This tool is used on our server side infrastructure to manage Wireguard interfaces for our customers. This is not designed to be used by customers.
wg-manager runs as a service on our infrastructure to enable users to connect and use our Wireguard servers.
This services performs a number of tasks such as:
- Keeping track and syncing the public key and peer data from our API
- Removing and re-adding peers that were connected and subsequently disconnected, zeroing out information about when a peer was last connected.
- Managing IPTable (firewall) rules for portforwarding
- Gathering metrics about our Wireguard servers
This project is not affiliated with the WireGuard project. WireGuard is a registered trademark of Jason A. Donenfeld.
Clone this repository, and run
make to build.
This will produce a
wg-manager binary and put them in your
There are three ways to run tests:
- To run tests which do not depend on wireguard or iptables, run
- To run integrations tests which requires wireguard and iptables, run
- To run continuous testing in docker, run
make docker-test. This requires wireguard to be setup on the host machine
Testing iptables using network namespaces
To test iptables without messing with your system configuration, you can use network namespaces. To set one up, enter it and allow localhost routing, run the following commands:
sudo ip netns add wg-test sudo -E env "PATH=$PATH" nsenter --net=/var/run/netns/wg-test ip link set up lo ./setup_testing_environment.sh
Then you can run the tests as described above.
Testing iptables using docker
make shell to get a docker shell which has an isolated network.
It will drop you in the
/repo folder which is mounted to the source.
You can then run
make integration-test or any other make or go commands.
All options can be either configured via command line flags, or via their respective environment variable, as denoted by
To get a list of all the options, run
When installed via the
.deb package, a user named
wireguard-manager will be created for the service to run as, as well as a systemd service named
The name of the binary when installed via the
.deb package is
Configuration is done by creating a file at
/etc/default/wireguard-manager and defining the environment variables there.
All logs are sent to stdout/stderr, so in order to debug issues with the service, simply use
In order to deploy wg-manager, we build
.deb packages. We use docker to make this process easier, so make sure you have that installed and running.
To create a new package, first create a new tag in git, this will be used for the package version:
git tag -s -a v1.0.0 -m "1.0.0"
make package. This will output the new package in the
Don't forget to push the tag to git afterwards.
make package creates files as root.
So to cleanup using
make clean you might have to run
sudo make clean
There is no documentation for this package.