nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
Manevolent 2021-09-21 18:06:00 -06:00
parent 3fabf8c73e
commit 45b9cfc49e
No known key found for this signature in database
GPG Key ID: 2E9B7592DFA4F344
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -39,6 +39,16 @@ For GitHub, at this time the contents would be:
Don't take my word for it, see: https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
**Optional: Generate a WireGuard key**
You only need to do this if you are setting `wg_enabled`=1, for example when you want to service VPN clients from a "master" node. See **Wireguard Options** for more information on how to do that.
See: https://www.wireguard.com/quickstart/
```
apk add -U wireguard-tools
wg genkey | tee privatekey | wg pubkey > publickey
```
#### Install/Update:
1. Read and follow the prerequisites above and make sure you are ready to install.
@ -186,7 +196,7 @@ These settings are optional, and are already defaulted to general network common
#### Wireguard options
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.1.z) where `z` is an unused address (or your ASN number, like 8, 16, so on) and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN. If a node is hosting WireGuard clients, they can send traffic into other nodes but likely won't receive any traffic back unless `wg_routes` is set correctly so BIRD can export peer addresses into the BGP routing framework.
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.1.z) where `z` is an unused address (or your ASN number, like 8, 16, so on) and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN. If a node is hosting WireGuard clients, they can send traffic into other nodes but likely won't receive any traffic back unless `wg_routes` is set so BIRD can export peer addresses into the BGP routing framework.
* `wg_enabled`: Set to 1 to enable WireGuard. Defaults to 0/disabled.
* `wg_key`: Required if `wg_enabled`=1. The private key to use for the Wireguard peering point.