VPN and Management Server Access
In order to reach certain infrastructure in the datacenters you’ll need to first VPN into that datacenter or SSH through a management server
VPN Setup
The console server hosts a WireGuard VPN providing access to the private LAN. Following are instructions on how to add new clients.
If you are a coop member with a colocated server, you can use our WireGuard VPN to access your server’s IPMI interface on the private LAN. To set this up, follow these steps.
- Generate a keypair.
(umask 077 && wg genkey | tee private.key | wg pubkey) > public.key
-
Open a support ticket requesting VPN access. Include the contents of
public.key
, which is a base64 encoded string. -
Wait for a response from the ops team. They will set up access and assign a private IP address for your client.
-
Create a config file
/etc/wireguard/iocoop.conf
.
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.20.X
[Peer]
PublicKey = 7GtxId7m+qDYttGsBNTG4AhibRR/C8VAso3WnDllVUc=
Endpoint = console.scl.iocoop.org:51820
AllowedIPs = 10.0.0.0/19
PersistentKeepalive = 27
Be sure to replace YOUR_PRIVATE_KEY
with the base64 string from your private.key
file, and 10.0.20.X
with the IP address you’ve been assigned by the ops team in step 3. Leave the PublicKey
in the [Peer]
section unchanged, as that is the key of the IO Coop VPN server.
- Bring up the interface.
wg-quick up iocoop
You should now be on the VPN. To see the connection status at any time, run the wg
command without any arguments. You don’t need to retain the .key files as the .conf itself is fully self contained.
If you need multiple clients to connect simultaneously, each one will need its own keypair and IP address.