Git Product home page Git Product logo

wgadmin's Introduction

WireGuard Admin App

Turn a Raspberry Pi into a simple WireGuard™ VPN Appliance

WGAdmin is a free tool that converts a Raspberry Pi single-board computer into an easy-to-use WireGuard VPN Appliance. WGAdmin allows you to create, configure, and manage a simple WireGuard network without messing around with configuration files.

Network Summary

How it Works

Architecturally, WGAdmin is a configuration management layer wrapped around the standard WireGuard software. It's the missing WireGuard GUI and config generator. Security and heavy lifting is handled by WireGuard natively.

WGAdmin needs to run as a daemon. WGAdmin will be responsible for starting and stopping the WireGuard tunnels. i.e. You do not install wg-quick@wg0 etc. It is possible to use wg-quick for other tunnels that are separate from the interface managed by WGAdmin. e.g. let WGAdmin manage wg0 and wg-quick manage wg1 etc.

By default, WGAdmin listens on 0.0.0.0:8000 but you can change this manually in the /etc/wgadmin.json config file.

Debian Based Installation (Debian, Ubuntu, Mint, etc)

WGAdmin is available prepackaged as .deb files below.

The packages are very simple and it can also be installed manually if you prefer.

Generic Linux Installation (non-Debian based)

To install on other distributions...

Be sure the dependancies are satisfied.

  • Requires a recent kernel with WireGuard included (5.6+)
  • or WireGuard installed separately (apt install wireguard etc.)
  • optionally install wireguard-tools

Download the appropriate wgadmin binary for your architecture and place is in /usr/local/bin

Download the wgadmin.service file and place it in /lib/systemd/system

Enable and start it

sudo chown root:root /usr/local/bin/wgadmin
sudo chmod 755       /usr/local/bin/wgadmin
sudo systemctl daemon-reload
sudo systemctl enable wgadmin.service
sudo systemctl start wgadmin.service

Additional Manual Configuration

(required regardless of install method)

There are a few additional things that need to be configured manually before WireGuard can work on your network.

Enable IP Forwarding on this device

If you want to reach other devices on your home network, you must enable IP Forwarding.

Check to see if forwarding is enabled (1 = enabled, 0 = disabled). At a Linux command prompt...

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

To enable...

$ sudo -i
password: ********
# echo net.ipv4.ip_forward = 1 > /etc/sysctl.d/98-wgadmin.conf
# sysctl -p /etc/sysctl.d/98-wgadmin.conf
net.ipv4.ip_forward = 1
# exit

Enable NAT Masquerading on this device

If you want to use this device as a gateway to route all traffic beyond your home network, you must set up Masquerading.

Instructions to follow...

Add a Static Route on your Gateway

In order for return traffic on your network to find its way back to remote peers, you need to set up a static route on the network's gateway. If you just want to reach devices on your home network, this is not necessary.

Add a static route on the network's default gateway as follows: (examples, depending on your type of router): (where 192.168.1.99 is the address of the wgadmin device)

Destination: 192.168.99.0/24 Next hop: 192.168.1.99 (server device)

ip route add 192.168.99.0/24 via 192.168.1.99
route add dest 192.168.99.0 mask 255.255.255.0 gateway 192.168.1.99 metric 1

Port Forward WireGuard on your Gateway

WireGuard traffic from outside needs to be able to reach this device.

Forward all external WireGuard connections from the Internet to this device. (example, depending on your type of router):

From: Any Port: 51821 To: 192.168.1.99 Port: 51821 Protocol: UDP

Configure a Dynamic DNS name

If you do not have a static IP address from your Internet provider, you will need a name to refer back to this network's gateway.

It's best to set up a Dynamic DNS name for your gateway. This way nothing will need to be reconfigured if your address changes.

Additional Manual Configuration

The wgadmin app keeps its configuration in /etc/wgadmin.json. There are several additional user changeable parameters that are not represented in the GUI. Be sure to stop the wgadmin service before making changes or they risk being overwritten.

WgInterface
The WireGuard interface name. Defaults to `wg0`.
HttpListen
The IP and Port running the Web GUI. Defaults to 0.0.0.0:8000. Note: 0.0.0.0 means listen on all interfaces. The app runs as root so ports below 1024 are possible if they are free. e.g. 80
Username
A blank username will trigger the initialization page. Here you can create a new Username and Password. i.e. This is how you reset a forgotten password. Edit the Username field and set it to `"Username": "",`
Password
This stores a bcrypt hash of the password. Setting it to blank will trigger the initialization page as above.

wgadmin's People

Contributors

precisionpete avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

nekish96

wgadmin's Issues

Wishlist for Improvements

Enclosed is a wish list with suggestions for improving wgadmin:

  • Installing the Deb-File should check if wireguard is already installed and ask for installation
    apt install wireguard wireguard-tools openresolv -y

  • Installing the Deb-File on a System on the first time throws an error (because the services are not installed at that moment). This message is confusing.

    Failed to stop wgadmin.service: Unit wgadmin.service not loaded.
Failed to disable unit: Unit file wgadmin.service does not exist.

  • If you set a different port on the server, this port is not used for the peer. The default port is always 51820.

  • PostUp and PostDown Options are missing

  • PreSharedKey is unused

  • The Listening-Port inside the Peer-Settings are not the same from the Server

  • Traffic per User is only shown per Session not in Total

  • Network Device should show the Source IP-address

  • The section with the Readme for IP Forwarding is wrong. Here the correct Commands:

    echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/98-wgadmin.conf # Make the change persistent
echo 'net.ipv6.conf.all.forwarding= 1' >> /etc/sysctl.d/98-wgadmin.conf # Make the change persistent
sysctl -p /etc/sysctl.d/98-wgadmin.conf

And I saw a panic error:

Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip link show dev wg0
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip link set mtu 1420 up dev wg0
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip address add dev wg0 10.20.0.1
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip link show dev wg0
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 Starting wgAdmin v0.1.1 (prod)
Nov 24 17:13:35 sv2 systemd[1]: Started wgadmin.service - WireGuard Administration Server.
Nov 24 17:13:35 sv2 systemd[1]: Stopped wgadmin.service - WireGuard Administration Server.
Nov 24 17:13:35 sv2 systemd[1]: wgadmin.service: Scheduled restart job, restart counter is at 1.
Nov 24 17:13:30 sv2 systemd[1]: wgadmin.service: Failed with result 'exit-code'.
Nov 24 17:13:30 sv2 systemd[1]: wgadmin.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/cmd/wgadmin/main.go:46 +0x2b8
Nov 24 17:13:30 sv2 wgadmin[432]: main.main()
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/wg-tools.go:19 +0x78
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.WgStart({{0xc0000a70e8, 0x5}, {0xc0000c2600, 0x3c}, {0x0, 0x0}, 0x1, {0x0, 0x0}, {0x0, ...}, ...})
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/wg-tools.go:278 +0x85
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.WgIfSetup({0xc0000a710c, 0x3}, {{0xc0000b8240, 0x14}, {0xc0000a7120, 0x9}, 0x1, {0xc0000a7129, 0x3}, {0xc0000b8258, ...}, ...})
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/wg-tools.go:137 +0x2d
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.WgSetMTU({0xc0000a710c, 0x3})
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/iptools.go:72 +0x1d
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.GetDefaultMTU()
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/iptools.go:68 +0x6e
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.GetDefaultDevice()
Nov 24 17:13:30 sv2 wgadmin[432]: goroutine 1 [running]:
Nov 24 17:13:30 sv2 wgadmin[432]: panic: runtime error: index out of range [4] with length 1

Not finding the actual source code for the wgadmin binary

Obviously I am to blind or desoriented to find the actual source code of the wgadmin binary.

It looks like a very interesting project, but in the lights of the recent attacks on floss projects, I'd rather review the source code, before installing somthing crucial as a vpn server :)

Thank you for pointing me into the right direction!

best,
sascha

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.