Create a WireGuard® server with as few configuration steps as possible.
The CloudFormation template in this repository will
- Deploy an EC2 instance
- Add security groups only opening two ports (for WireGuard® and SSH from a single IP)
- Install WireGuard® and other small dependencies
- Configure a WireGuard® server with suitable client configuration files
As mentioned above, there is almost nothing to configure other than the source IP address and the certificate for SSH access.
- If necessary: Create a key pair for EC2 in the AWS account you want to use.
- Go to CloudFormation and upload the CloudFormation template
cloudformation.yaml. - Specify the key and your IP address for the SSH connection later.
- Create the CloudFormation stack.
- After a while there will be a zip archive on the EC2 instance at
/home/ubuntu/clients.zipcontaining 255 client configurations (each as a file and a QR code). Use for examplescpto download it. - Unpack the zip archive and distribute the client configurations.
- Keep in mind that using this VPN does not make you anonymous when surfing the web. The IP address of the server is still exposed and can easily be linked to your AWS account (including payment information, the source IP for the deployment of the server, ...).
- The supported AWS regions are to be expanded step by step, the current list can be found in the CloudFormation template.
- The lack of configuration options is considered a feature of this project - a more flexible approach can be found in the repositorty wireguard-on-ec2 by LINALIN1979.
- It's generally a bad idea to pipe scripts from the internet directly to
bash.
Any kind of feedback or contributions are welcome!