For some reason after setting the password I am having issues. How do I reset or change it withoug redoing everything again?

Just changed my server port from 58210 to a non-standard port and immediately became unable to connect. Looks like wg-dashboard doesn't update/verify UFW rules when the server port is changed.

So I heard about this vps provider from Linus Tech Tips (which you can use LTT as a promo code to get 15% off at checkout), and they have plans for vps instances at $1.87 a month https://pebblehost.com/vps under their premium offering, and initially it is 100Mbps, but I recently messaged their support and they said to get it an instance bumped up to 500Mbps all you have to do is.

Just open a billing ticket and we can get the limit raised for you.

Which is similar in spec and bandwidth to vultr's pricing for their lower tiers. Also, they have hosting in Canada and Europe.

Disclaimer: I haven't used them yet, but after learning about how easy it is to increase the bandwidth I am probably going to transfer my algo vpn (wireguard) setup to them to get cheaper hosting.
Another disclaimer: I don't have any affiliation with the projects/orgs that I mentioned above (I have done like one contribution to algo), besides that I am a consumer to everything. Just saw you had a Looking for a cheap VPS? section and thought I would mention it.

Good day,
I tried to run your script on GoogleCloud on both debian 10 and Ubuntu bionic
Wireguard is perfectly installed but the dashboard on localhost:3000 is not working and returns a blank page,

i tried manually installing and following your script to know what problem might be the cause but there are not errors whatsoever.

What are your recommendations

Hi,

Would it be possible to have an option added to the dashboard to download all the created peers as a zip file? WG allows importing of a zip file that contain all the peers.conf files on most, if not all OS's so would be very handy.

Cheers.

Hi,

Are there any plans on adding IPv6 support?
It's hard to set up manually because wg-dashboard keeps overwriting the wg0.conf, but IPv6 does seem to work with some config changes.

Example IPv6 server config:

Address = 10.13.37.1/24,fd10:37:37::1/64
PrivateKey = REDACTED
ListenPort = 58210
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
SaveConfig = false

[Peer]
        # client
        PublicKey = REDACTED
        AllowedIPs = 10.13.37.2/32,fd10:37:37::2/128

PrivateKey = REDACTED
Address = 10.13.37.2/24, fd10:37:37::2/64
DNS = 10.13.37.1

[Peer]
PublicKey = REDACTED
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = REDACTED
PersistentKeepalive = 25

Also, net.ipv6.conf.all.forwarding=1 has to be set in the sysctl.conf

Could u let me know how to edit the config file to change the coredns port from 53 to 1053

Currently we're able to set one ip per peer. How about fields to set allowed subnets behind that peer. And also be able to group peers by department or building etc. Thank you and once again, great job.

Manual installation without UFW (i'm doesnt need it), UFW checked as "option".
I'm try to configure server with web UI (change subnet, external ip).
Optional: Enable ufw and forward port 22 and the desired port of the wireguard instance
How i can fix it?

I just wanted to message and let this project know that it is possible to run wireguard in a docker container. If you checkout this project (sorry for linking a competitor in your github repo) https://github.com/subspacecloud/subspace#run-as-a-docker-container they show you what capabilities you have to add to run it, but it is possible.
The reason why adding it might be useful is modularity in environments. I heard about this project from the project chat for this project, and they heavily use docker containers.
I just wanted to give you a heads up, but really cool project 😄

first user connects no problem at all
Can add a second user no problem, save and restart the server.
Can download config and connect but then no internet.

<3 ya'll thank you so much for making this. I've wanted a nice wireguard gui for a long time.

I'm going to link it all over the https://github.com/pirate/wireguard-docs

(you can close this once you see it, just wanted to say thanks)

I updated and saved my configuration including changing the DNS IP address under server settings, then clicked Save and restart. Now when I create a peer and download the txt version of the config, it appears to be using the "Virtual Address" field from the server settings as the DNS entry for the interface instead of the expected "DNS" field.

Hello,
why I still have this error after clicking Save & Restart or the addition of a new peer

In my logs file I have an error 500

[18/Nov/2019:13:36:33 +0000] "POST /api/saveandrestart HTTP/1.1" 500 41 "http://127.0.0.1:3000/" "Mozilla/5.0 (X
Can you tell me where the problem comes from

NB: config gets into the file server_config.js and also in wg0.conf but the service remains stopped, I have to restart it in the terminal

There is not table row to input peers args, but an Add Peers button.
It just say "could not save user;" when I click Add Peers button. Then I was force to re-signin.

All peers have AllowedIPs = 0.0.0.0/0
That useful feature not implemented in wg-dashboard

This would be by far the best update to your awesome project. Keep up the good work.

Sorry.. not an issue, I really love this useful script and dashboard. However currently I have running Wireguard-Go on a cheap OpenVZ instance that I install manually. Is there any way to just install the dashboard only on already setup Wireguard-Go instance? Any help would be greatly appreciated. Thank you!

after reboot server wireguard dont run auto start automatic?

I am using 2 NIC setup with DMZ zone.
WAN --- wireguard --- LAN
and with this config i need to masquerade traffic on TWO interfaces but when i change config from web gui it completly rewrites all my config file with custom PostUp and PostDown commands.
please add option to setup a second nic from gui or dont rewrite whole config file just replace changed value
thanx for great product!

Generated config by the dashboard is not valid when using wg-quick.

[#] ip link add vl type wireguard
[#] wg setconf vl /dev/fd/63
Name or service not known: `:58210'
Configuration parsing error
[#] ip link delete dev vl

(I used X to censor data)

[Interface]
Address = 1X.XX.XX.X/24
PrivateKey = XXXXXXXXXXXXXX87pWEA3c0N+gp0/GzUk=
DNS = 10.13.37.1

[Peer]
PublicKey = XXXXXXXXXXXXXXXkJMpPAhEwlHjBcQPqcXU=
Endpoint = :58210
AllowedIPs = 0.0.0.0/0

# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25

lsb_release -rs returns 9.12
So install_script.sh crashes on line 45 with syntax error because of fractional part ".12"

There is another problem when I override version checking of script. I tried to install wg-dashboard in LXC container. "uname -r" returned custom kernel version of host system (4.15.18-27-pve) which not found in virtual machine repos. So install_script.sh interrupts in attempt of install not existing package. Actually there is no need to install modules in virtual machine. Modules should be installed on host system manually in this case.

BTW I successfully installed wg-dashboard on Debian 9.12 by manual way.
Installation looks like functional.
Maybe you should lower the system requirements?

hi, i installed dashboard, all ok, but i want to open access from outside, in ufw i open port 3000, but, it's not accessible, which configuration need to make, to have access not only from localhost?

I have more questions than issues. Thanks for your help in clarifying this.

1. Why is port 53 (DNS) opened on UFW for incoming traffic? If it's to connect to Cloudflare - that port default is 853? The reason I ask about this is because I've considered running WG on port 53 for some scenarios.
2. Does the CoreDNS stuff need to be enabled? If so, can I download the install script and remove that? If I would do that, what would break?
3. Any plans for IPv6 support?
4. Any plans for accounts to have a little more restriction - ex. Help Desk person being able to create and delete peers but not change the server config?
5. Plans to support additional WG interfaces wg1, wg2, etc.?

Hi, When I add a peer from dashboard I have to press the save and restart button to make the peer works. The problem is that when I press that button the wg service restarts and all current connected peers don’t have connection for some seconds. Is it possible to add a peer and make it works without interrupting other connected peers? I just recently moved from a script to your dashboard and I remember on the old script when I add a new peer it wouldn't interrupt other connections.
Thank you for your great job.

Another one :)

The dashboard automagically grabs the network adapter (eth0 / ens3 etc) but appears to leave the public IP blank by default. Would it be possible for the installation to pre-populate the IP field with the IP of the network adapter it assigns? Doing so would more often than not allow your script to create a fully automated setup of WG.

Hi, When I open the dashboard the server settings Public Host / IP is empty and the VPN isn't working even though I add the Public Host / IP manually. (It shows connected but it has no internet access). I changed the OS from ubuntu 18.0.4 to debian 10 and it didn’t work. I just realized only my Vultr servers have this issue. I even changed my VPS server location. Do you have any idea how to solve this issue? I really want my Vultr server cause they are really good.

From user logs in Issue #15 :

Sep 05 06:35:15 UKWG wg-quick[16346]: Warning: `/etc/wireguard/wg0.conf' is world accessible

we should make the file readable only to wg-dashboard and wireguard itself.

hi, it's possible to reset password for dashboard?
or i need to reinstall dashboard?
i forget password for my dashboard.

Hey guys, curious as to whether this is possible or not. I'd like to be able to access this dashboard from another computer within my LAN (e.g. at http://192.168.x.x:3000), but at present I can't seem to figure out how that might be allowed. Any advice? Thanks!

I already have WireGuard installed and configured as VPN server.

When I install wg-dashboard, it doesn't correctly read and display existing configuration.

For example, my server pubkey is /m/cR7xfgePNY5Xo0xjmEBPVIzXNZFqJXNtIPQ1CwTU=, but wg-dashboard displayed ph7o+zVZV78yMPErK3PaHrJOHeadJ52624QvO2OMUxM=.

Debian GNU/Linux 9.9 (stretch)
log console:

root@node-red:~# curl https://raw.githubusercontent.com/team-centric-software/wireguard-dashboard/master/install_script.sh | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5048 100 5048 0 0 92288 0 --:--:-- --:--:-- --:--:-- 93481
net.ipv4.ip_forward = 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11646 100 11646 0 0 110k 0 --:--:-- --:--:-- --:--:-- 110k

Installing the NodeSource Node.js 10.x repo...

Populating apt-get cache...

• apt-get update
  Hit:1 http://deb.debian.org/debian stretch-backports InRelease
  Hit:2 http://security.debian.org/debian-security stretch/updates InRelease
  Hit:3 http://deb.debian.org/debian unstable InRelease
  Ign:4 http://mirror.yandex.ru/debian stretch InRelease
  Hit:5 http://mirror.yandex.ru/debian stretch Release
  Hit:6 https://deb.nodesource.com/node_10.x stretch InRelease
  Hit:7 https://download.docker.com/linux/ubuntu bionic InRelease
  Reading package lists... Done

Confirming "stretch" is supported...

• curl -sLf -o /dev/null 'https://deb.nodesource.com/node_10.x/dists/stretch/Release'

Adding the NodeSource signing key to your keyring...

• curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
  OK

Creating apt sources list file for the NodeSource Node.js 10.x repo...

• echo 'deb https://deb.nodesource.com/node_10.x stretch main' > /etc/apt/sources.list.d/nodesource.list
• echo 'deb-src https://deb.nodesource.com/node_10.x stretch main' >> /etc/apt/sources.list.d/nodesource.list

Running apt-get update for you...

• apt-get update
  Hit:1 http://security.debian.org/debian-security stretch/updates InRelease
  Hit:2 http://deb.debian.org/debian stretch-backports InRelease
  Hit:3 http://deb.debian.org/debian unstable InRelease
  Ign:4 http://mirror.yandex.ru/debian stretch InRelease
  Hit:5 http://mirror.yandex.ru/debian stretch Release
  Hit:6 https://deb.nodesource.com/node_10.x stretch InRelease
  Hit:7 https://download.docker.com/linux/ubuntu bionic InRelease
  Reading package lists... Done

Run sudo apt-get install -y nodejs to install Node.js 10.x and npm

You may also need development tools to build native addons:

 sudo apt-get install gcc g++ make

To install the Yarn package manager, run:

 curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
 sudo apt-get update && sudo apt-get install yarn

Reading package lists... Done
Building dependency tree
Reading state information... Done
nodejs is already the newest version (11.15.0-1nodesource1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
--2019-07-10 19:51:18-- https://github.com/team-centric-software/wireguard-dashboard/releases/latest
Resolving github.com (github.com)... 140.82.118.4
Connecting to github.com (github.com)|140.82.118.4|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/wireguard-dashboard/wireguard-dashboard/releases/latest [following]
--2019-07-10 19:51:18-- https://github.com/wireguard-dashboard/wireguard-dashboard/releases/latest
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 302 Found
Location: https://github.com/wireguard-dashboard/wireguard-dashboard/releases/tag/v0.14 [following]
--2019-07-10 19:51:19-- https://github.com/wireguard-dashboard/wireguard-dashboard/releases/tag/v0.14
Reusing existing connection to github.com:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘STDOUT’

•                   [ <=>                ]  69.12K  --.-KB/s    in 0.006s
  

2019-07-10 19:51:20 (11.3 MB/s) - written to stdout [70778]

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 146 0 146 0 0 635 0 --:--:-- --:--:-- --:--:-- 637
100 1299k 0 1299k 0 0 904k 0 --:--:-- 0:00:01 --:--:-- 2119k

[email protected] install /opt/wireguard-dashboard/node_modules/bcrypt
node-pre-gyp install --fallback-to-build

node-pre-gyp WARN Using needle for node-pre-gyp https download
[bcrypt] Success: "/opt/wireguard-dashboard/node_modules/bcrypt/lib/binding/bcrypt_lib.node" is installed via remote
npm WARN [email protected] scripts['server'] should probably be scripts['start'].
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

added 260 packages from 189 contributors and audited 2514 packages in 13.786s
found 0 vulnerabilities

╭────────────────────────────────────────────────────────────────╮
│ │
│ New minor version of npm available! 6.7.0 → 6.10.0 │
│ Changelog: https://github.com/npm/cli/releases/tag/v6.10.0 │
│ Run npm install -g npm to update! │
│ │
╰────────────────────────────────────────────────────────────────╯

Rules updated
Rules updated (v6)
Firewall is active and enabled on system startup
Rule added
Rule added (v6)
Rule added
Rule added (v6)
tar (child): coredns.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now

how to fix it?
p.s also, please enable automatic ufw install!

Hi

Check options I discover how after disable DNS over TLS using button I can't re-enable again, because appears button moved but not text field of file. When you saves and reload appears disabled again.

The install script appears to open port 22 to the world; I don't see why the dashboard needs to make any changes to SSH access?

By default no 'admin' ports should ever be opened to the world because, security. Could the install be changed not to touch SSH access?

Hi, good morning. You did an amazing project, congratulations!
I would like to know if it will be possible to put a send email button to send an email to the peer containing the conf file and QRcode? I found this very useful. The button could be located on the side of these ones:

What do you think?

Best regards,

Hey there, I just found out that the Installer says

# get the latest stable snapshot
curl -L https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190601.tar.xz --output WireGuard.tar.xz

wich implies that the "latest stable snapshot" is actually a fixed version. Should it find the latest stable version by itself? Because right now it would be WireGuard-0.0.20191219.tar.xz.

Thank you so much for putting this together. It made my life a whole lot easier!

I want to modify wg-dashboard listen address to LAN ip instead , not only localhost , and I read #5 , but I can not find the string in src/httpServer.js

2019-12-04 10:18:06 [minion@hqs004 wg-dashboard]$ grep "localhost" src/httpServer.js 
2019-12-04 10:21:35 [minion@hqs004 wg-dashboard]$ 

as you can see , there's no "localhost" in httpServer.js , so how do I modify the listen address now ?

_ underscores are not compatible with wireguard Android create by file, need to rename the file each time.

(Files are also downloading .conf.txt not sure if that's chrome on mobile or that how it's being served - have not tried on desktop yet)

Hello your project is awasome i installed it yesterday. I hoped it had user expiration date but it hasn't so i suggest to make an automation to block users after expiration date inside peer section

Looking for some additional features and willing to financially support the request.

Sent you an email. Please get back to me.

Manually setting up WG for Ubuntu I run "sudo systemctl enable wg-quick@wg0" so that WG always comes back up automatically after a reboot of the server, is it possible to include this with your install script?

Hello someone know how to solve this problem ?

i open the 3000 port, but i f i go to my ip:3000 doesn't work

Thank you

Looks like wg-dashboard allows anyone and everyone on the internet to perform recursive DNS lookups via CoreDNS as port 53 is allowed on all interfaces.

Hi,

I got this quite scary message when installing wg-dashboard:

found 33 high severity vulnerabilities in 2514 scanned packages

I ran npm audit fix which seems to have worked.

Also, consider mentioning that doing the automatic install will end up installing kernel modules and run the software as root. I read the script in advance of running it, and that definitively came as a surprise

This looks like a very cool project.

Only thing i am wondering is how to mange IP tables in wg*.conf. I usually add a few IPtable rules to a wg conf.

Is this currently supported or are there any plans to support this. If i add them manually will this be overwritten by the dashboard creation of the wg.conf file?

Hello people i installed linux 18.04 to vps server and i cant enable DNS over TlS i used automate script to install dashboard.

The install command in the readme references wg-dashboard. The actual location is wireguard-dashboard.

how i can remove wg-dashboard? or disable service that listen 3000 port?

hi, i installed wireguard dashboard on second server, but if i not set public ip, other computer can't connect to wireguard server, so it's not problem to set it manually, but, some people, does not know why wireguard not working. maybe to do automatic set it?
best regards.

Please consider to change the port to 3001 or something as 3000 is already used by Grafana :-)