A Virtual Private Network (VPN) allows users to send and receive data through shared or public networks as if their computing devices were directly connected to the private network. Thus, applications running on an end-system (PC, smartphone, etc.) over a VPN may benefit from individual network features, protection, and management. Encryption is a standard aspect of a VPN connection but not an intrinsic one.
WireGuard is a straightforward yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under a massive development, but it already might be regarded as the most secure, most comfortable to use, and the simplest VPN solution in the industry.
- robust and modern security by default
- minimal config and critical management
- fast, both low-latency and high-bandwidth
- simple internals and small protocol surface area
- simple CLI and seamless integration with system networking
- CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian, PopOS, Manjaro, Kali, Alpine, Mint, FreeBSD
- Linux
Kernel 3.1or newer - You will need superuser access or a user account with
sudoprivilege. - Docker
Kernel 5.6or newer
Lets first use curl and save the file in /usr/local/bin/
curl https://raw.githubusercontent.com/complexorganizations/wireguard-manager/main/wireguard-manager.sh --create-dirs -o /usr/local/bin/wireguard-manager.sh
Then let's make the script user executable (Optional)
chmod +x /usr/local/bin/wireguard-manager.sh
It's finally time to execute the script
bash /usr/local/bin/wireguard-manager.sh
In your /etc/wireguard/clients directory, you will have .conf files. These are the peer configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.
docker build -t wireguard https://raw.githubusercontent.com/complexorganizations/wireguard-manager/main/Dockerfile
- Show WireGuard Interface
- Start WireGuard Interface
- Stop WireGuard Interface
- Restart WireGuard Interface
- Add WireGuard Peer
- Remove WireGuard Peer
- Uninstall WireGuard Interface
- Update this script
- Encrypt & Backup Configs
- Restore WireGuard Configs
usage: ./wireguard-manager.sh <command>
--install Install WireGuard Interface
--start Start WireGuard Interface
--stop Stop WireGuard Interface
--restart Restart WireGuard Interface
--list Show WireGuard Peers
--add Add WireGuard Peer
--remove Remove WireGuard Peer
--reinstall Reinstall WireGuard Interface
--uninstall Uninstall WireGuard Interface
--update Update WireGuard Script
--backup Backup WireGuard Configs
--restore Restore WireGuard Configs
--help Show Usage Guide
- Install & Configure WireGuard Interface
- Backup & Restore WireGuard
- (IPv4|IPv6) Supported, Leak Protection
- Variety of Public DNS to be pushed to the peers
- Choice to use a self-hosted resolver with Unbound Prevent DNS Leaks, DNSSEC Supported
- Iptables rules and forwarding managed in a seamless way
- Remove & Unistall WireGuard Interface
- Preshared-key for an extra layer of security. Required
- Many other little things!
PRIVATE_SUBNET_V4- private IPv4 subnet configuration10.8.0.0/24by defaultPRIVATE_SUBNET_V6- private IPv6 subnet configurationfd42:42:42::0/64by defaultSERVER_HOST_V4- public IPv4 address, detected by default usingcurlSERVER_HOST_V6- public IPv6 address, detected by default usingcurlSERVER_PUB_NIC- public nig address, detected by defaultSERVER_PORT- public port for wireguard server, default is51820DISABLE_HOST- Disable or enable ipv4 and ipv6, default disabledCLIENT_ALLOWED_IP- private or public IP range allowed in the tunnelNAT_CHOICE- Keep sending packets to keep the tunnel alive25INSTALL_UNBOUND- Install unbound with a basicy/nUNINSTALL_UNBOUND- Uninstall unbound withy/nINSTALL_PIHOLE- Install PiHole with ay/nUNINSTALL_PIHOLE- Uninstall PiHole withy/nREMOVE_WIREGUARD- Uninstall WireGuard withy/nDNS_CHOICE- Without Unbound you have to use a public dns like8.8.8.8CLIENT_NAME- Name the first peer from wireguardMTU_CHOICE- MTU the peer will use1420
| OS | i386 | amd64 | armhf | arm64 |
|---|---|---|---|---|
| Ubuntu 14 ≤ | ❌ | ❌ | ❌ | ❌ |
| Ubuntu 16 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
| Debian 7 ≤ | ❌ | ❌ | ❌ | ❌ |
| Debian 8 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
| CentOS 6 ≤ | ❌ | ❌ | ❌ | ❌ |
| CentOS 7 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
| Fedora 29 ≤ | ❌ | ❌ | ❌ | ❌ |
| Fedora 30 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
| RedHat 6 ≤ | ❌ | ❌ | ❌ | ❌ |
| RedHat 7 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
| Kali 1.0 ≤ | ❌ | ❌ | ❌ | ❌ |
| Kali 1.1 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
| Arch | ✔️ | ✔️ | ✔️ | ✔️ |
| Raspbian | ✔️ | ✔️ | ✔️ | ✔️ |
| PopOS | ✔️ | ✔️ | ✔️ | ✔️ |
| Manjaro | ✔️ | ✔️ | ✔️ | ✔️ |
| Mint | ✔️ | ✔️ | ✔️ | ✔️ |
| Cloud | Supported |
|---|---|
| AWS | ✔️ |
| Google Cloud | ✔️ |
| Linode | ✔️ |
| Digital Ocean | ✔️ |
| Vultr | ✔️ |
| Microsoft Azure | ✔️ |
| OpenStack | ✔️ |
| Rackspace | ✔️ |
| Scaleway | ✔️ |
| EuroVPS | ✔️ |
| Hetzner Cloud | ❌ |
| Strato | ❌ |
| Virtualization | Supported |
|---|---|
| KVM | ✔️ |
| LXC | ❌ |
| OpenVZ | ❌ |
| Docker | ✔️ |
| Kernel | Supported |
|---|---|
| Linux Kernel 3.0 ≤ | ❌ |
| Linux Kernel 3.1 ≥ | ✔️ |
| Docker Kernel 5.5 ≤ | ❌ |
| Docker Kernel 5.6 ≥ | ✔️ |
Which hosting provider do you recommend?
- Google Cloud: Worldwide locations, starting at $10/month
- Vultr: Worldwide locations, IPv6 support, starting at $3.50/month
- Digital Ocean: Worldwide locations, IPv6 support, starting at $5/month
- Linode: Worldwide locations, IPv6 support, starting at $5/month
Which WireGuard client do you recommend?
Is there WireGuard documentation?
- Yes, please head to the WireGuard Manual, which references all the options.
How do I install a wireguard without the questions? (Headless Install)
./wireguard-manager.sh --install
Is there any alternative to wireguard?
Official Links
- Homepage: https://www.wireguard.com
- Install: https://www.wireguard.com/install/
- QuickStart: https://www.wireguard.com/quickstart/
- Compiling: https://www.wireguard.com/compilation/
- Whitepaper: https://www.wireguard.com/papers/wireguard.pdf
Using a browser based development environment:
git clone https://github.com/complexorganizations/wireguard-manager /usr/local/bin/
bash -x /usr/local/bin/wireguard-manager.sh >> /usr/local/bin/wireguard-manager.log
- Name: Prajwal Koirala
- Website: prajwalkoirala.com
- Github: @prajwal-koirala
- LinkedIn: @prajwal-koirala
- Twitter: @Prajwal_K23
- Reddit: @prajwalkoirala23
- Twitch: @prajwalkoirala23
Give a ⭐️ and 🍴 if this project helped you!
- BCH :
qzq9ae4jlewtz7v7mn4tv7kav3dc9rvjwsg5f36099 - BSV : ``
- BTC :
3QgnfTBaW4gn4y8QPEdXNJY6Y74nBwRXfR - DAI :
0x8DAd9f838d5F2Ab6B14795d47dD1Fa4ED7D1AcaB - ETC :
0xd42D20D7E1fC0adb98B67d36691754E3F944478A - ETH :
0xe000C5094398dd83A3ef8228613CF4aD134eB0EA - LTC :
MVwkmnnaLDq7UccDeudcpQYwFnnDwDxxmq - XRP :
rw2ciyaNshpHe7bCHo4bRWq6pqqynnWKQg (1790476900)
Open Source Community
Copyright © 2020 Prajwal
This project is unlicensed