Go to file
Sundog Jones c30bdbfa53
Merge pull request #1 from h44z/master
Merge upstream changes
2021-04-05 15:45:02 -07:00
.github/workflows Create codeql-analysis.yml 2021-02-26 23:19:42 +01:00
assets fix client edit layout 2021-04-06 00:33:51 +02:00
cmd/wg-portal cleanup 2021-02-26 22:17:04 +01:00
internal simple database migration versioning, todo: implement migrations 2021-04-06 00:07:05 +02:00
scripts update readme, fix default env file 2021-03-22 23:05:20 +01:00
.gitignore Update .gitignore 2020-11-10 11:12:34 +01:00
.travis.yml add travis token 2021-02-25 09:46:19 +01:00
Dockerfile fix docker build 2021-02-26 22:27:48 +01:00
LICENSE.txt add README and LICENSE 2020-11-16 23:13:15 +01:00
Makefile WIP: dont use gox 2021-02-24 22:52:19 +01:00
README-RASPBERRYPI.md update readme, fix default env file 2021-03-22 23:05:20 +01:00
README.md update readme, fix default env file 2021-03-22 23:05:20 +01:00
docker-compose.yml user dockerhub for image building and travis-ci for testing 2020-11-10 12:24:37 +01:00
efs.go WIP: new user management and authentication system, use go 1.16 embed 2021-02-24 21:24:45 +01:00
go.mod update dependencies 2021-04-06 00:15:24 +02:00
screenshot.png add README and LICENSE 2020-11-16 23:13:15 +01:00


WireGuard Portal

Build Status License: MIT GitHub last commit Go Report Card GitHub go.mod Go version GitHub code size in bytes Docker Pulls

A simple, web based configuration portal for WireGuard. The portal uses the WireGuard wgctrl library to manage the VPN interface. This allows for seamless activation or deactivation of new users, without disturbing existing VPN connections.

The configuration portal currently supports using SQLite, MySQL as a user source for authentication and profile data. It also supports LDAP (Active Directory or OpenLDAP) as authentication provider.


  • Self-hosted and web based
  • Automatically select IP from the network pool assigned to client
  • QR-Code for convenient mobile client configuration
  • Sent email to client with QR-code and client config
  • Enable / Disable clients seamlessly
  • Generation of wgX.conf after any modification
  • IPv6 ready
  • User authentication (SQLite/MySQL and LDAP)
  • Dockerized
  • Responsive template
  • One single binary
  • Can be used with existing WireGuard setups
  • Support for multiple WireGuard interfaces




The easiest way to run WireGuard Portal is to use the Docker image provided.

Docker Compose snippet with some sample configuration values:

version: '3.6'
    image: h44z/wg-portal:latest
    container_name: wg-portal
    restart: unless-stopped
      - NET_ADMIN
    network_mode: "host"
      - /etc/wireguard:/etc/wireguard
      - ./data:/app/data
      - '8123:8123'
      # WireGuard Settings
      - WG_DEVICES=wg0
      - WG_CONFIG_PATH=/etc/wireguard
      # Core Settings
      - EXTERNAL_URL=https://vpn.company.com
      - WEBSITE_TITLE=WireGuard VPN
      - COMPANY_NAME=Your Company Name
      - ADMIN_USER=admin@domain.com
      - ADMIN_PASS=supersecret
      # Mail Settings
      - MAIL_FROM=WireGuard VPN <noreply+wireguard@company.com>
      - EMAIL_HOST=
      - EMAIL_PORT=25
      # LDAP Settings
      - LDAP_ENABLED=true
      - LDAP_URL=ldap://srv-ad01.company.local:389
      - LDAP_USER=ldap_wireguard@company.local
      - LDAP_PASSWORD=supersecretldappassword

Please note that mapping /etc/wireguard to /etc/wireguard inside the docker, will erase your host's current configuration. If needed, please make sure to backup your files from /etc/wireguard. For a full list of configuration options take a look at the source file internal/server/configuration.go.


For a standalone application, use the Makefile provided in the repository to build the application.


# To build for arm architecture as well use:
make build-cross-plat

The compiled binary will be located in the dist folder. A detailed description for using this software with a raspberry pi can be found in the README-RASPBERRYPI.md.

What is out of scope

  • Generation or application of any iptables or nftables rules
  • Setting up or changing IP-addresses of the WireGuard interface on operating systems other than linux
  • Importing private keys of an existing WireGuard setup

Application stack


This project was inspired by wg-gen-web.