8000 GitHub - wg-controller/wg-controller: A self hosted WireGuard VPN server with control plane and web management
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

wg-controller/wg-controller

BranchesTags

Repository files navigation

WireGuard Controller

A self hosted WireGuard VPN server with control plane and web management.

Features

  • Easily host your own VPN overlay network with Docker or Kubernetes
  • Manage users and devices from a modern web interface
  • Integrated DNS server resolves devices by their configured name
  • Internal IP routing between clients
  • Share access to client local networks with the rest of your overlay network
  • Synchronization of WireGuard keys and settings between clients and server (using wg-controller-client)
  • Easy client enrollment with pre defined API keys
  • Support for standard WireGuard clients and 3rd party devices
  • Optional internal client monitoring by icmp ping
  • Optional client up/down Slack alerts via webhook

Screenshots

Clients Page

Client Dialog

Deployment

Docker

  • Generate WG_PRIVATE_KEY and DB_AES_KEY

    docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-wg-key

    docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-db-key

  • Run docker image (fill in env vars)

    docker run --name wg-controller \
  -e PUBLIC_HOST="wg.example.com" \
  -e ADMIN_EMAIL="admin@example.com" \
  -e ADMIN_PASS="" \
  -e WG_PRIVATE_KEY="" \
  -e DB_AES_KEY="" \
  -p 51820:51820/udp \
  -p 8081:8081 \
  -v wg-controller-data:/data \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --privileged \
  --user=0 \
  --sysctl net.ipv4.conf.all.src_valid_mark=1 \
  --sysctl net.ipv4.ip_forward=1 \
  ghcr.io/wg-controller/wg-controller:latest

  • The web interface will be running on port :8081

Kubernetes

  • Clone repo or download kube-manifests.yaml

  • Generate WG_PRIVATE_KEY and DB_AES_KEY

    docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-wg-key

    docker run --rm -it ghcr.io/wg-controller/wg-controller:latest generate-db-key

  • Fill in env fields in kube-manifests.yaml

  • Configure ingress domain, SSL etc

  • Deploy to kubernetes with kubectl

    kubectl apply -f kube-manifests.yaml

Options

Env Default Example
PUBLIC_HOST required wg.example.com
ADMIN_EMAIL required admin@example.com
ADMIN_PASS required SuP3Rs8cureP4ssw0rd#
WG_PRIVATE_KEY required WFgLw2vV1Pc1EhtRXdFNHOopmuNl9GZluRFhI73Mf2o=
DB_AES_KEY required CQLZLLfq+XXQKWrLDDvy0vine6Yil3SGxGJEUHK32yU=
SERVER_CIDR 172.19.0.0/24 192.168.10.0/24
SERVER_ADDRESS 172.19.0.254 192.168.10.1
EGRESS_INTERFACE eth0 eth2
WG_INTERFACE wg0 utun11
WG_PORT 51820 51821
API_PORT 8081 9000
SERVER_HOSTNAME wg-controller my-vpn-server
UPSTREAM_DNS 8.8.8.8 1.1.1.1
SLACK_WEBHOOK none https://hooks.slack.com/services/example
PING_MONITORING false true

Security

Warning

Do not host this on the internet without an appropriate SSL reverse proxy (see NGINX, Caddy)

  • WireGuard keys encrypted at rest with AES256
  • Passwords and API keys salted and hashed before storage

Project Status

This project is in its early development phase.

Development

Tygo is used for generating TypeScript types from Golang types
Install Tygo with go install github.com/gzuidhof/tygo@latest
Running tygo generate will export Go types to frontend.

About

A self hosted WireGuard VPN server with control plane and web management

Topics

network vpn overlay-network remote-access wireguard

Resources

Readme

License

CC-BY-SA-4.0 license
Activity
Custom properties

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

9 tags

Packages

 
 
 

Contributors 2

  •  
  •  

Languages
0