Author: Eoin Hearne

We have customers that cannot connect to their network through a public network. Customers that have an Errigal device (Edge) deployed in their network can utilise the wiregard network config to tunnel into their network.

• Have an active Edge configured at the customer site with customer user
• Generate new peer for customer wireguard client
• Test connection

In this example, we will configure the Edge for Shared Access to act as a tunnel into their network. Locate the host file in env-config, prodsco/sharedaccess-hosts.ini. This file contains all the peers we have generated (1 peer per client). Each peer is usually assigned to each Errigal device for that customer, with an Errigal server also acting as a client.

In this example:

• scooat1: peer1
• edge1: peer2
• edge2: peer3
• guardian: peer4

We will setup the customer client as peer 5. To do this, first specify the maximum number of peers will generate by adding the following variable in the hosts file under all:vars or wireguard_server:vars

wireguard_peer_count=5

In the deployment playbooks, run the below playbook

ansible-playbook -i ../env-configuration/prodsco/sharedaccess-hosts.ini wireguard.yml --limit=wireguard_server

This will generate a new peer config file which will be used by the wireguard client - deployment-playbooks/roles/wireguard_client/files/prodsco/sac/peer5/peer5.conf

Save the peer5.conf file. Download the wireguard client for your computer - Wireguard site

Once installed, open the client, click + → “Import Tunnels from File” and find the peer5.conf file. Once it's loaded, click activate

Run the command to tunnel to port 2001

ssh -D 2001 sharedaccess@10.13.19.5

Setup the tunnel in Firefox and try connect to a device in their private network

Errigal Tunnel Wiki Firefox and Chrome Tunnel Instructions