updated readme
This commit is contained in:
parent
dcd9526b53
commit
542837d683
34
Readme.md
34
Readme.md
@ -1,2 +1,34 @@
|
|||||||
|
|
||||||
ansible-galaxy collection install amazon.aws
|
# wireguard on aws server
|
||||||
|
|
||||||
|
This is an ansible playbook that launches a wireguard vpn server in the amazon cloud.
|
||||||
|
|
||||||
|
Created by Stefan Maerkle `<stefan at abgruen dot de>`
|
||||||
|
|
||||||
|
## Optimized for minimized costs
|
||||||
|
It is optimized to minimize aws costs:
|
||||||
|
- uses arm64 graviton instances (cheaper than amd64)
|
||||||
|
- uses spot instance (cheaper than on demand)
|
||||||
|
- uses t4g.nano with 512MB (smallest/cheapest instance type)
|
||||||
|
- uses Debian 10 arm64 ami
|
||||||
|
|
||||||
|
## What does it do?
|
||||||
|
It installs a debian server (arm64) and wireguard on it. It configures wireguard with as much clients as you need and provides the client profiles you need to get your wireguard clients running.
|
||||||
|
Some details:
|
||||||
|
- Uses private subnet 10.100.100.0/24 that is then nat'ed to the internet
|
||||||
|
- Uses quad9 dns server 9.9.9.9 through the tunnel
|
||||||
|
- Client does route EVERYTHING through the tunnel
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
1. You need an aws account
|
||||||
|
2. You need credentials for api usage and store them in environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
|
||||||
|
3. You need a ssh key that you can use to connect to a linux instance e.g. `~/.ssh/id_rsa` and `~/.ssh/id_rsa.pub`
|
||||||
|
4. You need ansible installed on your machine e.g. `apt-get install ansible`
|
||||||
|
5. You need the amazon.aws collection installed from ansible-galaxy e.g. `ansible-galaxy collection install amazon.aws`
|
||||||
|
|
||||||
|
## Installation of server
|
||||||
|
1. ansible-playbook gravitoninstance.yml
|
||||||
|
|
||||||
|
## Installation of clients
|
||||||
|
1. Install wireguard client for your operating system (e.g. via package manager or Appstore)
|
||||||
|
2. Import the client profile that was created during the server installation. It is located in `wireguard_profiles` subfolder.
|
Loading…
x
Reference in New Issue
Block a user