An ansible playbook to set up wireguard server.

Related tags

Networking poor-mans-vpn
Overview

Poor man's VPN (pay for only what you need)

An ansible playbook to quickly set up Wireguard server for occasional personal use. It takes around five minutes to set this up. Spin up a VM, run the playbook, do your business and delete the VM.

Motivation: Lately due to GDPR many websites are blocking access in the EU. For me, I cannot order medicines back home via netmeds.com or book flights/hotels via makemytrip.com (as of December 2021). With wireguard and this playbook it becomes trivial to perform these tasks for very little cost.

Setup

  • Create a vm at your desired location from your favorite provider
    • I have tested with a $5 DigitalOcean droplet with Ubuntu 20.04 LTS
  • Make sure you can ssh into the machine with default public key
  • Install & start the wireguard client app
  • Create an empty tunnel
  • Copy the client public key

Create python environment

virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
deactivate

Run the playbook

Make sure your wireguard connection is deactivated

source venv/bin/activate
ansible-playbook -i <server public ip>, -u <server username> playbook.yaml

Prompts

Client public key: <copy from wireguard client app>
Allowed IPs [10.0.0.3]: 
Wireguard listen port [51820]:

Running the playbook multiple times will change the server private/public keys. Make sure to copy the new public key into the client config each time.

Client configuration

Edit the tunnel configurations so that it looks like this

[Interface]
PrivateKey = <auto generated for client>
Address = 10.0.0.3/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = <server wg public key / changes every time we run the playbook>
AllowedIPs = 0.0.0.0/0
Endpoint = <server public ip>:<wg port>
You might also like...
An ftp syncing python package that I use to sync pokemon saves between my hacked 3ds running ftpd and my server

Sync file pairs over ftp and apply patches to them. Useful for using ftpd to transfer ROM save files to and from your DS if you also play on an emulator. Setup a cron job to check for your DS's ftp server periodically to setup automatic syncing. Untested on windows. It may just work out of the box, unsure though.

null 17 Jan 4, 2023
No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers.

nntpserver.py No-dependency, single file NNTP server library for developing modern, rfc3977-compliant (bridge) NNTP servers for python =3.7. Develope

Manos Pitsidianakis 44 Nov 14, 2022
mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server.

Fox-IT 1.3k Jan 5, 2023
A SOCKS proxy server implemented with the powerful python cooperative concurrency framework asyncio.

asyncio-socks-server A SOCKS proxy server implemented with the powerful python cooperative concurrency framework asyncio. Features Supports both TCP a

Amaindex 164 Dec 30, 2022
Pritunl is a distributed enterprise vpn server built using the OpenVPN protocol.
Pritunl is a distributed enterprise vpn server built using the OpenVPN protocol.

Pritunl is a distributed enterprise vpn server built using the OpenVPN protocol.

Pritunl 3.8k Jan 3, 2023
Extended refactoring capabilities for Python LSP Server using Rope.

pylsp-rope Extended refactoring capabilities for Python LSP Server using Rope. This is a plugin for Python LSP Server, so you also need to have it ins

null 36 Dec 24, 2022
A simple software which can use to make a server in local network

home-nas it is simple software which can use to make a server in local network, it has a web site on it which can use by multipale system, i use nginx

R ansh joseph 1 Nov 10, 2021
Script and library to wait for a DNS authority server to get its configuration.

DNSWait dnswait is a small script to wait for the "propagation" of a namserver configuration. Installing It's as easy as: python -m pip install dnswai

Julien Palard 14 Jan 17, 2022
Multipurpose Growtopia Server tools, can be used for newbie to learn things.
Multipurpose Growtopia Server tools, can be used for newbie to learn things.

Multipurpose Growtopia Server tools, can be used for newbie to learn things.

FelixF 3 Dec 1, 2021
Comments
  • Failing when running on Mac with M1

    Failing when running on Mac with M1

    Failed running on Mac with M1 chip using DO droplet

    PLAY [Wireguard server setup]*********************************************

TASK [Gathering Facts] ****************************************************
ok: [xxx.xx.xx.xx]

TASK [apt update] *********************************************************
ok: [xxx.xx.xx.xx]

TASK [Install wireguard] ***************************************************
changed: [xxx.xx.xx.xx]

TASK [wg0 down in case it's up] *******************************************
fatal: [xxx.xx.xx.xx]: FAILED! => {"changed": true, "cmd": "wg-quick down wg0", "delta": "0:00:00.017250", "end": "2022-01-14 05:39:29.010561", "msg": "non-zero return code", "rc": 1, "start": "2022-01-14 05:39:28.993311", "stderr": "wg-quick: `/etc/wireguard/wg0.conf' does not exist", "stderr_lines": ["wg-quick: `/etc/wireguard/wg0.conf' does not exist"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [Create wireguard keys directory] ************************************
changed: [xxx.xx.xx.xx]

TASK [Create wg server and client keys] ***********************************
changed: [xxx.xx.xx.xx]

TASK [Get server key] *****************************************************
changed: [xxx.xx.xx.xx]

TASK [Create wg0.conf from template] ************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
fatal: [xxx.xx.xx.xx]: FAILED! => {"changed": false, "msg": "Could not find or access 'wg0.conf.j2'\nSearched in:\n\t/poor-mans-vpn/templates/wg0.conf.j2\n\t/poor-mans-vpn/wg0.conf.j2\n\t/poor-mans-vpn/templates/wg0.conf.j2\n\t/poor-mans-vpn/wg0.conf.j2 on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}

PLAY RECAP **************************************************************
xxx.xx.xx.xx             : ok=7    changed=5    unreachable=0    failed=1    skipped=0    rescued=0    ignored=1
    opened by 0xYasser 2
  • What's the benefit instead of running Wireguard in a Docker container?

    What's the benefit instead of running Wireguard in a Docker container?

    Why are you not using Docker(-Compose) instead of installing and setting up Wireguard?

    Setting up a VM with Ansible is really great ๐Ÿ‘๐Ÿป but why do you not use a docker container? This would make your playbook much easier (install docker and docker-compose, copy docker-compose.yml and execute docker-compose)

    For example: https://github.com/linuxserver/docker-wireguard#usage

    ---
version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - SERVERURL=wireguard.domain.com #optional
      - SERVERPORT=51820 #optional
      - PEERS=1 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
    volumes:
      - /path/to/appdata/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
    opened by thomasmerz 2
  • Stop regenerating keys on every run

    Stop regenerating keys on every run

    You mention about keys being regenerated on every run - was this intentional? If you run the playbook again to reconfigure the system, is it desirable to regenerate keys?

    Feel free to use the space to just say that you wanted it to do it this way :D

    NOTE: I haven't tested this change as I don't have ansible, a system to test against/time right this second to spin up a docker container to run against, sorry :/

    Also, this repo got posted on HN :) https://news.ycombinator.com/item?id=29913515

    opened by MatthewJohn 3
Owner
Amrit Bera
Amrit Bera
GitHub
A script for generating WireGuard configs from Surfshark VPN

Surfshark WireGuard A script for generating WireGuard configs from Surfshark VPN. You must have python3 available on your machine. Usage Currently we

Alireza Ahmand 58 Dec 23, 2022
wg-exporter is a simple yet effective Prometheus exporter for Wireguard

wg-exporter wg-exporter is a simple yet effective Prometheus exporter for Wireguard. What are the collected metrics ? General: wg_connected_peers: num

men1n2 3 May 20, 2022
This is a Client-Server-System which can share the screen from the server to client and in the other direction.

Screenshare-Streaming-Python This is a Client-Server-System which can share the screen from the server to client and in the other direction. You have

VFX / Videoeffects Creator 1 Nov 19, 2021
This is a Client-Server-System which can send audio from a microphone from the server to client and in the other direction.

Audio-Streaming-Python This is a Client-Server-System which can send audio from a microphone from the server to client and in the other direction. You

VFX / Videoeffects Creator 0 Jan 5, 2023
A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other.

A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other. It also provides an Admin role with features including kicking and baning of users.

null 3 May 22, 2022
Test - Python project for Collection Server and API Server

QProjectPython Collection Server ์™€ API Server ๋ฅผ ์œ„ํ•œ Python ํ”„๋กœ์ ํŠธ ์ž…๋‹ˆ๋‹ค. [FastAPI์ฐธ๊ณ ]

null 1 Jan 3, 2022
A simple, configurable application and set of services to monitor multiple raspberry pi's on a network.

rpi-info-monitor A simple, configurable application and set of services to monitor multiple raspberry pi's on a network. It can be used in a terminal

Kevin Kirchhoff 11 May 22, 2022
A python tool auto change proxy or ip after dealy time set by user

Auto proxy Ghost This tool auto change proxy or ip after dealy time set by user how to run 1. Install required file ./requirements.sh 2.Enter command

Harsh Tagra 0 Feb 23, 2022
An opensource library to use SNMP get/bulk/set/walk in Python

SNMP-UTILS An opensource library to use SNMP get/bulk/set/walk in Python Features Work with OIDS json list [Find Here](#OIDS List) GET command SET com

Alexandre Gossard 3 Aug 3, 2022
Passive TCP/IP Fingerprinting Tool. Run this on your server and find out what Operating Systems your clients are *really* using.

Passive TCP/IP Fingerprinting This is a passive TCP/IP fingerprinting tool. Run this on your server and find out what operating systems your clients a

Nikolai Tschacher 158 Dec 20, 2022