Skip to content

felipelaptrin/wireguard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

wireguard

Description

This is a project for setup an on-demand VPN. It was done using:

  • Wireguard: Open source VPN software
  • AWS: Using AWS as cloud provider
  • Terraform: Setup all the infrastructure and configs
  • Bash: To set up the EC2 and config client instance

Architecture

Architecture

The architecture of this project is really simple. The really small EC2 instance type, because we are only worried about networking running an API build using FastAPI (port 8000) and Wireguard (port 51820).

Since Wireguard relies on a public/private key system, I needed to share the server's public key with the host (you, in this case) and the host's public key with the server. Also, I would like to connect more than one host to the VPN, so there was a need to control the internal private IPs of the VPN.

How to run?

First, make sure to have installed:

  • Terraform
  • AWS CLI
  • jq
  • qrencode

1) Clone this repo

git clone https://github.com/felipelaptrin/wireguard.git
cd wireguard

2) Create the infrastructure

Create the infrastructure using Terraform:

cd terraform
terraform init
terraform apply

Feel free to modify default values based on the README inside the terraform folder. By default, you only need to define (after you run terraform apply) the API KEY to be used to auth the incoming requests.

PS: I decided to use a SPOT instance to run the VPN to make it cheap and I will only use it for a couple of hours on random days and I consider this to be non-critical, so I'm ok if the spot instance is lost because of the spot market. Be aware that the instance may be interrupted by AWS at any time.

3) Setup the client

There is a script for installing Wireguard and setup all the configurations. Before running the scripts set the environment variables. Remember that the <API_KEY> you defined when applying terraform and <EC2_PUBLIC_IP> will be output at the end of the terraform apply.

export API_KEY=<API_KEY>
export EC2_PUBLIC_IP=<EC2_PUBLIC_IP>

Run the script. Make sure to wait a couple of minutes (3 minutes is more than enough) to wait for the EC2 to be ready for use. You can check if it's on by running curl $EC2_PUBLIC_IP:8000/health. And see the response is {"status":"healthy"}.

For a new unix (Linux/Mac) user:

cd ..
sudo bash scripts/set_client_unix.sh $API_KEY $EC2_PUBLIC_IP

For mobile (Android/iOS) users:

cd ..
sudo bash scripts/set_client_mobile.sh $API_KEY $EC2_PUBLIC_IP

Note that this step must be done for all VPN clients.

4) Connecting to the VPN

For unix user:

To connect to the VPN type:

sudo wg-quick up wg0

To disconnect you need to run:

sudo wg-quick down wg0

For mobile users: After setting up a mobile user, a QR core will be generated in the following path: /tmp/wireguard_qrcode.png. Open it and scan with your mobile.

5) Destroying everything

Are you done? Destroy all the infrastructure using terraform.

If you used in your unix computer then, first logout:

sudo wg-quick down wg0

Then you can destroy the infrastructure:

cd terraform
terraform destroy

About

On-demand Wireguard VPN using Terraform and AWS

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published