{"id":15775876,"url":"https://github.com/felipelaptrin/wireguard","last_synced_at":"2026-04-19T19:33:10.662Z","repository":{"id":128987365,"uuid":"540990104","full_name":"felipelaptrin/wireguard","owner":"felipelaptrin","description":"On-demand Wireguard VPN using Terraform and AWS","archived":false,"fork":false,"pushed_at":"2023-03-20T01:57:54.000Z","size":84,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-01T16:18:47.731Z","etag":null,"topics":["aws","terraform","vpn","wireguard"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/felipelaptrin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-24T23:00:51.000Z","updated_at":"2024-02-27T13:58:43.000Z","dependencies_parsed_at":"2023-06-15T05:15:09.006Z","dependency_job_id":null,"html_url":"https://github.com/felipelaptrin/wireguard","commit_stats":{"total_commits":15,"total_committers":1,"mean_commits":15.0,"dds":0.0,"last_synced_commit":"aee0bd17f69f191f6edf2edd93058fb6045f39cb"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/felipelaptrin/wireguard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fwireguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fwireguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fwireguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fwireguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/felipelaptrin","download_url":"https://codeload.github.com/felipelaptrin/wireguard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fwireguard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32020642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T20:23:30.271Z","status":"online","status_checked_at":"2026-04-19T02:00:07.110Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","terraform","vpn","wireguard"],"created_at":"2024-10-04T17:03:24.422Z","updated_at":"2026-04-19T19:33:10.619Z","avatar_url":"https://github.com/felipelaptrin.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wireguard\n\n## Description\nThis is a project for setup an on-demand VPN. It was done using:\n- `Wireguard`: Open source VPN software\n- `AWS`: Using AWS as cloud provider\n- `Terraform`: Setup all the infrastructure and configs\n- `Bash`: To set up the EC2 and config client instance\n\n## Architecture\n\n![Architecture](docs/architecture.png)\n\nThe architecture of this project is really simple. The really small EC2 instance type, because we are only worried about networking running an API build using FastAPI (port 8000) and Wireguard (port 51820).\n\nSince Wireguard relies on a public/private key system, I needed to share the server's public key with the host (you, in this case) and the host's public key with the server. Also, I would like to connect more than one host to the VPN, so there was a need to control the internal private IPs of the VPN.\n\n## How to run?\nFirst, make sure to have installed:\n- Terraform\n- AWS CLI\n- jq\n- qrencode\n\n### 1) **Clone this repo**\n```sh\ngit clone https://github.com/felipelaptrin/wireguard.git\ncd wireguard\n```\n\n### 2) **Create the infrastructure**\nCreate the infrastructure using Terraform:\n```sh\ncd terraform\nterraform init\nterraform apply\n```\n\nFeel free to modify default values based on the README inside the `terraform` folder. By default, you only need to define (after you run `terraform apply`) the API KEY to be used to auth the incoming requests.\n\n**PS**: I decided to use a SPOT instance to run the VPN to make it cheap and I will only use it for a couple of hours on random days and I consider this to be non-critical, so I'm ok if the spot instance is lost because of the spot market. Be aware that the instance may be interrupted by AWS at any time.\n\n### 3) **Setup the client**\nThere is a script for installing Wireguard and setup all the configurations. Before running the scripts set the environment variables. Remember that the `\u003cAPI_KEY\u003e` you defined when applying terraform and `\u003cEC2_PUBLIC_IP\u003e` will be output at the end of the `terraform apply`.\n```sh\nexport API_KEY=\u003cAPI_KEY\u003e\nexport EC2_PUBLIC_IP=\u003cEC2_PUBLIC_IP\u003e\n```\n\nRun the script. Make sure to wait a couple of minutes (3 minutes is more than enough) to wait for the EC2 to be ready for use. You can check if it's on by running `curl $EC2_PUBLIC_IP:8000/health`. And see the response is `{\"status\":\"healthy\"}`.\n\n`For a new unix (Linux/Mac) user:`\n```sh\ncd ..\nsudo bash scripts/set_client_unix.sh $API_KEY $EC2_PUBLIC_IP\n```\n\n`For mobile (Android/iOS) users:`\n```sh\ncd ..\nsudo bash scripts/set_client_mobile.sh $API_KEY $EC2_PUBLIC_IP\n```\n\nNote that this step must be done for all VPN clients.\n\n### 4) **Connecting to the VPN**\n\n`For unix user:`\n\nTo connect to the VPN type:\n```sh\nsudo wg-quick up wg0\n```\nTo disconnect you need to run:\n```sh\nsudo wg-quick down wg0\n```\n\n`For mobile users:`\nAfter setting up a mobile user, a QR core will be generated in the following path: /tmp/wireguard_qrcode.png. Open it and scan with your mobile.\n\n### 5) **Destroying everything**\nAre you done? Destroy all the infrastructure using terraform.\n\nIf you used in your unix computer then, first logout:\n```\nsudo wg-quick down wg0\n```\n\nThen you can destroy the infrastructure:\n```sh\ncd terraform\nterraform destroy\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelipelaptrin%2Fwireguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffelipelaptrin%2Fwireguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelipelaptrin%2Fwireguard/lists"}