Skip to content

Create a VPN/proxy using Terraform and WireGuard

License

Notifications You must be signed in to change notification settings

aramperes/vpn-tf

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

vpn-tf

This Terraform project creates a VPN endpoint using WireGuard and sets up a Dante SOCKS5 proxy server. The infrastructure is deployed on DigitalOcean, and it allows you to establish secure and private connections over the internet.

This project is for educational purposes only. This is my first Terraform project.

Prerequisites

Before using this Terraform project, make sure you have the following prerequisites:

  • Terraform installed on your local machine.
  • A DigitalOcean account and a Personal Access Token for authentication.
  • An SSH key pair for accessing the created droplets. You should also upload the public key to your DigitalOcean account.
  • A device with WireGuard installed. On Windows, create a new empty tunnel and record the public key. On Linux, generate a private/public key combination using wg genkey and wg pubkey.
  • A separate public/private key pair to be assigned to the new VPN droplet

Usage

  1. Clone this repository to your local machine:

    git clone https://github.com/aramperes/vpn-tf.git
    cd vpn-tf
  2. Create a terraform.tfvars file with the required variables:

    # terraform.tfvars
    
    do_token = "your_digitalocean_token"
    ssh_priv_path = "/path/to/your/private/key"
    do_ssh_key_name = "your_ssh_key_name" # Name of SSH key on DigitalOcean. Must be the public key that matches the private key in "ssh_priv_path".
    do_vpc = "your_digitalocean_vpc_id" # Copy the UUID of the DigitalOcean VPN this droplet should be created under. Recomend creating a separate VPC for this.
    do_droplet_size = "s-1vcpu-1gb"
    do_droplet_region = "tor1"
    do_droplet_image = "ubuntu-22-04-x64"
    wg_droplet_ip = "10.0.0.2"  # Update with a unique WireGuard IP for the droplet
    wg_droplet_priv = "droplet_private_key"  # Update the private WireGuard key for the droplet
    wg_subnet = "10.0.0.0/24"  # Update with the WireGuard address range that should be allowed to connect to your VPN
    wg_peer_pub = "peer_public_key"  # Update with the public key of your client
  3. Initialize and apply the Terraform configuration:

    terraform init
    terraform apply
  4. Confirm the deployment by typing yes when prompted.

  5. After the deployment is complete, run terraform show to display the DigitalOcean IP address:

    terraform show

    Look for the ipv4_address attribute under the digitalocean_droplet resource. This is the IP address of your deployed droplet.

Connect

In your client's WireGuard configuration, add a peer for your newly created VPN droplet:

[Peer]
PublicKey = droplet_public_key
AllowedIPs = 10.0.0.2/32
Endpoint = droplet_ip:51820

Test the SOCKS5 proxy with curl:

curl -x socks5://10.0.0.2:1080 http://ifconfig.me

If all is well, this should print the Droplet's IP.