Start with these steps prior to configuring your server (slice).
Obtain your link-local subnet
First, you’ll need a link-local subnet. Run the following commands:
Make note of the data that follows each command. Execute the following:
printf <date-code><machine-id> | sha1sum
Take the ensuing string before the dash and execute the following command:
printf <string> | cut -c 31-
The resulting string will be 10 digits that represent your link-local IP without the initial “fd” prefix. The commands in series when executed will look like the following:
jeffl@thunder:~$ date +%s%N
jeffl@thunder:~$ cat /var/lib/dbus/machine-id
jeffl@thunder:~$ printf 1691384330103279541007cc62312139d9d7e0ed89a94007567 | sha1sum
jeffl@thunder:~$ printf bf9fac1f2453e2177384d0ef2ebb18014deef615 | cut -c 31-
In this case, the value
014deef615 corresponds to a link-local subnet of
apt install wireguard
Log into Stallion and configure your IPv4 and IPv6 settings. Assuming you used a template to install Ubuntu, your IPv4 should already be configured on the slice. You’ll need to assign an IPv6 IP and get your routed subnet.
NOTE: In Stallion, for IPv6, we do not need to setup an address for each peer, the purpose of the routed subnet is to assign the entire block of IPs to our slice and the client will determine the IP in its configuration. With this setup, your client can assign any IP within your routed subnet (or even multiple IPs so long as they are in your subnet). Since we are using NAT for IPv4, we have only 1 public IP and there is no configuration needed.
Your routed subnet will appear as something like
2605:xxxx:yyyy::/48 where xxxx and yyyy will be your specific values.
network: version: 2 ethernets: eth0: addresses: - 45.61.aaa.bbb/24 - 2605:xxxx:yyyy:zzzz::1/48 - 2605:xxxx:yyyy::1/48 routes: - to: "0.0.0.0/0" via: 45.61.aaa.1 - to: "::/0" via: 2605:xxxx:yyyy::1 nameservers: addresses: [169.254.168.53, 169.254.169.53]
Here, we explicitly set our IP addresses and we assign our routed subnet to
eth0 which is our main network interface to the internet. We also set the routes 0.0.0.0/0 and ::/0 so that our IPv4 and IPv6 traffic goes to the appropriate gateway. You will find your gateway under Network > IPv6; click on the gear icon and select “network settings” from the dropdown and you’ll get a window of various settings.
Make sure to set your next hop address (after assigning your IPv6 address) under the Networking > Routed Subnets configuration or your subnet won’t be routed!
Values in the netplan configuration need to be adjusted accordingly to match your IPs and Gateway settings from Stallion.
You’ll need to edit
Uncomment the lines:
And add the line:
net.ipv6.conf.eth0.accept_ra = 2
You can apply the configuration steps accordingly to avoid rebooting but I’d recommend a reboot at this point.
Configure Wireguard Server
Set it up like the following:
[Interface] Address = 10.8.0.1/24 Address = fd01:4dee:f615::1/64 SaveConfig = true PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; PostDown = ip6tables -D FORWARD -i eth0 -o wg0 -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ListenPort = 51820 PrivateKey = <SERVER_PRIVATE_KEY> [Peer] PublicKey = <CLIENT_PUBLIC_KEY> AllowedIPs = 10.8.0.2/32, 2605:xxxx:yyyy::2/128
Substitute your keys respectively and change
eth0 if you need to.
Configure the Wireguard Client
Your client configuration will look something similar to:
[Interface] PrivateKey = <CLIENT_PRIVATE_KEY> Address = 10.8.0.2/32, 2605:xxxx:yyyy::2/128 DNS = 2001:4860:4860::8888, 2001:4860:4860::8844, 22.214.171.124, 126.96.36.199 [Peer] PublicKey = <SERVER_PUBLIC_KEY> AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = <SLICE_ADDRESS>:51820 PersistentKeepalive = 25
The DNS addresses chosen here are the IPv6 and IPv4 addresses of Google.