evan/ewpratten.com
1
Fork 0
Code Actions

Post!

Browse Source
This commit is contained in:
Evan Pratten 2023-07-07 13:11:55 -04:00
parent a75ac4dd17
commit 3d78b195ed
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
content/blog/2023-07-07-ampr-vpn.md
View File

@ -4,10 +4,10 @@ title: "Building a VPN with an AMPRNet BGP allocation"
description: "A quick guide on using your shiny new AMPRNet allocation"
date: 2023-07-07
tags: networking
draft: true
draft: false
extra:
auto_center_images: true
excerpt: "A quick guide on using your shiny new AMPRNet allocation"
excerpt: "A guide on setting up a VPS, announcing a prefix over BGP, and using it as a VPN server"
# discuss:
# reddit: https://www.reddit.com/r/ewpratten/comments/1356u1t/i_performed_a_button_swap_on_my_mouse/
# hacker_news: https://news.ycombinator.com/item?id=35781662
@ -17,7 +17,7 @@ extra:
One of the most common emails I receive from readers of this website generally starts with:
```text
Subject: I got an AMPRNet allocation. How do I use it?
Subject: I got an AMPRNet allocation. How do I use it for a VPN?
```
I generally answer with an off-the-top-of-my-head guide on how to get started, but I figured it was about time to write a proper guide on how to use an AMPRNet BGP allocation to set up a simple VPN server.
@ -60,13 +60,13 @@ graph LR
VPS ---|VPN| Client3((Client 3))
</div>
I, and many other hams, choose to use [Vultr](https://www.vultr.com/) as a server host for this purpose because they offer a free [bring your own IP](https://www.vultr.com/features/bgp/) service.
I, and many other hams, choose to use [Vultr](https://www.vultr.com/?ref=8932365) as a server host for this purpose because they offer a free [bring your own IP](https://www.vultr.com/features/bgp/?ref=8932365) service.
People with more complex networks or more networking experience may choose to co-locate their own hardware somewhere and use a "real" transit provider, but those people also probably shouldn't need this guide in the first place.
### Enabling BGP support on your Vultr account
By default, Vultr accounts do not have BGP service enabled. This must be done via the [BGP setup form](https://my.vultr.com/bgp/setup/).
By default, Vultr accounts do not have BGP service enabled. This must be done via the [BGP setup form](https://my.vultr.com/bgp/setup/?ref=8932365).
In this form, you'll need to provide the following information:
@ -81,7 +81,7 @@ This process opens a ticket with Vultr support. They will review your request an
### Setting up your server
Now the fun begins. [Create a new deployment](https://my.vultr.com/deploy/), and choose the following options:
Now the fun begins. [Create a new deployment](https://my.vultr.com/deploy/?ref=8932365), and choose the following options:
- **Choose Server**: Cloud Compute
- **CPU & Storage Technology**: Intel Regular Performance
@ -96,7 +96,7 @@ Now the fun begins. [Create a new deployment](https://my.vultr.com/deploy/), and
SSH in to your new server as `root` to get started. Default account credentials are shown on the **Overview** page of your server's settings.
By default, your server does not know how to communicate over the BGP protocol. To get it "talking" with the Vultr routers, you'll need to install a software package called Bird.
By default, your server does not know how to communicate using the BGP protocol. To get it "talking" with the Vultr routers, you'll need to install a software package called Bird.
```sh
apt update
@ -160,7 +160,7 @@ Now, save that file, and run the following command to reconfigure Bird:
birdc c
```
Running `birdc s p` should list Vultr as `Established`.
Waiting a few seconds then running `birdc s p` should list Vultr as `Established`.
## Bringing up your VPN
@ -176,7 +176,7 @@ Firstly, you will need to generate a private key for your server. This can be do
wg genkey
```
Keep note of the results, then start configuring WireGuard by editing `/etc/wireguard/vpn.conf`.
Keep note of the result, then start configuring WireGuard by editing `/etc/wireguard/vpn.conf`.
```ini
[Interface]
@ -217,6 +217,7 @@ PersistentKeepalive = 25 # Use this if the client is behind a NAT
With the server configured, start WireGuard with:
```sh
ufw allow 51820/udp
systemctl enable wg-quick@vpn
systemctl start wg-quick@vpn
```