🔐 Wireguard Easy

Wireguard Easy makes it easy to set up your Wireguard network mesh -- if you've been wanting to set up Wireguard as a VPN, you can skip the manual config set up.

AwesomeFOSS Team

Jul 7, 2024 • 4 min read

Wireguard Easy is an web based admin UI and orchestrator for Wireguard, the break-out VPN technology (replacing OpenVPN in many stacks) of 2015.

Wireguard Easy does what it sounds like – it makes using wireguard easy – providing a way to easily manage your setup (you can use wireguard for tunneling, VPNs, mesh networking, etc) without writing tons of complicated and error prone configuration files.

If you've been looking into setting up a Wireguard mesh or maybe want to spend a little less time manually making changes to configuration files for Wiregeuard, Wireguard Easy is what you're looking for.

Not familiar with Wireguard or VPNs at all? Wikipedia is a great place to get a sense for the history of the project and the technologies involved:

🌠 Features

GUI-driven Wireguard Management
Powerful Wireguard features
Ability to drop down to manual mode when needed
Generated QR codes for machines/clients
Easily download configuration files
Dark mode
Statistics for connected clients (can be disabled)

🤖 As described by AI

WireGuard Easy is a project designed to simplify the deployment and management of WireGuard VPNs. WireGuard, known for its simplicity and high performance, is often complex to set up manually, especially for users not deeply familiar with networking concepts. WireGuard Easy streamlines this process by providing a user-friendly interface and automation tools that handle the intricate details of configuration, key management, and network setup. This makes it accessible to a broader audience, allowing users to establish secure VPN connections with minimal effort.

The project supports various operating systems, including Linux, macOS, and Windows, ensuring cross-platform compatibility. It features an intuitive graphical user interface (GUI) and command-line interface (CLI), catering to different user preferences. WireGuard Easy also includes features like automatic peer configuration, QR code generation for mobile devices, and easy integration with cloud services, further enhancing its usability. Overall, WireGuard Easy significantly reduces the barrier to entry for deploying WireGuard VPNs, making secure and private networking more attainable for both individuals and organizations.

📺 Watch this

Techdox has great guide to setting up Wireguard Easy, where he goes through his setup and shows you how to put together your own:

👟 Getting started

Installing Wireguard Easy is... Quite easy! You'll need at least the following to get started:

docker installed (see the Docker install documentation)
A host (almost surely Linux) that supports wireguard

🐳 Docker

Wireguard Easy has a one liner that you can edit and use to run it:

  docker run -d \
    --name=wg-easy \
    -e LANG=de \
    -e WG_HOST=<🚨YOUR_SERVER_IP> \
    -e PASSWORD_HASH=<🚨YOUR_ADMIN_PASSWORD_HASH> \
    -e PORT=51821 \
    -e WG_PORT=51820 \
    -v ~/.wg-easy:/etc/wireguard \
    -p 51820:51820/udp \
    -p 51821:51821/tcp \
    --cap-add=NET_ADMIN \
    --cap-add=SYS_MODULE \
    --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
    --sysctl="net.ipv4.ip_forward=1" \
    --restart unless-stopped \
    ghcr.io/wg-easy/wg-easy

Most docker incantations are relatively short, so let's go through what each of these lines mean:

docker run -d: Run a Docker container in detached mode, meaning it runs in the background.
--name=wg-easy: Assign the name "wg-easy" to the container for easy reference.
-e LANG=de: Set the environment variable LANG to de, configuring the language setting to German.
-e WG_HOST=<🚨YOUR_SERVER_IP>: Set the environment variable WG_HOST to the server's IP address, which is necessary for the WireGuard configuration.
-e PASSWORD_HASH=<🚨YOUR_ADMIN_PASSWORD_HASH>: Set the environment variable PASSWORD_HASH to the hashed administrator password for securing the WireGuard Easy interface.
-e PORT=51821: Set the environment variable PORT to 51821, specifying the port for the web interface of WireGuard Easy.
-e WG_PORT=51820: Set the environment variable WG_PORT to 51820, specifying the port for the WireGuard VPN.
-v ~/.wg-easy:/etc/wireguard: Mount the host directory ~/.wg-easy to the container's /etc/wireguard directory to persist configuration data.
-p 51820:51820/udp: Map UDP port 51820 on the host to UDP port 51820 on the container, allowing WireGuard VPN traffic.
-p 51821:51821/tcp: Map TCP port 51821 on the host to TCP port 51821 on the container, allowing access to the WireGuard Easy web interface.
--cap-add=NET_ADMIN: Grant the container the NET_ADMIN capability, necessary for network administration tasks.
--cap-add=SYS_MODULE: Grant the container the SYS_MODULE capability, allowing it to load kernel modules.
--sysctl="net.ipv4.conf.all.src_valid_mark=1": Apply a system control setting to ensure valid marks for IPv4 source addresses.
--sysctl="net.ipv4.ip_forward=1": Apply a system control setting to enable IPv4 packet forwarding.
--restart unless-stopped: Configure the container to always restart unless it is explicitly stopped by the user.
ghcr.io/wg-easy/wg-easy: Specify the image to use for the container, pulled from the GitHub Container Registry (GHCR).

Of course, we also recommend that you pick a specific version of ghcr.io/wg-easy/wg-easy to run – runing :latest is not recommended, and can expose you to breaking changes faster than you want.

🧑‍💻 Want to contribute?

Wireguard Easy is licensed with the Creative Commons license which is open source, but not free/libre software. You are not allowed to use it for commercial uses.

That said, there is the normal issues and PR flow for contributing, if you want to:

📬 Want Awesome F/OSS in your inbox?

We'll send you new articles as soon as they go live.