Project

wg-admin

0.0
Repository is archived
No release in over 3 years
Low commit activity in last 3 years
wg-adminuhlig-it/wg-adminHomepageDocumentationSource CodeBug TrackerWiki
wg-admin is an administration tool for WireGuard configuration.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
3,610
Stars
0
Forks
1
Watchers
2
 Releases
Current version
0.0.3
Total releases
2
First release
2020-04-30
Latest release
2021-08-14
 Issues
Open Issues
0
Closed Issues
115
Total Issues
115
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
22
Merged Pull Requests
34
Pull Request Acceptance Rate
60%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2021-09-17
Reverse Dependencies
0

 Dependencies

Development

aruba
>= 0
bundler
~> 2.1
guard
>= 0
guard-bundler
>= 0
guard-rspec
>= 0
inifile
>= 0
pry
>= 0
pry-byebug
>= 0
rake
>= 0
rspec
>= 0
rubocop
>= 0
rubocop-rake
>= 0
rubocop-rspec
>= 0

Runtime

thor
>= 0
 Project Readme

wg-admin

Build Status

wg-admin is a command-line tool to administer WireGuard configuration files. It maintains a local database of networks, which each has a number of peers. From this database, the configuration can be rendered for all peers.

Deploying the configuration is outside the scope of this project.

Add a Network

The defining attribute of the configuration is a network. This is a range of IP addresses specified as prefix/suffix, e.g. 192.168.10.0/24 or 2001:0DB8:0:CD30::1/60.

Examples:

$ wg-admin networks add 192.168.10.0/24

Add a Server

A server is a peer with a public DNS name that is reachable by all clients via public internet. It's the entry point for clients into the VPN (a.k.a. relay or bounce server).

Examples:

$ wg-admin servers add --name wg.example.com
$ wg-admin servers add --name wg.example.com --ip 192.168.20.128

This command will add a new server with the given DNS name and a default configuration. If no IP address was passed, the next available address in the network will be used. When no port was specified, the de-facto standard port for WireGuard will be used (51820).

Add a Client

A client is regular peer that does not relay (bounce) traffic. It will connect to the VPN via a server.

Examples:

$ wg-admin client add --name Alice
$ wg-admin client add --name Alice --ip 192.168.20.11

If no IP address was passed, the next available address in the network will be used.

List Peers

$ wg-admin peers list
+================+========|=================|
| Name           | Type   | IP Addresses    |
+================+========|=================|
| wg.example.com | server | 192.168.20.1    |
+----------------+--------|-----------------|
| Alice          | client | 192.168.20.11   |
+----------------+--------|-----------------|

TODO If this command is run without a (pseudo) terminal, it will print the name of each peer on a single line, which allows for a convenient loop over all peers, e.g. for writing configuration files (see below for further details):

$ for peer in $(wg-admin peers list); do
  wg-admin config "$peer" > "$peer".conf
done

Generate the Config Files

This command will show the configuration of the server itself as well as the necessary fragments for a particular peer:

$ wg-admin config wg.example.com
[Interface]
Address = 192.168.20.1/24
ListenPort = 51820
PrivateKey = private-key-of-the-server=

[Peer]
# Name = Alice
PublicKey = public-key-of-Alice=
AllowedIPs = 192.168.20.11/32

The result is printed to stdout and could be redirected to a file, or piped into a QR encoder:

$ wg-admin config --client=Alice | qrencode -t ANSIUTF8