wireguard on aws server

This is an ansible playbook that launches a wireguard vpn server in the amazon cloud.

Created by Stefan Maerkle <stefan at abgruen dot de>

Optimized for minimized costs

It is optimized to minimize aws costs:

  • uses arm64 graviton instances (cheaper than amd64)
  • uses spot instance (cheaper than on demand)
  • uses t4g.nano with 512MB (smallest/cheapest instance type)
  • uses Debian 10 arm64 ami, for your right image look at https://wiki.debian.org/Cloud/AmazonEC2Image/Buster

What does it do?

It installs a debian server (arm64) and wireguard on it. It configures wireguard with as much clients as you need and provides the client profiles you need to get your wireguard clients running. Some details:

  • Uses private subnet 10.100.100.0/24 that is then nat'ed to the internet
  • Uses quad9 dns server 9.9.9.9 through the tunnel
  • Client does route EVERYTHING through the tunnel
  • Server has NO firewalling neither as aws security group restriction nor on the debian server

Prerequisites

  1. You need an aws account
  2. You need credentials for api usage and store them in environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  3. You need a ssh key that you can use to connect to a linux instance e.g. ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
  4. You need ansible installed on your machine e.g. apt-get install ansible
  5. You need the amazon.aws collection installed from ansible-galaxy e.g. ansible-galaxy collection install amazon.aws

Installation of server

  1. ansible-playbook create_aws_wireguard_server.yml
  2. provide informations the script asks from you. If in doubt just accept defaults by pressing return

Installation of clients

  1. Install wireguard client for your operating system (e.g. via package manager or Appstore)
  2. Import the client profile that was created during the server installation. It is located in wireguard_profiles subfolder as config file and as a qrcode png file to be scanned by mobile clients
Description
No description provided
Readme 69 KiB
Languages
Shell 100%