Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

Setting up remote server, bgstack15-style

bgstack15

Comments

I have previously described some of these tasks in an old post, but this is a single section of steps, updated!

When I set up a remote system I want to have a connection to it so I can control and administer it. I set up two paths to it:

  1. autossh from $NEWSERVER back to $OLDSITE
  2. wireguard vpn connection

Install wireguard and autossh. Additionally I used resolvconf because it makes wireguard control dns better. That might resemble:

sudo apt-get install wireguard autossh resolvconf

Establish autossh

Create a user for this purpose and generate an ssh key.

sudo useradd --create-home --shell /bin/bash autossh
sudo passwd autossh
sudo su autossh -c 'ssh-keygen'
sudo su autossh
# as user autossh:
ssh-copy-id -p 2022 autossh@www.example.com

Make a new system service with either an init file or unit file.

Restart the system service!

Establish wireguard

And for wireguard, establish the settings to connect my relevant nodes. Select an available IP address from "IP space map - Internal.ods" file. Establish file /etc/wireguard/wg0.conf like below.

[Interface]
Address = 10.222.0.102/24
ListenPort = 51820
# from `wg genkey`
PrivateKey = SCRUBBED
# this system  public key
# from `echo $PrivateKey | wg pubkey`
# SCRUBBED
# If I need dns servers and search domains
DNS = 192.168.1.10,192.168.1.11, ipa.internal.com, vm.internal.com, internal.com
[Peer]
# first main peer
PublicKey = KOQVWMYb+TMzkMrCSsG7DJm29wQFovEV1LfKrptfAjw=
AllowedIPs = 192.168.1.10/32, 192.168.1.11/32, 192.168.1.12, 192.168.1.15/32, 10.222.0.0/24
PersistentKeepalive = 25
Endpoint = www.example.com:51820
[Peer]
# second main peer
PublicKey = aReyDUOGHqhhnqyUJQltfuWw+JoG+KES8DzD1k3CNWE=
AllowedIPs = 10.222.0.3/32
PersistentKeepalive = 25
Endpoint = secondary.ddns.net:51820

And of course, add this new peer to both the primary and secondary wireguard nodes.

[Peer]
# new system comment
PublicKey = +gJ2m3vJmIQzR7AfmBNq6+8+y9gWlISeCsuCgEGvPTM=
AllowedIPs = 10.222.0.102/32
# If needed:
PersistentKeepalive = 25
Endpoint = location.remote.example.com:51820

Start wireguard. If on a non-systemd distro, use a wireguard init script.

sudo update-rc.d wireguard defaults
sudo service wireguard start
# for systemd:
sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service

Optionally, set up new A record under remote.example.com on server1 with:

updatezone remote.example.com

Comments