Installs WireGuard on Ubuntu, creates a mesh between all servers by adding them all as peers and configures the wg-quick systemd service.
Install Ansible
sudo apt install python3 python3-pip
sudo pip3 install ansibleEdit roles/wireguard_tunnel/defaults/main.yml to adjust some WireGuard specific options.
Make sure you open the specified port (default is UDP 443) in your Firewall.
The Ansible inventory file contains the hosts and their desired VPN IPs.
# inventory host file
wireguard:
hosts:
ec2_1:
ansible_host: 1.2.3.4
ansible_port: 22
ansible_user: ubuntu
ansible_ssh_private_key_file: ssh_keys/ec2_1.pem
vpn_ip: 10.9.0.1/32
ec2_2:
ansible_host: 1.2.3.5
ansible_port: 22
ansible_user: ubuntu
ansible_ssh_private_key_file: ssh_keys/ec2_2.pem
vpn_ip: 10.9.0.2/32
openvpn_servers:
hosts:
ec2_1:
ansible_host: 1.2.3.4
ansible_port: 22
ansible_user: ubuntu
ansible_ssh_private_key_file: ssh_keys/ec2_1.pem
openvpn_clients:
hosts:
ec2_2:
ansible_host: 1.2.3.5
ansible_port: 22
ansible_user: ubuntu
ansible_ssh_private_key_file: ssh_keys/ec2_2.pemRun the Ansible playbook for WireGuard:
sh run.sh wireguardRun the Ansible playbook for OpenVPN:
sh run.sh openvpnServers will have an interface called tun1. To find the server IP run:
ifconfig tun1 | grep 'inet' | cut -d: -f2 | awk '{print $2}'Clients will have an interface called tun2. To find the client IP run:
ifconfig tun2 | grep 'inet' | cut -d: -f2 | awk '{print $2}'Create task to chmod 600 files in ssh_keys
Requires python3 and psutil
sudo apt-get install python3-pip
sudo pip3 install psutilTo run:
./metrics.py <duration> <interval for metrics>Will generate a file named results.json (This results file path is hardcoded for now)
Requires matplotlib (assuming you have python3 and pip3)
sudo pip3 install matplotlibparse results.json
./results_processor.pyOptional path to results.json
Better graph layout