Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/notthebee/ansible-easy-vpn

An Ansible playbook that sets up a Wireguard server with ad blocking, DNS-over-HTTPS, and a WebUI with 2FA
https://github.com/notthebee/ansible-easy-vpn

2fa adguard ansible authelia ubuntu vpn wireguard

Last synced: 25 days ago
JSON representation

An Ansible playbook that sets up a Wireguard server with ad blocking, DNS-over-HTTPS, and a WebUI with 2FA

Host: GitHub
URL: https://github.com/notthebee/ansible-easy-vpn
Owner: notthebee
License: other
Created: 2022-06-21T11:52:23.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-06-26T11:45:49.000Z (5 months ago)
Last Synced: 2024-10-01T12:23:05.911Z (about 1 month ago)
Topics: 2fa, adguard, ansible, authelia, ubuntu, vpn, wireguard
Language: Shell
Homepage:
Size: 264 KB
Stars: 1,061
Watchers: 30
Forks: 257
Open Issues: 38
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

# ansible-easy-vpn
![CI](https://github.com/notthebee/ansible-easy-vpn/actions/workflows/ci.yml/badge.svg)

A simple interactive script that sets up a Wireguard VPN server with Adguard, Unbound and DNSCrypt-Proxy on your VPS of choice, and lets you manage the config files using a simple WebUI protected by two-factor-authentication.

**Have a question or an issue? Read the [FAQ](FAQ.md) first!**

## Usage

```
wget https://notthebe.ee/vpn -O bootstrap.sh && bash bootstrap.sh
```

## Features
* Wireguard WebUI (via wg-easy)
* Two-factor authentication for the WebUI (Authelia)
* Hardened web server (Bunkerweb)
* Encrypted DNS resolution with optional ad-blocking functionality (Adguard Home, DNSCrypt and Unbound)
* IPTables firewall with sane defaults and Fail2Ban
* Automated and unattended upgrades
* SSH hardening and public key pair generation (optional, you can also use your own keys)
* E-mail notifications (using an external SMTP server, e.g. GMail)

## Requirements
* A KVM-based VPS (or an AWS EC2 instance) with a dedicated IPv4 address
* One of the supported Linux distros:
* Ubuntu Server 22.04
* Ubuntu Server 20.04
* Debian 11
* Debian 12
* ~~Rocky Linux 8~~ – not supported anymore
* ~~Rocky Linux 9~~ - not supported anymore

## Known issues with VPS providers
Normally, the script should work on any KVM-based VPS.

However, some VPS providers use non-standard versions of Ubuntu/Debian OS images, which might lead to issues with the script.

Additionally, some providers require additional firewall configuration in the server control panel to unblock the Wireguard port.

* **AlexHost** – runs `apt-get dist-upgrade` after the VPS is provisioned, which results in a dpkg lock
* **IONOS** – includes a firewall with default rules, which blocks Wireguard traffic. User needs to open the Wireguard port (51820/udp) in the control panel to make the VPN work.