{"id":13430606,"url":"https://github.com/freifunkMUC/wg-access-server","last_synced_at":"2025-03-16T06:30:37.665Z","repository":{"id":37007389,"uuid":"342358823","full_name":"freifunkMUC/wg-access-server","owner":"freifunkMUC","description":"An all-in-one WireGuard VPN solution with a web ui for connecting devices","archived":false,"fork":true,"pushed_at":"2024-09-12T10:00:06.000Z","size":10309,"stargazers_count":600,"open_issues_count":24,"forks_count":32,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-09-12T20:56:28.278Z","etag":null,"topics":["container","docker","hacktoberfest","ipv6","nat","vpn","wireguard","wireguard-ui"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"Place1/wg-access-server","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/freifunkMUC.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null},"funding":{"github":"freifunkMUC","custom":"http://paypal.me/ffmucspenden"}},"created_at":"2021-02-25T19:38:54.000Z","updated_at":"2024-09-12T09:59:33.000Z","dependencies_parsed_at":"2023-09-27T00:19:27.838Z","dependency_job_id":null,"html_url":"https://github.com/freifunkMUC/wg-access-server","commit_stats":{"total_commits":498,"total_committers":34,"mean_commits":"14.647058823529411","dds":0.6666666666666667,"last_synced_commit":"f3223e74817cd2abb07b9225464f18765791e7a2"},"previous_names":[],"tags_count":42,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunkMUC%2Fwg-access-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunkMUC%2Fwg-access-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunkMUC%2Fwg-access-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunkMUC%2Fwg-access-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/freifunkMUC","download_url":"https://codeload.github.com/freifunkMUC/wg-access-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221656314,"owners_count":16858739,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container","docker","hacktoberfest","ipv6","nat","vpn","wireguard","wireguard-ui"],"created_at":"2024-07-31T02:00:55.563Z","updated_at":"2025-03-16T06:30:37.659Z","avatar_url":"https://github.com/freifunkMUC.png","language":"Go","funding_links":["https://github.com/sponsors/freifunkMUC","http://paypal.me/ffmucspenden"],"categories":["Go","kubernetes","Projects","WireGuard \u0026 VPN Tools"],"sub_categories":["Deployment"],"readme":"# wg-access-server\n\nwg-access-server is a single binary file that contains a WireGuard\nVPN server and a web user interface for device management. We support user authentication,\n_1-click_ device enrollment that works with macOS, Linux, Windows, iOS/iPadOS and Android\nincluding QR codes. Furthermore, you can choose from different network isolation modes for a\nbetter control over connected devices. Generally speaking you can customize the project\nto your use-case with relative ease.\n\nThis project aims to provide a simple VPN solution for developers,\nhomelab enthusiasts, and anyone else who is adventurous.\n\n**This is a fork of the original work of place1, maintained by [Freifunk Munich](https://ffmuc.net/).\nSince the upstream is currently unmaintained, we try to add new features and keep the project up to date and in a working state.**\n\nThis fork supports IPv6. The VPN can run in dual-stack, IPv6-only or IPv4-only mode.\nNAT can be disabled separately for IPv4 and IPv6.\n\n**Contributions are always welcome so that we can offer new bug fixes, features and improvements to the users of this project**.\n\n## Features\n\n- Pluggable authentication using OpenID Connect\n- Authentication using GitLab\n- PostgreSQL, MySQL or SQLite3 storage backend\n- WireGuard client configuration QR codes\n- IPv6 support in tunnel\n- Caching DNS proxy (stub resolver)\n- Client isolation (optional)\n- WireGuard kernel module for improved performance and latency\n- Automatic fallback to embedded userspace implementation for easy container deployment\n- Dark Mode and Light Mode for user preference\n\n## Documentation\n\n[See our documentation website](https://www.freie-netze.org/wg-access-server/)\n\nQuick Links:\n\n- [Configuration Overview](https://www.freie-netze.org/wg-access-server/2-configuration/)\n- [Deploy With Docker](https://www.freie-netze.org/wg-access-server/deployment/1-docker/)\n- [Deploy With Docker-Compose](https://www.freie-netze.org/wg-access-server/deployment/2-docker-compose/)\n- [Deploy With Helm](https://www.freie-netze.org/wg-access-server/deployment/3-kubernetes/)\n\n## Running with Docker\n\nHere is a quick command to start the wg-access-server for the first time and try it out.\n\n```bash\nexport WG_ADMIN_PASSWORD=$(tr -cd '[:alnum:]' \u003c /dev/urandom | fold -w30 | head -n1)\nexport WG_WIREGUARD_PRIVATE_KEY=\"$(wg genkey)\"\necho \"Your automatically generated admin password for the wg-access-server's web interface: $WG_ADMIN_PASSWORD\"\n\ndocker run \\\n  -it \\\n  --rm \\\n  --cap-add NET_ADMIN \\\n  --cap-add SYS_MODULE \\\n  --device /dev/net/tun:/dev/net/tun \\\n  --sysctl net.ipv6.conf.all.disable_ipv6=0 \\\n  --sysctl net.ipv6.conf.all.forwarding=1 \\\n  -v wg-access-server-data:/data \\\n  -v /lib/modules:/lib/modules:ro \\\n  -e \"WG_ADMIN_PASSWORD=$WG_ADMIN_PASSWORD\" \\\n  -e \"WG_WIREGUARD_PRIVATE_KEY=$WG_WIREGUARD_PRIVATE_KEY\" \\\n  -p 8000:8000/tcp \\\n  -p 51820:51820/udp \\\n  ghcr.io/freifunkmuc/wg-access-server:latest\n```\n\n**Note:** This command includes the `SYS_MODULE` capability which essentially gives the container root privileges over the host system and an attacker could easily break out of the container. See the [Docker instructions](https://www.freie-netze.org/wg-access-server/deployment/1-docker/) for the recommended way to run the container.\n\nIf the wg-access-server is accessible via LAN or a network you are in, you can directly connect your phone to the VPN. You have to call the webfrontent of the project for this. Normally, this is done via the IP address of the device or server on which the wg-access-server is running followed by the standard port 8000, via which the web interface can be reached. For most deployments something like this should work: http://192.168.0.XX:8000\n\nIf the project is running locally on the computer, you can easily connect to the web interface by connecting to http://localhost:8000 in the browser.\n\n## Running with Docker-Compose\n\nPlease also read the [Docker instructions](https://www.freie-netze.org/wg-access-server/deployment/1-docker/) for general information regarding Docker deployments.\n\nDownload the the docker-compose.yml file from the repo and run the following command.\n\n```bash\nexport WG_ADMIN_PASSWORD=$(tr -cd '[:alnum:]' \u003c /dev/urandom | fold -w30 | head -n1)\nexport WG_WIREGUARD_PRIVATE_KEY=\"$(wg genkey)\"\necho \"Your automatically generated admin password for the wg-access-server's web interface: $WG_ADMIN_PASSWORD\"\n\ndocker-compose up\n```\n\nYou can connect to the web server on the local machine browser at http://localhost:8000\n\nIf you open your browser to your machine's LAN IP address you'll be able\nto connect your phone using the UI and QR code!\n\n## Running on Kubernetes via Helm\n\nThe Helm chart included in this repository has been removed due to lack of expertise on our side and nobody answering\nour call for aid.  \nIf you are a Kubernetes/Helm user, please consider stepping up and taking over maintenance of the chart at\nhttps://github.com/freifunkMUC/wg-access-server-chart.\n\n## Screenshots\n\n![Devices](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/devices.png)\n\n![Devices Darkmode](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/devices-dark.png)\n\n![Connect Mobile](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/connect-mobile.png)\n\n![Connect Mobile Darkmode](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/connect-mobile-dark.png)\n\n![Connect Desktop](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/connect-desktop.png)\n\n![Connect Desktop Darkmode](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/connect-desktop-dark.png)\n\n![Sign In](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/signin.png)\n\n![Sign In Darkmode](https://github.com/freifunkMUC/wg-access-server/raw/master/screenshots/signin-dark.png)\n\n\n## Changelog\n\nSee the [Releases section](https://github.com/freifunkMUC/wg-access-server/releases)\n\n## Development\n\nThe software consists of a Golang server and a React app.\n\nIf you want to make changes to the project locally, you can do so relatively easily with the following steps.\n\n1. Run `cd website \u0026\u0026 npm install \u0026\u0026 npm start` to get the frontend running on `:3000`.\n2. Run `sudo go run ./main.go` to get the server running on `:8000`.\n\nHere are some notes on development configuration:\n\n- sudo is required because the server uses iptables/ip to configure the VPN network\n- access to the website is on `:3000` and API requests are redirected to `:8000` thanks to webpack\n- in-memory storage and generated WireGuard keys are used\n\n### gRPC code generation:\n\nThe client communicates with the server via gRPC web. You can edit the API specification in `./proto/*.proto`.\n\nAfter changing a service or message definition, you must regenerate the server and client code:\n\n```sh\n./codegen.sh\ncd website \u0026\u0026 npm run codegen\n```\n\nOr use the Dockerfile at `proto/Dockerfile`:\n\n```sh\ndocker build -f proto/Dockerfile --target proto-js -t wg-access-server-proto:js .\ndocker build -f proto/Dockerfile --target proto-go -t wg-access-server-proto:go .\ndocker run --rm -v `pwd`/proto:/proto -v `pwd`/website/src/sdk:/code/src/sdk wg-access-server-proto:js\ndocker run --rm -v `pwd`/proto:/code/proto wg-access-server-proto:go\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FfreifunkMUC%2Fwg-access-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FfreifunkMUC%2Fwg-access-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FfreifunkMUC%2Fwg-access-server/lists"}