gongjason/awesome-wireguard

A curated list of WireGuard tools, projects, and resources.

Awesome WireGuard

A curated list of WireGuard tools, projects, and resources.

WireGuard® - fast, modern, secure VPN tunnel.

You can see the updates on Twitter (coming soon)

Please, help organize these resources so that they are easy to find and understand for newcomers. See how to Contribute for tips!

If you see a link here that is not (any longer) a good fit, you can fix it by submitting a pull request to improve this file. Thank you!

Contents

Expand Table of Contents

• What is WireGuard
• Official Resources
• Where to Start
• Projects
  • Tools
  • Mesh Network
  • Deployment
  • Monitoring
  • Security
    • Protocol
    • Encryption
  • Runtime
  • User Interface
    • Terminal / CLI
    • Web
    • Desktop
    • Dashboards
  • Development
    • Development Environment
    • Testing
    • Boilerplate
  • Homeserver
  • Services based on WireGuard
    • Cloud Service
    • VPN
  • Extensions / Plugins
  • Optimization
  • Language Bindings
  • Alternative Implementations
• Useful Resources
  • Blog Posts
  • Articles
  • Demos and Examples
  • Good Tips
  • Tutorials
  • Videos
  • Books
  • Podcasts and Interviews
  • Presentations
  • Newsletters
• Uncategorized
• Communities and Meetups
  • English
  • Chinese

---

What is WireGuard

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Source: Official WireGuard project website

Official Resources

• Next Generation Kernel Network Tunnel [PDF] - Whitepaper.
• WireGuard Docs - Unofficial WireGuard documentation.

Where to Start

• Quick Start - Official quick start.

---

Projects

Tools

• wg-quick - Official cross-platform tool to set up a WireGuard interface simply.
• easy-wg-quick - Creates Wireguard configuration for hub and peers with ease.
• dsnet - Simple command to manage a centralised wireguard VPN. Think wg-quick but quicker: key generation + address allocation.
• wgctrl - Package wgctrl enables control of WireGuard interfaces on multiple platforms.
• wgzero - Zero overhead wireguard setup.
• wg-make - A tool to help set up WireGuard based networks. Currently, it generates configurations for peers according to a single configuration file.
• onetun - A user-space WireGuard port-forwarder -- access ports running on peers in your WireGuard network from any device; without having to install WireGuard locally or without root access (no iptables configs).

Mesh Network

• Tailscale - Tailscale is a WireGuard-based app that makes secure, private networks easy for teams of any scale.
• Headscale - An open source implementation of the Tailscale control server.
• innernet - A private network system that uses WireGuard under the hood. It is similar in its goals to Slack's nebula or Tailscale.
• Kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg).
• Wiretrustee - Connect your devices into a single secure private WireGuard-based mesh network.
• wesher - wesher creates and manages an encrypted mesh overlay network across a group of nodes.
• gravitl/netmaker - Netmaker is a VPN platform that automates WireGuard from homelab to enterprise. The key distinctions in their solutions are: fast because it can use kernel WireGuard (instead of userspace WireGuard, which is slower), tailored towards the Cloud and Kubernetes, and fully self-hostable.
• Not Wireguard-based
  • Tinc - tinc is a VPN daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.
  • Nebula - Slack's Nebula is a scalable overlay networking tool.
  • Zerotier - Directly Connecting the World's Devices with Universal Software Defined Networking.

Deployment

• WireHole - A combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
• Autowire - Automatically configure Wireguard interfaces in distributed system. It supports Consul as backend.
• Cloudblock - Deploys WireGuard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible.
• ansible-role-wireguard - Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.
• terraform-aws-wireguard - Terraform module to deploy WireGuard on AWS.
• wireguard-go docker - WireGuard docker image.
• Firezone - An open-source WireGuard-based VPN server alternative to OpenVPN Access Server. You can self-host this.
• Algo VPN - Set up a DIY/personal VPN in the cloud. It is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN, open-sourced by Trail of Bits.

Monitoring

Security

Protocol

Encryption

Runtime

User Interface

Terminal / CLI

• WireGuard in NetworkManager - Linux NetworkManager has WireGuard support.
• WireGuard installer - WireGuard VPN installer for Linux servers.
• PiVPN - The Simplest VPN installer (scripts), designed for Raspberry Pi.
• wireguard-install - WireGuard road warrior installer for Ubuntu, Debian, CentOS and Fedora.
• WireGuard-Manager - enables you to build your own vpn under a minute.
• wg-meshconf - WireGuard full mesh configuration generator.
• tun2socks - Powered by gVisor TCP/IP stack.
• guard - A gRPC server for managing wireguard tunnels.
• docker-wireguard-socks-proxy - Expose a WireGuard tunnel as a SOCKS5 proxy.
• wgctl - Utility to configure and manage your WireGuard tunnels.

Web

• vx3r/wg-gen-web - Simple Web based configuration generator for WireGuard.
• Subspace - A simple WireGuard VPN server GUI.
• WireGuard UI - WireGuard Web UI for self-serve client configurations, with optional auth.
• WeeJeWel/wg-easy - The easiest way to run WireGuard VPN + Web-based Admin UI.

Desktop

• network-manager-wireguard - Network-Manager VPN Plugin for WireGuard.
• WireGuardStatusbar - macOS menubar icon for WireGuard/wg-quick.

Dashboards

• Wireguard Dashboard - A simple and easy to use WireGuard dashboard written in Python and Flask.

Development

Development Environment

Testing

Boilerplate

Homeserver

Services based on WireGuard

Cloud Service

• Warp - A free WireGuard VPN from Cloudflare that's trying to fix mobile Internet performance and security.
• wgcf - Cross-platform, unofficial CLI for Cloudflare Warp.

VPN

• Mullvad
• MozWire - An unofficial configuration manager giving Linux, macOS users (among others), access to Mozilla VPN.

Extensions / Plugins

• wgsd - A CoreDNS plugin that serves WireGuard peer information via DNS-SD (RFC6763) semantics. This enables use cases such as mesh networking, NAT-to-NAT connectivity, and dynamic discovery of WireGuard endpoint.

Optimization

Language Bindings

Alternative Implementations

• boringtun - Userspace WireGuard implementation in Rust by Cloudflare.

Useful Resources

Blog Posts

• WireGuard: great protocol, but skip the Mac app
• WireGuard on Kubernetes with Adblocking
• SSH and User-mode IP WireGuard
• Setup and Adblocking VPN Using WireGuard and NextDNS
• WireGuard Endpoint Discovery and NAT Traversal using DNS-SD
• Taildrop was kind of easy, actually - Taildrop was the main new feature launched in Tailscale v1.8.
• IPv6 WireGuard Peering at Fly.io

Articles

• In-kernel WireGuard is on its way to FreeBSD and the pfSense router
• It's Looking Like Android Could Be Embracing WireGuard - "A Sane VPN"

Demos and Examples

Good Tips

Tutorials

• How to easily configure WireGuard
• Getting Started with WireGuard
• What They Don’t Tell You About Setting Up A WireGuard VPN
• Building a simple VPN with WireGuard with a Raspberry Pi as Server
• Setting up a home VPN server with Wireguard (macOS)
• Creating a VPN Gateway with a Unikernel running WireGuard

Videos

Books

Podcasts and Interviews

Presentations

• Presentations by Jason A. Donenfeld - A list of all Jason's presentations.

Newsletters

Uncategorized

Communities and Meetups

English

• /r/WireGuard - Official Reddit WireGuard.
• #wireguard on Libera - Official IRC on Libera Chat.

Chinese

Contribute

Contributions welcome! If you would like to contribute, please read the contribution guidelines first. It contains a lot of tips and guidelines to help keep things organized.

Future: Implement GitHub Actions to monitor and verify all the links with a simple Node.js script

Copyright

"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.

License

Expand License

This repository contains a variety of content; some developed by Cedric Chee, and some from third-parties. The third-party content is distributed under the license provided by those parties.

I am providing code and resources in this repository to you under an open source license. Because this is my personal repository, the license you receive to my code and resources is from me and not my employer.

The content developed by Cedric Chee is distributed under the following license:

Text

The text content is released under the CC-BY-NC-ND license. Read more at Creative Commons.

Code

The code in this repository is released under the MIT license.