search

vainkop / terraform-aws-wireguard

Terraform Module for Wireguard VPN
GNU General Public License v3.0
25 stars 23 forks source link

slashes in server private key #1

Closed AVVS closed 3 years ago

AVVS commented 3 years ago

hi, if server private key contains slashes - sed will stop working, one way to avoid that is to use @ as delimiters or escape the replacement string

vainkop commented 3 years ago

hi, if server private key contains slashes - sed will stop working, one way to avoid that is to use @ as delimiters or escape the replacement string

This module is a little outdated now & I'm using an updated version which is not opensourced but I used to do the following simple escape transformations in the ci/cd:

export ESCAPED_WG_SERVER_PRIVATE_KEY=$(printf '%s\n' "$WG_SERVER_PRIVATE_KEY" | sed -e 's/[\/&]/\\&/g')
sed -i "s/WG_SERVER_PRIVATE_KEY/$ESCAPED_WG_SERVER_PRIVATE_KEY/g" values.yaml

So this is not a problem with module itself, so closing as it's working with whatever to provide it. Probably this needs to be documented.

AVVS commented 3 years ago

Thanks for the note, makes sense On a side note - dns resolution stops working after wg starts, any advice on how to overcome that issue? specifically the launch script when it tries to resolve github.com to get releases with wget starts to fail

vainkop commented 3 years ago

Thanks for the note, makes sense On a side note - dns resolution stops working after wg starts, any advice on how to overcome that issue? specifically the launch script when it tries to resolve github.com to get releases with wget starts to fail

Do you mean that dns resolution stops working on the wireguard server?

The following PostUp commands are executed after wireguard starts: https://github.com/vainkop/terraform-aws-wireguard/blob/master/templates/user-data.txt#L29-L36

Also the following script is replacing the ENI with the actual name of the network interface https://github.com/vainkop/terraform-aws-wireguard/blob/master/templates/user-data.txt#L49-L50 & on different types of AWS machines it's different so maybe the script is not working for you for some reason? Check the contents of the resulting wg0.conf & see that you have correct name of the network interface instead of ENI. So it should be smth like

PostUp = iptables -t nat -A POSTROUTING -o YOUR_NETWORK_INTERFACE_NAME_HERE -j MASQUERADE
PostUp = ip6tables -t nat -A POSTROUTING -o YOUR_NETWORK_INTERFACE_NAME_HERE -j MASQUERADE

Also check if you have any errors in /var/log/cloud-init-output.log

AVVS commented 3 years ago

Thanks, managed to resolve my issue. I did an error in configuring ip ranges - had wg use the same range as my vpc, once they were different is finally started working. Thanks for the suggestions :)