Wireguard EC2 Lab

• Overview
  • Relevant Existing Notes
  • SYS-265 AWS Lab
  • Firewall mistake

Overview

Relevant Existing Notes

I have a handful of existing pages that are relevant to this lab, most of which I added to or otherwise improved while working on this lab:

• [Amazon EC2: Firewall Management](./Amazon-EC2%3A-Firewall-Management
• Amazon EC2: Remote Access
• Linux: Change Account Username
• Networking: Infrastructure: Dynamic DNS

Additionally, I had this page about Wireguard, but it only had info about the incredibly specific use case of connecting from a Windows 10 system to a VyOS system, not any of the far more common setups. I have added quite a lot to it while working on this lab.

SYS-265 AWS Lab

All but one of the existing documents were originally created for [this SYS-265 Lab from 2 years ago](./Working-Notes%3A-SYS265%3A-Amazon-EC2-Lab. Because of this, I decided to review my notes for that lab, and I was surprised at how much of my modern workflow can be traced back to it.

In my notes for that lab, I specifically mentioned the creation of what would become the Linux: Change Account Username page because the RHEL EC2 instances came with a default user with a name I did not like, and I wanted to rename it to eliminmax. This is now something I do on any linux system I am given control over, e.g. with the champuser accounts on the class VMs.

While I originally used a different dynamic DNS provider, that lab is the reason I was looking into the concept, and I now use duckdns.

I mention using GVim instead of Github's wiki editor as a sort of challenge to myself, and my use of various vim plugins to make things run more smoothly. I now use Neovim as a text editor wherever possible, and the list of plugins I use has both grown and changed substantially, but before that class, I avoided using Vim wherever possible.

I mention using jq as part of a script to load the list of AWS IP subranges for use in SSH configs. It was a hacked-together mess of a script that I abandoned almost immediately, but it was where I first leared about that tool, which is now a major part of my workflow - it is a domain-specific language for working with JSON data that I have found immensely helpful in a wide range of cases.

Messing with the SSH configuration to set up a smoother workflow has become second nature to me, but if memory serves, that script was where I first started working with it.

But enough about the past.

Firewall mistake

The only notable issue I ran into in this lab was the complete failure to get the Wireguard connection to work, and after a quick bit of packet monitoring, I discovered that I'd accidentally set up the EC2 firewall to allow traffic to port 59100/UDP instead of 51900/UDP. Once discovered, it was an easy fix.