Skip to content
This repository has been archived by the owner on Feb 25, 2023. It is now read-only.
/ infra-vpn Public archive

Automation for WireGuard VPN tunnels

License

0BSD license
32 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

whitequark/infra-vpn

BranchesTags

Repository files navigation

Automation for WireGuard VPN tunnels

Setting up VPN servers

Provision any number of machines based on Debian 11 and create/update hosts.cfg, e.g.:

[vpn]
vpn-01 ansible_host=42.0.0.1

The default WireGuard listening port is 10000. It is possible to customize the port per machine:

[vpn]
vpn-01 ansible_host=42.0.0.1 wireguard_port=12345

After that, run:

ansible-playbook playbook.yml

Setting up VPN clients

Set up any number of WireGuard clients with unique IPs and create/update wireguard.yml, e.g.:

---
wireguard_peers:
  client-01:
    host: 10.0.0.2
    pubkey: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

In some cases (e.g. on Android), it is convenient to import WireGuard configurations with the private key included. It is possible to also specify the private key, which will be injected into the generated tunnel configuration file:

---
wireguard_peers:
  client-01:
    host: 10.0.0.2
    privkey: QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ=
    pubkey: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

After that, run:

ansible-playbook playbook.yml --tags wireguard

Once the playbook finishes, the VPN tunnel configurations for every client will be exported under configs/, e.g. configs/client-01/wg-vpn-01.conf for the infrastructure described above.

License

0-clause BSD

About

Automation for WireGuard VPN tunnels

Resources

Readme

License

0BSD license
Activity

Stars

32 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published