GitBucket
WireGuard Configuration Portal with LDAP connection
Christoph Haas
authored
on 23 Mar 2021
|
|||
|---|---|---|---|
| .github/ workflows | 5 years ago | ||
| assets | 5 years ago | ||
| cmd/ wg-portal | 5 years ago | ||
| internal | 5 years ago | ||
| scripts | 5 years ago | ||
| .gitignore | 5 years ago | ||
| .travis.yml | 5 years ago | ||
| Dockerfile | 5 years ago | ||
| LICENSE.txt | 5 years ago | ||
| Makefile | 5 years ago | ||
| README-RASPBERRYPI.md | 5 years ago | ||
| README.md | 5 years ago | ||
| docker-compose.yml | 5 years ago | ||
| efs.go | 5 years ago | ||
| go.mod | 5 years ago | ||
| screenshot.png | 5 years ago | ||
WireGuard Portal
A simple, web based configuration portal for WireGuard.
The portal uses the WireGuard wgctrl library to manage the VPN
interface. This allows for seamless activation or deactivation of new users, without disturbing existing VPN
connections.
The configuration portal currently supports using SQLite, MySQL as a user source for authentication and profile data.
It also supports LDAP (Active Directory or OpenLDAP) as authentication provider.
Features
- Self-hosted and web based
- Automatically select IP from the network pool assigned to client
- QR-Code for convenient mobile client configuration
- Sent email to client with QR-code and client config
- Enable / Disable clients seamlessly
- Generation of
wgX.confafter any modification - IPv6 ready
- User authentication (SQLite/MySQL and LDAP)
- Dockerized
- Responsive template
- One single binary
- Can be used with existing WireGuard setups
- Support for multiple WireGuard interfaces
Setup
Docker
The easiest way to run WireGuard Portal is to use the Docker image provided.
Docker Compose snippet with some sample configuration values:
version: '3.6'
services:
wg-portal:
image: h44z/wg-portal:latest
container_name: wg-portal
restart: unless-stopped
cap_add:
- NET_ADMIN
network_mode: "host"
volumes:
- /etc/wireguard:/etc/wireguard
- ./data:/app/data
ports:
- '8123:8123'
environment:
# WireGuard Settings
- WG_DEVICES=wg0
- WG_DEFAULT_DEVICE=wg0
- WG_CONFIG_PATH=/etc/wireguard
# Core Settings
- EXTERNAL_URL=https://vpn.company.com
- WEBSITE_TITLE=WireGuard VPN
- COMPANY_NAME=Your Company Name
- [email protected]
- ADMIN_PASS=supersecret
# Mail Settings
- MAIL_FROM=WireGuard VPN <[email protected]>
- EMAIL_HOST=10.10.10.10
- EMAIL_PORT=25
# LDAP Settings
- LDAP_ENABLED=true
- LDAP_URL=ldap://srv-ad01.company.local:389
- LDAP_BASEDN=DC=COMPANY,DC=LOCAL
- [email protected]
- LDAP_PASSWORD=supersecretldappassword
- LDAP_ADMIN_GROUP=CN=WireGuardAdmins,OU=Users,DC=COMPANY,DC=LOCAL
Please note that mapping /etc/wireguard to /etc/wireguard inside the docker, will erase your host's current configuration.
If needed, please make sure to backup your files from /etc/wireguard.
For a full list of configuration options take a look at the source file internal/server/configuration.go.
Standalone
For a standalone application, use the Makefile provided in the repository to build the application.
make # To build for arm architecture as well use: make build-cross-plat
The compiled binary will be located in the dist folder.
A detailed description for using this software with a raspberry pi can be found in the README-RASPBERRYPI.md.
What is out of scope
- Generation or application of any
iptablesornftablesrules - Setting up or changing IP-addresses of the WireGuard interface on operating systems other than linux
-
Importing private keys of an existing WireGuard setup
Application stack
- go-template, data-driven templates for generating textual output
- Bootstrap, for the HTML templates
- JQuery, for some nice JavaScript effects ;)
License
- MIT License. MIT or https://opensource.org/licenses/MIT
This project was inspired by wg-gen-web.