Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-wireguard

A curated list of WireGuard tools, projects, and resources.
https://github.com/cedrickchee/awesome-wireguard

Last synced: 1 day ago
JSON representation

Projects
- Tools
  - coder/wush - Simplest and fastest way to transfer files between computers via WireGuard.
  - GitHub last commit
  - wg-quick - Official cross-platform tool to set up a WireGuard interface simply.
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - easy-wg-quick - Creates Wireguard configuration for hub and peers with ease.
  - wgctrl - Package wgctrl enables control of WireGuard interfaces on multiple platforms.
  - wgzero - Zero overhead wireguard setup.
  - wg-make - A tool to help set up WireGuard based networks. Currently, it generates configurations for peers according to a single configuration file.
  - onetun - A user-space WireGuard port-forwarder -- access ports running on peers in your WireGuard network from any device; without having to install WireGuard locally or without root access (no iptables configs).
  - wireguard-manager-and-api - A tool for rotating the keys on peers to increase their privacy by removing their IP address from memory.
  - sandialabs/wiretap - Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.
- User Interface
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - WireGuard in NetworkManager - Linux NetworkManager has WireGuard support.
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - angristan/WireGuard-install - WireGuard VPN installer for Linux servers.
  - PiVPN - The Simplest VPN installer (scripts), designed for Raspberry Pi.
  - Nyr/wireguard-install - WireGuard road warrior installer for Ubuntu, Debian, CentOS and Fedora.
  - WireGuard-Manager - enables you to build your own vpn under a minute.
  - wg-meshconf - WireGuard full mesh configuration generator.
  - tun2socks - Powered by gVisor TCP/IP stack.
  - guard - A gRPC server for managing wireguard tunnels.
  - docker-wireguard-socks-proxy - Expose a WireGuard tunnel as a SOCKS5 proxy.
  - wgctl - Utility to configure and manage your WireGuard tunnels.
  - Wiresteward - A WireGuard peer manager with OAuth2 authentication.
  - psyhomb/wireguard-tools - WireGuard helper scripts.
  - vx3r/wg-gen-web - Simple Web based configuration generator for WireGuard.
  - Subspace - A simple WireGuard VPN server GUI.
  - WireGuard UI - WireGuard Web UI for self-serve client configurations, with optional auth.
  - network-manager-wireguard - Network-Manager VPN Plugin for WireGuard.
  - WireGuardStatusbar - macOS menubar icon for WireGuard/wg-quick.
  - b-m-f/wired - WireGuard network configuration generator with support for multiple topologies written in Rust
  - GitHub last commit
  - muiquq/wgcfghelp - Lightweight single binary CLI tool, roadwarrior peer management, config file generator, QR code image generator, MikroTik command generator. ![GitHub last commit](https://img.shields.io/github/last-commit/muqiuq/wgcfghelp?style=flat-square&color=informational) :green_circle:
  - AndrianBdn/wg-cmd - WG Commander is a TUI for a simple WireGuard VPN setup. UI, QR Codes, Setup Wizard in the terminal.
  - GitHub last commit
  - wg-easy/wg-easy - The easiest way to run WireGuard VPN + Web-based Admin UI.
  - GitHub last commit
  - wireguard-ui - Simple, have empty interfaces for authentication
  - GitHub last commit
  - h44z/wg-portal - Supports LDAP and more
  - GitHub last commit
  - brsyuksel/wghttp - A http server helps managing wireguard devices and peers on kernel level.
  - GitHub last commit
  - TunnlTo/desktop-app - TunnlTo is a lightweight, fast, Windows WireGuard VPN client built for split tunneling.
  - GitHub last commit
- Deployment
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - WireHole - A combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
  - Autowire - Automatically configure Wireguard interfaces in distributed system. It supports Consul as backend.
  - Cloudblock - Deploys WireGuard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible.
  - ansible-role-wireguard - Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.
  - terraform-aws-wireguard - Terraform module to deploy WireGuard on AWS.
  - Firezone - An open-source WireGuard-based VPN server alternative to OpenVPN Access Server. You can self-host this.
  - Algo VPN - Set up a DIY/personal VPN in the cloud. It is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN, open-sourced by Trail of Bits.
  - Place1/wg-access-server - An all-in-one WireGuard VPN solution with a Web UI for connecting devices. This project aims to deliver a simple VPN solution for developers, homelab enthusiasts and anyone else feeling adventurous.
  - WirtBot - Think of it as a component that will allow you to extend your LAN over the Internet. WirtBot simplifies the process of creating your own private network into 3 steps. No registration, no accounts - Just a network that belongs to you. And it will always be completely free (except for the server/VPS you run it on).
  - seashell/drago - A self-hosted and flexible configuration manager designed to make it simple to configure secure network overlays spanning heterogeneous nodes via a Web UI.
  - linuxserver/docker-wireguard - A WireGuard container image brought to you by LinuxServer.io. Not all image authors are as great as LinuxServer.io team.
  - cmulk/wireguard-docker - A Docker image and configuration for a simple personal VPN, used for the goal of security over insecure (public) networks, not necessarily for Internet anonymity. There are currently 3 flavors.
  - masipcat/wireguard-go-docker - WireGuard docker image.
  - freifunkMUC/wg-access-server - An all-in-one WireGuard VPN solution with a Web UI for connecting devices. This project aims to deliver a simple VPN solution for developers, homelab enthusiasts and anyone else feeling adventurous.
  - GitHub last commit
  - bitwister/twine - Label based route/port forwarding management tool for Docker that can be used to easily route traffic of containers from/to Wireguard container, while preserving full network isolation. ![GitHub last commit](https://img.shields.io/github/last-commit/bitwister/twine?style=flat-square&color=informational)
- Monitoring
  - GitHub last commit
  - MindFlavor/prometheus_wireguard_exporter - A Prometheus exporter for WireGuard, very light on your server resources.
- Mesh Network
  - Tailscale - Tailscale is a WireGuard-based app that makes secure, private networks easy for teams of any scale.
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - Headscale - An open source implementation of the Tailscale control server.
  - innernet - A private network system that uses WireGuard under the hood. It is similar in its goals to Slack's nebula or Tailscale.
  - Kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg).
  - wesher - wesher creates and manages an encrypted mesh overlay network across a group of nodes.
  - gravitl/netmaker - Netmaker is a VPN platform that automates WireGuard from homelab to enterprise. The key distinctions in their solutions are: fast because it can use kernel WireGuard (instead of userspace WireGuard, which is slower), tailored towards the Cloud and Kubernetes, and fully self-hostable.
  - HarvsG/WireGuardMeshes - Compare WireGuard mesh tools.
  - svenstaro/wiresmith - Auto-config WireGuard clients into a mesh ![GitHub last commit](https://img.shields.io/github/last-commit/svenstaro/wiresmith?style=flat-square&color=informational) :green_circle:
  - NetBird - (Previously Wiretrustee) NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home. Technically, it creates an overlay network using ICE protocol (WebRTC) to negotiate P2P connections and WG (kernel module, when possible) to create a fast and encrypted tunnel between machines, falling back to relay (TURN) in case a P2P connection isn't possible. Pretty much just a client app is needed, the rest is done by the software. Their vision is to go beyond traditional VPN by bringing advanced NetSec (Zero Trust security model) like OpenZiti.
- Services based on WireGuard
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - GitHub last commit
  - wgcf - Cross-platform, unofficial CLI for Cloudflare Warp.
  - Mullvad
  - MozWire - An unofficial configuration manager giving Linux, macOS users (among others), access to Mozilla VPN.
  - LNVPN - A wireguard VPN provider with Ligthning only payments, pay as you use.
  - Warp - A free WireGuard VPN from Cloudflare that's trying to fix mobile Internet performance and security.
- Extensions / Plugins
  - GitHub last commit
  - wgsd - A CoreDNS plugin that serves WireGuard peer information via DNS-SD (RFC6763) semantics. This enables use cases such as mesh networking, NAT-to-NAT connectivity, and dynamic discovery of WireGuard endpoint.
- Optimization
  - GitHub last commit
  - nr-wg-mtu-finder - A Python project to help you find the optimal MTU values for WG server and WG peer that maximizes the upload or download speeds between a peer and server.
- Alternative Implementations
  - GitHub last commit
  - Matt Dunwoodie's implementation for OpenBSD, written in C
  - Ryota Ozaki's wg(4) implementation, for NetBSD, is written in C
  - GitHub last commit
  - GitHub last commit
  - boringtun - Userspace WireGuard implementation in Rust by Cloudflare.
  - smartalock/wireguard-lwip - A C implementation of the WireGuard protocol intended to be used with the lwIP IP stack.
  - ciniml/WireGuard-ESP32-Arduino - WireGuard implementation for ESP32 Arduino in C.
Useful Resources
- Tutorials
  - Getting Started with WireGuard
  - How to easily configure WireGuard
  - Getting Started with WireGuard
  - Building a simple VPN with WireGuard with a Raspberry Pi as Server
  - Setting up a home VPN server with Wireguard (macOS)
  - Creating a VPN Gateway with a Unikernel running WireGuard
  - How to easily configure WireGuard
  - Routing Docker Host And Container Traffic Through WireGuard - wireguard)
  - WireGuard setup with Ansible - A basic Ansible playbook for deploying a WireGuard server and (local) client.
  - WireGuard VPN Road Warrior Setup - The important feature of this setup is, split tunnelling.
  - Routing Docker Host And Container Traffic Through WireGuard - wireguard)
  - WireGuard setup with Ansible - A basic Ansible playbook for deploying a WireGuard server and (local) client.
  - Directions for setting up a WireGuard bounce server
  - Fly-Tailscale-Exit - Run your own VPN with global exit nodes with Fly.io, Tailscale and Github.
  - What They Don’t Tell You About Setting Up A WireGuard VPN
- Blog Posts
  - Tailscale's human-scale networks are still controlled by Google and Microsoft
  - How to access a peer's local network - A simple solution. There is no need of any configurations to set split-tunneling. The example shows how Peer B can route to Peer A through a WG server. Peer B can reach a specific network (subnet) behind Peer A.
  - Routing Specific Docker Containers Through WireGuard VPN with systemd-networkd - A simple solution for routing specific docker containers through a WireGuard VPN using only two simple systemd-networkd files, no cumbersome `wg` or `ip` calls.
  - WireGuard: great protocol, but skip the Mac app
  - WireGuard on Kubernetes with Adblocking
  - SSH and User-mode IP WireGuard
  - Setup and Adblocking VPN Using WireGuard and NextDNS
  - WireGuard Endpoint Discovery and NAT Traversal using DNS-SD
  - Taildrop was kind of easy, actually - Taildrop was the main new feature launched in Tailscale v1.8.
  - IPv6 WireGuard Peering at Fly.io
  - Our User-Mode WireGuard Year
  - Tunnel WireGuard via WebSockets - Setting up WireGuard to work in restricted networks that block UDP traffic.
  - Tailscale's human-scale networks are still controlled by Google and Microsoft
  - Using Tailscale for Authentication of Internal Tools
  - Decoding WireGuard with Wireshark - A simple guide on how to inspect WireGuard packets in Wireshark.
- Articles
- Good Tips
  - WireGuard Gotchas with Multiple Tunnels - WG has a bit of a trap/gotcha when running multiple independent tunnels, one of which has a default route associated with it.
  - WireGuard Gotchas with Multiple Tunnels - WG has a bit of a trap/gotcha when running multiple independent tunnels, one of which has a default route associated with it.
- Videos
  - WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel - A good talk from the WireGuard developer and security researcher, Jason Donenfeld explaining what WireGuard can do and how it works. The talk examine both the cryptography and kernel implementation particulars of WireGuard and explore an offensive attack perspective on network tunnels.
  - How To Build Your Own Wireguard VPN Server in The Cloud - A good tutorial from Lawerence Systems regarding WireGuard.
- Presentations
  - Presentations by Jason A. Donenfeld - A list of all Jason's presentations.
Uncategorized
- Newsletters
  - WebVM: Linux Virtualization in WebAssembly with Full Networking via Tailscale - Run WireGuard and Tailscale in the browser. wireguard-go code compiled to Wasm. WebVM is proprietary WebAssembly-powered x86 virtualization tech. I'm genuinely curious how it compares to v86/Fabrice Bellard's JSLinux (like WebVM but free and opened-source).
What is WireGuard
- Official WireGuard project website
Official Resources
- Next Generation Kernel Network Tunnel - Whitepaper.
- WireGuard Docs - Unofficial WireGuard documentation.
Where to Start
- Quick Start - Official quick start.
Communities and Meetups
- English
  - /r/WireGuard - Official Reddit WireGuard.
  - #wireguard on Libera - Official IRC on Libera Chat.
  - /r/WireGuard - Official Reddit WireGuard.
  - #wireguard on Libera - Official IRC on Libera Chat.

Programming Languages

Go 25 Shell 10 Rust 8 C 3 Dockerfile 3 JavaScript 3 TypeScript 3 Python 2 Jinja 2 HCL 2

Ecosyste.ms: Awesome

awesome-wireguard

Projects

Tools

User Interface

Deployment

Monitoring

Mesh Network

Services based on WireGuard

Extensions / Plugins

Optimization

Alternative Implementations

Useful Resources

Tutorials

Blog Posts

Articles

Good Tips

Videos

Presentations

Uncategorized

Newsletters

What is WireGuard

Official Resources

Where to Start

Communities and Meetups

English