# DeTEE WireGuard Example

This examples shows how WireGuard can be used to create network overlays on top of DeTEE.
The example is academic and real world scenarios will require improved setups.

## Network Diagram

```mermaid
graph TD
    Laptop(Laptop<br/>local-cali: 10.100.10.10/24<br/>local-vanc: 10.200.20.10/24)
    CaliBastion(Cali Bastion<br/>Server: 10.100.10.1/24<br/>Client: 10.200.20.21/24)
    VancBastion(Vanc Bastion<br/>Server: 10.200.20.1/24<br/>Client: 10.100.10.21/24)
    CaliProtected(Cali Protected<br/>cali: 10.100.10.101/24<br/>vanc: 10.200.20.101/24)
    VancProtected(Vanc Protected<br/>cali: 10.100.10.201/24<br/>vanc: 10.200.20.201/24)

    Laptop -- "WireGuard" --> CaliBastion
    Laptop -- "WireGuard" --> VancBastion

    CaliBastion -- "WireGuard" --> CaliProtected
    CaliBastion -- "WireGuard" --> VancProtected
    VancBastion -- "WireGuard" --> CaliProtected
    VancBastion -- "WireGuard" --> VancProtected
```

## Commands

To create the VMs, run `./create_vms.sh`.

To deploy WireGuard, run `./deploy.sh`.

To test the connections, try to access services running on the protected nodes:
```
curl http://10.200.20.101
curl http://10.100.10.101
curl http://10.100.10.201
curl http://10.200.20.201
```

## Possible improvements

The following improvements would be cool for this setup:
- create failover routing that triggers if one of the bastions goes down
- hide SSH from the public IP and allow SSH only via private network