This Terraform project creates a VPN endpoint using WireGuard and sets up a Dante SOCKS5 proxy server. The infrastructure is deployed on DigitalOcean, and it allows you to establish secure and private connections over the internet.
This project is for educational purposes only. This is my first Terraform project.
Before using this Terraform project, make sure you have the following prerequisites:
- Terraform installed on your local machine.
- A DigitalOcean account and a Personal Access Token for authentication.
- An SSH key pair for accessing the created droplets. You should also upload the public key to your DigitalOcean account.
- A device with WireGuard installed. On Windows, create a new empty tunnel and record the public key. On Linux, generate a private/public key combination using
wg genkey
andwg pubkey
. - A separate public/private key pair to be assigned to the new VPN droplet
-
Clone this repository to your local machine:
git clone https://github.com/aramperes/vpn-tf.git cd vpn-tf
-
Create a
terraform.tfvars
file with the required variables:# terraform.tfvars do_token = "your_digitalocean_token" ssh_priv_path = "/path/to/your/private/key" do_ssh_key_name = "your_ssh_key_name" # Name of SSH key on DigitalOcean. Must be the public key that matches the private key in "ssh_priv_path". do_vpc = "your_digitalocean_vpc_id" # Copy the UUID of the DigitalOcean VPN this droplet should be created under. Recomend creating a separate VPC for this. do_droplet_size = "s-1vcpu-1gb" do_droplet_region = "tor1" do_droplet_image = "ubuntu-22-04-x64" wg_droplet_ip = "10.0.0.2" # Update with a unique WireGuard IP for the droplet wg_droplet_priv = "droplet_private_key" # Update the private WireGuard key for the droplet wg_subnet = "10.0.0.0/24" # Update with the WireGuard address range that should be allowed to connect to your VPN wg_peer_pub = "peer_public_key" # Update with the public key of your client
-
Initialize and apply the Terraform configuration:
terraform init terraform apply
-
Confirm the deployment by typing
yes
when prompted. -
After the deployment is complete, run
terraform show
to display the DigitalOcean IP address:terraform show
Look for the
ipv4_address
attribute under thedigitalocean_droplet
resource. This is the IP address of your deployed droplet.
In your client's WireGuard configuration, add a peer for your newly created VPN droplet:
[Peer]
PublicKey = droplet_public_key
AllowedIPs = 10.0.0.2/32
Endpoint = droplet_ip:51820
Test the SOCKS5 proxy with curl:
curl -x socks5://10.0.0.2:1080 http://ifconfig.me
If all is well, this should print the Droplet's IP.