Skip to content
/ vpn-tf Public

Create a VPN/proxy using Terraform and WireGuard

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aramperes/vpn-tf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
files
files
 
 
.gitignore
.gitignore
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
provider.tf
provider.tf
 
 
vpn-droplet.tf
vpn-droplet.tf
 
 

Repository files navigation

vpn-tf

This Terraform project creates a VPN endpoint using WireGuard and sets up a Dante SOCKS5 proxy server. The infrastructure is deployed on DigitalOcean, and it allows you to establish secure and private connections over the internet.

This project is for educational purposes only. This is my first Terraform project.

Prerequisites

Before using this Terraform project, make sure you have the following prerequisites:

  • Terraform installed on your local machine.
  • A DigitalOcean account and a Personal Access Token for authentication.
  • An SSH key pair for accessing the created droplets. You should also upload the public key to your DigitalOcean account.
  • A device with WireGuard installed. On Windows, create a new empty tunnel and record the public key. On Linux, generate a private/public key combination using wg genkey and wg pubkey.
  • A separate public/private key pair to be assigned to the new VPN droplet

Usage

  1. Clone this repository to your local machine:

    git clone https://github.com/aramperes/vpn-tf.git
cd vpn-tf

  2. Create a terraform.tfvars file with the required variables:

    # terraform.tfvars

do_token = "your_digitalocean_token"
ssh_priv_path = "/path/to/your/private/key"
do_ssh_key_name = "your_ssh_key_name" # Name of SSH key on DigitalOcean. Must be the public key that matches the private key in "ssh_priv_path".
do_vpc = "your_digitalocean_vpc_id" # Copy the UUID of the DigitalOcean VPN this droplet should be created under. Recomend creating a separate VPC for this.
do_droplet_size = "s-1vcpu-1gb"
do_droplet_region = "tor1"
do_droplet_image = "ubuntu-22-04-x64"
wg_droplet_ip = "10.0.0.2"  # Update with a unique WireGuard IP for the droplet
wg_droplet_priv = "droplet_private_key"  # Update the private WireGuard key for the droplet
wg_subnet = "10.0.0.0/24"  # Update with the WireGuard address range that should be allowed to connect to your VPN
wg_peer_pub = "peer_public_key"  # Update with the public key of your client

  3. Initialize and apply the Terraform configuration:

    terraform init
terraform apply

  4. Confirm the deployment by typing yes when prompted.

  5. After the deployment is complete, run terraform show to display the DigitalOcean IP address:

    terraform show

    Look for the ipv4_address attribute under the digitalocean_droplet resource. This is the IP address of your deployed droplet.

Connect

In your client's WireGuard configuration, add a peer for your newly created VPN droplet:

[Peer]
PublicKey = droplet_public_key
AllowedIPs = 10.0.0.2/32
Endpoint = droplet_ip:51820

Test the SOCKS5 proxy with curl:

curl -x socks5:https://10.0.0.2:1080 https://ifconfig.me

If all is well, this should print the Droplet's IP.

About

Create a VPN/proxy using Terraform and WireGuard

Topics

digitalocean terraform vpn infrastructure-as-code wireguard dante-server

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Languages