node[right,node font=\tiny] {incoming}; + \draw[orange] (-4,4.25) -- +(1,0) node[right,node font=\tiny] {rtable 1}; + \draw (-4,4) -- +(1,0) node[right,node font=\tiny] {rtable 0}; \node (wg0) at (0,0) {wg0}; - \node (vio0) at (0, 1) {vio0}; - \node (pf) at (2, 1) {pf}; - \node (client) at (-2, 1) {client}; - \node (internet) at (3, 3) {internet}; - \node (program) at (4, 0) {program}; - \draw[->,blue] (client) -- (vio0); - \draw[->] (vio0) -- (pf); - \draw[->,orange] (pf) -- (wg0); - \draw[->,orange] (wg0) -- (vio0); - \draw[->,blue] (vio0) -- (internet); - \draw[->,orange] (program) -- (wg0); + \node (vio0) at (0, 2) {vio0}; + \node (pf) at (4, 2) {pf}; + \node (client) at (-4, 2) {client}; + \node (internet) at (0, 5) {internet}; + \draw (-1, 2.5) rectangle (5,-0.5); + \node (server) at (2,2.7) {VPN Server}; + \draw[->,red] (client) -- (vio0); + \draw[->,red] (vio0) -- (pf); + \draw[->,orange] (pf) -- node[above,sloped] {NAT} (wg0); + \draw[->] (wg0) -- (vio0); + \draw[->] (vio0) -- (internet); \end{tikzpicture} \end{document} %%% Local Variables: -- cgit v1.2.3