{"id":13340654,"url":"https://github.com/sitegui/wireguard-aws-vpn","last_synced_at":"2025-06-29T17:35:40.132Z","repository":{"id":150085263,"uuid":"257098055","full_name":"sitegui/wireguard-aws-vpn","owner":"sitegui","description":"Run your own VPN in AWS, with IPv6 support and all!","archived":false,"fork":false,"pushed_at":"2022-11-26T16:54:14.000Z","size":6,"stargazers_count":6,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-15T14:53:12.264Z","etag":null,"topics":["aws","ipv6","vpn","wireguard"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sitegui.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-19T20:41:40.000Z","updated_at":"2024-06-27T14:38:18.000Z","dependencies_parsed_at":"2023-04-29T00:57:19.485Z","dependency_job_id":null,"html_url":"https://github.com/sitegui/wireguard-aws-vpn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sitegui/wireguard-aws-vpn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sitegui%2Fwireguard-aws-vpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sitegui%2Fwireguard-aws-vpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sitegui%2Fwireguard-aws-vpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sitegui%2Fwireguard-aws-vpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sitegui","download_url":"https://codeload.github.com/sitegui/wireguard-aws-vpn/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sitegui%2Fwireguard-aws-vpn/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262638594,"owners_count":23341331,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","ipv6","vpn","wireguard"],"created_at":"2024-07-29T19:23:54.514Z","updated_at":"2025-06-29T17:35:40.074Z","avatar_url":"https://github.com/sitegui.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wireguard AWS VPN\n\nRun your own VPN in AWS, with IPv6 support and all!\n\nOnce I had a hard time setting up a VPN. OpenVPN is too complicated for me, so\nI'll use Wireguard. I do not understand much, but after reading a ton of tutorials\nover the net and almost going crazy, I think I've found the exact incantation\nthat shall be used to have an actually working VPN, with IPv6 support. Really,\nthat is much harder than it should be in my opinion. Why can't things have IPv6\nby default nowadays?\n\n## Create VPC with IPv6 enabled\n\n1. https://sa-east-1.console.aws.amazon.com/vpc/home\n2. Launch VPC Wizard\n3. VPC with a Single Public Subnet\n4. IPv6 CIDR block: Amazon provided IPv6 CIDR block\n5. VPC name: my-vpn\n6. Public subnet's IPv6 CIDR: Specify a custom IPv6 CIDR\n7. Create VPC\n\n## Create security group\n1. https://sa-east-1.console.aws.amazon.com/ec2/v2/home\n2. Security Groups\n3. Create Security Group\n4. Security group name: my-vpn\n5. Description: my-vpn\n6. VPC: my-vpn\n7. Add Rule\n    1. Type: SSH\n    2. Source: Anywhere\n8. Add Rule\n    1. Type: Custom UDP Rule\n    2. Port Range: 51820\n    3. Source: Anywhere\n\n## Launch an instance\n\n1. https://sa-east-1.console.aws.amazon.com/ec2/v2/home\n2. Launch Instance\n3. Ubuntu Server 18.04 LTS\n4. Next: configure instance details\n5. Network: my-vpn\n6. Auto-assign Public IP: Enable\n7. Auto-assign IPv6 IP: Enable\n8. Next: Add Storage\n9. Next: Add Tags\n10. Next: Configure Security Group\n11. Select an existing security group\n12. my-vpn\n13. Review and Launch\n14. Launch\n\n## Launch the VPN\n\n1. Execute `./vpn.sh \u003cthe path to the secret key file\u003e \u003cthe instance public IP\u003e`\n2. When done, run `wg-quick down wg0` and terminate the instance\n\n### Launching an EC2 instance + VPN with a script\nAlternatively, you can launch an EC2 instance via the script `start-vpn.sh`.\nThe script has some requirements that must be fulfilled for it to work properly:\n- [aws-cli](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)\n- a [configured named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) for your `aws-cli` enviroment\n- [jq](https://stedolan.github.io/jq/) installed\n- the ids of the security group and subnet created in the infra setup steps above\n\nThe script was only tested on Ubuntu.\n\n1. Execute `./start-vpn.sh \u003cdesired AWS region\u003e \u003clocal profile name\u003e \u003cthe previously created subnet id\u003e \u003cthe previously created security group id\u003e \u003cthe secret key name\u003e \u003cthe path to the secret key file\u003e`\n2. The script will ask for some user inputs, in the form of consenting with `yes` or sudo access to install the required packages\n3. When done with spinning up the EC2 instance and with configuring the VPN, the script will hang\n4. Pressing CTRL+c will trigger its tear down function, that terminates the previously launched EC2 instance and turns off WireGuard\n \n## References\n\n- https://www.stavros.io/posts/how-to-configure-wireguard/ no ipv6\n- https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/ dns no ubuntu 18 no ipv6\n- https://dnns.no/wireguard-vpn-on-ubuntu-18.04.html no-dns\n- https://docs.aws.amazon.com/vpc/latest/userguide/get-started-ipv6.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsitegui%2Fwireguard-aws-vpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsitegui%2Fwireguard-aws-vpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsitegui%2Fwireguard-aws-vpn/lists"}