Skip to content

VPN access

We use a WireGuard-based VPN for remote connections into the Majava network.

Administrator documentation for this service is available at /services/wireguard/.

Setup

In order to connect, you need to get access. First, generate a keypair: 

$ wg genkey | tee privatekey | wg pubkey > publickey
This will generate a private key in privateky and the matching public key in publickey. Send the public key to a root, and you will get an IP address back as a response.

Then create a WireGuard config file: 

[Interface]
Address    = <IP>/24
PrivateKey = <PRIVATE KEY>
DNS        = 10.20.100.53

[Peer]
PublicKey           = myIcatduLGUuB1KZAxpE5t2YFMIrlon4JZ5xsbpVy0c=
Endpoint            = vpn.majava.org:17619
PersistentKeepalive = 25
AllowedIPs          = 10.20.0.0/16,192.168.9.0/24

Tip

The server key can also be downloaded from noc.majava.org: 

$ host -tCNAME vpn.majava.org
vpn.majava.org is an alias for gw02.srv.majava.org.
$ curl "https://noc.majava.org/wg-keys.json" | jq '.["gw02.srv.majava.org"].gateway'
"myIcatduLGUuB1KZAxpE5t2YFMIrlon4JZ5xsbpVy0c="