An all-in-one WireGuard VPN solution with a web ui for connecting devices
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Maurice Breit 3a4a15f9c4
fix screenshot path in README.md (#99)
3 years ago
.github/workflows fixed actions 3 years ago
.vscode Postgresql ha (#89) 3 years ago
cmd allowed config file to be optional 3 years ago
deploy v0.4.6 - helm & docs update 3 years ago
docs v0.4.6 - helm & docs update 3 years ago
internal fixed sqlite + mysql storage 3 years ago
pkg/authnz Fix OIDC claims granting admin by default (#86) 3 years ago
proto admins can now delete devices 4 years ago
screenshots updated screenshots 4 years ago
scripts Postgresql ha (#89) 3 years ago
website reduced dashboard update frequency, updated metadata scraping loop to be more HA friendly 3 years ago
.dockerignore initial commit 4 years ago
.gitignore removed dev db.sqlite3 3 years ago
CHANGELOG.md updated changelog 3 years ago
Dockerfile updated docs 3 years ago
LICENSE Create LICENSE 4 years ago
README.md fix screenshot path in README.md (#99) 3 years ago
TODO.md updated todo 4 years ago
codegen.sh lots of updates to config - also added a data migration tool for moving between storage backends 3 years ago
docker-compose.yml fixes #76 3 years ago
go.mod bug fix: devices are no longer disconnected when metadata is updated 3 years ago
go.sum bug fix: devices are no longer disconnected when metadata is updated 3 years ago
main.go fixed docs 3 years ago
mkdocs.yml basic admin feature, network isolation, docs, helm, k8s, docs (#15) 4 years ago
publish.py v0.3.0-rc1 - helm & docs update 3 years ago
requirements-docs.txt basic admin feature, network isolation, docs, helm, k8s, docs (#15) 4 years ago

README.md

wg-access-server

wg-access-server is a single binary that provides a WireGuard VPN server and device management web ui. We support user authentication, 1 click device registration that works with Mac, Linux, Windows, Ios and Android including QR codes. You can configure different network isolation modes for better control and more.

This project aims to deliver a simple VPN solution for developers, homelab enthusiasts and anyone else feeling adventurous.

wg-access-server is a functional but young project. Contributions are welcome!

Documentation

See our documentation website

Quick Links:

Running with Docker

Here's a quick command to run the server to try it out.

export WG_ADMIN_PASSWORD="example"
export WG_WIREGUARD_PRIVATE_KEY="$(wg genkey)"

docker run \
  -it \
  --rm \
  --cap-add NET_ADMIN \
  --device /dev/net/tun:/dev/net/tun \
  -v wg-access-server-data:/data \
  -e "WG_ADMIN_PASSWORD=$WG_ADMIN_PASSWORD" \
  -e "WG_WIREGUARD_PRIVATE_KEY=$WG_WIREGUARD_PRIVATE_KEY" \
  -p 8000:8000/tcp \
  -p 51820:51820/udp \
  place1/wg-access-server

If you open your browser using your LAN ip address you can even connect your phone to try it out: for example, i'll open my browser at http://192.168.0.XX:8000 using the local LAN IP address.

You can connect to the web server on the local machine browser at http://localhost:8000

Running on Kubernetes via Helm

wg-access-server ships a Helm chart to make it easy to get started on Kubernetes.

Here's a quick start, but you can read more at the Helm Chart Deployment Docs

# deploy
helm install my-release --repo https://place1.github.io/wg-access-server wg-access-server

# cleanup
helm delete my-release

Running with Docker-Compose

Download the the docker-compose.yml file from the repo and run the following command.

export WG_ADMIN_PASSWORD="example"
export WG_WIREGUARD_PRIVATE_KEY="$(wg genkey)"

docker-compose up

You can connect to the web server on the local machine browser at http://localhost:8000

If you open your browser to your machine's LAN IP address you'll be able to connect your phone using the UI and QR code!

Screenshots

Devices

Connect iOS

Connect MacOS

Sign In

Changelog

See the CHANGELOG.md file

Development

The software is made up a Golang Server and React App.

Here's how I develop locally:

  1. run cd website && npm install && npm start to get the frontend running on :3000
  2. run sudo go run ./main.go to get the server running on :8000

Here are some notes about the development configuration:

  • sudo is required because the server uses iptables/ip to configure the VPN networking
  • you'll access the website on :3000 and it'll proxy API requests to :8000 thanks to webpack
  • in-memory storage and generated wireguard keys will be used

GRPC codegeneration:

The client communicates with the server via gRPC-Web. You can edit the API specification in ./proto/*.proto.

After changing a service or message definition you'll want to re-generate server and client code using: ./codegen.sh.