Pages

Wednesday, 23 June 2021

WireGuard-Manager

 wireguard-manager enables you to build your own vpn under a minute.

Release ShellCheck Issues Sponsors PullRequest License


🤷 What is VPN ?

A Virtual Private Network (VPN) allows users to send and receive data through shared or public networks as if their computing devices were directly connected to the private network. Thus, applications running on an end-system (PC, smartphone, etc.) over a VPN may benefit from individual network features, protection, and management. Encryption is a standard aspect of a VPN connection but not an intrinsic one.

📶 What is WireGuard

WireGuard is a straightforward yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under a massive development, but it already might be regarded as the most secure, most comfortable to use, and the simplest VPN solution in the industry.

 Goals

  • robust and modern security by default
  • minimal config and critical management
  • fast, both low-latency and high-bandwidth
  • simple internals and small protocol surface area
  • simple CLI and seamless integration with system networking

🌲 Prerequisite

  • CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian, PopOS, Manjaro, Kali, Alpine, Mint, FreeBSD
  • Linux Kernel 3.1 or newer
  • You will need superuser access or a user account with sudo privilege.
  • Docker Kernel 5.6 or newer

📲 Installation

Instance Installation

Lets first use curl and save the file in /usr/local/bin/

curl https://raw.githubusercontent.com/complexorganizations/wireguard-manager/main/wireguard-manager.sh --create-dirs -o /usr/local/bin/wireguard-manager.sh

Then let's make the script user executable (Optional)

chmod +x /usr/local/bin/wireguard-manager.sh

It's finally time to execute the script

bash /usr/local/bin/wireguard-manager.sh

In your /etc/wireguard/clients directory, you will have .conf files. These are the peer configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.

Docker Installation

docker build -t wireguard https://raw.githubusercontent.com/complexorganizations/wireguard-manager/main/Dockerfile

💣 After Installation

  • Show WireGuard Interface
  • Start WireGuard Interface
  • Stop WireGuard Interface
  • Restart WireGuard Interface
  • Add WireGuard Peer
  • Remove WireGuard Peer
  • Uninstall WireGuard Interface
  • Update this script
  • Encrypt & Backup Configs
  • Restore WireGuard Configs

🔑 Usage

usage: ./wireguard-manager.sh <command>
  --install     Install WireGuard Interface
  --start       Start WireGuard Interface
  --stop        Stop WireGuard Interface
  --restart     Restart WireGuard Interface
  --list        Show WireGuard Peers
  --add         Add WireGuard Peer
  --remove      Remove WireGuard Peer
  --reinstall   Reinstall WireGuard Interface
  --uninstall   Uninstall WireGuard Interface
  --update      Update WireGuard Script
  --backup      Backup WireGuard Configs
  --restore     Restore WireGuard Configs
  --help        Show Usage Guide

🥰 Features

  • Install & Configure WireGuard Interface
  • Backup & Restore WireGuard
  • (IPv4|IPv6) Supported, Leak Protection
  • Variety of Public DNS to be pushed to the peers
  • Choice to use a self-hosted resolver with Unbound Prevent DNS Leaks, DNSSEC Supported
  • Iptables rules and forwarding managed in a seamless way
  • Remove & Uninstall WireGuard Interface
  • Preshared-key for an extra layer of security. Required
  • Many other little things!

💡 Options

  • PRIVATE_SUBNET_V4 - private IPv4 subnet configuration 10.8.0.0/24 by default
  • PRIVATE_SUBNET_V6 - private IPv6 subnet configuration fd42:42:42::0/64 by default
  • SERVER_HOST_V4 - public IPv4 address, detected by default using curl
  • SERVER_HOST_V6 - public IPv6 address, detected by default using curl
  • SERVER_PUB_NIC - public nig address, detected by default
  • SERVER_PORT - public port for wireguard server, default is 51820
  • DISABLE_HOST - Disable or enable ipv4 and ipv6, default disabled
  • CLIENT_ALLOWED_IP - private or public IP range allowed in the tunnel
  • NAT_CHOICE - Keep sending packets to keep the tunnel alive 25
  • INSTALL_UNBOUND - Install unbound with a basic y/n
  • UNINSTALL_UNBOUND - Uninstall unbound with y/n
  • REMOVE_WIREGUARD - Uninstall WireGuard with y/n
  • DNS_CHOICE - Without Unbound you have to use a public dns like 8.8.8.8
  • CLIENT_NAME - Name the first peer from wireguard
  • MTU_CHOICE - MTU the peer will use 1420

👉👈 Compatibility with Linux Distro

OSi386amd64armhfarm64
Ubuntu 14 ≤
Ubuntu 16 ≥✔️✔️✔️✔️
Debian 7 ≤
Debian 8 ≥✔️✔️✔️✔️
CentOS 6 ≤
CentOS 7 ≥✔️✔️✔️✔️
Fedora 29 ≤
Fedora 30 ≥✔️✔️✔️✔️
RedHat 6 ≤
RedHat 7 ≥✔️✔️✔️✔️
Kali 1.0 ≤
Kali 1.1 ≥✔️✔️✔️✔️
Arch✔️✔️✔️✔️
Raspbian✔️✔️✔️✔️
PopOS✔️✔️✔️✔️
Manjaro✔️✔️✔️✔️
Mint✔️✔️✔️✔️

☁️ Compatibility with Cloud Providers

CloudSupported
AWS✔️
Google Cloud✔️
Linode✔️
Digital Ocean✔️
Vultr✔️
Microsoft Azure✔️
OpenStack✔️
Rackspace✔️
Scaleway✔️
EuroVPS✔️
Hetzner Cloud
Strato

🛡️ Compatibility with Virtualization

VirtualizationSupported
KVM✔️
LXC
OpenVZ
Docker✔️

💻 Compatibility with Linux Kernel

KernelSupported
Linux Kernel 3.0 ≤
Linux Kernel 3.1 ≥✔️
Docker Kernel 5.5 ≤
Docker Kernel 5.6 ≥✔️

🙋 Q&A

Which hosting provider do you recommend?

  • Google Cloud: Worldwide locations, starting at $10/month
  • Vultr: Worldwide locations, IPv6 support, starting at $3.50/month
  • Digital Ocean: Worldwide locations, IPv6 support, starting at $5/month
  • Linode: Worldwide locations, IPv6 support, starting at $5/month

Which WireGuard client do you recommend?

Is there WireGuard documentation?

How do I install a wireguard without the questions? (Headless Install)

  • ./wireguard-manager.sh --install

Is there any alternative to wireguard?

Are there any good alternative to self-hosting vpn?

Why is all the code in one place?

  • Consider a remote control, you can have thirty different remotes each doing a different job, or you may have a single remote that does everything.

Official Links


📐 Architecture

image


🤝 Developing

Using a browser based development environment:

Open in Gitpod

🐛 Debugging

git clone https://github.com/complexorganizations/wireguard-manager /usr/local/bin/
bash -x /usr/local/bin/wireguard-manager.sh >> /usr/local/bin/wireguard-manager.log

👤 Author

from  https://github.com/complexorganizations/wireguard-manager

No comments:

Post a Comment