Skip to content
Secure self-hosted Wireguard Installer / Manager for CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian
Shell
Branch: master
Clone or download
Latest commit e7e24ea Feb 20, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update README.md Feb 20, 2020
wireguard-client.sh . Feb 20, 2020
wireguard-server.sh . Feb 20, 2020

README.md

Wireguard Manager

GitHub release ShellCheck GitHub issues GitHub contributors GitHub forks


What is WireGuard?

WireGuard is an open-source VPN solution written in C by Jason Donenfeld, aiming to fix many of the problems that have plagued other modern server-to-server VPN offerings like IPSec/IKEv2, OpenVPN, or L2TP. It shares some similarities with other modern VPN offerings like Tinc and MeshBird, namely good cipher suites and minimal config. As of 2020-01 it's been merged into the 5.6 version of the Linux kernel, meaning it will ship with most Linux systems out-of-the-box.

WireGuard Goals

  • strong, modern security by default
  • minimal config and key management
  • fast, both low-latency and high-bandwidth
  • simple internals and small protocol surface area
  • simple CLI and seamless integration with system networking

Prerequisite

  • CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian
  • Linux Kernel 4.1 or newer
  • You will need root access or a user account with sudo privilege.

Installation

Server Installation

curl https://raw.githubusercontent.com/complexorganizations/wireguard-installer-manager/master/wireguard-server.sh --create-dirs -o /etc/wireguard/wireguard-server.sh
bash /etc/wireguard/wireguard-server.sh

In your /etc/wireguard/clients directory, you will have .conf files. These are the client configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.


After Installation

  • Show WireGuard Interface
  • Start WireGuard Interface
  • Stop WireGuard Interface
  • Add WireGuard Peer
  • Remove WireGuard Peer
  • Uninstall WireGuard Interface
  • Update this script

Features

  • Installs and configures a ready-to-use WireGuard Interface
  • IPv6 Supported, IPv6 Leak Protection
  • Iptables rules and forwarding managed in a seamless way
  • If needed, the script can cleanly remove WireGuard, including configuration and iptables rules
  • Variety of DNS resolvers to be pushed to the clients
  • The choice to use a self-hosted resolver with Unbound.
  • Block DNS leaks
  • Many other little things!

Options

  • PRIVATE_SUBNET_V4 - private subnet configuration, 10.8.0.0/24 by default
  • PRIVATE_SUBNET_V6 - private subnet configuration, fd42:42:42::0/64 by default
  • SERVER_HOST_V4 - public IPv4 address, detected by default using wget
  • SERVER_HOST_V6 - public IPv6 address, detected by default using wget
  • SERVER_PUB_NIC - public nig address, detected by default
  • SERVER_PORT - public port for wireguard server, default is 51820
  • DISABLE_HOST - Disable or enable ipv4 and ipv6
  • CLIENT_ALLOWED_IP -
  • NAT_CHOICE - keep alive settings for wireguard client
  • INSTALL_UNBOUND - Install unbound settings
  • CLIENT_NAME - name of the client
  • MTU_CHOICE - the MTU the client will use to connect to DNS

Compatibility with Linux Distro

OS Supported i386 amd64 armhf arm64
Ubuntu 14.04 ≤
Ubuntu 16.04
Ubuntu 18.04
Ubuntu 19.10 ≥
Debian 7.x ≤
Debian 8.x
Debian 9.x
Debian 10.x ≥
CentOS 6.x ≤
CentOS 7.x
CentOS 8.x ≥
Fedora 29 ≤
Fedora 30
Fedora 31
Fedora 32 ≥
RedHat 6.x ≤
RedHat 7.x
RedHat 8.x ≥
Arch
Raspbian
LXC
OpenVZ

Compatibility with Cloud Providers

Cloud Supported
AWS
Google Cloud
Linode
Digital Ocean
Vultr
Microsoft Azure
OpenStack
Rackspace
Scaleway
EuroVPS
Hetzner Cloud
Strato

Q&A

Which hosting provider do you recommend?

  • Google Cloud: Worldwide locations, starting at $10/month
  • Vultr: Worldwide locations, IPv6 support, starting at $3.50/month
  • Digital Ocean: Worldwide locations, IPv6 support, starting at $5/month
  • Linode: Worldwide locations, IPv6 support, starting at $5/month

Which WireGuard client do you recommend?

Is there WireGuard documentation?

How do i install wireguard without the questions? (Headless Install) Server Only

  • HEADLESS_INSTALL=y /etc/wireguard/wireguard-server.sh

Official Links


Developing

Use a browser based development environment:

Open in Gitpod

Debugging

git clone https://github.com/complexorganizations/wireguard-installer-manager /etc/wireguard/
bash -x /etc/wireguard/wireguard-(server|client).sh >> /etc/wireguard/wireguard-(server|client).log

Credits

Angristan l-n-s

License

This project is under the General Public License

You can’t perform that action at this time.