A web-based tool for generating WireGuard VPN configurations with cryptographically secure key generation. Supports both Hub-and-Spoke and Mesh Network topologies.
- QR Code generator for config
- Download all config at once
- Make
PresharedKeyand other options optional - Container
- frontend rework (I hate frontend)
This project uses real cryptographic implementations suitable for WireGuard deployments, not demonstration code.
- TweetNaCl.js v1.0.3 - Audited, lightweight cryptographic library
- Web Crypto API - Browser-native cryptographic operations when available
- HMAC-SHA256 Fallback - Custom implementation for browsers without Web Crypto API
-
Seed Generation/Input
- Generate cryptographically secure 32-byte seed
- Or accept user-provided hex seed for reproducibility
-
Key Derivation
- Use HKDF to derive keys from seed with unique salts
- Private keys:
HKDF(seed, "WireGuard v1 private key", key_index) - Preshared keys:
HKDF(seed, "WireGuard v1 preshared key", key_index)
-
Public Key Generation
- Apply Curve25519 scalar multiplication:
public = private * G - Where G is the Curve25519 base point
- Apply Curve25519 scalar multiplication:
-
Key Validation
- Verify key lengths (32 bytes each)
- Check private key clamping
- Confirm public key derivation
MIT License