blob: 85affbc58d4a7e50567236cf81f8dba63a1f7282 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# Wireguard server manager
`wgmgr` is a command-line manager for the server part of the [Wireguard](https://wireguard.org) VPN solution. It expects a traditional client-server relationship, and cannot be used to handle meshed networks.
It handles client creation and removal, and will auto-generate the corresponding private and public keys. It can also generate the configuration file for each client.
Be aware that the clients' private keys will be stored on the server in order to simplify the config file generation. This is par for the course for Wireguard managers, but it bears repeating.
```
$ wgmgr add my_new_laptop
$ wgmgr ls
my_new_laptop | 10.8.0.2
$ wgmgr config --type split my_new_laptop
<copy-paste the configuration to your laptop>
```
## Setting up
Create the application configuration file, at `/etc/wgmgr.toml`:
```toml
wgconf = "/etc/wireguard/wg0.conf" # path to your Wireguard configuration file
endpoint = "1.2.3.4" # IP address of the server
port = 6789 # optional, uses 51820 by default
dns = "8.8.8.8" # optional
```
Your Wireguard configuration file must already exist and be valid. A sample configuration file is as follows:
```
[Interface]
PrivateKey = REDACTED
ListenPort = 51820
Address = 10.8.0.1/24
```
## Usage
```
Usage: wgmgr [OPTIONS] <COMMAND>
Commands:
ls List known clients
config Generate the configuration file for a client
add Add a new client to your VPN
rm Remove a client from your VPN
wg Run 'wg', but with the client names
help Print this message or the help of the given subcommand(s)
Options:
-c, --config <CONFIG> wgmgr configuration file path
-h, --help Print help
-V, --version Print version
```
## Wireguard configuration file
This software will parse and edit the Wireguard configuration file specified in `/etc/wgmgr.conf`. While several protections are in place, be advised that this software *might* permanently destroy your Wireguard configuration. Always have backups!
Each new client is added to the configuration file with a `[Peer]` stanza like the following:
```
# The Peer Name
[Peer]
AllowedIPs = 10.8.0.2/32
PublicKey = GSiujJjngvyLTR0/93l/EUGIs7ohDpKDhoa0WrEXJnA=
```
The corresponding private key will be stored in `/etc/wireguard/private_keys/The Peer Name`. Permissions should automatically be set to `rw-------` (600), preventing anyone but root from reading it.
## Reporting bugs
Please report any bugs you find to [bugs+wgmgr@sixfoisneuf.fr](mailto:bugs+wgmgr@sixfoisneuf.fr). Contributions are welcomed, as long as they follow the [git send-email](https://git-send-email.io) format.
|