Skip to content

antkowiak/DigitalOceanWireguardSetup

BranchesTags

Repository files navigation

DigitalOceanWireguardSetup

Scripts to set up a Wireguard VPN server on a Digital Ocean Droplet.

These steps have been tested on the lowest spec'ed Ubuntu 24.04 LTS Droplet configuration in the NYC region.

If you are creating a new Digital Ocean Droplet from scratch, when you are setting it up, click on: "+ Advanced Options" and look for the section called: "Add Initialization scripts (free)" and paste in the following script code. If you provide your DigitalOcean API Token by adding it to the DO_TOKEN variable in the following script, then it will automatically tag the droplet after the setup has finished.

#!/bin/bash
DO_TOKEN=""
TAG_NAME="setup-finished"
apt-get update
apt-get install -y git
cd /root
git clone https://github.com/antkowiak/DigitalOceanWireguardSetup
chmod -R 700 /root/DigitalOceanWireguardSetup
/root/DigitalOceanWireguardSetup/init_droplet.sh
/root/DigitalOceanWireguardSetup/vpn_setup.sh
if [ -n "$DO_TOKEN" ]; then
    echo "DO_TOKEN detected. Signaling completion to DigitalOcean API..."
    sleep 10
    curl -s -X POST \
          -H "Content-Type: application/json" \
          -H "Authorization: Bearer $DO_TOKEN" \
          -d "{\"name\":\"$TAG_NAME\"}" \
          "https://api.digitalocean.com/v2/tags"
    sleep 3
    MY_ID=$(curl -s http://169.254.169.254/metadata/v1/id)
    sleep 3
    curl -s -X POST \
          -H "Content-Type: application/json" \
          -H "Authorization: Bearer $DO_TOKEN" \
          -d "{\"resources\": [{\"resource_id\": \"$MY_ID\", \"resource_type\": \"droplet\"}]}" \
          "https://api.digitalocean.com/v2/tags/$TAG_NAME/resources"
else
    echo "No DO_TOKEN provided. Skipping API notification."
fi

After the droplet is setup, you can create a client config file by running the following script. The client config file will be placed in:

/etc/wireguard/clients/CLIENT_NAME/CLIENT_NAME.conf

cd /root/DigitalOceanWireguardSetup
./vpn_add_client.sh CLIENT_NAME

If you want to revoke a client config, so that they can no longer connect, you can run the script:

cd /root/DigitalOceanWireguardSetup
./vpn_revoke_client.sh CLIENT_NAME

To list all the configured and revoked clients, you can run:

cd /root/DigitalOceanWireguardSetup
./vpn_list_configured_clients.sh

To see connected clients and stats, you can run:

cd /root/DigitalOceanWireguardSetup
./vpn_show_connected_clients.sh

Created by Ryan Antkowiak

About

Scripts to set up a Wireguard VPN server on a Digital Ocean Droplet

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages