https://github.com/freifunkMUC/wg-access-server

Skip to content
 
Sign up

  * Why GitHub?
      + Features
      + Mobile
      + Actions
      + Codespaces
      + Packages
      + Security
      + Code review
      + Issues
      + Integrations
      + GitHub Sponsors
      + Customer stories
  * Team
  * Enterprise
  * Explore
      + Explore GitHub
      + Learn and contribute
      + Topics
      + Collections
      + Trending
      + Learning Lab
      + Open source guides
      + Connect with others
      + The ReadME Project
      + Events
      + Community forum
      + GitHub Education
      + GitHub Stars program
  * Marketplace
  * Pricing
      + Plans
      + Compare plans
      + Contact Sales
      + Education

[                    ] 

  *  
    #
    In this repository All GitHub |
    Jump to |

  * No suggested jump to results

  *  
    #
    In this repository All GitHub |
    Jump to |
  *  
    #
    In this organization All GitHub |
    Jump to |
  *  
    #
    In this repository All GitHub |
    Jump to |

Sign in
Sign up
{{ message }}

freifunkMUC / wg-access-server Public

forked from Place1/wg-access-server

  * Notifications
  * Fork 134
  * Star 149
  * 

An all-in-one WireGuard VPN solution with a web ui for connecting
devices

MIT License
149 stars 134 forks
Star
Notifications

  * Code
  * Issues 2
  * Pull requests 1
  * Actions
  * Projects 0
  * Wiki
  * Security
  * Insights

More

  * Code
  * Issues
  * Pull requests
  * Actions
  * Projects
  * Wiki
  * Security
  * Insights

master
Switch branches/tags
[                    ]
Branches Tags
Could not load branches
Nothing to show
{{ refName }} default View all branches
Could not load tags
Nothing to show
{{ refName }} default
View all tags
13 branches 29 tags
Code
This branch is up to date with master.
Contribute

  * 
    This branch is not ahead of the upstream master.

    No new commits yet. Enjoy your day!

  * Open pull request

Latest commit

@awlx
awlx Merge pull request #63 from GoliathLabs/changelog
...
f0c385c Jan 23, 2022
Merge pull request #63 from GoliathLabs/changelog

Updated: Changelog to reflect the latest changes

f0c385c

Git stats

  * 340 commits

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
Fix GitHub pages deployment
Jan 9, 2022
.vscode
Postgresql ha (Place1#89)
Nov 28, 2020
cmd
Add vpn.nat44 setting to optionally disable IPv4 NAT
Jan 9, 2022
deploy
v0.4.6 - helm & docs update
Jan 9, 2021
docs
Add vpn.nat44 setting to optionally disable IPv4 NAT
Jan 9, 2022
internal
Add vpn.nat44 setting to optionally disable IPv4 NAT
Jan 9, 2022
pkg/authnz
Run go fmt
Dec 10, 2021
proto
Fix protobuf codegen after protoc-gen-go update
Oct 1, 2021
screenshots
updated screenshots
Jul 20, 2020
scripts
Postgresql ha (Place1#89)
Nov 28, 2020
website
Merge pull request #51 from freifunkMUC/dependabot/npm_and_yarn/
websi...
Jan 4, 2022
.dockerignore
Add more files and folders to .dockerignore
Nov 22, 2021
.gitignore
removed dev db.sqlite3
Oct 18, 2020
CHANGELOG.md
Updated: Changelog to reflect the latest changes
Jan 23, 2022
CODEOWNERS
Create CODEOWNERS
Aug 7, 2021
Dockerfile
Upgrade Docker image to NodeJS 17
Jan 3, 2022
LICENSE
Create LICENSE
Nov 6, 2019
README.md
Fixes documentation bugs and adds IPv6 capability
Jan 3, 2022
TODO.md
Added: A few things we've done
Jan 23, 2022
codegen.sh
Fix protobuf codegen after protoc-gen-go update
Oct 1, 2021
docker-compose.yml
 docker-compose: replacing the incorrect image
Dec 19, 2021
go.mod
Bump github.com/miekg/dns from 1.1.43 to 1.1.45
Jan 1, 2022
go.sum
Bump github.com/miekg/dns from 1.1.43 to 1.1.45
Jan 1, 2022
main.go
fixed docs
Nov 28, 2020
mkdocs.yml
Fix GitHub pages deployment
Jan 9, 2022
publish.py
v0.3.0-rc1 - helm & docs update
Oct 17, 2020
requirements-docs.txt
Fix GitHub pages deployment
Jan 9, 2022
View code
[                    ]
wg-access-server Documentation Running with Docker Running on
Kubernetes via Helm Running with Docker-Compose Screenshots Changelog
Development

README.md

 wg-access-server

wg-access-server is a single binary file that contains a WireGuard
VPN server and a web user interface for device management. We support
user authentication, 1-click device enrollment that works with macOS,
Linux, Windows, iOS/iPadOS and Android including QR codes. We from
Freifunk Munich have also added IPv6 network support, since the
upstream seems to be stuck in a dead end. Furthermore you can choose
from different network isolation modes for a better control over
connected devices. Generally speaking you can customize the project
to your use-case with relative ease.

This project aims to provide a simple VPN solution for developers,
Homelab enthusiasts, and anyone else who is adventurous.

This is a fork of the original work of place1. Since the upstream is
currently poorly maintained, we try to add new features and keep the
project up to date and in a working state.

Contributions are always welcome so that we can offer new bug fixes,
features and improvements to the users of this project.

 Documentation

The links in the documentation section currently point to our new
home page and not to the documentation of the wg-access-server
project. We'll get things sorted out soon and provide you with more
up-to-date documentation on our changes and deployment. In the
meantime, you can use the documentation listed upstream of Place1 as
a first reference.

See our documentation website

Quick Links:

  * Configuration Overview
  * Deploy With Docker
  * Deploy With Helm
  * Deploy With Docker-Compose

 Running with Docker

Here is a quick command to start the wg-access-server for the first
time and try it out.

export WG_ADMIN_PASSWORD="example"
export WG_WIREGUARD_PRIVATE_KEY="$(wg genkey)"

docker run \
  -it \
  --rm \
  --cap-add NET_ADMIN \
  --device /dev/net/tun:/dev/net/tun \
  --sysctl net.ipv6.conf.all.disable_ipv6=0 \
  --sysctl net.ipv6.conf.all.forwarding=1 \
  -v wg-access-server-data:/data \
  -v /lib/modules:/lib/modules \
  -e "WG_ADMIN_PASSWORD=$WG_ADMIN_PASSWORD" \
  -e "WG_WIREGUARD_PRIVATE_KEY=$WG_WIREGUARD_PRIVATE_KEY" \
  -p 8000:8000/tcp \
  -p 51820:51820/udp \
  ghcr.io/freifunkmuc/wg-access-server:latest

If the wg-access-server is accessible via LAN or a network you are
in, you can directly connect your phone to the VPN. You have to call
the webfrontent of the project for this. Normally, this is done via
the IP address of the device or server on which the wg-access-server
is running followed by the standard port 8000, via which the web
interface can be reached. For most deployments something like this
should work: http://192.168.0.XX:8000

If the project is running locally on the computer, you can easily
connect to the web interface by connecting to http://localhost:8000
in the browser.

 Running on Kubernetes via Helm

wg-access-server ships a Helm chart to make it easy to get started on
Kubernetes.

Here's a quick start, but you can read more at the Helm Chart
Deployment Docs

# deploy
helm install my-release --repo https://freifunkMUC.github.io/wg-access-server wg-access-server

# cleanup
helm delete my-release

 Running with Docker-Compose

Download the the docker-compose.yml file from the repo and run the
following command.

export WG_ADMIN_PASSWORD="example"
export WG_WIREGUARD_PRIVATE_KEY="$(wg genkey)"

docker-compose up

You can connect to the web server on the local machine browser at
http://localhost:8000

If you open your browser to your machine's LAN IP address you'll be
able to connect your phone using the UI and QR code!

 Screenshots

Devices

Connect iOS

Connect MacOS

Sign In

 Changelog

See the CHANGELOG.md file

 Development

The software consists of a Golang server and a React app.

If you want to make changes to the project locally, you can do so
relatively easily with the following steps.

 1. Run cd website && npm install && npm start to get the frontend
    running on :3000.
 2. Run sudo go run ./main.go to get the server running on :8000.

Here are some notes on development configuration:

  * sudo is required because the server uses iptables/ip to configure
    the VPN network
  * access to the website is on :3000 and API requests are redirected
    to :8000 thanks to webpack
  * in-memory storage and generated WireGuard keys are used

gRPC code generation:

The client communicates with the server via gRPC web. You can edit
the API specification in ./proto/*.proto.

After changing a service or message definition, you must regenerate
the server and client code using: ./codegen.sh.

About

An all-in-one WireGuard VPN solution with a web ui for connecting
devices

Topics

vpn wireguard wireguard-ui

Resources

Readme

License

MIT License

Stars

149 stars

Watchers

5 watching

Forks

134 forks

Releases

29 tags

Packages 1

 

Languages

  * Go 48.9%
  * TypeScript 46.4%
  * Mustache 1.2%
  * HTML 1.0%
  * Python 1.0%
  * Dockerfile 0.7%
  * Other 0.8%

  *  (c) 2022 GitHub, Inc.

  * Terms
  * Privacy
  * Security
  * Status
  * Docs
  * Contact GitHub
  * Pricing
  * API
  * Training
  * Blog
  * About

You can't perform that action at this time.
You signed in with another tab or window. Reload to refresh your
session. You signed out in another tab or window. Reload to refresh
your session.