Somewhere is a WireGuard VPN within a lightweight Linux VM.
- The service is deployable to any Azure region, you'll be prompted to select a region during the deployment script execution.
- The service is designed to be cost-effective, with an estimated monthly cost of around 5€, depending on the Azure region and usage.
- VM tier is B1ls, which is a low-cost option suitable for light workloads like a personal VPN server.
- Disk size is Standard HDD S4 (32GB)
- Running on 24x7 is around 4.5€ per month in most region
- The auto shutdown feature helps reduce costs
- Auto shutdown is configured for the VM to help minimize costs when the service is not in use.
- By default, the VM will shut down at 23:30 AM UTC every day.
- You can adjust the auto shutdown settings in the Azure portal if needed.
Installation is in 3 steps:
Login to your Azure portal and open the Cloud Shell in bash mode. Then run the following commands to clone the repository and execute the deployment script:
git clone https://github.com/olileger/Somewhere.git
bash ./Somewhere/run.sh
By default, SSH is not installed or exposed (no SSH server, and no NSG rule for port 22 at all). To deploy a debug-friendly server with SSH enabled (SSH server installed, NSG AllowSSH rule, and the VM firewall opening port 22), pass the --debug flag:
bash ./Somewhere/run.sh --debug
The script generates the client key pair locally and writes a ready-to-use client.conf next to the script. From the
Azure Cloud Shell, download it to your device with the command printed at the end of the deployment, for example:
download "Somewhere/cloud/azure/client.conf"
The file looks like this:
[Interface]
PrivateKey = <generated private key>
Address = <configured IP address>
DNS = <configured DNS server>
[Peer]
PublicKey = <server public key>
Endpoint = <configured endpoint>
AllowedIPs = <configured allowed IPs>
PersistentKeepalive = <configured keepalive>
Note:
client.conflives on the Cloud Shell's ephemeral storage and is removed when the session ends, so download it before closing the shell. VPN parameters (port, addresses, DNS, allowed IPs) are defined once invpn.confat the repo root and shared by both the server setup and this client config.
Open the WireGuard client on your device and import the client.conf file you created in step 2.
This will allow you to connect to the Somewhere VPN service.
- An Azure subscription with permissions to create resources.
- A WireGuard client installed on your device to connect to the VPN service.
- Azure: delete the
somewhereresource group in your Azure portal. - WireGuard client: delete the imported
clientconfiguration from your WireGuard client.