vx3r / wg-gen-web Goto Github PK
View Code? Open in Web Editor NEWSimple Web based configuration generator for WireGuard
Home Page: https://wg-gen-web-demo.127-0-0-1.fr
License: Do What The F*ck You Want To Public License
Simple Web based configuration generator for WireGuard
Home Page: https://wg-gen-web-demo.127-0-0-1.fr
License: Do What The F*ck You Want To Public License
I really like the UI. I was wondering if there could be a feature that would show each client monthly incoming and outgoing bandwidth data usage.
we can see using wg show <interface> dump
Docker Log doesn't show anything helpful that I could see.
[GIN] 2020/08/26 - 21:31:30 | 401 | 58.876µs | 70.66.37.212 | GET "/api/v1.0/client/7dd1c67a-daf6-4843-beda-fa19b5a1af28/email"
[GIN] 2020/08/26 - 21:31:30 | 200 | 104.6µs | 70.66.37.212 | GET "/"
[GIN] 2020/08/26 - 21:31:30 | 200 | 596.848µs | 70.66.37.212 | GET "/js/chunk-vendors.85a05be0.js"
[GIN] 2020/08/26 - 21:31:30 | 200 | 148.216µs | 70.66.37.212 | GET "/js/app.68f6b65a.js"
[GIN] 2020/08/26 - 21:31:31 | 200 | 162.375µs | 70.66.37.212 | GET "/css/Clients.b58a7d31.css"
[GIN] 2020/08/26 - 21:31:31 | 200 | 46.867µs | 70.66.37.212 | GET "/api/v1.0/auth/oauth2_url"
[GIN] 2020/08/26 - 21:31:31 | 200 | 209.766µs | 70.66.37.212 | GET "/js/Clients.34dc9b04.js"
[GIN] 2020/08/26 - 21:31:31 | 200 | 87.589µs | 70.66.37.212 | POST "/api/v1.0/auth/oauth2_exchange"
[GIN] 2020/08/26 - 21:31:31 | 200 | 190.419µs | 70.66.37.212 | GET "/js/Clients~Server.d72886b6.js"
[GIN] 2020/08/26 - 21:31:31 | 200 | 205.766µs | 70.66.37.212 | GET "/js/Server.1d2011ab.js"
[GIN] 2020/08/26 - 21:31:31 | 200 | 228.314µs | 70.66.37.212 | GET "/css/Clients~Server.4dad6da0.css"
[GIN] 2020/08/26 - 21:31:31 | 200 | 86.037µs | 70.66.37.212 | GET "/api/v1.0/auth/user"
[GIN] 2020/08/26 - 21:31:31 | 200 | 57.274µs | 70.66.37.212 | GET "/api/v1.0/server/version"
[GIN] 2020/08/26 - 21:31:31 | 200 | 198.925µs | 70.66.37.212 | GET "/api/v1.0/server"
[GIN] 2020/08/26 - 21:31:31 | 200 | 235.897µs | 70.66.37.212 | GET "/api/v1.0/client"
[GIN] 2020/08/26 - 21:31:31 | 200 | 98.538µs | 70.66.37.212 | GET "/favicon.png"
[GIN] 2020/08/26 - 21:31:31 | 200 | 87.517µs | 70.66.37.212 | GET "/api/v1.0/server/config"
[GIN] 2020/08/26 - 21:31:31 | 200 | 420.37µs | 70.66.37.212 | GET "/api/v1.0/client/bb5c5b45-3ee4-4de5-9950-7ed2130bd967/config?qrcode=false"
[GIN] 2020/08/26 - 21:31:31 | 200 | 382.183µs | 70.66.37.212 | GET "/api/v1.0/client/7dd1c67a-daf6-4843-beda-fa19b5a1af28/config?qrcode=false"
[GIN] 2020/08/26 - 21:31:31 | 200 | 12.729587ms | 70.66.37.212 | GET "/api/v1.0/client/bb5c5b45-3ee4-4de5-9950-7ed2130bd967/config?qrcode=true"
[GIN] 2020/08/26 - 21:31:31 | 200 | 14.782369ms | 70.66.37.212 | GET "/api/v1.0/client/7dd1c67a-daf6-4843-beda-fa19b5a1af28/config?qrcode=true"
Any tips from us, when migrating from subspace to wg-gen-web?
I'm very interested...
Hi,
Great project - really like the flexibility of the UI which I haven't seen in any other gui's for wireguard yet. Super easy and the e-mail function works great!
I did discover something that may be due to how I setup my docker container, where the wg0.conf isn't updated but instead a wg0 file is being generated alongside.
In other words it seems like I need to the following to get new clients up and running:
mv wg0 wg0.conf
wg-quick down wg0; wg-quick up wg0
My questions is really if this is expected or if I should have done something else with the setup?
Hi , could u explain more in details on your pack installation
Would be nice to have support for database ( mysql, postgresql, sqlite ) for running multiple instances with same configuration.
The example for the SMTP configuration is
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- [email protected]
- SMTP_PASSWORD="*************"
- SMTP_FROM="Wg Gen Web <[email protected]>"
With this setup (and of course actual, correct data) I get the following error
time="2020-02-21T10:41:56Z" level=error msg="failed to send email to client" err="gomail: could not send email 1: gomail: invalid address \"\\\"Wg Gen Web <[email protected]>>\\\"\": mail: no angle-addr"
Changing SMTP_FROM
to
- SMTP_FROM=Wg Gen Web <[email protected]>
(→ no quotes) fixes the problem and emails are sent out correctly.
Hi,
Thank for this project. Simple, efficient, easy to run on my nas in a docker compose stack.
Anyway, I have a small issue:
I can't give a DNS on server configuration. wg0.conf is updated, with a timestamp. But DNS field is still missing
++ Simulot
First of all - thank you very much for this great interface to WireGuard. It makes the management of configurations so much easier.
It would be worthwhile I believe to have server.json
pretty-printed, instead of the raw version today → it would make it way easier to edit if needed.
{
"name": "Created with default values",
"created": "2020-01-31T15:05:13.522502946Z",
"updated": "2020-01-31T15:07:03.521605467Z",
"address": "fd9f:6666::10:6:6:1/112, 10.6.6.1/24",
"listenPort": 51820,
"privateKey": "gM...=",
"publicKey": "C4...=",
"presharedKey": "9wzD/gZHeTD2Bkco2wYWXq21pZJHMSweuUbzFSFNv4I=",
"endpoint": "wireguard.example.com:123",
"persistentKeepalive": 16,
"dns": "fd9f::10:0:0:2, 10.0.0.2"
}
Thanks again for sharing wg-gen-web.
His. Love this project!
But have a small request. Is it possible to have a checkbox or something similar to force the Default Allowed IPs for client
to be applied to already existing peers?
Today the peers Allowed IPs is based the list of ips that exists during it's creation time. Would be nice to just add in the server part and all peers to be updated with this new setting.
how to reproduce from the UI
In the "Server interface addresses field type:
fd42:42:42::1/64
<enter>
10.8.0.1/24
<enter>
click "update server configuration"
a stack trace starting with fatal error: runtime: out of memory
is dumped
with only a single ipv4 CIDR there is no problem
I tried config vpn server with dns load balancing, but when I set peers to sub.ourdomain.net, wireguard never get handshake..
So different when by default set to IP Address..
Wireguard correctly translate our A Record, but never get handshakes...
Thank You!
For anyone who wants to use this "in production" it would be nice if you would provide actual release tags with the images published to hub.docker.com :)
Thank you
in browser console:
Error: "ApiService: TypeError: e is undefined"
get api.service.js:14
App.vue:69
server report oauth2 is disabled, fake exchange auth.js:50:18
Updating authStatus from to disabled App.vue:91
Updating authStatus from disabled to success App.vue:91
Is it possible for dashboard using pagination + search? so admin can easily search vpn configuration.
Because for now, to load 500+ users configuration, it takes around 8-10s.. After scrolling, it will glitch and takes another 5s or more...
Thank you!
Firstly, thanks for creating such a neat UI to manage WireGuard configs - this makes like so much easier!
I noticed that the generated client configs all use the same pre shared key. Given that the pre shared key is configured in each [Peer]
section, would it be at all possible to have a separate pre shared key for each client? Essentially moving the pre shared key into each clients JSON file instead of storing a single one in the server's json file? It needn't be exposed in the UI.
Inserting empty: "PresharedKey=" to each peer causes wg to break:
[#] echo WireGuard PreUp
WireGuard PreUp
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
Line unrecognized: `PresharedKey='
Configuration parsing error
[#] ip link delete dev wg0
When upgrading wg-gen-web from a previous version, the clients do not include a preshared key.
I really like having the option of using an SMTP server to send out configurations.
But for my setup, I don't need one and therefore it is somewhat annoying to have the email field for a new client be mandatory.
Can the field be made optional?
Or maybe have some env variable that turns off SMTP and with that removes the field?
Would it be possible to add somewhere down the web frontend an information about the version (or commit)?
I am not sure this is fixable, and whether it should be but FYI the mobile version of the site is somehow impacted by some fixed-size artefacts:
This is not a show stopper as all the information is there (though, maybe there are issues with editing the IP ranges as the cross is eaten by the badge) - I am raising the point just in case there would be some more mobile dev.
The web version is truly fantastic, thanks for that.
This project is really nice. This and other similar workflows pose a security concern that I'd like to be discussed here if possible: the generated configuration exhibited with a QR code or contained in a file to be moved to the peer contains everything is needed in order to be recognized as a valid peer.
Robust best practices would require that secrets be distributed following min two separate paths, and (even better) Wireguard was designed in a way that enables a peer to generate its own keys pair and send back to the server only the public part.
I understand this is a bit mor complicated as a process but I'm asking myself if I'm the only one concerned about this.
Would be nice to have prometheus metrics endpoint for connected users for example.
Stats from wg can be obtained via https://github.com/MindFlavor/prometheus_wireguard_exporter
Would be great if we could set a default set of Allowed IPs for when we generate a new client config. In my case I have a few subnets that the users need access to and I am not routing for the entire web. Right now I need to add these subnets for each client manually. If we set this as a global pref it would streamline things considerably.
Great work!
I understand you're working to implement Authelia, but is there any simple way now to protect the page with even a simple password?
Hey, awesome project, I'm really interested in using it for my Wireguard setup.
Sadly I ran into a little issue that is troublesome for my configuration.
I don't want to use a PersistentKeepalive for most clients, as they are mobile devices that don't require it.
But 2 devices are stationary and host services that I want to have available in the VPN network, thus I need a PersistentKeepalive so that they automatically reconnect after a connection drop.
In short: I would like to have PersistentKeepalive be an option that can be set or overwritten per client instead of just globally.
When downloading a configuration file, it is named wg0.conf
.
Would it be possible to generate a filename relevant to the name of the connection? For instance
home.conf
a-name-with-spaces.conf
This will allow to differentiate the various config files, abd avoid the wg0 (1).conf
, wg0 (2).conf
, ... on Windows (which are not understood by Wireguard on Windows)
I am not sure how exactly wireguard-tools package works, but seems that it will allow to interact with with wg, so there is no need to run some inotify script for hotrealoading configuration ( Look at this similar project https://github.com/Place1/wg-access-server )
I belive that it will allow You to expose stats from wg #52
Please add TLS support for SMTP, as most services mandate TLS connection.
d.TLSConfig = &tls.Config{InsecureSkipVerify: true}
(or use env for setup)
Thanks,
Hi using the settings for gmail and getting 500 internal server error
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=465
- [email protected]
- SMTP_PASSWORD="blahblahblah"
- SMTP_FROM=WireGuard-BlahBlah <[email protected]>
Here are the settings from GMAIL
smtp.gmail.com
Requires SSL: Yes
Requires TLS: Yes (if available)
Requires Authentication: Yes
Port for SSL: 465
Port for TLS/STARTTLS: 587
Also tried 587 with no avail. I use the same account to send outgoing smtp emails using other servies so should be all active.
might be good to allow a default server setting on whether we used pre-shared keys and then also a setting on an individual client basis.
would be nice to have k8s deployment examples:
yaml related: https://github.com/Place1/wg-access-server/blob/master/deploy/k8s/quickstart.yaml
helm related: https://github.com/Place1/wg-access-server/tree/master/deploy/helm/wg-access-server
Hello,
I like your idea and project, thanks for the good work.
A suggestion towards the CLIENTS UI, i think it would be more useful to have the CLIENTS TAB as a Tabular list rather than each CLIENT being shown in Card form with the QR codealongside.
This is because the CLIENT and SERVER Tabs would normally be administered by an administrator not by the actual Client user. This way realestate screenspace can be better utilized , also not being the actual user there is no direct need for the QR code upfront on screen, a link should suffice (or a mouseover event).
just a thought, sadly i'm not a programmer to help out.
as said before good work ;)
Best Regards,
Aniston
It would be nice to configure that the files are served in a subpath by the reverseproxy.
I want to use traefik as a reverse proxy (with authentication) and not define another host dns name for the ui.
Example:
http://a.b.com/wggen/...
Does this project implement Google SSO ,will it be added in the future ?
Would be nice if you can share your setup with a revers proxy in form of a docker-compose.yml
ready to go for popular revers proxy web apps like.
Thank you
Hi ,
I have configured Gitlab as openid connect idp provider, however all authenticated users of Gitlab can now access wg gen web application. I want to restrict access based on some authenticated gitlab users or based on members of authorized Gitlab group.
Can this be done based on docker environment variable while starting the container?
Before I just request on #38
I'm very helpful with that changes, and now... Is it possible to do "enable/disable client" on the list view?
For now, the only way to do "disable" on list view, are send request through proxy with the clientID.
Can I request feature "Enable/Disable Client through list view" ?
Thank you very much @vx3r !
Hi, I installed this service successfully and configured systemd to monitor /etc/wireguard to reload wireguard configuration as per your instructions in the Readme. But it seems that on every simple GET of the web ui, without changing any setting wg0.conf gets updated and therefore wireguard restarted. Is this the expected behavior? Isn't this a problem because of service interruption? Thanks for this nice gui!
It looks like the client IPs are generated when you add a client. Provide the option to specify this and / or change it.
Is it possible to enable this somehow? Or any other simple authentication method?
Hey I have a wireguard installer with over 2500 clones and 300 stars and I think this would be an amazing side thing to add to that so instead of a CLI only users would be able to use a GUI too.
What do you think about it??
in the readme, the example docker compose file
expose is for inner stuff I think, ports is how the browser gets inside
current:
version: '3.6'
services:
wg-gen-web:
image: vx3r/wg-gen-web:latest
container_name: wg-gen-web
restart: unless-stopped
expose:
- "8080/tcp"
I think it should be
version: '3.6'
services:
wg-gen-web:
image: vx3r/wg-gen-web:latest
container_name: wg-gen-web
restart: unless-stopped
ports:
- 8080:8080
Configuration is composed of four parts:
wg showconf wg0
- Address, ListenPort, keys
)iptables
)DNS, MTU, Endpoint, PersistentKeepalive
)allowedIPs, Address, peer keys
)I suggest that these 4 parts should be better identified on the UI.
For example
DNS, MTU, Endpoint, PersistentKeepalive
- also used by wg-quick)Heimdall allows to group containers on a single web page for easy access.
It would be great to have the ability to also add wg-gen-web
(and possibly show the number of configured clients, for instance)
Would be nice to have an added textarea for additional server config options. Or expose PostUp and PostDown as optional fields for the server configuration.
Hi @vx3r
nice work and project. Want to try with help regrading authelia usage, it's currently playing nice with Traefik v2.0 and doesn't required any robust work to setup
You can use https://github.com/authelia/authelia/blob/master/docs/deployment/supported-proxies/traefik2.x.md for reference. I've successful setup on my server based on that documentation and the user management can be done by authelia config files.
Hope that helps
It would be great if there was some more logging generated by the application.
Right now it is just the HTTP conversation that gets logged bus several what I belive to be key events are not:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.