github.com/sjdaws/cloudserver-vpn

v0.0.0-20240708214337-9aaad368cb85
Source
Go

Version published: 7 months ago

Created: 10 months ago

Source

CloudServer VPN

Run a New Zealand based VPN on demand for only 1.5c per hour.

Prerequisites

Some initial set up is required.

Cloud Server

This system utilises Voyager VPS Manager to create servers to run WireGuard. You must sign up to use VPS Manager and generate an API token.

Wireguard

You will need to have a private/public key pair for both the server and at least one peer.

You will also need to decide what private network range WireGuard should use. This must be unique to WireGuard and not conflict with your home private network range. Most home networks use IPs in 192.168.0.0/23 or 10.0.0.0/23 ranges by default, so these should probably be avoided. Picking something completely random is good, e.g. 10.194.89.0/24. The range only needs to be big enough to support your server and any peers. Two peers (and the server) use three IPs total, so /30 would be sufficient.

Usage

The app accepts three command line arguments, which have different configuration requirements. Configuration is read through environment variables.

Create VPN

A VPN can be created by using cloudserver-vpn --create

Key	Description	Mandatory
CLOUDFLARE_APIKEY	Scoped API token to update a Cloudflare DNS record	N
CLOUDFLARE_ZONE	The name of the Cloudflare zone to update, e.g. example.com	N
CLOUDSERVER_APIKEY	API token for cloudserver.nz	Y
CLOUDSERVER_PROJECT	The ID of the Cloud Server project where the server will be provisioned¹	N
SERVER_NAME	The name for this server, must be a valid RFC 3696 subdomain	Y
WIREGUARD_ADDRESS	The IPv4 CIDR to use for the WireGuard interface, must include a big enough subnet to accomodate all peers, e.g. `10.194.89.1/24`	Y
WIREGUARD_LISTENPORT	The port for WireGuard to listen on, if not specified, `51820` will be used	N
WIREGUARD_PEER#_ALLOWEDIPS	The IPv4 CIDR to allow connections for peer #², e.g. `10.194.89.2/32`	Y
WIREGUARD_PEER#_PUBLICKEY	The public key for the associated peer	Y
WIREGUARD_PRIVATEKEY	The private key for the WireGuard server	Y

¹ If a project is not specified a new project called VPNs will be created. This project must only contain VPN servers as all servers will be removed when --remove is called.
² You can add up to 255 peers as long as the pair of ALLOWEDIPS and PUBLICKEY are both specified. Peer prefixes range from WIREGUARD_PEER0_... to WIREGUARD_PEER254_....

Remove all VPNs

All VPNs can be removed by using cloudserver-vpn --remove

This command will remove all servers in the Cloud Server project.

Key	Description	Mandatory
CLOUDSERVER_APIKEY	API token for cloudserver.nz	Y
CLOUDSERVER_PROJECT	The ID of the Cloud Server project where the server is provisioned	N

Remove a single VPN

A single VPN can be removed by using cloudserver-vpn --remove <server id>

Key	Description	Mandatory
CLOUDSERVER_APIKEY	API token for cloudserver.nz	Y

Run as HTTP server

An HTTP server can be run by using cloudserver-vpn --serve

The HTTP server requires the same configuration as Create VPN with an additional configuration for http port.

Key	Description	Mandatory
HTTP_PORT	Port to listen for HTTP connections on, if not specified `5252` will be used	N

FAQs

What is github.com/sjdaws/cloudserver-vpn?

Package last updated on 08 Jul 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install