In a previous article, I wrote of my OpenBSD-Wireguard ansible configuration that I’ve been using for my personal VPN’s recently.

Using Vultr’s startup scripts in addition to the OpenBSD-Wireguard ansible playbook, one is able to deploy a wireguard VPN to any of Vultr’s datacenters within ten minutes. This includes the OS installation by Vultr, as well as the playbook execution following a final reboot.

Startup scripts on Vultr are executed by the VPS immediately following the initial OS install.

  • The startup script is saved to /tmp/firstboot.exec
  • Output produced can be found in /tmp/firstboot.log
  • Scripts are executed using /bin/bash (Linux), /bin/sh (FreeBSD), or cmd.exe (Windows)

I have been using the following script to deploy fresh wireguard servers whenever I feel like it. I will put up bandwidth results once I get around to some serious testing.

#!/bin/sh

admin_pass=<my password>

# Download and install OpenBSD-Wireguard
ftp -o - https://raw.githubusercontent.com/findelabs/openbsd-ansible-deploy/master/bootstraps/bootstrap_wireguard.sh | sh

# Set admin password
usermod -p $(encrypt $admin_pass) admin

# Run wgkeys to initialize wireguard
/home/admin/bin/wgkeys.sh

# Add public key to admin
echo "ssh-rsa AAAAB3N... admin@server" >> /home/admin/.ssh/authorized_keys

That’s all there is to it.

Has been tested on OpenBSD 6.4