changing wireguard port variable to tunnel port

banyansecurity · Mar 8, 2023 · 7eb3a69 · 7eb3a69
1 parent bf82d52
commit 7eb3a69
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 11 deletions.
diff --git a/main.tf b/main.tf
@@ -33,7 +33,7 @@ resource "google_compute_forwarding_rule" "accesstier" {
   region                = var.region
   ip_protocol           = "TCP"
   load_balancing_scheme = "EXTERNAL"
-  ports                 = [80, 443, 8443, 9998, var.wireguard_port]
+  ports                 = [80, 443, 8443, 9998, var.tunnel_port]
   backend_service       = google_compute_region_backend_service.accesstier.id
   ip_address            = google_compute_address.external.address
 }
@@ -128,7 +128,7 @@ resource "google_compute_instance_template" "accesstier_template" {
     "# Setting up an iptables DNAT to fix google's UDP load balancers DSR implementation, which forward the traffic with an untranslated destination \n",
     "apt-get update \n",
     "export DEBIAN_FRONTEND=noninteractive; apt-get -y install iptables-persistent && echo 'iptables persistent installed' \n",
-    "iptables -t nat -I PREROUTING -p udp --dport ${var.wireguard_port} -j DNAT --to-destination $(hostname -i) && echo 'DNAT rule applied' \n",
+    "iptables -t nat -I PREROUTING -p udp --dport ${var.tunnel_port} -j DNAT --to-destination $(hostname -i) && echo 'DNAT rule applied' \n",
     "echo 'installing Netagent' \n",
     var.datadog_api_key != null ? "curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script.sh | DD_AGENT_MAJOR_VERSION=7 DD_API_KEY=${var.datadog_api_key} DD_SITE=datadoghq.com bash -v \n" : "",
     "curl https://www.banyanops.com/onramp/deb-repo/banyan.key | apt-key add -\n",
@@ -171,7 +171,7 @@ resource "google_compute_firewall" "accesstier_ports_tunnel" {
   source_ranges = ["0.0.0.0/0"]
   allow {
     protocol = "udp"
-    ports    = [tostring(var.wireguard_port)]
+    ports    = [tostring(var.tunnel_port)]
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -60,8 +60,8 @@ variable "src_nat_cidr_range" {
 
 variable "tunnel_port" {
   type        = number
-  description = "UDP port for end users to this access tier to utilize when using service tunnel"
-  default     = null
+  description = "UDP port for end users to this access tier to utilize when using wireguard service tunnel"
+  default     = 51820
 }
 
 variable "tunnel_private_domains" {
@@ -198,9 +198,3 @@ variable "staging_repo" {
   description = "If set, the staging deb repository will be used for the netagent install. For internal use only."
   default     = null
 }
-
-variable "wireguard_port" {
-  type        = number
-  description = "wireguard port used to set custom wireguard ports if needed"
-  default     = 51820
-}