Skip to content
/ wireguard Public

DRY setup for a WireGuard VPN server and including managing VPN clients - using ansible. When you add a client you get a zip file and the QR code in the terminal. You can delete clients too.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dryaf/wireguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
templates
templates
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
inventory-sample.ini
inventory-sample.ini
 
 
requirements.yml
requirements.yml
 
 
server_clean_known_hosts.yml
server_clean_known_hosts.yml
 
 
server_clean_local_known_hosts.yml
server_clean_local_known_hosts.yml
 
 
server_debug_vpn.yml
server_debug_vpn.yml
 
 
server_firewall_setup.yml
server_firewall_setup.yml
 
 
server_hardening.yml
server_hardening.yml
 
 
server_toggle_autoupgrades.yml
server_toggle_autoupgrades.yml
 
 
wireguard_client_add.yml
wireguard_client_add.yml
 
 
wireguard_client_list.yml
wireguard_client_list.yml
 
 
wireguard_client_qrcode.yml
wireguard_client_qrcode.yml
 
 
wireguard_client_remove.yml
wireguard_client_remove.yml
 
 
wireguard_server_setup.yml
wireguard_server_setup.yml
 
 
wireguard_server_status.yml
wireguard_server_status.yml
 
 

Repository files navigation

Wireguard DRY

This guide covers the setup process for a WireGuard VPN server and includes steps to add and manage VPN clients - using ansible. When you add a client you get a zip file and the QR code in the terminal.

Prerequisites

Ensure that you have the following software installed on your system:

  • Ansible
  • Homebrew (for macOS)
  • Python's netaddr package
  • devsec.hardening Ansible collection
  • community.general Ansible collection

If these are not installed, you can set them up with the following commands:

# Install Homebrew (macOS)
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# Install Ansible
brew install ansible 

# Install devsec.hardening Ansible collection
ansible-galaxy collection install devsec.hardening --force
ansible-galaxy collection install community.general --force

# Install netaddr Python package
pip install netaddr

Setup

Initialize

Initialize the server IP, username, and SSH port.

make init

The make init command will prompt you for the server host, server username, and SSH port (default: 22).

VPN Server Setup

To set up the WireGuard server, run the following command:

make vpn-server-setup

This command will ask you to enter the DNS server (default: 10.99.0.1).

Firewall Setup

Secure the server by blocking external access to sensitive ports (like DNS:53 and Web:8080) while allowing VPN clients and SSH.

make vpn-firewall-setup

Optional: Server Hardening

You can optionally harden your server with the devsec.hardening Ansible collection and the server_hardening.yml playbook.

ansible-galaxy collection install devsec.hardening --force
ansible-playbook -i inventory.ini server_hardening.yml

Managing VPN Clients

To add, remove, list, or generate QR codes for VPN clients, use the following commands:

Add a Client

make vpn-client-add

The command will prompt you to enter the client name.

Remove a Client

make vpn-client-remove

You will need to enter the client name that you want to remove.

List All Clients

make vpn-client-list

Display Client's QR Code

make vpn-client-qrcode

You will be asked to enter the client name whose QR code you want to display.

For further help and a list of all available commands, run make help.

License

GNU

About

DRY setup for a WireGuard VPN server and including managing VPN clients - using ansible. When you add a client you get a zip file and the QR code in the terminal. You can delete clients too.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages