Link Search Menu Expand Document

Installation on AWS

TunnelHound provides pre-built AMIs to quickly deploy a TunnelHound instance on Amazon Web Services.

To launch a TunnelHound instance, find your AWS region from the list below, and click the ‘Launch AMI’ link.

AWS Region AMI Id Launch link
us-west-2
ami-02cd846884dba9f8f Launch AMI..
eu-north-1
ami-0760d8a2c15d3f26f Launch AMI..
ap-south-1
ami-0a2a9475e3c0097c2 Launch AMI..
eu-west-3
ami-0154c42f3be122ae5 Launch AMI..
eu-west-2
ami-00306ba00eebb0238 Launch AMI..
eu-west-1
ami-0de1ac824a6b5bb10 Launch AMI..
ap-northeast-2
ami-0357a37c559ccedf9 Launch AMI..
ap-northeast-1
ami-09dc6c076880ea75b Launch AMI..
sa-east-1
ami-073df703b485afef4 Launch AMI..
ca-central-1
ami-0a88eeecb963f89ad Launch AMI..
ap-southeast-1
ami-042bb876c234708bf Launch AMI..
ap-southeast-2
ami-0d9e1c8d9d45e8dd3 Launch AMI..
eu-central-1
ami-0afc2055c862f30e8 Launch AMI..
us-east-1
ami-0258998fbfcc95d5e Launch AMI..
us-east-2
ami-02a7ded32dfabf261 Launch AMI..
us-west-1
ami-04521255b14949709 Launch AMI..

Instance sizing

Amazon will want you to first select an instance size. You can change this later on, but it’s best to pick a realistic machine for your needs. See the section on system requirements to determine the best size for your use case.

IAM roles

If you’d like, TunnelHound can manage some aspects of your AWS system for you. For example, TunnelHound can use the instance IAM role to automatically open ports on the security group for your WireGuard VPN instances. If you want to enable this functionality, make sure to use an IAM role with the provided policy document.

Encryption

Because TunnelHound stores the VPN peer’s WireGuard private keys and other sensitive information, it’s highly recommended to enable EBS disk-level encryption to protect data at rest. The TunnelHound Amazon AMIs assume that the appliance is set up with EBS encryption and that the appliance is free to store sensitive data on disk.

Launching your instance

Finally, AWS will ask you to choose an SSH keypair to administer the instance. While not strictly required, it’s best to assign one anyway. This will help you log in to the machine in case something goes wrong. Also, it’ll help us serve your support requests faster.

That’s it! Once you’ve changed any other parameters you may want, click the launch instance button.

Logging in for the first time

Once your instance is reported as having started in the AWS console, make note of either the Public IP or the Public hostname. Navigate to either one in your browser, being sure to use https://, not http://.

You can now continue on with the initial setup instructions.


Copyright © 2020 F Omega Enterprises LLC
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.