A Virtual Private Network (VPN) allows users to send and receive data through shared or public networks as if their computing devices were directly connected to the private network. Thus, applications running on an end-system (PC, smartphone, etc.) over a VPN may benefit from individual network features, protection, and management. Encryption is a standard aspect of a VPN connection but not an intrinsic one.
WireGuard is a straightforward yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under a massive development, but it already might be regarded as the most secure, most comfortable to use, and the simplest VPN solution in the industry.
- robust and modern security by default
- minimal config and critical management
- fast, both low-latency and high-bandwidth
- simple internals and small protocol surface area
- simple CLI and seamless integration with system networking
- CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian, PopOS, Manjaro, Kali, Alpine, Mint, FreeBSD, Neon, Alma, Rocky
- Linux
Kernel 3.1
or newer - You will need superuser access or a user account with
sudo
privilege.
Lets first use curl
and save the file in /usr/local/bin/
curl https://raw.githubusercontent.com/complexorganizations/wireguard-manager/main/wireguard-manager.sh --create-dirs -o /usr/local/bin/wireguard-manager.sh
Then let's make the script user executable
chmod +x /usr/local/bin/wireguard-manager.sh
It's finally time to execute the script
bash /usr/local/bin/wireguard-manager.sh
In your /etc/wireguard/clients
directory, you will have .conf
files. These are the peer configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.
- Show WireGuard Interface
- Start WireGuard Interface
- Stop WireGuard Interface
- Restart WireGuard Interface
- Add WireGuard Peer
- Remove WireGuard Peer
- Uninstall WireGuard Interface
- Update this script
- Encrypt & Backup Configs
- Restore WireGuard Configs
usage: ./wireguard-manager.sh <command>
--install Install WireGuard
--start Start WireGuard
--stop Stop WireGuard
--restart Restart WireGuard
--list Show WireGuard
--add Add WireGuard Peer
--remove Remove WireGuard Peer
--reinstall Reinstall WireGuard
--uninstall Uninstall WireGuard
--update Update WireGuard Manager
--ddns Update WireGuard IP Address
--backup Backup WireGuard
--restore Restore WireGuard
--purge Purge WireGuard Peer(s)
--help Show Usage Guide
- Install & Configure WireGuard Interface
- Backup & Restore WireGuard
- Expiration of peer configurations on autopilot
- (IPv4|IPv6) Supported, Leak Protection
- Variety of Public DNS to be pushed to the peers
- Choice to use a self-hosted resolver with Unbound Prevent DNS Leaks, DNSSEC Supported
- Iptables rules and forwarding managed in a seamless way
- Remove & Uninstall WireGuard Interface
- Preshared-key for an extra layer of security. Required
- Many other little things!
PRIVATE_SUBNET_V4
- By default, the private IPv4 subnet configuration is10.0.0.0/8
.PRIVATE_SUBNET_V6
-fd00:00:00::0/8
is the default private IPv6 subnet.SERVER_HOST_V4
- Curl detects a public IPv4 address by default.SERVER_HOST_V6
- Curl by default finds a public IPv6 address.SERVER_PUB_NIC
- Using the ip command, to find the local public network interface.SERVER_PORT
-51820
is the default public port for the wireguard interface.DISABLE_HOST
- Determine whether or not IPv4 or IPv6 should be disabled.CLIENT_ALLOWED_IP
- Using an IP range, choose what should be sent to the VPN.NAT_CHOICE
- Determine whether or not to use the vpn tunnel's keep alive feature.INSTALL_UNBOUND
- Whether or not to install unbound is up to you.UNINSTALL_UNBOUND
- If you need to remove Unbound for whatever reason, you can do so.REMOVE_WIREGUARD
- It is entirely up to you whether or not to remove wireguard altogether.DNS_CHOICE
- You'll have to utilize another DNS if you don't have Unbound.CLIENT_NAME
- The wireguard peer's name.MTU_CHOICE
- The wireguard peers will utilize this MTU.
OS | i386 | amd64 | armhf | arm64 |
---|---|---|---|---|
Ubuntu 14 ≤ | ❌ | ❌ | ❌ | ❌ |
Ubuntu 16 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
Debian 7 ≤ | ❌ | ❌ | ❌ | ❌ |
Debian 8 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
CentOS 6 ≤ | ❌ | ❌ | ❌ | ❌ |
CentOS 7 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
Fedora 29 ≤ | ❌ | ❌ | ❌ | ❌ |
Fedora 30 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
RedHat 6 ≤ | ❌ | ❌ | ❌ | ❌ |
RedHat 7 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
Kali 1.0 ≤ | ❌ | ❌ | ❌ | ❌ |
Kali 1.1 ≥ | ✔️ | ✔️ | ✔️ | ✔️ |
Arch | ✔️ | ✔️ | ✔️ | ✔️ |
Raspbian | ✔️ | ✔️ | ✔️ | ✔️ |
PopOS | ✔️ | ✔️ | ✔️ | ✔️ |
Manjaro | ✔️ | ✔️ | ✔️ | ✔️ |
Mint | ✔️ | ✔️ | ✔️ | ✔️ |
Alma | ✔️ | ✔️ | ✔️ | ✔️ |
Alpine | ✔️ | ✔️ | ✔️ | ✔️ |
FreeBSD | ✔️ | ✔️ | ✔️ | ✔️ |
Neon | ✔️ | ✔️ | ✔️ | ✔️ |
Rocky | ✔️ | ✔️ | ✔️ | ✔️ |
Oracle | ✔️ | ✔️ | ✔️ | ✔️ |
Cloud | Supported |
---|---|
AWS | ✔️ |
Google Cloud | ✔️ |
Linode | ✔️ |
Digital Ocean | ✔️ |
Vultr | ✔️ |
Microsoft Azure | ✔️ |
OpenStack | ✔️ |
Rackspace | ✔️ |
Scaleway | ✔️ |
EuroVPS | ✔️ |
Hetzner Cloud | ❌ |
Strato | ❌ |
Virtualization | Supported |
---|---|
KVM | ✔️ |
None | ✔️ |
Qemu | ✔️ |
LXC | ✔️ |
Microsoft | ✔️ |
Vmware | ✔️ |
OpenVZ | ❌ |
Docker | ❌ |
Wsl | ❌ |
Kernel | Supported |
---|---|
Linux Kernel 3.0 ≤ | ❌ |
Linux Kernel 3.1 ≥ | ✔️ |
Which hosting provider do you recommend?
- VirMach: Worldwide locations, IPv4 & IPv6 support, starting at $1.00/month
- Vultr: Worldwide locations, IPv4 & IPv6 support, starting at $3.50/month
- Digital Ocean: Worldwide locations, IPv4 & IPv6 support, starting at $5/month
- Linode: Worldwide locations, IPv4 & IPv6 support, starting at $5/month
- Google Cloud: Worldwide locations, IPv4 support, starting at $3.50/month
Which WireGuard client do you recommend?
Is there WireGuard documentation?
- Yes, please head to the WireGuard Manual, which references all the options.
How do I install a wireguard without the questions? (Headless Install)
./wireguard-manager.sh --install
Are there any good alternative to self-hosting vpn?
Why is all the code in one place?
- Consider a remote control, you can have thirty different remotes each doing a different job, or you may have a single remote that does everything.
Which port do I need to forward for wireguard, and which protocol should I use?
- On the udp protocol, either the port of your choice or the default port of
51820
must be forwarded.
For unbound, which ports do I need to forward?
- Because all DNS traffic is routed through the vpn, you don't need to forward those ports
53
.
What is blocked if I enable the content blocker?
- Advertisement, Tracking, malware, and phishing are all prohibited.
What kind of information is collected and how is it gathered?
- We do not collect or retain any logs; everything takes place on the system, and logs are never sent outside of it.
Official Links
- Homepage: https://www.wireguard.com
- Install: https://www.wireguard.com/install/
- QuickStart: https://www.wireguard.com/quickstart/
- Compiling: https://www.wireguard.com/compilation/
- Whitepaper: https://www.wireguard.com/papers/wireguard.pdf
no-content-blocker-vs-content-blocker.mp4
Developing the code without having to clone the repository
After cloning the repo, Then start debugging the code.
git clone https://github.com/complexorganizations/wireguard-manager /usr/local/bin/
bash -x /usr/local/bin/wireguard-manager.sh >> /usr/local/bin/wireguard-manager.log
- Name: Prajwal Koirala
- Website: prajwalkoirala.com
- Github: @prajwal-koirala
- LinkedIn: @prajwal-koirala
- Twitter: @Prajwal_K23
- Reddit: @prajwalkoirala23
- Twitch: @prajwalkoirala23
Give a ⭐️ and 🍴 if this project helped you!
- Monero :
86uFC3LEfQi73rCS2tq6N2YKckbcyvKMCiJKSXEcLyYVW19nHiL9ec2FfaY3iAQEwhSxC7mTEGiFaVbHywirDi4rJjtczfH
- Ethereum : ``
Open Source Community
Copyright © 2020 Prajwal