sapient/wgtool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
wgtool/ZION_INTEGRATION.md
sapient f9529c6055 chore: initial commit of wgtool
2026-03-22 00:54:58 -07:00

5.0 KiB
Raw Permalink Blame History

Zion Integration Guide

This guide explains how the WireGuard setup script integrates with the Zion central server configuration.

Zion Server Configuration

Based on the CURRENT_WORKING/zion.conf file, Zion is configured as:

[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = UJvsfv6iQPAW9Wnc81bK0o3IIHX86kGb+24dUTuGFnA=
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip route add 10.8.0.0/24 dev wg0 2>/dev/null || true
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip route del 10.8.0.0/24 dev wg0 2>/dev/null || true

Zion Public Key for Clients

All client configurations use Zion's public key:

2ztJbrN1x1NWanzPGLiKL19ZkdOhm5Y7WeKEWBT5cyg=

Current Zion Peers

Zion currently has these peers configured:

Node IP Address Public Key
Cth 10.8.0.10 NBktXKy1s0n2lIlIMODvOqKNwAtYdoZH5feKt5P43i0=
Aza 10.8.0.2 qmTKA257DLOrfhk5Zw8RyRmBSonmm6epbloT0P0ZWDc=
Nyar 10.8.0.20 2BA7L1oJP1tK6dIUNHMgcZmOmYmlyPRe2RaBqfUsEWo=
Galaxy 10.8.0.99 QBNt00VSedxPlq3ZvsdYaqIcbudCAyxv9TG65aPVZzM=
nanocube 10.8.0.7 /ZImoATDIS0e0N08CD7mqWbhtGlSnynpPuY04Ed4Zyc=
jupiter 10.8.0.42 YIFQ43ULk/YoCgOv3SBU6+MOrbxd+mlvaw9rT8uoNmw=
HASS 10.8.0.8 C+Poz/7DaXCxe4HZiL6D5cld4jMt5o1gBq3iPiBzrg0=
framebot 10.8.0.40 loS3yZapqmt6lP53Q+s4EvUzw6FmwgZC8jzgLluJ1Es=

Adding New Nodes to Zion

When you create a new node using the setup script, you need to add it to Zion's configuration.

Method 1: Using the Helper Script

./generate_zion_peer.sh <node_name> <public_key> <ip_address>

Example:

./generate_zion_peer.sh mynode ABC123def456ghi789jkl012mno345pqr678stu901vwx234yz567890= 10.8.0.30

Method 2: Manual Addition

Add the following to Zion's /etc/wireguard/wg0.conf:

# your_node_name
[Peer]
PublicKey = your_public_key_here
AllowedIPs = your_ip_address/32

Zion Configuration File Location

Zion's configuration is located at:

/etc/wireguard/wg0.conf

Adding a New Peer to Zion

  1. Get the new node's information from the setup script output:

    • Node name
    • Public key
    • IP address

  2. Edit Zion's configuration:

    sudo nano /etc/wireguard/wg0.conf

  3. Add the peer section at the end of the file:

    # your_node_name
[Peer]
PublicKey = your_public_key_here
AllowedIPs = your_ip_address/32

  4. Save and restart Zion's WireGuard:

    sudo systemctl restart wg-quick@wg0

Client Configuration Pattern

All client configurations follow this pattern:

[Interface]
PrivateKey = <client_private_key>
Address = <client_ip>/24

# Zion (central server)
[Peer]
PublicKey = 2ztJbrN1x1NWanzPGLiKL19ZkdOhm5Y7WeKEWBT5cyg=
AllowedIPs = 10.8.0.0/24
Endpoint = ugh.im:51820
PersistentKeepalive = 25

Network Topology

zion (10.8.0.1) - Central Server
├── aza (10.8.0.2) - Client
├── cth (10.8.0.10) - Hybrid
├── galaxy (10.8.0.99) - Client
├── nyan (10.8.0.20) - Client
├── nanocube (10.8.0.7) - Client
├── jupiter (10.8.0.42) - Client
├── HASS (10.8.0.8) - Client
├── framebot (10.8.0.40) - Client
└── your_new_node (10.8.0.x) - Client

Setup Script Integration

The wireguard_setup.sh script:

  1. Automatically includes Zion as the default peer for all new nodes
  2. Uses the correct Zion public key from the CURRENT_WORKING configuration
  3. Provides clear instructions for updating Zion's configuration
  4. Generates the exact peer configuration needed for Zion
  5. Includes Zion's current peer structure for reference

Troubleshooting

Common Issues

  1. Connection fails after adding peer to Zion

    • Ensure Zion's WireGuard was restarted: sudo systemctl restart wg-quick@wg0
    • Check Zion's logs: sudo journalctl -u wg-quick@wg0 -f

  2. IP address conflicts

    • Check if the IP is already in use by another peer
    • Use a different IP in the 10.8.0.x range

  3. Public key format issues

    • Ensure the public key is exactly 44 characters long
    • Check for any extra spaces or characters

Verification Commands

# Check Zion's WireGuard status
sudo wg show wg0

# Check Zion's configuration
sudo cat /etc/wireguard/wg0.conf

# Check Zion's systemd service
sudo systemctl status wg-quick@wg0

# Check Zion's logs
sudo journalctl -u wg-quick@wg0 -f

Security Notes

  1. Zion's private key should never be shared
  2. Client public keys are safe to share and add to Zion
  3. IP addresses should be unique within the 10.8.0.x range
  4. File permissions should be 600 for all WireGuard configs

Next Steps

After setting up a new node:

  1. Run the setup script: ./wireguard_setup.sh
  2. Use the helper script to generate Zion peer config: ./generate_zion_peer.sh
  3. Add the peer to Zion's configuration
  4. Restart Zion's WireGuard
  5. Start the new node's WireGuard
  6. Test connectivity between nodes
Reference in New Issue View Git Blame Copy Permalink