Skip to content

Cauchon/wireguard_ansible

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

templates

templates

 
 

README.md

README.md

 
 

dns.yml

dns.yml

 
 

firewall.yml

firewall.yml

 
 

hosts

hosts

 
 

wireguard.yml

wireguard.yml

 
 

Repository files navigation

wireguard_ansible

This is the ansible automation of the Wireguard VPN set up described here https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/ This will create ten VPN client profiles when done.

NOTE: This is a fork that updates eth0 to venet0:0 for OpenVZ servers

Requirements

This assumes an ubuntu 16.04 client. It should also work on other platforms with minimal tweaking.

Install git

sudo apt-get install git

Install ansible

sudo apt-add-repository ppa:ansible/ansible -y
sudo apt-get update && sudo apt-get install ansible -y

Server set up

This assumes you have an Ubuntu 16.04 server with ssh access on port 22. Ensure that you've already added the server key to your known hosts file by sshing into it at least once. If you are using an SSH key, then you can forgo that.

This guide assumes your VPN server's internet facing interface is venet0:0. If otherwise change the interface name in line 59 of the firewall.yml file to what you have.

Usage

On the client

git clone https://github.com/iamckn/wireguard_ansible
cd wireguard_ansible

Edit the hosts file in that folder and fill in the IP field with the VPN server IP

Begin the remote installation process by running

ansible-playbook wireguard.yml -u root -k -i hosts

If you're using an SSH key for authentication run this instead

ansible-playbook wireguard.yml -u root -i hosts

Give it a few minutes and the server set up will be complete.

Ten client configs labeled one.conf, two.conf... and so on will be created in the home folder of the root user on the VPN server (/root).

You can then move them to your clients using scp.

Assuming you're using the first client config (one.conf), copy it to /etc/wireguard/ and you can start using the VPN tunnel on your client.

To bring up the VPN interface

sudo wg-quick up one

To bring down the VPN interface

sudo wg-quick down one

To view connection details

sudo wg show

DNS issues

If there is another service listening on port 53, you will have issues with getting DNS resolution working. It is therefore advisable to either disable or change the port of any service already using port 53. An example of this is the systemd-resolved service on Ubuntu 18.04. You should switch off binding to port 53 by editing the file /etc/systemd/resolved.conf as follows:

DNSStubListener=no

Reboot the VPN server and DNS resolution will work as expected.

More details on the setup can be found in the post referenced above.

About

Ansible scripts for the set up a typical wireguard VPN connection

www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/

Topics

ansible vpn wireguard

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published