From 3d78b195ed6852f881a794f563e8eec904451c62 Mon Sep 17 00:00:00 2001
From: Evan Pratten <ewpratten@gmail.com>
Date: Fri, 7 Jul 2023 13:11:55 -0400
Subject: [PATCH] Post!

---
 content/blog/2023-07-07-ampr-vpn.md | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/content/blog/2023-07-07-ampr-vpn.md b/content/blog/2023-07-07-ampr-vpn.md
index 7bdb4bb..a2e319c 100644
--- a/content/blog/2023-07-07-ampr-vpn.md
+++ b/content/blog/2023-07-07-ampr-vpn.md
@@ -4,10 +4,10 @@ title: "Building a VPN with an AMPRNet BGP allocation"
 description: "A quick guide on using your shiny new AMPRNet allocation"
 date: 2023-07-07
 tags: networking
-draft: true
+draft: false
 extra:
   auto_center_images: true
-  excerpt: "A quick guide on using your shiny new AMPRNet allocation"
+  excerpt: "A guide on setting up a VPS, announcing a prefix over BGP, and using it as a VPN server"
   # discuss:
   #   reddit: https://www.reddit.com/r/ewpratten/comments/1356u1t/i_performed_a_button_swap_on_my_mouse/
   #   hacker_news: https://news.ycombinator.com/item?id=35781662
@@ -17,7 +17,7 @@ extra:
 One of the most common emails I receive from readers of this website generally starts with:
 
 ```text
-Subject: I got an AMPRNet allocation. How do I use it?
+Subject: I got an AMPRNet allocation. How do I use it for a VPN?
 ```
 
 I generally answer with an off-the-top-of-my-head guide on how to get started, but I figured it was about time to write a proper guide on how to use an AMPRNet BGP allocation to set up a simple VPN server.
@@ -60,13 +60,13 @@ graph LR
   VPS ---|VPN| Client3((Client 3))
 </div>
 
-I, and many other hams, choose to use [Vultr](https://www.vultr.com/) as a server host for this purpose because they offer a free [bring your own IP](https://www.vultr.com/features/bgp/) service.
+I, and many other hams, choose to use [Vultr](https://www.vultr.com/?ref=8932365) as a server host for this purpose because they offer a free [bring your own IP](https://www.vultr.com/features/bgp/?ref=8932365) service.
 
 People with more complex networks or more networking experience may choose to co-locate their own hardware somewhere and use a "real" transit provider, but those people also probably shouldn't need this guide in the first place.
 
 ### Enabling BGP support on your Vultr account
 
-By default, Vultr accounts do not have BGP service enabled. This must be done via the [BGP setup form](https://my.vultr.com/bgp/setup/).
+By default, Vultr accounts do not have BGP service enabled. This must be done via the [BGP setup form](https://my.vultr.com/bgp/setup/?ref=8932365).
 
 In this form, you'll need to provide the following information:
 
@@ -81,7 +81,7 @@ This process opens a ticket with Vultr support. They will review your request an
 
 ### Setting up your server
 
-Now the fun begins. [Create a new deployment](https://my.vultr.com/deploy/), and choose the following options:
+Now the fun begins. [Create a new deployment](https://my.vultr.com/deploy/?ref=8932365), and choose the following options:
 
 - **Choose Server**: Cloud Compute
 - **CPU & Storage Technology**: Intel Regular Performance
@@ -96,7 +96,7 @@ Now the fun begins. [Create a new deployment](https://my.vultr.com/deploy/), and
 
 SSH in to your new server as `root` to get started. Default account credentials are shown on the **Overview** page of your server's settings.
 
-By default, your server does not know how to communicate over the BGP protocol. To get it "talking" with the Vultr routers, you'll need to install a software package called Bird.
+By default, your server does not know how to communicate using the BGP protocol. To get it "talking" with the Vultr routers, you'll need to install a software package called Bird.
 
 ```sh
 apt update
@@ -160,7 +160,7 @@ Now, save that file, and run the following command to reconfigure Bird:
 birdc c
 ```
 
-Running `birdc s p` should list Vultr as `Established`.
+Waiting a few seconds then running `birdc s p` should list Vultr as `Established`.
 
 ## Bringing up your VPN
 
@@ -176,7 +176,7 @@ Firstly, you will need to generate a private key for your server. This can be do
 wg genkey
 ```
 
-Keep note of the results, then start configuring WireGuard by editing `/etc/wireguard/vpn.conf`.
+Keep note of the result, then start configuring WireGuard by editing `/etc/wireguard/vpn.conf`.
 
 ```ini
 [Interface]
@@ -217,6 +217,7 @@ PersistentKeepalive = 25 # Use this if the client is behind a NAT
 With the server configured, start WireGuard with:
 
 ```sh
+ufw allow 51820/udp
 systemctl enable wg-quick@vpn
 systemctl start wg-quick@vpn
 ```