Closed AVVS closed 3 years ago
hi, if server private key contains slashes - sed will stop working, one way to avoid that is to use
@
as delimiters or escape the replacement string
This module is a little outdated now & I'm using an updated version which is not opensourced but I used to do the following simple escape transformations in the ci/cd:
export ESCAPED_WG_SERVER_PRIVATE_KEY=$(printf '%s\n' "$WG_SERVER_PRIVATE_KEY" | sed -e 's/[\/&]/\\&/g')
sed -i "s/WG_SERVER_PRIVATE_KEY/$ESCAPED_WG_SERVER_PRIVATE_KEY/g" values.yaml
So this is not a problem with module itself, so closing as it's working with whatever to provide it. Probably this needs to be documented.
Thanks for the note, makes sense On a side note - dns resolution stops working after wg starts, any advice on how to overcome that issue? specifically the launch script when it tries to resolve github.com to get releases with wget starts to fail
Thanks for the note, makes sense On a side note - dns resolution stops working after wg starts, any advice on how to overcome that issue? specifically the launch script when it tries to resolve github.com to get releases with wget starts to fail
Do you mean that dns resolution stops working on the wireguard server?
The following PostUp
commands are executed after wireguard starts: https://github.com/vainkop/terraform-aws-wireguard/blob/master/templates/user-data.txt#L29-L36
Also the following script is replacing the ENI
with the actual name of the network interface https://github.com/vainkop/terraform-aws-wireguard/blob/master/templates/user-data.txt#L49-L50 & on different types of AWS machines it's different so maybe the script is not working for you for some reason? Check the contents of the resulting wg0.conf & see that you have correct name of the network interface instead of ENI.
So it should be smth like
PostUp = iptables -t nat -A POSTROUTING -o YOUR_NETWORK_INTERFACE_NAME_HERE -j MASQUERADE
PostUp = ip6tables -t nat -A POSTROUTING -o YOUR_NETWORK_INTERFACE_NAME_HERE -j MASQUERADE
Also check if you have any errors in /var/log/cloud-init-output.log
Thanks, managed to resolve my issue. I did an error in configuring ip ranges - had wg use the same range as my vpc, once they were different is finally started working. Thanks for the suggestions :)
hi, if server private key contains slashes - sed will stop working, one way to avoid that is to use
@
as delimiters or escape the replacement string