Skip to content
Secure self-hosted Wireguard Installer / Manager for CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian
Branch: master
Clone or download
Latest commit e7e24ea Feb 20, 2020
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update Feb 20, 2020 . Feb 20, 2020 . Feb 20, 2020

Wireguard Manager

GitHub release ShellCheck GitHub issues GitHub contributors GitHub forks

What is WireGuard?

WireGuard is an open-source VPN solution written in C by Jason Donenfeld, aiming to fix many of the problems that have plagued other modern server-to-server VPN offerings like IPSec/IKEv2, OpenVPN, or L2TP. It shares some similarities with other modern VPN offerings like Tinc and MeshBird, namely good cipher suites and minimal config. As of 2020-01 it's been merged into the 5.6 version of the Linux kernel, meaning it will ship with most Linux systems out-of-the-box.

WireGuard Goals

  • strong, modern security by default
  • minimal config and key management
  • fast, both low-latency and high-bandwidth
  • simple internals and small protocol surface area
  • simple CLI and seamless integration with system networking


  • CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian
  • Linux Kernel 4.1 or newer
  • You will need root access or a user account with sudo privilege.


Server Installation

curl --create-dirs -o /etc/wireguard/
bash /etc/wireguard/

In your /etc/wireguard/clients directory, you will have .conf files. These are the client configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.

After Installation

  • Show WireGuard Interface
  • Start WireGuard Interface
  • Stop WireGuard Interface
  • Add WireGuard Peer
  • Remove WireGuard Peer
  • Uninstall WireGuard Interface
  • Update this script


  • Installs and configures a ready-to-use WireGuard Interface
  • IPv6 Supported, IPv6 Leak Protection
  • Iptables rules and forwarding managed in a seamless way
  • If needed, the script can cleanly remove WireGuard, including configuration and iptables rules
  • Variety of DNS resolvers to be pushed to the clients
  • The choice to use a self-hosted resolver with Unbound.
  • Block DNS leaks
  • Many other little things!


  • PRIVATE_SUBNET_V4 - private subnet configuration, by default
  • PRIVATE_SUBNET_V6 - private subnet configuration, fd42:42:42::0/64 by default
  • SERVER_HOST_V4 - public IPv4 address, detected by default using wget
  • SERVER_HOST_V6 - public IPv6 address, detected by default using wget
  • SERVER_PUB_NIC - public nig address, detected by default
  • SERVER_PORT - public port for wireguard server, default is 51820
  • DISABLE_HOST - Disable or enable ipv4 and ipv6
  • NAT_CHOICE - keep alive settings for wireguard client
  • INSTALL_UNBOUND - Install unbound settings
  • CLIENT_NAME - name of the client
  • MTU_CHOICE - the MTU the client will use to connect to DNS

Compatibility with Linux Distro

OS Supported i386 amd64 armhf arm64
Ubuntu 14.04 ≤
Ubuntu 16.04
Ubuntu 18.04
Ubuntu 19.10 ≥
Debian 7.x ≤
Debian 8.x
Debian 9.x
Debian 10.x ≥
CentOS 6.x ≤
CentOS 7.x
CentOS 8.x ≥
Fedora 29 ≤
Fedora 30
Fedora 31
Fedora 32 ≥
RedHat 6.x ≤
RedHat 7.x
RedHat 8.x ≥

Compatibility with Cloud Providers

Cloud Supported
Google Cloud
Digital Ocean
Microsoft Azure
Hetzner Cloud


Which hosting provider do you recommend?

  • Google Cloud: Worldwide locations, starting at $10/month
  • Vultr: Worldwide locations, IPv6 support, starting at $3.50/month
  • Digital Ocean: Worldwide locations, IPv6 support, starting at $5/month
  • Linode: Worldwide locations, IPv6 support, starting at $5/month

Which WireGuard client do you recommend?

Is there WireGuard documentation?

How do i install wireguard without the questions? (Headless Install) Server Only

  • HEADLESS_INSTALL=y /etc/wireguard/

Official Links


Use a browser based development environment:

Open in Gitpod


git clone /etc/wireguard/
bash -x /etc/wireguard/wireguard-(server|client).sh >> /etc/wireguard/wireguard-(server|client).log


Angristan l-n-s


This project is under the General Public License

You can’t perform that action at this time.