aboutsummaryrefslogtreecommitdiff

Wireguard server manager

wgmgr is a command-line manager for the server part of the Wireguard VPN solution. It expects a traditional client-server relationship, and cannot be used to handle meshed networks (if that's what your looking for, look into Headscale).

It has the following features

  • Client creation, with automated IP assignment and key generation
  • Client removal
  • Client configuration generation (use qrencode if you want to generate a QR Code)
  • Real-time statistic through the wg command, but with nicer peer names

Be aware that the clients' private keys will be stored on the server in order to simplify the config file generation. This is par for the course for Wireguard managers, but it bears repeating.

Here's a sample run, adding a new peer to your server:

$ wgmgr add my_new_phone
$ wgmgr ls
my_new_laptop | 10.8.0.2
my_new_phone  | 10.8.0.3
$ wgmgr config --type split my_new_phone | qrencode -t ansiutf8
<scan the generated QR code with your phone's Wireguard app>

Installing

You can download the latest release at /releases/wgmgr/latest/. If you want to build the software yourself, you will need an up-to-date Rust toolchain (rustup is recommended).

Building the software should be as simple as:

$ git clone https://git.sixfoisneuf.fr/wgmgr
$ cd wgmgr
$ cargo build --release

Setting up

Create the application configuration file, at /etc/wgmgr.toml:

wgconf = "/etc/wireguard/wg0.conf"  # path to your Wireguard configuration file
endpoint = "1.2.3.4"  # IP address of the server
port = 6789  # optional, uses 51820 by default
dns = "8.8.8.8"  # optional

Your Wireguard configuration file must already exist and be valid. A sample configuration file is as follows:

[Interface]
PrivateKey = REDACTED
ListenPort = 51820
Address = 10.8.0.1/24

Usage

Usage: wgmgr [OPTIONS] <COMMAND>

Commands:
  ls      List known clients
  config  Generate the configuration file for a client
  add     Add a new client to your VPN
  rm      Remove a client from your VPN
  wg      Run 'wg', but with the client names
  help    Print this message or the help of the given subcommand(s)

Options:
  -c, --config <CONFIG>      wgmgr configuration file path
  -h, --help                 Print help
  -V, --version              Print version

Wireguard configuration file

This software will parse and edit the Wireguard configuration file specified in /etc/wgmgr.toml. While several protections are in place, be advised that this software might permanently destroy your Wireguard configuration. Always have backups!

Each new client is added to the configuration file with a [Peer] stanza like the following:

# The Peer Name
[Peer]
AllowedIPs = 10.8.0.2/32
PublicKey = GSiujJjngvyLTR0/93l/EUGIs7ohDpKDhoa0WrEXJnA=

The corresponding private key will be stored in /etc/wireguard/private_keys/The Peer Name. Permissions should automatically be set to rw------- (600), preventing anyone but root from reading it.

Reporting bugs

Please report any bugs you find to bugs+wgmgr@sixfoisneuf.fr. Contributions are welcomed, as long as they follow the git send-email format.

generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 07:26:59 +0000