tscloudvpn is a tool for automatically managing VPN instances across multiple cloud providers with Tailscale/Headscale integration. It provides a web interface for easy management of cloud VPN exit nodes.
- Support for multiple cloud providers:
- DigitalOcean
- AWS EC2
- Google Cloud Platform (GCP)
- Linode
- Vultr
- Integration with both Tailscale and Headscale control APIs
- Automated instance creation and management
- Web-based management interface
- Real-time instance status monitoring
- SSH key support for instance access
- Go 1.23 or later
- SSH public key for instance access
- API credentials for your chosen cloud provider(s)
- Tailscale account with OAuth client ID and secret, or Headscale API key and URL
go install github.com/anupcshan/tscloudvpn/cmd/tscloudvpn@latesttscloudvpn supports both YAML configuration files and environment variables. The configuration file is searched for in the following locations:
- $XDG_CONFIG_HOME/tscloudvpn/config.yaml
- ~/.config/tscloudvpn/config.yaml
- ~/.tscloudvpn.yaml
Example config.yaml:
ssh:
public_key: "ssh-rsa AAAA..."
control:
type: "tailscale" # or "headscale"
tailscale:
client_id: "..."
client_secret: "..."
tailnet: "..."
headscale:
api: "..."
url: "..."
api_key: "..."
user: "..."
providers:
digitalocean:
token: "..."
gcp:
credentials_json: "..."
project_id: "..."
service_account: "..."
vultr:
api_key: "..."
linode:
token: "..."
aws:
# Either specify the credentials directly
access_key: "..."
secret_key: "..."
session_token: "..."
# ... or use the shared config dir
shared_config_dir: "~/.aws" # optional
# ... or use the AWS_ environment variablesThe following environment variables are still supported for backward compatibility:
SSH_PUBKEY: Your SSH public key for instance access
TAILSCALE_CLIENT_ID: OAuth client IDTAILSCALE_CLIENT_SECRET: OAuth client secretTAILSCALE_TAILNET: Your tailnet name
HEADSCALE_API: Headscale API endpointHEADSCALE_URL: Headscale URLHEADSCALE_APIKEY: Headscale API keyHEADSCALE_USER: Headscale username
Configure your chosen cloud provider(s) by setting their respective environment variables:
- DigitalOcean:
DIGITALOCEAN_TOKEN - GCP:
GCP_CREDENTIALS_JSON_FILEGCP_PROJECT_IDGCP_SERVICE_ACCOUNT
- Vultr:
VULTR_API_KEY - Linode:
LINODE_TOKEN - AWS: Uses standard AWS environment variables and ~/.aws/credentials
- Create a configuration file or set up the required environment variables
- Run the tscloudvpn server:
tscloudvpn
- Access the web interface through your Tailscale/Headscale network on port 80
- Use the interface to:
- View available regions across providers
- Launch new VPN instances
- Monitor instance status
- Manage exit nodes
-
When launching a new instance:
- Creates an auth key for the new instance
- Launches instance in the selected cloud provider
- Waits for instance to become available (up to 1 minute)
- Monitors instance registration with Tailscale/Headscale
- Automatically approves the instance as an exit node
-
The web interface provides:
- Real-time status of instances
- Provider and region selection
- Instance management controls
- Overview of active nodes
-
Clone the repository:
git clone https://github.com/anupcshan/tscloudvpn.git
-
Install dependencies:
go mod download
-
Build the project:
go build ./cmd/tscloudvpn
Copyright (c) 2023, Anup Chenthamarakshan
Licensed under the BSD 3-Clause License. See LICENSE for the full text.