Simple Web based configuration generator for WireGuard
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
vx3r 8b4038c238 bug issue #47 2 months ago
.github/workflows add version in back and front #16 / client can ignore global PK #17 / #18 email is now optional 6 months ago
api bug issue #47 2 months ago
auth go fmt and golint 3 months ago
cmd/wg-gen-web change auth header name, make auth basic work 4 months ago
core bug issue #47 2 months ago
model go fmt and golint 3 months ago
storage organise backend code / frontend combobox / edit allowed ips 7 months ago
template changed timezone to Monday, 02 January 06 15:04:05 MST 5 months ago
ui update node modules 3 months ago
util go fmt and golint 3 months ago
version refactor, remove dirty migration, npm update 5 months ago
.env implement github oauth, set demo to github auth 4 months ago
.gitignore Initial commit 7 months ago
.gitlab-ci.yml refactor, remove dirty migration, npm update 5 months ago
Dockerfile refactor, remove dirty migration, npm update 5 months ago
LICENSE-WTFPL Initial commit 7 months ago
README.md document auth, update screen 4 months ago
go.mod implement github oauth, set demo to github auth 4 months ago
wg-gen-web_cover.png logo, send email 7 months ago
wg-gen-web_screenshot.png document auth, update screen 4 months ago

README.md

Wg Gen Web

Simple Web based configuration generator for WireGuard

Simple Web based configuration generator for WireGuard.

pipeline status Go Report Card Gitlab pipeline status (self-hosted) License: WTFPL Discord Build multi-arch Docker Images via buildx GitHub last commit Docker Pulls GitHub go.mod Go version GitHub code size in bytes

Why another one ?

All WireGuard UI implementations are trying to manage the service by applying configurations and creating network rules. This implementation only generates configuration and its up to you to create network rules and apply configuration to WireGuard. For example by monitoring generated directory with inotifywait.

The goal is to run Wg Gen Web in a container and WireGuard on host system.

Features

  • Self-hosted and web based
  • Automatically select IP from the netowrk pool assigned to client
  • QR-Code for convenient mobile client configuration
  • Sent email to client with QR-code and client config
  • Enable / Disable client
  • Generation of wg0.conf after any modification
  • IPv6 ready
  • User authentication (Oauth2 OIDC)
  • Dockerized
  • Pretty cool look

Screenshot

Running

Docker

The easiest way to run Wg Gen Web is using the container image

docker run --rm -it -v /tmp/wireguard:/data -p 8080:8080 -e "WG_CONF_DIR=/data" vx3r/wg-gen-web:latest

Docker compose snippet, used for demo server

version: '3.6'
  wg-gen-web-demo:
    image: vx3r/wg-gen-web:latest
    container_name: wg-gen-web-demo
    restart: unless-stopped
    expose:
      - "8080/tcp"
    environment:
      - WG_CONF_DIR=/data
      - WG_INTERFACE_NAME=wg0.conf
      - SMTP_HOST=smtp.gmail.com
      - SMTP_PORT=587
      - SMTP_USERNAME=no-reply@gmail.com
      - SMTP_PASSWORD=******************
      - SMTP_FROM=Wg Gen Web <no-reply@gmail.com>
      - OAUTH2_PROVIDER_NAME=github
      - OAUTH2_PROVIDER=https://github.com
      - OAUTH2_CLIENT_ID=******************
      - OAUTH2_CLIENT_SECRET=******************
      - OAUTH2_REDIRECT_URL=https://wg-gen-web-demo.127-0-0-1.fr
    volumes:
      - /etc/wireguard:/data

Please note that mapping /etc/wireguard to /data inside the docker, will erase your host’s current configuration. If needed, please make sure to backup your files from /etc/wireguard.

A workaround would be to change the WG_INTERFACE_NAME to something different, as it will create a new interface (wg-auto.conf for example), note that if you do so, you will have to adapt your daemon accordingly.

Directly without docker

Fill free to download latest artifacts from my GitLab server:

Put everything in one directory, create .env file with all configurations and run the backend.

Automatically apply changes to WireGuard

Using systemd

Using systemd.path monitor for directory changes see systemd doc

# /etc/systemd/system/wg-gen-web.path
[Unit]
Description=Watch /etc/wireguard for changes

[Path]
PathModified=/etc/wireguard

[Install]
WantedBy=multi-user.target

This .path will activate unit file with the same name

# /etc/systemd/system/wg-gen-web.service
[Unit]
Description=Restart WireGuard
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart wg-quick@wg0.service

[Install]
WantedBy=multi-user.target

Which will restart WireGuard service

Using inotifywait

For any other init system, create a daemon running this script

#!/bin/sh
while inotifywait -e modify -e create /etc/wireguard; do
  wg-quick down wg0
  wg-quick up wg0
done

How to use with existing WireGuard configuration

After first run Wg Gen Web will create server.json in data directory with all server informations.

Feel free to modify this file in order to use your existing keys

What is out of scope

  • Generation or application of any iptables or nftables rules
  • Application of configuration to WireGuard by Wg Gen Web itself

Authentication

Wg Gen Web can use Oauth2 OpenID Connect provider to authenticate users. Currently there are 4 implementations:

  • fake not a real implementation, use this if you don’t want to authenticate your clients.

Add the environment variable:

OAUTH2_PROVIDER_NAME=fake
  • github in order to use GitHub as Oauth2 provider.

Add the environment variable:

OAUTH2_PROVIDER_NAME=github
OAUTH2_PROVIDER=https://github.com
OAUTH2_CLIENT_ID=********************
OAUTH2_CLIENT_SECRET=********************
OAUTH2_REDIRECT_URL=https://wg-gen-web-demo.127-0-0-1.fr
  • google in order to use Google as Oauth2 provider. Not yet implemented
help wanted
  • oauth2oidc in order to use RFC compliant Oauth2 OpenId Connect provider.

Add the environment variable:

OAUTH2_PROVIDER_NAME=oauth2oidc
OAUTH2_PROVIDER=https://gitlab.com
OAUTH2_CLIENT_ID=********************
OAUTH2_CLIENT_SECRET=********************
OAUTH2_REDIRECT_URL=https://wg-gen-web-demo.127-0-0-1.fr

Please fell free to test and report any bugs. Wg Gen Web will only access your profile to get email address and your name, no other unnecessary scopes will be requested.

Need Help

  • Join us on Discord
  • Create an issue

Development

Backend

From the top level directory run

$ go run main.go

Frontend

Inside another terminal session navigate into the ui folder

$ cd ui

Install required dependencies

$ npm install

Set the base url for the api

$ export VUE_APP_API_BASE_URL=http://localhost:8080/api/v1.0

Start the development server. It will rebuild and reload the site once you make a change to the source code.

$ npm run serve

Now you can access the site from a webbrowser with the url http://localhost:8081.

Application stack

License