Skip to content

Commit 380277c

Browse files
chrisjsimpsonchrisjsimpson
authored
Update README.md
1 parent 4305381 commit 380277c

File tree

1 file changed

+36
-5
lines changed

1 file changed

+36
-5
lines changed

vpn-client/README.md

Lines changed: 36 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,21 @@
1-
# VPN Client
1+
# VPN Client & VPN Server (IPsec client & Wireguard Server)
2+
3+
Setup & deploy a IPsec VPN tunnel client on Ubuntu server.
4+
5+
## How does it work and what does it do?
6+
7+
```mermaid
8+
flowchart TD
9+
A[Laptop x] -->|Wireguard tunnel| B(WireGuard VPN Server)
10+
C[Laptop y] -->|Wireguard tunnel| B(WireGuard VPN Server)
11+
12+
B --> |L2TP tunnel -> IPsec tunnel| E(Traditional Datacenter VPN Server)
13+
E --> F[Server x]
14+
E --> G[Server y]
15+
E --> H[Server z]
16+
```
17+
The above diagram (<sub><sup>See [mermaid.live](https://mermaid.live/)</sub></sup>) is also a small lie: at time of writing only _one_ client is created but peer creation is [very]([url](https://www.youtube.com/watch?v=88GyLoZbDNw)) [simple](https://github.com/KarmaComputing/server-bootstrap/blob/43053816a72d801fbf525c59c0a2eccc149a05d0/vpn-client/playbooks/deploy-vpn-client.yml#L143).
218

3-
Setup/deploy a IPsec VPN tunnel client on Ubuntu server
419

520
## Configure
621
```
@@ -9,19 +24,35 @@ python3 -m venv venv
924
pip install -r requirements.txt
1025
```
1126

12-
## Run
27+
## Running manually
28+
29+
> The VPN client & VPN Server deployment is completely [pipeline driven](https://github.com/KarmaComputing/server-bootstrap/blob/43053816a72d801fbf525c59c0a2eccc149a05d0/.github/workflows/deploy-vpn.yml#L64). But you can also 'break glass' and run the process locally:
1330
14-
- Update inventory
31+
1. Update `inventory.ini`
32+
2. Run playbook (below)
1533

1634
```
1735
python3 -m venv venv
1836
. venv/bin/activate
19-
ansible-playbook --ask-vault-pass -i inventory.ini playbooks/deploy-vpn-client.yml
37+
ansible-playbook --ask-vault-pass --ask-become-pass -i inventory.ini playbooks/deploy-vpn-client.yml
2038
```
2139

40+
Where `BECOME` is local admin password (to place client wiregard config file), and `Vault password` is password to unlock vault.
41+
2242
## Verify
2343

2444
```
2545
# on the server
2646
curl -v -k -L --compressed https://10.100.49.2
2747
```
48+
49+
## How do I connect as a client? (cli and gui methods both supported- including mobile 📱)
50+
51+
- Linux / Ubuntu / Debian: Use `wg-quick` (easiest)
52+
- (ubuntu desktop) use the [network-manager-gui](https://www.xmodulo.com/wireguard-vpn-network-manager-gui.html#:~:text=NetworkManager%27s%20Connection%20Editor-,GUI,-Next%2C%20run%20nm
53+
)
54+
- Mobile: [Android](https://play.google.com/store/apps/details?id=com.wireguard.android) / [IOS](https://itunes.apple.com/us/app/wireguard/id1441195209?ls=1&mt=8)
55+
- Read https://www.wireguard.com/install/
56+
57+
58+
see also: https://askubuntu.com/questions/1457052/cant-add-wireguard-vpn-connection-to-ubuntu-network-manager#:~:text=s%20GUI%20as-,described,-here.

0 commit comments

Comments
 (0)