sapient/wgtool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
wgtool/ZION_INTEGRATION.md
sapient f9529c6055 chore: initial commit of wgtool
2026-03-22 00:54:58 -07:00

188 lines
5.0 KiB
Markdown
Raw Permalink Blame History

# Zion Integration Guide
This guide explains how the WireGuard setup script integrates with the Zion central server configuration.
## Zion Server Configuration
Based on the `CURRENT_WORKING/zion.conf` file, Zion is configured as:
```ini
[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = UJvsfv6iQPAW9Wnc81bK0o3IIHX86kGb+24dUTuGFnA=
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip route add 10.8.0.0/24 dev wg0 2>/dev/null || true
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip route del 10.8.0.0/24 dev wg0 2>/dev/null || true
```
## Zion Public Key for Clients
All client configurations use Zion's public key:
```
2ztJbrN1x1NWanzPGLiKL19ZkdOhm5Y7WeKEWBT5cyg=
```
## Current Zion Peers
Zion currently has these peers configured:
| Node | IP Address | Public Key |
|------|------------|------------|
| Cth | 10.8.0.10 | NBktXKy1s0n2lIlIMODvOqKNwAtYdoZH5feKt5P43i0= |
| Aza | 10.8.0.2 | qmTKA257DLOrfhk5Zw8RyRmBSonmm6epbloT0P0ZWDc= |
| Nyar | 10.8.0.20 | 2BA7L1oJP1tK6dIUNHMgcZmOmYmlyPRe2RaBqfUsEWo= |
| Galaxy | 10.8.0.99 | QBNt00VSedxPlq3ZvsdYaqIcbudCAyxv9TG65aPVZzM= |
| nanocube | 10.8.0.7 | /ZImoATDIS0e0N08CD7mqWbhtGlSnynpPuY04Ed4Zyc= |
| jupiter | 10.8.0.42 | YIFQ43ULk/YoCgOv3SBU6+MOrbxd+mlvaw9rT8uoNmw= |
| HASS | 10.8.0.8 | C+Poz/7DaXCxe4HZiL6D5cld4jMt5o1gBq3iPiBzrg0= |
| framebot | 10.8.0.40 | loS3yZapqmt6lP53Q+s4EvUzw6FmwgZC8jzgLluJ1Es= |
## Adding New Nodes to Zion
When you create a new node using the setup script, you need to add it to Zion's configuration.
### Method 1: Using the Helper Script
```bash
./generate_zion_peer.sh <node_name> <public_key> <ip_address>
```
Example:
```bash
./generate_zion_peer.sh mynode ABC123def456ghi789jkl012mno345pqr678stu901vwx234yz567890= 10.8.0.30
```
### Method 2: Manual Addition
Add the following to Zion's `/etc/wireguard/wg0.conf`:
```ini
# your_node_name
[Peer]
PublicKey = your_public_key_here
AllowedIPs = your_ip_address/32
```
## Zion Configuration File Location
Zion's configuration is located at:
```
/etc/wireguard/wg0.conf
```
## Adding a New Peer to Zion
1. **Get the new node's information** from the setup script output:
- Node name
- Public key
- IP address
2. **Edit Zion's configuration**:
```bash
sudo nano /etc/wireguard/wg0.conf
```
3. **Add the peer section** at the end of the file:
```ini
# your_node_name
[Peer]
PublicKey = your_public_key_here
AllowedIPs = your_ip_address/32
```
4. **Save and restart Zion's WireGuard**:
```bash
sudo systemctl restart wg-quick@wg0
```
## Client Configuration Pattern
All client configurations follow this pattern:
```ini
[Interface]
PrivateKey = <client_private_key>
Address = <client_ip>/24
# Zion (central server)
[Peer]
PublicKey = 2ztJbrN1x1NWanzPGLiKL19ZkdOhm5Y7WeKEWBT5cyg=
AllowedIPs = 10.8.0.0/24
Endpoint = ugh.im:51820
PersistentKeepalive = 25
```
## Network Topology
```
zion (10.8.0.1) - Central Server
├── aza (10.8.0.2) - Client
├── cth (10.8.0.10) - Hybrid
├── galaxy (10.8.0.99) - Client
├── nyan (10.8.0.20) - Client
├── nanocube (10.8.0.7) - Client
├── jupiter (10.8.0.42) - Client
├── HASS (10.8.0.8) - Client
├── framebot (10.8.0.40) - Client
└── your_new_node (10.8.0.x) - Client
```
## Setup Script Integration
The `wireguard_setup.sh` script:
1. **Automatically includes Zion** as the default peer for all new nodes
2. **Uses the correct Zion public key** from the CURRENT_WORKING configuration
3. **Provides clear instructions** for updating Zion's configuration
4. **Generates the exact peer configuration** needed for Zion
5. **Includes Zion's current peer structure** for reference
## Troubleshooting
### Common Issues
1. **Connection fails after adding peer to Zion**
- Ensure Zion's WireGuard was restarted: `sudo systemctl restart wg-quick@wg0`
- Check Zion's logs: `sudo journalctl -u wg-quick@wg0 -f`
2. **IP address conflicts**
- Check if the IP is already in use by another peer
- Use a different IP in the 10.8.0.x range
3. **Public key format issues**
- Ensure the public key is exactly 44 characters long
- Check for any extra spaces or characters
### Verification Commands
```bash
# Check Zion's WireGuard status
sudo wg show wg0
# Check Zion's configuration
sudo cat /etc/wireguard/wg0.conf
# Check Zion's systemd service
sudo systemctl status wg-quick@wg0
# Check Zion's logs
sudo journalctl -u wg-quick@wg0 -f
```
## Security Notes
1. **Zion's private key** should never be shared
2. **Client public keys** are safe to share and add to Zion
3. **IP addresses** should be unique within the 10.8.0.x range
4. **File permissions** should be 600 for all WireGuard configs
## Next Steps
After setting up a new node:
1. Run the setup script: `./wireguard_setup.sh`
2. Use the helper script to generate Zion peer config: `./generate_zion_peer.sh`
3. Add the peer to Zion's configuration
4. Restart Zion's WireGuard
5. Start the new node's WireGuard
6. Test connectivity between nodes
Reference in New Issue View Git Blame Copy Permalink