What is WireGuard?
WireGuard is an open-source VPN solution written in C by Jason Donenfeld, aiming to fix many of the problems that have plagued other modern server-to-server VPN offerings like IPSec/IKEv2, OpenVPN, or L2TP. It shares some similarities with other modern VPN offerings like Tinc and MeshBird, namely good cipher suites and minimal config. As of 2020-01 it's been merged into the 5.6 version of the Linux kernel, meaning it will ship with most Linux systems out-of-the-box.
- strong, modern security by default
- minimal config and key management
- fast, both low-latency and high-bandwidth
- simple internals and small protocol surface area
- simple CLI and seamless integration with system networking
- CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian
- Linux Kernel 4.1 or newer
- You will need root access or a user account with
curl https://raw.githubusercontent.com/complexorganizations/wireguard-installer-manager/master/wireguard-server.sh --create-dirs -o /etc/wireguard/wireguard-server.sh bash /etc/wireguard/wireguard-server.sh
/etc/wireguard/clients directory, you will have
.conf files. These are the client configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.
- Show WireGuard Interface
- Start WireGuard Interface
- Stop WireGuard Interface
- Add WireGuard Peer
- Remove WireGuard Peer
- Uninstall WireGuard Interface
- Update this script
- Installs and configures a ready-to-use WireGuard Interface
- IPv6 Supported, IPv6 Leak Protection
- Iptables rules and forwarding managed in a seamless way
- If needed, the script can cleanly remove WireGuard, including configuration and iptables rules
- Variety of DNS resolvers to be pushed to the clients
- The choice to use a self-hosted resolver with Unbound.
- Block DNS leaks
- Many other little things!
PRIVATE_SUBNET_V4- private subnet configuration,
PRIVATE_SUBNET_V6- private subnet configuration,
SERVER_HOST_V4- public IPv4 address, detected by default using
SERVER_HOST_V6- public IPv6 address, detected by default using
SERVER_PUB_NIC- public nig address, detected by default
SERVER_PORT- public port for wireguard server, default is
DISABLE_HOST- Disable or enable ipv4 and ipv6
NAT_CHOICE- keep alive settings for wireguard client
INSTALL_UNBOUND- Install unbound settings
CLIENT_NAME- name of the client
MTU_CHOICE- the MTU the client will use to connect to DNS
Compatibility with Linux Distro
|Ubuntu 14.04 ≤|
|Ubuntu 19.10 ≥|
|Debian 7.x ≤|
|Debian 10.x ≥|
|CentOS 6.x ≤|
|CentOS 8.x ≥|
|Fedora 29 ≤|
|Fedora 32 ≥|
|RedHat 6.x ≤|
|RedHat 8.x ≥|
Compatibility with Cloud Providers
Which hosting provider do you recommend?
- Google Cloud: Worldwide locations, starting at $10/month
- Vultr: Worldwide locations, IPv6 support, starting at $3.50/month
- Digital Ocean: Worldwide locations, IPv6 support, starting at $5/month
- Linode: Worldwide locations, IPv6 support, starting at $5/month
Which WireGuard client do you recommend?
Is there WireGuard documentation?
- Yes, please head to the WireGuard Manual, which references all the options.
How do i install wireguard without the questions? (Headless Install) Server Only
- Homepage: https://www.wireguard.com
- Install: https://www.wireguard.com/install/
- QuickStart: https://www.wireguard.com/quickstart/
- Main Git repo: https://git.zx2c4.com/WireGuard/
- Github Mirror: https://github.com/WireGuard/WireGuard
- Mailing List: https://lists.zx2c4.com/mailman/listinfo/wireguard
Use a browser based development environment:
git clone https://github.com/complexorganizations/wireguard-installer-manager /etc/wireguard/ bash -x /etc/wireguard/wireguard-(server|client).sh >> /etc/wireguard/wireguard-(server|client).log
This project is under the General Public License