Skip to content

Latest commit

 

History

History
444 lines (332 loc) · 33.4 KB

README.md

File metadata and controls

444 lines (332 loc) · 33.4 KB

Awesome WireGuard Awesome



A curated list of WireGuard tools, projects, and resources.

WireGuard® - fast, modern, secure VPN tunnel.

You can see the updates on Twitter (coming soon)

Please, help organize these resources so that they are easy to find and understand for newcomers. See how to Contribute for tips!

If you see a link here that is not (any longer) a good fit, you can fix it by submitting a pull request to improve this file. Thank you!


Status Badges

We use emoji to determine repository status.

🟢 active repos (last commit date is less than 3 months)

🟡 stale repos (last commit date is more than 6 months)

🔴 inactive repos (last commit date is more than 1 year)

⚫ repos that were superseded

🟦 repos that were code completed

❔ repos that weren't found (broken link)


Contents

Expand Table of Contents

What is WireGuard

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Source: Official WireGuard project website

Official Resources

Where to Start


Projects

Tools

  • wg-quick - Official cross-platform tool to set up a WireGuard interface simply.
  • easy-wg-quick - Creates Wireguard configuration for hub and peers with ease. GitHub last commit 🟢
  • dsnet - Simple command to manage a centralised wireguard VPN. Think wg-quick but quicker: key generation + address allocation. GitHub last commit 🟢
  • wgctrl - Package wgctrl enables control of WireGuard interfaces on multiple platforms. GitHub last commit 🔴
  • wgzero - Zero overhead wireguard setup. GitHub last commit 🔴
  • wg-make - A tool to help set up WireGuard based networks. Currently, it generates configurations for peers according to a single configuration file. GitHub last commit 🔴
  • onetun - A user-space WireGuard port-forwarder -- access ports running on peers in your WireGuard network from any device; without having to install WireGuard locally or without root access (no iptables configs). GitHub last commit 🟢
  • wireproxy - A userspace WireGuard client that connects to a WireGuard peer, and exposes a SOCKS5 proxy. (Use cases: Setting up WG as a VPN requires special privilege. It tells the kernel to create a special network interface to handle WG connection. This can get messy if you do not have any special permission (i.e., root), if you do not have proper firewall configuration, or if you want to connect to multiple WG peers at once. wireproxy static tunneling is basically openssh -D, which supports SOCKS5 protocols.) GitHub last commit 🟢
  • wireguard-manager-and-api - A tool for rotating the keys on peers to increase their privacy by removing their IP address from memory. GitHub last commit 🔴
  • sandialabs/wiretap - Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run. GitHub last commit 🟢
  • coder/wush - Simplest and fastest way to transfer files between computers via WireGuard. GitHub last commit 🟢

Mesh Network

  • Tailscale - Tailscale is a WireGuard-based app that makes secure, private networks easy for teams of any scale.
  • Headscale - An open source implementation of the Tailscale control server. GitHub last commit 🟢
  • innernet - A private network system that uses WireGuard under the hood. It is similar in its goals to Slack's nebula or Tailscale. GitHub last commit 🟢
  • Kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg). GitHub last commit 🟢
  • NetBird - (Previously Wiretrustee) NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home. Technically, it creates an overlay network using ICE protocol (WebRTC) to negotiate P2P connections and WG (kernel module, when possible) to create a fast and encrypted tunnel between machines, falling back to relay (TURN) in case a P2P connection isn't possible. Pretty much just a client app is needed, the rest is done by the software. Their vision is to go beyond traditional VPN by bringing advanced NetSec (Zero Trust security model) like OpenZiti. GitHub last commit 🟢
  • wesher - wesher creates and manages an encrypted mesh overlay network across a group of nodes. GitHub last commit 🟢
  • gravitl/netmaker - Netmaker is a VPN platform that automates WireGuard from homelab to enterprise. The key distinctions in their solutions are: fast because it can use kernel WireGuard (instead of userspace WireGuard, which is slower), tailored towards the Cloud and Kubernetes, and fully self-hostable. GitHub last commit 🟢
  • HarvsG/WireGuardMeshes - Compare WireGuard mesh tools. GitHub last commit 🟢
  • svenstaro/wiresmith - Auto-config WireGuard clients into a mesh GitHub last commit 🟢

Deployment

  • WireHole - A combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound. GitHub last commit 🔴
  • Autowire - Automatically configure Wireguard interfaces in distributed system. It supports Consul as backend. GitHub last commit 🔴
  • Cloudblock - Deploys WireGuard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible. GitHub last commit 🟢
  • ansible-role-wireguard - Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS. GitHub last commit 🟢
  • terraform-aws-wireguard - Terraform module to deploy WireGuard on AWS. GitHub last commit 🔴
  • Firezone - An open-source WireGuard-based VPN server alternative to OpenVPN Access Server. You can self-host this. GitHub last commit 🟢
  • Algo VPN - Set up a DIY/personal VPN in the cloud. It is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN, open-sourced by Trail of Bits. GitHub last commit 🟢
  • freifunkMUC/wg-access-server - An all-in-one WireGuard VPN solution with a Web UI for connecting devices. This project aims to deliver a simple VPN solution for developers, homelab enthusiasts and anyone else feeling adventurous. GitHub last commit 🟢
  • WirtBot - Think of it as a component that will allow you to extend your LAN over the Internet. WirtBot simplifies the process of creating your own private network into 3 steps. No registration, no accounts - Just a network that belongs to you. And it will always be completely free (except for the server/VPS you run it on). GitHub last commit 🔴
  • seashell/drago - A self-hosted and flexible configuration manager designed to make it simple to configure secure network overlays spanning heterogeneous nodes via a Web UI. GitHub last commit 🔴

Container

  • linuxserver/docker-wireguard - A WireGuard container image brought to you by LinuxServer.io. Not all image authors are as great as LinuxServer.io team. GitHub last commit 🟢
  • cmulk/wireguard-docker - A Docker image and configuration for a simple personal VPN, used for the goal of security over insecure (public) networks, not necessarily for Internet anonymity. There are currently 3 flavors. GitHub last commit 🔴
  • masipcat/wireguard-go-docker - WireGuard docker image. GitHub last commit 🟢
  • bitwister/twine - Label based route/port forwarding management tool for Docker that can be used to easily route traffic of containers from/to Wireguard container, while preserving full network isolation. GitHub last commit

Monitoring

Security

Protocol

Encryption

Runtime

User Interface

Terminal / CLI

  • WireGuard in NetworkManager - Linux NetworkManager has WireGuard support.
  • angristan/WireGuard-install - WireGuard VPN installer for Linux servers. GitHub last commit 🔴
  • PiVPN - The Simplest VPN installer (scripts), designed for Raspberry Pi. GitHub last commit 🟢
  • Nyr/wireguard-install - WireGuard road warrior installer for Ubuntu, Debian, CentOS and Fedora. GitHub last commit 🟢
  • WireGuard-Manager - enables you to build your own vpn under a minute. GitHub last commit 🟢
  • wg-meshconf - WireGuard full mesh configuration generator. GitHub last commit 🔴
  • tun2socks - Powered by gVisor TCP/IP stack. GitHub last commit 🟢
  • guard - A gRPC server for managing wireguard tunnels. GitHub last commit 🔴
  • docker-wireguard-socks-proxy - Expose a WireGuard tunnel as a SOCKS5 proxy. GitHub last commit 🔴
  • wgctl - Utility to configure and manage your WireGuard tunnels. GitHub last commit 🔴
  • Wiresteward - A WireGuard peer manager with OAuth2 authentication. GitHub last commit 🟢
  • psyhomb/wireguard-tools - WireGuard helper scripts. GitHub last commit 🔴
  • b-m-f/wired - WireGuard network configuration generator with support for multiple topologies written in Rust GitHub last commit 🔴
  • muiquq/wgcfghelp - Lightweight single binary CLI tool, roadwarrior peer management, config file generator, QR code image generator, MikroTik command generator. GitHub last commit 🟢
  • AndrianBdn/wg-cmd - WG Commander is a TUI for a simple WireGuard VPN setup. UI, QR Codes, Setup Wizard in the terminal. GitHub last commit 🟢

Web

  • vx3r/wg-gen-web - Simple Web based configuration generator for WireGuard. GitHub last commit 🔴
  • Subspace - A simple WireGuard VPN server GUI. GitHub last commit 🔴
  • WireGuard UI - WireGuard Web UI for self-serve client configurations, with optional auth. GitHub last commit 🔴
  • wg-easy/wg-easy - The easiest way to run WireGuard VPN + Web-based Admin UI. GitHub last commit 🟢
  • wireguard-ui - Simple, have empty interfaces for authentication GitHub last commit 🟡
  • h44z/wg-portal - Supports LDAP and more GitHub last commit 🟢
  • brsyuksel/wghttp - A http server helps managing wireguard devices and peers on kernel level. GitHub last commit 🟢

Desktop

Dashboards

  • Wireguard Dashboard - A simple and easy to use WireGuard dashboard written in Python and Flask. GitHub last commit 🟢

Development

Development Environment

Testing

Boilerplate

Homeserver

Services based on WireGuard

Cloud Service

  • Warp - A free WireGuard VPN from Cloudflare that's trying to fix mobile Internet performance and security.
  • wgcf - Cross-platform, unofficial CLI for Cloudflare Warp. GitHub last commit 🟢

VPN

  • Mullvad GitHub last commit 🟢
  • MozWire - An unofficial configuration manager giving Linux, macOS users (among others), access to Mozilla VPN. GitHub last commit 🟢
  • LNVPN - A wireguard VPN provider with Ligthning only payments, pay as you use. GitHub last commit 🔴

Extensions / Plugins

  • wgsd - A CoreDNS plugin that serves WireGuard peer information via DNS-SD (RFC6763) semantics. This enables use cases such as mesh networking, NAT-to-NAT connectivity, and dynamic discovery of WireGuard endpoint. GitHub last commit 🟡

Optimization

  • nr-wg-mtu-finder - A Python project to help you find the optimal MTU values for WG server and WG peer that maximizes the upload or download speeds between a peer and server. GitHub last commit 🟡

Language Bindings

Alternative Implementations

Beside Jason Donenfeld's implementation of the WireGuard protocol, written in C and Go, other implementations include:

Useful Resources

Blog Posts

Articles

Demos and Examples

Good Tips

Tutorials

Videos

Books

Podcasts and Interviews

Presentations

Newsletters

Uncategorized

Communities and Meetups

English

Chinese

Contribute

Contributions welcome! If you would like to contribute, please read the contribution guidelines first. It contains a lot of tips and guidelines to help keep things organized.

Future: Implement GitHub Actions to monitor and verify all the links with a simple Node.js script

Copyright

"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.

License

Expand License

This repository contains a variety of content; some developed by Cedric Chee, and some from third-parties. The third-party content is distributed under the license provided by those parties.

I am providing code and resources in this repository to you under an open source license. Because this is my personal repository, the license you receive to my code and resources is from me and not my employer.

The content developed by Cedric Chee is distributed under the following license:

Text

The text content is released under the CC-BY-NC-ND license. Read more at Creative Commons.

Code

The code in this repository is released under the MIT license.