For now, this is a manual process to access the “new” Sepia lab in Poughkeepsie, NY.

1. For Mac, Install Wireguard from the App Store

For Linux,

sudo apt install wireguard-tools resolvconf
# or
sudo dnf install wireguard-tools

For Mac, install wireguard-tools using Homebrew

brew install wireguard-tools

3. Create a directory for a Wireguard keypair. E.g.,

mkdir ~/.wireguard

4. Generate a keypair

wg genkey | tee ~/.wireguard/private.key | wg pubkey > ~/.wireguard/public.key

Keep the Private Key secret!!

5. Send the public.key contents to David or Dan. They will update the Wireguard server and give you your VPN IP address.

6. Create ~/.wireguard/client.conf

PRIVATE_KEY=$(cat ~/.wireguard/private.key)

cat <<EOF > ~/.wireguard/client.conf
[Interface]
PrivateKey = $PRIVATE_KEY
Address = X.X.X.X/32
DNS = 10.20.192.11, front.sepia.ceph.com, ipmi.sepia.ceph.com
MTU = 1280

[Peer]
PublicKey = kyEHy3ZBewI5RiK4/a0/UQn6O1kMt3h8V3u0OwsfUXc=
AllowedIPs = 172.16.48.0/24, 10.20.192.0/20, 10.20.208.0/20, 172.16.50.0/23, 172.16.53.0/25, 172.16.55.0/26, 172.16.56.0/23, 172.16.59.0/25, 172.16.60.0/25
Endpoint = 192.86.31.5:1194
PersistentKeepalive = 25
EOF

6. Once Dan or David give you your private IP, replace X.X.X.X in client.conf with it.

7. Bring up the interface

On Mac OS, open the Wireguard GUI. Press Command+O and open ~/.wireguard/client.conf

On Ubuntu,

sudo mkdir -p /etc/wireguard
sudo mv ~/.wireguard/client.conf /etc/wireguard/wg0.conf
sudo chmod 600 /etc/wireguard/wg0.conf
sudo wg-quick up wg0

8. Click Activate

Success looks like