alex/daichendt.one
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: grammar check

Browse source
This commit is contained in:
Alexander Daichendt 2022-09-28 17:39:10 +02:00
parent 270db211dd
commit 85c35af402
1 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/routes/blog/site2sitewireguard/+page.md
View file

@ -4,7 +4,7 @@ title: 'Site 2 Site Wireguard VPN with a Mikrotik Router and a Cloud'
description: '' description: ''
keywords: keywords:
- cloud - cloud
- mikrotik - Mikrotik
- site 2 site - site 2 site
- wireguard - wireguard
- vpn - vpn
@ -17,7 +17,7 @@ import peer from "./images/mikrotik_peer.png?width=360;720;1280;1920&webp&metada
import Image from "$components/Image.svelte" import Image from "$components/Image.svelte"
</script> </script>
My network consists out of a server located in country A. Since the largest ISP in country My network consists of a server located in country A. Since the largest ISP in the country
B does have terrible peering with the ISP in country A, I thought of setting up a small B does have terrible peering with the ISP in country A, I thought of setting up a small
proxy server in country A. This way, I should be able to bypass bad peering, since the proxy server in country A. This way, I should be able to bypass bad peering, since the
cloud provider probably organizes good routing to both sides. Since I meant to try out cloud provider probably organizes good routing to both sides. Since I meant to try out
@ -26,14 +26,20 @@ develop with IaC scripts to setup a reverse proxy in the cloud.
<Image meta={architecture} /> <Image meta={architecture} />
1. Create a Wireguard keys. If the CLI is not an option [this website](https://www.wireguardconfig.com/) is cool too (keys are clientsided generated) 1. Create Wireguard keys. If the CLI is not an option [this
2. Since I want to have dedicated monitoring for what traffic is flowing between the proxy and my server, I create a new wireguard interface in my mikrotik router. Remember to use the previously generated keypairs. website](https://www.wireguardconfig.com/) is cool too (keys are client-sided generated)
3. Create a new peer as follows. Important is the entry to allow the IP address of the cloud wg endpoint, otherwise the cloud cant ping back home. 2. Since I want to have dedicated monitoring for what traffic is flowing between the proxy
and my server, I create a new Wireguard interface in my Mikrotik router. Remember to
use the previously generated keypairs.
3. Create a new peer as follows. Important is the entry to allow the IP address of the
cloud wg endpoint, otherwise the cloud cant ping back home.
<div style="max-width:600px"> <div style="max-width:600px">
<Image meta={peer} /> <Image meta={peer} />
</div> </div>
4. I had to adjust the firewall rules to allow communication with the tunnel network. 4. I had to adjust the firewall rules to allow communication with the tunnel network.
5. On the proxy server we use similiar settings. Interestingly enough, the Mikrotik wg endpoint grabs the network address of the 10.222.0.0/30 network. Meaning, 10.222.0.1 is unallocated. 5. On the proxy server we use similar settings. Interestingly enough, the Mikrotik wg
endpoint grabs the network address of the 10.222.0.0/30 network. Meaning, 10.222.0.1 is
unallocated.
``` ```
[Interface] [Interface]