====== Configure Wiregaurd Client for Customers ====== 
Author: Eoin Hearne

===== Introduction ===== 

We have customers that cannot connect to their network through a public network. Customers that have an Errigal device (Edge) deployed in their network can utilise the wiregard network config to tunnel into their network.

===== Required =====

	* Have an active Edge configured at the customer site with customer user
	* Generate new peer for customer wireguard client
	* Test connection

===== Generate New Peer =====
In this example, we will configure the Edge for Shared Access to act as a tunnel into their network. Locate the host file in env-config, prodsco/sharedaccess-hosts.ini. This file contains all the peers we have generated (1 peer per client). Each peer is usually assigned to each Errigal device for that customer, with an Errigal server also acting as a client.

In this example:

	* scooat1: peer1
	* edge1: peer2
	* edge2: peer3
	* guardian: peer4

We will setup the customer client as peer 5. To do this, first specify the maximum number of peers will generate by adding the following variable in the hosts file under all:vars or wireguard_server:vars

<code>wireguard_peer_count=5</code>

In the deployment playbooks, run the below playbook

<code>ansible-playbook -i ../env-configuration/prodsco/sharedaccess-hosts.ini wireguard.yml --limit=wireguard_server</code>

This will generate a new peer config file which will be used by the wireguard client - deployment-playbooks/roles/wireguard_client/files/prodsco/sac/peer5/peer5.conf

===== Test Connection =====

Save the peer5.conf file. Download the wireguard client for your computer -  [[https://www.wireguard.com/install/|Wireguard site]]

Once installed, open the client, click + -> "Import Tunnels from File" and find the peer5.conf file. Once it's loaded, click activate

Run the command to tunnel to port 2001

<code>ssh -D 2001 sharedaccess@10.13.19.5</code>

Setup the tunnel in Firefox and try connect to a device in their private network

[[http://wiki.err/doku.php?id=support:tunneling|Errigal Tunnel Wiki]]
[[https://taniguti.blog/ssh-tunnels-firefox-chrome|Firefox and Chrome Tunnel Instructions]]