/heroku-vpn

Easily spinup an ephemeral VPN on heroku using tailscale under the hood

Primary LanguageDockerfileGNU General Public License v3.0GPL-3.0

Heroku VPN

Easily spin up an ephemeral VPN on heroku using tailscale under the hood


Disclaimer:

NEITHER me NOR this project shall be in any way held responsible if YOUR ACCOUNT gets banned. It is YOUR sole reponsibility to use this project in whatever way you may want. However I totally recommend AGAINST ABUSING these services with excessive usage.

Prerequisites:

Pre Deployment Guide:

  1. Signup on Tailscale.

    1 2

  2. Connect atleast one device following the tailscale Introduction guide.

    3

  3. Go to the Access Controls tab and save the following JSON into Edit file section, replacing x0rzavi@github with an appropriate value from Users tab.

    {
        "acls": [
          { "action": "accept", "src": ["*"], "dst": ["*:*"] },
        ],
        "tagOwners": {
          "tag:vpn": ["x0rzavi@github"],
        },
        "autoApprovers": {
          "exitNode": ["tag:vpn"],
        }
    }

    4 7

  4. Go to Keys section in Settings tab and generate an auth key. Paste this key into heroku when asked for. Also save it for future use.

    5 6

Deployment:

Deploy

Post Deployment guide:

  1. Open tailscale client on the device you want to use VPN. (Guide shows for android)

    A

  2. Connect your client to tailscale.

  3. Tap Use exit node and select the correct online machine after checking in tailscale dashboard

    B C

  4. VPN should start working.

    D

Notes:

  • Make sure, you have followed the steps as precisely as possible.
  • As always, heroku dynos will sleep after a certain amount of time. This repo has no hardcoded way to circumvent that (who needs a VPN 24/7 anyways ?) but it does serve a site which you can ping. So, it is totally upto YOU how you want to keep it running. Few utilities worth noting are:
  • Each time your heroku app restarts, a new machine will pop up in tailscale dashboard and the old offline ones will disappear eventually. YOU have to make sure to choose the correct exit node each time, failing which will block your internet.
  • Tailscale is a great tool in itself with extensive documention, make sure to try it.

Todo:

  • V2 with native wireguard implementation. (iff possible)
  • Support for VPN on github-actions.

Contact: