stefan/wg-aws
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity
wg-aws/Readme.md
Stefan Märkle e3a5d84c9f rename playbook
2020-12-02 23:09:32 +01:00

1.7 KiB
Raw Blame History

wireguard on aws server

This is an ansible playbook that launches a wireguard vpn server in the amazon cloud.

Created by Stefan Maerkle <stefan at abgruen dot de>

Optimized for minimized costs

It is optimized to minimize aws costs:

  • uses arm64 graviton instances (cheaper than amd64)
  • uses spot instance (cheaper than on demand)
  • uses t4g.nano with 512MB (smallest/cheapest instance type)
  • uses Debian 10 arm64 ami

What does it do?

It installs a debian server (arm64) and wireguard on it. It configures wireguard with as much clients as you need and provides the client profiles you need to get your wireguard clients running. Some details:

  • Uses private subnet 10.100.100.0/24 that is then nat'ed to the internet
  • Uses quad9 dns server 9.9.9.9 through the tunnel
  • Client does route EVERYTHING through the tunnel
  • Server has NO firewalling neither as aws security group restriction nor on the debian server

Prerequisites

  1. You need an aws account
  2. You need credentials for api usage and store them in environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  3. You need a ssh key that you can use to connect to a linux instance e.g. ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
  4. You need ansible installed on your machine e.g. apt-get install ansible
  5. You need the amazon.aws collection installed from ansible-galaxy e.g. ansible-galaxy collection install amazon.aws

Installation of server

  1. ansible-playbook create_aws_wireguard_server.yml

Installation of clients

  1. Install wireguard client for your operating system (e.g. via package manager or Appstore)
  2. Import the client profile that was created during the server installation. It is located in wireguard_profiles subfolder.