Hey everyone,
Last year when I started this project, I shared the release with this community. I’m excited to let you know that wireguard_webadmin is still active and now packed with even more cool features!
What’s new:
- Slick UX: A refreshed, more intuitive interface.
- VPN Invite Tool: Easily share secure VPN configs with peers.
- Peer Traffic History: Monitor each peer’s download and upload history using RRD databases (Just like cacti).
- Robust Firewall: A powerful firewall that still keeps it simple.
- DNS Filtering: DNS filtering for improved privacy and security
It’s a full-featured solution that’s still lightweight and super easy to use. Check it out on GitHub: wireguard_webadmin
Would love to hear your thoughts or any ideas for future improvements. Cheers!
Looks handy. My UI-less setup is already up and running but I’ll give this a shot soon.
Hi OP, nice job there!
IIRC, this is a web admin UI on top of an already existing Wireguard installation on bare metal, right ?
I have provisioned a new server last week, struggled a lot with wg_easy (because I really wanted a docker-based solution for the web admin part), but finally dropped the ball and went back to bare metal.
Your project could perfectly fit in my use case. I’m only wondering if it will write the relevant config to /etc/wireguard/wg0.conf when a new devices is added on the web UI.
Hats off again and eager to test!
thanks, will try this later.
Is there something like firezone that enables client only after accessing the webui?
Oidc support?
This is incredible! I wish I could hire you!!
Any way to deploy this directly to the server itself vs a docker?
Something I was looking for will be checking it out asap
I noticed that you can only login to the interface from localhost, which is problematic for me, how can I easily change that?
Go ahead! if you need help, just open a discussion on the github page.
Cheers!
Hello there!
The server will write all the configuration to wg0.conf file (if you have other interfaces, it will create extra conf files for each interface).
The web database (sqlite3) and the firewall file, also are stored at /etc/wireguard/ for easy backup if needed.
Cheers!
I have developed a feature for VPN invitation/share configuration. The link expires after X minutes and requires a temporary password. When a user accesses this link, they can download their WireGuard configuration or view a QR code for easier setup—this is designed for the standard WireGuard client app.
I looked into Firezone, and from what I understand, it is a complete VPN implementation built on WireGuard, including its own VPN client. It appears to be an entirely different solution.
Please let me know what you are trying to achieve.
Cheers!
I’m #opentowork 
Contact me over github if you wish to speak 
Yes you can, but I don’t think that worth the effort. I’ve decided to pack everything together with docker, so it’s easier to deploy and update.
You can check this link if you wish https://github.com/eduardogsilva/wireguard_webadmin/discussions/2
Hey there! you can login from anywhere. You just need to have the configuration made properly.
Install with the nginx (default composer file), and make sure that you configured properly your SERVER_ADDRESS variable at .env file. The name here, should be exactly the same that you type in the browser.
If you need help, please open a discussion on the github page.
Cheers
Look at the 0.7 version, it is a simple implementation of a VPN based on the wireguard client.
I need to archive a login implementation with wireguard, for now if you loose your conf file anyone can access to the VPN. If there is an authentication on top of it none can access the VPN.
Maybe I got the idea wrong, but as far as I can see, this depends a lot on the vpn client. You need to build a configuration distribution system and a VPN client that is compatible with this.
You would need to build clients for each major platform like ios, android, windows, linux, macos… I don’t have resources, neither workforce for that.
Cheers
No, if you look at the link of the legacy version you don’t.
It is easier than you think. You have the default wireguard client on all systems (windows android Linux ecc.), all clients are blocked by the firewall to all locations. After a client successfully login in the web interface the firewall let the client go wherever clients are configured to go.
With this simple trick you can authenticate clients with the default wireguard client.
Oh, I see… it’s like a captive portal after connecting to the vpn?
So the user would need to connect to the VPN and then opening a browser and access something like: http://10.88.1.1/login to enable his access?
Actually, first the user log in to the web interface, request an access and then delete automatically after X hours. Is that correct?
