After deploying this server using the AWS Standalone AMI, you will get a fully functional VPN server with a single IP address used for both the Endpoint and Outbound traffic.
If you want to run the WireGuard VPN server with separate IP addresses for the Endpoint and the Outbound connection - where the Endpoint IP is used by clients to connect to the VPN, and the Outbound IP is the address under which client traffic appears on the internet - you can deploy the server using an AWS CloudFormation template. This configuration allows you, for example, to change or rotate the outbound IP address later simply by replacing the second Elastic IP, without needing to update the client configuration and without restarting the server.
Instructions for deploying from the AWS Standalone AMI:
1. Launch the server. This server does not require the powerful computing resources - you can choose a simple instance type.
2. If the Elastic IP was assigned to a running instance, the instance must be restarted.
Linux username: admin
After launching the server, it is immediately ready for use, with no additional settings required. It is important that the client device has the WireGuard client application installed, which is available for Windows, Linux, Android, macOS, and iOS.
Control Panel including user management features:
http://[Public IP address]
https://[Public IP address] (recommended)
(please use "admin" as username and your instance ID as password)
When accessing the WireGuard Control Web Panel using HTTPS, your web browser may display a message about potential risks due to the use of an IP address in the URL. In this case, you should proceed and accept the risks, as our main objective is to encrypt traffic, and using an IP address in a web browser is safe for our purposes.
By default, a user named 'User 1' is already set up in the WireGuard Control Panel with a randomly generated user key. You can immediately download the configuration file for the Windows WireGuard client or use the QR code to add this user to the WireGuard client application on your mobile device.
After the server has been started, try connecting to it using a WireGuard VPN client. Ensure that when the client connects to the Internet via this VPN server, the client's IP address is different from the original.
The server and user keys were created automatically when the server was first started and are unique.
Instructions for deploying from the CloudFormation Template on AWS:
This server uses 2 public IP addresses (Elastic IPs). The first IP is used for both the web interface and as the VPN Endpoint, which is the address specified in client configurations to connect to the VPN server. The second IP is used for the Outbound connection - this is the address under which client traffic appears on the internet. This allows you to change or rotate the outbound IP at any time by replacing the second Elastic IP, without updating the client configuration or restarting the server.
This server does not require the powerful computing resources - you can choose a simple instance type.
Linux username: admin
After startup, the server is immediately ready for use, and its web interface is available by the First Elastic IP address.
Control Panel including user management features:
http://[Fisrst Elastic IP address]
https://[Fisrst Elastic IP address] (recommended)
(please use "admin" as username and your instance ID as password)
When accessing the WireGuard Control Web Panel using HTTPS, your web browser may display a message about potential risks due to the use of an IP address in the URL. In this case, you should proceed and accept the risks, as our main objective is to encrypt traffic, and using an IP address in a web browser is safe for our purposes.
By default, a user named 'User 1' is already set up in the WireGuard Control Panel with a randomly generated user key. You can immediately download the configuration file for the Windows WireGuard client or use the QR code to add this user to the WireGuard client application on your mobile device.
After the server has been started, try connecting to it using a WireGuard VPN client application, which is available for Windows, Linux, Android, macOS, and iOS. Ensure that when the client connects to the Internet via this VPN server, the client's IP address is different from the original.
The server and user keys were created automatically when the server was first started and are unique.
