• wireguard-kit
  • Introduction
  • Client and server
  • Tested versions
  • wireguard-kit components
  • License and programming language
  • Installation
  • More
  • Forking

wireguard-kit

Introduction

WireGuard follows the Unix philosophy of doing one thing and doing it well. It is not a complete production VPN solution.

wireguard-kit extends WireGuard into a complete production VPN solution.

Client and server

WireGuard itself is a peer to peer technology.

wireguard-kit configures one computer as a server and the rest as clients. The clients have only a WireGuard connection to the server and connect to other clients via the server.

The server has:

• A WireGuard configuration stanza for each client
• An active clients log
• Optionally a firewall to separate client subnets

Tested versions

wireguard-kit server:

• was tested on Debian Bullseye
• may work on Debian derivatives including Ubuntu and its derivatives

Client configurations generated by wireguard-kit:

• were tested on:
  • Debian Buster and Bullseye clients
  • macOS 13 Ventura
  • Windows 10
• are expected to work on all clients listed at https://www.wireguard.com/install including:
  • Android
  • iOS
  • Linux
  • macOS
  • OpenWRT
  • Windows

wireguard-kit components

For use on the server:

• to create WireGuard clients, a script to:
  • generate, for a new client, the client and server configuration stanzas
  • effect the server configuration stanza
  • optionally to install on ssh-accessible Linux clients: WireGuard, the client configuration stanza and a systemd service to restart WireGuard on loss of connection
• for logging current clients:
  • a script to generate log messages
  • wireguard-logger.service and timer to run the script
  • an example crontab line to use instead of the above service and timer
  • a logrotate configuration file to rotate the log
• to synchronise the WireGuard server configuration to a standby server:
  • a script to do the synchronisation
  • sync_wireguard_to_standby.service and timer to run the script
  • an example crontab line to use instead of the above service and timer
• a logcheck filters file

License and programming language

wireguard-kit uses the GPL-2.0+ license. Its scripts are written in bash

Installation

wireguard-kit server can be installed either:

• from wireguard-kit_.installation.tgz available from https://github.com/CharlesMAtkinson/wireguard-kit/releases using the procedure in "source/usr/share/doc/wireguard-kit/wireguard-kit user guide" .odt (recommended), .htm or .pdf
• from wireguard-kit__all.deb available from https://github.com/CharlesMAtkinson/bung_debian_packaging/releases

More

Full documentation is in source/usr/share/doc/wireguard-kit

Forking

When forking, please read tools/git-store-meta/README-for-wireguard-kit.md