dashboardwireguard-vpn-setupwireguard-vpnwireguard-tunnelwireguard-dashboardwireguardwg-managervpnsite-to-siteobfuscation
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Per-Arne Andersen
27eddf993a
|
5 years ago | |
|---|---|---|
| back | 5 years ago | |
| docker | 5 years ago | |
| docs | 5 years ago | |
| scripts | 5 years ago | |
| wg_dashboard_backend | 5 years ago | |
| wg_dashboard_frontend | 5 years ago | |
| .dockerignore | 6 years ago | |
| .gitignore | 6 years ago | |
| .travis.yml | 5 years ago | |
| CODE_OF_CONDUCT.md | 6 years ago | |
| Dockerfile | 5 years ago | |
| LICENSE | 6 years ago | |
| README.md | 5 years ago | |
| docker-compose.yaml | 5 years ago | |
| package-lock.json | 6 years ago | |
README.md
wg-manager
The wg-manager provides an easy-to-use graphical web interface to import, setup, and manage WireGuard server(s). See Here
The features of wg-manager includes:
Server
- IPv4 and IPv6 support
- Create/Delete/Modify
- Start/Stop/Restart server
- Import existing configurations
- Export server config, along with client config as zip.
Peer
- Create/Delete/Modify
- Bandwidth usage statistics
- Export by QRCode, Text
- Authentication via API-Keys for automation (Created in GUI)
- Automatic setup using docker
General
- Modify Admin User
- Create and manage API-Keys
Dependencies
- Linux >= 5.6 (Alternatively: wireguard-dkms)
Common Installation Steps
- Enable ip forwarding:
sysctl -w net.ipv4.ip_forward=1 # IPV4 Support sysctl -w net.ipv6.conf.all.forwarding=1 # IPV6 Support - For persistent configuration:
cat > /etc/sysctl.d/99-sysctl.conf << EOF net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding=1 EOF - It is recommended to have a firewall protecting your servers
Notes
- A few people has experienced issues with running the dockerized method using bridged networking. To workaround this, you can use
network_mode: host. Note that you can no longer reverse-proxy the web interface from reverse proxies such as jwilder/nginx-proxy.
Method #1: Docker-compose
version: "2.1"
services:
wireguard:
container_name: wg-manager
image: perara/wg-manager
restart: always
sysctls:
net.ipv6.conf.all.disable_ipv6: 0 # Required for IPV6
cap_add:
- NET_ADMIN
#network_mode: host # Alternatively
ports:
- 51800-51900:51800-51900/udp
- 8888:8888
volumes:
- ./wg-manager:/config
environment:
HOST: 0.0.0.0
PORT: 8888
ADMIN_PASSWORD: admin
ADMIN_USERNAME: admin
WEB_CONCURRENCY: 1
Method #2: Bare Metal
Using the development branch
As there is no builds for the development branch, you have to do the following:
Change image: perara/wg-manager to
build:
context: https://github.com/perara/wg-manager.git#dev
Guides
Usage
When docker container/server has started, go to http://localhost:8888
API Docs
The API docs is found here.
API-Keys
- Login to wg-manager
- Go to edit profile
- Create API-Key and take note of the key. Use the X-API-Key header to authenticate.
- Example:
curl -i -H "X-API-Key: <key-goes-here>" http://<host>:<port>/api/v1/users/api-key/list - Example 2:
curl -X POST "http://<host>:<port>/api/v1/peer/configuration/add" -H "accept: application/json" -H "Content-Type: application/json" -H "X-API-Key: <api-key-here>" -d "{\"server_interface\":\"wg0\"}"
Client Mode
wg-manager can also run in client-mode, with near-automatic setup and connection. To automatically setup the client, you will need:
- wg-manager server url
- name of the interface the client should run on
- wg-manager server api key
You can setup multiple clients using the numbered environment variables. The following configuration runs a server and client automatically:
version: "2.1"
services:
server:
container_name: wg-manager
build: .
restart: always
sysctls:
net.ipv6.conf.all.disable_ipv6: 0
cap_add:
- NET_ADMIN
#network_mode: host # Alternatively
ports:
- 11820:11820/udp
- 51800-51900:51800-51900/udp
- 8888:8888
environment:
HOST: 0.0.0.0
PORT: 8888
ADMIN_USERNAME: admin
ADMIN_PASSWORD: admin
WEB_CONCURRENCY: 2
SERVER_INIT_INTERFACE_START: 1
#endpoint dynamic variables: ||external|| , ||internal||
SERVER_INIT_INTERFACE: '{"address":"10.0.200.1","v6_address":"fd42:42:42::1","subnet":24,"v6_subnet":64,"interface":"wg0","listen_port":"51820","endpoint":"server","dns":"10.0.200.1,8.8.8.8","private_key":"","public_key":"","post_up":"","post_down":"","configuration":"","is_running":false,"peers":[]}'
SERVER_STARTUP_API_KEY: thisisasecretkeythatnobodyknows
networks:
- wg-manager-net
client:
container_name: wg-manager-server-with-client
build: .
restart: always
sysctls:
net.ipv6.conf.all.disable_ipv6: 0
cap_add:
- NET_ADMIN
ports:
- 8889:8889
privileged: true
environment:
HOST: 0.0.0.0 # Optional (For Accessing WEB-Gui)
PORT: 8889 # Optional (Web-GUI Listen Port)
WEB_CONCURRENCY: 1 # Optional
ADMIN_USERNAME: admin
ADMIN_PASSWORD: admin
INIT_SLEEP: 5 # If you run into concurrency issues
SERVER: 0 # If you want to host a server as well
CLIENT: 1 # If you want to connect to servers
CLIENT_START_AUTOMATICALLY: 1 # If you want the client to start automatically
CLIENT_1_NAME: "client-1" # Name of first client
CLIENT_1_SERVER_HOST: "http://server:8888" # Endpoint of first server
CLIENT_1_SERVER_INTERFACE: "wg0" # Interface of first server (to get config)
CLIENT_1_API_KEY: "thisisasecretkeythatnobodyknows" # API-Key of first server (to get config)
networks:
- wg-manager-net
networks:
wg-manager-net:
driver: bridge
Environment variables
| Environment | Description | Recommended |
|---|---|---|
| GUNICORN_CONF | Location of custom gunicorn configuration | default |
| WORKERS_PER_CORE | How many concurrent workers should there be per available core (Gunicorn) | default |
| WEB_CONCURRENCY | The number of worker processes for handling requests. (Gunicorn) | 1 |
| HOST | 0.0.0.0 or unix:/tmp/gunicorn.sock if reverse proxy. Remember to mount | 0.0.0.0 |
| PORT | The port to use if running with IP host bind | 80 |
| LOG_LEVEL | Logging level of gunicorn/python | info |
| ADMIN_USERNAME | Default admin username on database creation | admin |
| ADMIN_PASSWORD | Default admin password on database creation | admin |
| POST_UP | The POST_UP Command (version 4) | default |
| POST_DOWN | The POST_DOWN Command (version 4) | default |
| POST_UP_V6 | The POST_UP Command (version 6) | default |
| POST_DOWN_V6 | The POST_DOWN Command (version 6) | default |
| INIT_SLEEP | Sleep before bootstrap. Useful for delaying client boot | integer |
| SERVER_STARTUP_API_KEY | Create a initial, and known API key on server init | secret |
| SERVER_INIT_INTERFACE | Create a initial wireguard interface on server init. See docs | json |
| SERVER_INIT_INTERFACE_START | If the interface should start immediately | 1 or 0 |
| SERVER | If the container should enable server-mode | 1 or 0 |
| CLIENT | If the container should enable client-mode | 1 or 0 |
| CLIENT_START_AUTOMATICALLY | If client is enabled. should it start immediately? | 1 or 0 |
| CLIENT_X_NAME | Name of the automatically generated client. X = incremental number from 1 | string |
| CLIENT_X_SERVER_HOST | The url to wg-manager server e.g. "http://server:8888" See docs | url |
| CLIENT_X_SERVER_INTERFACE | The wg-interface to create client on e.g"wg0". See docs | string |
| CLIENT_X_API_KEY | A valid API-Key that is active on the server. Works well with SERVER_STARTUP_API_KEY | string |
Q&A
I'm trying to start the device but recieve the message: Perhaps ip6tables or your kernel needs to be upgraded..
Try: modprobe ip6table_nat on the host.
Showcase
Roadmap
Primaries
- Implement multi-server support (setting up site-2-site servers from the GUI)
- Extending multi-server support to enable custom access lists (A peer can be assigned to multiple servers, as part of the ACL)