Skip to content

complexorganizations/wireguard-manager

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

b6a7f8b

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
February 1, 2023 00:46
February 1, 2023 00:46
February 1, 2023 00:46

WireGuard-Manager 👋

Your privacy is the default settings here.
Give a ⭐️ and 🍴 if this project helped you!

Release ShellCheck Auto-Build Auto-Update ShellCheck Issues PullRequest License


🤷 What is VPN ?

A Virtual Private Network (VPN) allows users to send and receive data through shared or public networks as if their computing devices were directly connected to the private network. Thus, applications running on an end-system (PC, smartphone, etc.) over a VPN may benefit from individual network features, protection, and management. Encryption is a standard aspect of a VPN connection but not an intrinsic one.

📶 What is WireGuard

WireGuard is a straightforward yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under a massive development, but it already might be regarded as the most secure, most comfortable to use, and the simplest VPN solution in the industry.

Goals

  • robust and modern security by default
  • minimal config and critical management
  • fast, both low-latency and high-bandwidth
  • simple internals and small protocol surface area
  • simple CLI and seamless integration with system networking

🌲 Prerequisite

  • Alma, Alpine, Arch, Archarm, CentOS, Debian, Fedora, FreeBSD, Kali, Mint, Manjaro, Neon, Oracle, Pop, Raspbian, RHEL, Rocky, Ubuntu
  • Linux Kernel 3.1 or newer
  • You will need superuser access or a user account with sudo privilege.

🐧 Installation

Lets first use curl and save the file in /usr/local/bin/

curl https://raw.githubusercontent.com/complexorganizations/wireguard-manager/main/wireguard-manager.sh --create-dirs -o /usr/local/bin/wireguard-manager.sh

Then let's make the script user executable

chmod +x /usr/local/bin/wireguard-manager.sh

It's finally time to execute the script

bash /usr/local/bin/wireguard-manager.sh

In your /etc/wireguard/clients directory, you will have .conf files. These are the peer configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.


💣 After Installation

  • Show WireGuard Interface
  • Start WireGuard Interface
  • Stop WireGuard Interface
  • Restart WireGuard Interface
  • Add WireGuard Peer
  • Remove WireGuard Peer
  • Uninstall WireGuard Interface
  • Update this script
  • Encrypt & Backup Configs
  • Restore WireGuard Configs

🔑 Usage

usage: ./wireguard-manager.sh <command>
  --install     Install WireGuard
  --start       Start WireGuard
  --stop        Stop WireGuard
  --restart     Restart WireGuard
  --list        Show WireGuard
  --add         Add WireGuard Peer
  --remove      Remove WireGuard Peer
  --reinstall   Reinstall WireGuard
  --uninstall   Uninstall WireGuard
  --update      Update WireGuard Manager
  --ddns        Update WireGuard IP Address
  --backup      Backup WireGuard
  --restore     Restore WireGuard
  --purge       Purge WireGuard Peer(s)
  --help        Show Usage Guide

🥰 Features

  • Install & Configure WireGuard Interface
  • Backup & Restore WireGuard
  • Expiration of peer configurations on autopilot
  • (IPv4|IPv6) Supported, Leak Protection
  • Variety of Public DNS to be pushed to the peers
  • Choice to use a self-hosted resolver with Unbound Prevent DNS Leaks, DNSSEC Supported
  • Nftables rules and forwarding managed in a seamless way
  • Remove & Uninstall WireGuard Interface
  • Preshared-key for an extra layer of security. Required
  • Many other little things!

💡 Options

  • PRIVATE_SUBNET_V4_SETTINGS - By default, the private IPv4 subnet configuration is 10.0.0.0/8.
  • PRIVATE_SUBNET_V6_SETTINGS - fd00:00:00::0/8 is the default private IPv6 subnet.
  • SERVER_HOST_V4_SETTINGS - Curl detects a public IPv4 address by default.
  • SERVER_HOST_V6_SETTINGS - Curl by default finds a public IPv6 address.
  • SERVER_PUB_NIC_SETTINGS - Using the ip command, to find the local public network interface.
  • SERVER_PORT_SETTINGS - 51820 is the default public port for the wireguard interface.
  • NAT_CHOICE_SETTINGS - Determine whether or not to use the vpn tunnel's keep alive feature.
  • MTU_CHOICE_SETTINGS - The wireguard peers will utilize this MTU.
  • SERVER_HOST_SETTINGS -
  • CLIENT_ALLOWED_IP_SETTINGS - Using an IP range, choose what should be sent to the VPN.
  • AUTOMATIC_UPDATES_SETTINGS -
  • AUTOMATIC_BACKUP_SETTINGS -
  • DNS_PROVIDER_SETTINGS - You'll have to utilize another DNS if you don't have Unbound.
  • CONTENT_BLOCKER_SETTINGS -
  • CLIENT_NAME - The wireguard peer's name.
  • AUTOMATIC_CONFIG_REMOVER -

👉👈 Compatibility with Linux Distro

OS i386 amd64 armhf arm64
Ubuntu 14 ≤
Ubuntu 16 ≥ ✔️ ✔️ ✔️ ✔️
Debian 7 ≤
Debian 8 ≥ ✔️ ✔️ ✔️ ✔️
CentOS 6 ≤
CentOS 7 ≥ ✔️ ✔️ ✔️ ✔️
Fedora 29 ≤
Fedora 30 ≥ ✔️ ✔️ ✔️ ✔️
RedHat 6 ≤
RedHat 7 ≥ ✔️ ✔️ ✔️ ✔️
Kali 1.0 ≤
Kali 1.1 ≥ ✔️ ✔️ ✔️ ✔️
Arch ✔️ ✔️ ✔️ ✔️
Raspbian ✔️ ✔️ ✔️ ✔️
PopOS ✔️ ✔️ ✔️ ✔️
Manjaro ✔️ ✔️ ✔️ ✔️
Mint ✔️ ✔️ ✔️ ✔️
Alma ✔️ ✔️ ✔️ ✔️
Alpine ✔️ ✔️ ✔️ ✔️
FreeBSD ✔️ ✔️ ✔️ ✔️
Neon ✔️ ✔️ ✔️ ✔️
Rocky ✔️ ✔️ ✔️ ✔️
Oracle ✔️ ✔️ ✔️ ✔️

☁️ Compatibility with Cloud Providers

Cloud Supported
AWS ✔️
Google Cloud ✔️
Linode ✔️
Digital Ocean ✔️
Vultr ✔️
Microsoft Azure ✔️
OpenStack ✔️
Rackspace ✔️
Scaleway ✔️
EuroVPS ✔️
Hetzner Cloud
Strato

🛡️ Compatibility with Virtualization

Virtualization Supported
KVM ✔️
None ✔️
Qemu ✔️
LXC ✔️
Microsoft ✔️
Vmware ✔️
OpenVZ
Docker
Wsl

💻 Compatibility with Linux Kernel

Kernel Supported
Linux Kernel 3.0 ≤
Linux Kernel 3.1 ≥ ✔️

🙋 Q&A

Which hosting provider do you recommend?

  • Google Cloud: Worldwide locations, IPv4 support, starting at $3.50/month
  • Amazon Web Services: Worldwide locations, IPv4 support, starting at $5.00/month
  • Microsoft Azure: Worldwide locations, IPv4 support, starting at $5.00/month
  • Linode: Worldwide locations, IPv4 & IPv6 support, starting at $5.00/month
  • Vultr: Worldwide locations, IPv4 & IPv6 support, starting at $3.50/month

Which WireGuard client do you recommend?

Is there WireGuard documentation?

How do I install a wireguard without the questions? (Headless Install)

  • ./wireguard-manager.sh --install

Are there any good alternative to self-hosting vpn?

Why is all the code in one place?

  • Consider a remote control, you can have thirty different remotes each doing a different job, or you may have a single remote that does everything.

Which port do I need to forward for wireguard, and which protocol should I use?

  • On the udp protocol, either the port of your choice or the default port of 51820 must be forwarded.

For unbound, which ports do I need to forward?

  • Because all DNS traffic is routed through the vpn, you don't need to forward those ports 53.

What is blocked if I enable the content blocker?

  • Advertisement, Tracking, malware, and phishing are all prohibited.

What kind of information is collected and how is it gathered?

  • We do not collect or retain any logs; everything takes place on the system, and logs are never sent outside of it.

If I want to set up my own VPN server, what should I purchase?

How much should the entire cost of constructing your own VPN be?

  • The hardware has a one-time cost of roughly $75 USD, as well as monthly costs of energy and internet.

Official Links


🙅 No Content-Blocking vs. Content-Blocking

no-content-blocker-vs-content-blocker.mp4

📐 Architecture

image


🤝 Developing

Developing the code without having to clone the repository

Open in Visual Studio Code

🐛 Debugging

After cloning the repo, Then start debugging the code.

git clone https://github.com/complexorganizations/wireguard-manager /root/
bash -x /root/wireguard-manager/wireguard-manager.sh >>/root/wireguard-manager/wireguard-manager.log

❤️ Credits

Open Source Community


🤝 Sponsors


📝 License

Apache License Version 2.0