Tunnelling with Wireguard + L2TP and IP routing with FRRouting on Debian 9 (stretch)

Generate Wireguard public/private keys

Add the unstable Debian package repositories to Debian to install Wireguard

su -c 'echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list'
su -c "printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable"
sudo apt update

Install Wireguard

sudo apt install wireguard

Now create the public/private keypair needed to be able to establish tunnels.

(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee /etc/wireguard/wg0.conf > /dev/null)
wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey

Generate L2TP config for site-A and site-B

Note the reversal of

  • local/peer tunnel ID,
  • local/remote tunnel ip,
  • source/destination udp port,
  • local/peer session ID, and
  • local/peer ip.
## site-A
ip l2tp add tunnel tunnel_id 3000 peer_tunnel_id 4000 encap udp local 203.0.113.1 remote 203.0.113.2 udp_sport 5000 udp_dport 6000
ip l2tp add session tunnel_id 3000 session_id 1000 peer_session_id 2000
ip link set l2tpeth0 up mtu 1488
ip addr add 192.0.2.0 peer 192.0.2.1 dev l2tpeth0
## site-B
ip l2tp add tunnel tunnel_id 4000 peer_tunnel_id 3000 encap udp local 203.0.113.2 remote 203.0.113.1 udp_sport 6000 udp_dport 5000
ip l2tp add session tunnel_id 4000 session_id 2000 peer_session_id 1000
ip link set l2tpeth0 up mtu 1488
ip addr add 192.0.2.1 peer 192.0.2.0 dev l2tpeth0

Routing with FRRouting 5.0

The RPKI enabled version of FRRouting was not chosen because of a broken dependency chain within Debian regarding frr(RPKI) is dependant on rtrlib0. rtrlib0 need be compiled from source with cmake, and rtrlib0 is then dependent in libssh v6.0 to enable SSH support when compiled. libssh need be compiled from TAR balls in Debian to be installed. Hence why was not chosen. :/

First download all the deb packages from the GitHub release archives

for FILE in \
    https://github.com/FRRouting/frr/releases/download/frr-5.0/frr_5.0-1.debian9.1_amd64.deb \
    https://github.com/FRRouting/frr/releases/download/frr-5.0/frr-pythontools_5.0-1.debian9.1_all.deb \
    https://github.com/FRRouting/frr/releases/download/frr-5.0/frr-doc_5.0-1.debian9.1_all.deb
do
    wget $FILE
done

Then install the deb files and fix broken dependencies popping up while at it to prevent the install from staling.

sudo dpkg -i frr*.deb
sudo apt --fix-broken install
sudo dpkg -i frr*.deb

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s