====== Wireguard Debian / Server ======
related git: https://git.picalike.corpex-kunden.de/incubator/swiss-army-knife/-/tree/master/wireguard\\
Based on\\
https://www.hostafrica.co.za/blog/linux/install-wireguard-vpn-debian-9/#install-wg-server_debian-9
but our migration plan differs in some very important aspects!
Useful commands:\\
hostname --long
**WARNING**: most of the netcup servers are up for too long, the current kernel is x.x.x-16 but installed is -19 but the wireguard module is built for the running → restart, no wireguard module.
====== Pre- and Post Steps ======
[PRE]\\
remove the instance from the load balancer\\
curl "http://localhost:9000/disable"
… wait until no queries in log/sim_api.log\\
… at the end of the process\\
[POST]\\
docker restart frontend_instance1
====== Debian 9 to 10 for Wireguard ======
All steps must be performed as root:
su -
[password]
- upgrade current os
apt-get update
apt-get upgrade
- backup of sources, then change sources to enable upgrade from stretch to buster and append backport
cp -vi /etc/apt/sources.list /etc/apt/sources.list.stretch
cat /etc/apt/sources.list.stretch | sed 's/stretch/buster/g' > /etc/apt/sources.list
echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' >> /etc/apt/sources.list
- upgrade OS 9→10
apt-get update
apt-get upgrade
- follow steps in Debian 10
===== Debian 10 =====
All steps must be performed as root:
su -
[password]
to check if the update worked
apt-cache search wireguard
should list tools and wireguard and dkms
The required packages are available in 'buster-backports'
# first two lines not required if coming from debian 9
echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list
apt-get update --allow-releaseinfo-change
apt-get install wireguard wireguard-tools
modprobe wireguard
lsmod | grep wireguard
modprobe is used to load the module if it was not yet loaded.
===== Automatic Server Setup =====
cd /root
mkdir .wg
wg genkey | tee privatekey | wg pubkey > publickey
chmod o-rw privatekey config.conf
===== Swap OpenVPN to Wireguard =====
finally after receiving the key from corpex perform the following:
kill
wg-quick up /root/.wg/config.conf
test connection to corpex:
ssh picalike@dev01.picalike.corpex-kunden.de
===== Checklist =====
After restart check
* all docker contains
* node_exporter
* services
===== Last Steps: Frontends =====
To actually migrate a server, remove the instance from the load balance, kill vpn, fill in IP and start wireguard and restart container:\\
curl "http://localhost:9000/disable"
kill
wg-quick up /root/.wg/config.conf
# check corpex connection
ssh picalike@dev01.picalike.corpex-kunden.de
docker restart frontend_instance1 v5_image_picker_container
tail -f log/sim_api.log
Finally, SIM requests should arrive replied with status code 200.
====== References ======
https://madgerm.de/wireguard-auf-debian-10-einrichten