Read more on their website<\/a> about it if you don\u2019t believe me \ud83d\ude09<\/p>\n\n\n\n WireGuard\u00ae is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography<\/a><\/strong>. It aims to be faster<\/a>, simpler<\/a>, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.<\/p><\/blockquote>\n\n\n\n Even though Wireguard is not hard to setup, there is something that makes the setup even simpler:<\/p>\n\n\n\n wg-access-server<\/a> is an open source project that combines Wireguard with an admin interface in one easy to install binary:<\/p>\n\n\n\n wg-access-server is a single binary that provides a WireGuard VPN server and device management web ui. We support user authentication, 1 click<\/em> device registration that works with Mac, Linux, Windows, Ios and Android including QR codes. You can configure different network isolation modes for better control and more.<\/p> This project aims to deliver a simple VPN solution for developers, homelab enthusiasts and anyone else feeling adventurous.<\/p><\/blockquote>\n\n\n\n The admin interface looks like this:<\/p>\n\n\n\n The easiest way to run wg-access-server is by using Docker and docker-compose. If you are new to Docker<\/a> and docker-compose<\/a>, you might want to read some tutorials about it first.<\/p>\n\n\n\n I use the following \u26a0\ufe0f Note that if you don\u2019t want to use a plaintext admin password, you have to specify it in the config file.<\/em> It\u2019s probably better than my plaintext config, but I don\u2019t expose the admin interface anywhere, so I don\u2019t really care.<\/em><\/p>\n\n\n\n \u2139\ufe0f You can generate the WireGuard private key with Docker: In \u2139\ufe0f Don\u2019t forget to open UDP port Once everything is configured you can use the known docker commands to start the service:<\/p>\n\n\n\nwg-access-server<\/h4>\n\n\n\n
![\"wg-access-server](\"https:\/\/denbeke.be\/blog\/wp-content\/uploads\/2020\/08\/Wireguard-wg-access-server-admin-interface.png\")
Running wg-access-server with Docker<\/h3>\n\n\n\n
docker-compose.yml<\/code> config file for wg-access-server:<\/p>\n\n\n\nversion: \"3.4\"\nservices: \n wireguard:\n container_name: wireguard\n image: place1\/wg-access-server\n cap_add:\n - NET_ADMIN\n environment:\n WG_WIREGUARD_PRIVATE_KEY: {put your private key here}\n WG_STORAGE: sqlite3:\/\/\/wireguard-clients\/db.sqlite3\n WG_EXTERNAL_HOST: my-host.com\n WG_CONFIG: \"\/config.yaml\"\n WG_ADMIN_USERNAME: {put your admin username here}\n WG_ADMIN_PASSWORD: {put your plain text admin password here}\n volumes:\n - .\/data\/wg-access-server:\/data\"\n - .\/data\/wireguard-clients:\/wireguard-clients\n - .\/conf\/wireguard\/config.yaml:\/config.yaml:ro # if you have a custom config file\n ports:\n - \"8000:8000\/tcp\"\n - \"51820:51820\/udp\"\n devices:\n - \"\/dev\/net\/tun:\/dev\/net\/tun\"\n restart: unless-stopped<\/code><\/pre>\n\n\n\ndocker\u00a0run\u00a0-it\u00a0place1\/wg-access-server\u00a0wg\u00a0genkey<\/code><\/p>\n\n\n\n.\/conf\/wireguard\/config.yaml<\/code> I specified the external host. By doing so, the generated client profiles contain the correct url. That way they can be used right away:<\/p>\n\n\n\nloglevel: info\nwireguard:\n externalHost: \"my-external-domain.com\"<\/code><\/pre>\n\n\n\n51820<\/code> on your firewall.
\u2139\ufe0f If you want to expose the admin interface, you also have to open TCP port 8000<\/code> on your firewall (But in that case you better proxy it through an HTTPS web server like Treafik<\/a> or Caddy<\/a>).<\/p>\n\n\n\nsudo docker-compose up -d<\/code><\/pre>\n\n\n\nClient device configuration for wg-access-server with WireGuard apps<\/h3>\n\n\n\n
![\"wg-access-server](\"https:\/\/denbeke.be\/blog\/wp-content\/uploads\/2020\/08\/Wireguard-wg-access-server-add-client.png\")
![\"wg-access-server](\"https:\/\/denbeke.be\/blog\/wp-content\/uploads\/2020\/08\/Wireguard-client-config-iOS-QR-code.png\")
![\"wg-access-server](\"https:\/\/denbeke.be\/blog\/wp-content\/uploads\/2020\/08\/wireguard-ios-app-add-client-config.jpg\")
![\"wg-access-server](\"https:\/\/denbeke.be\/blog\/wp-content\/uploads\/2020\/08\/wireguard-client-config-macos.png\")