├── assets
└── banner.png
├── .github
├── ISSUE_TEMPLATE.md
├── PULL_REQUEST_TEMPLATE.md
└── CONTRIBUTING.md
├── LICENSE
└── README.md
/assets/banner.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cedrickchee/awesome-wireguard/HEAD/assets/banner.png
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Hi,
2 |
3 | I would like to add a link.
4 |
5 | **REPO**:
6 |
7 | **DESCRIPTION**:
8 |
9 | **AUTHOR**:
10 |
11 | Or directly write it:
12 |
13 | ```markdown
14 | [REPO](https://github.com/AUTHOR/REPO) - DESCRIPTION. By [@AUTHOR](https://github.com/AUTHOR)
15 | ```
16 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2021 Cedric Chee
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
12 |
13 | # Quality Standards
14 |
15 | Note that we can help you achieve those standards, just try your best and be brave.
16 | We'll guide you to the best of our abilities.
17 |
18 | To be on the list, it would be **nice** if entries adhere to these quality standards:
19 |
20 | - It should take less than 20 sec to find what is the project, how to install it and how to use it.
21 | - Generally useful to the community.
22 | - A project on GitHub with a well documented `README.md` file and plenty of examples is considered high quality.
23 | - Clearly stating "what is it" i.e. which category it belongs to.
24 | - Clearly stating "what is it for" i.e. mention a real problem it solves (even a small one). Make it clear for the next person.
25 | - If it is a **WIP** (work in progress, not safe for production), please mention it.
26 | - Always put the link to the GitHub project instead of the website!
27 |
28 | To be on the list, the project **must** have:
29 |
30 | - How to setup/install the project
31 | - How to use the project (examples)
32 |
33 | If your PR is not merged, we will tell you why so that you may be able to improve it.
34 | But usually, we are pretty relaxed people, so just come and say hi, we'll figure something out together.
35 |
36 | # Rules for Pull Request
37 |
38 | - Each item should be limited to one link, no duplicates, no redirection (careful with `http` vs `https`!)
39 | - The link should be the name of the package or project or website.
40 | - Description should be clear and concise (read it out loud to be sure).
41 | - Description should follow the link, on the same line.
42 | - Entries are listed alphabetically, please respect the order.
43 | - If you want to add more than one link, please don't do all PR on the exact same line, it usually results in conflicts and your PR cannot be automatically merged...
44 |
45 | Please contribute links to packages/projects you have used or are familiar with. This will help ensure high-quality entries.
46 |
47 | #### Your commit message will be a [tweet](https://twitter.com/awesome-wireguard) so write a [good commit message](https://chris.beams.io/posts/git-commit/), keep that in mind :)
48 |
--------------------------------------------------------------------------------
/.github/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing to awesome-wireguard
2 |
3 | First: if you're unsure or afraid of anything, just ask or submit the issue or pull request anyways. You won't be yelled at for giving your best effort. The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contributions, and don't want a wall of rules to get in the way of that.
4 |
5 | However, for those individuals who want a bit more guidance on the best way to contribute to the project, read on. This document will cover what we're looking for. By addressing all the points we're looking for, it raises the chances we can quickly merge or address your contributions.
6 |
7 | We appreciate and recognize [all contributors](https://github.com/cedrickchee/awesome-wireguard/graphs/contributors).
8 |
9 |
10 |
11 | # Table of Contents
12 |
13 | - [Mission Statement](#mission-statement)
14 | - [Quality Standards](#quality-standards)
15 | - [Contribution Guidelines](#contribution-guidelines)
16 | - [New Collaborators](#new-collaborators)
17 |
18 | # Mission Statement
19 |
20 | `awesome-wireguard` is a hand-crafted list for high-quality information about WireGuard and its resources. It should be related or compatible with WireGuard.
21 | If it's a **tutorial or a blog post**, they get outdated really quickly so we don't really put them on the list but if it is on a very advanced and/or specific topic, we will consider it!
22 | If something is awesome, share it (pull request or [issue](https://github.com/cedrickchee/awesome-wireguard/issues/new) or [chat](https://gitter.im/cedrickchee/awesome-wireguard)), let us know why and we will help you!
23 |
24 | # Quality Standards
25 |
26 | Note that we can help you achieve those standards, just try your best and be brave.
27 | We'll guide you to the best of our abilities.
28 |
29 | To be on the list, it would be **nice** if entries adhere to these quality standards:
30 |
31 | - It should take less than 20 sec to find what is the project, how to install it and how to use it.
32 | - Generally useful to the community.
33 | - A project on GitHub with a well documented `README.md` file and plenty of examples is considered high quality.
34 | - Clearly stating "what is it" i.e. which category it belongs to.
35 | - Clearly stating "what is it for" i.e. mention a real problem it solves (even a small one). Make it clear for the next person.
36 | - If it is a **WIP** (work in progress, not safe for production), please mention it.
37 | - Always put the link to the GitHub project instead of the website!
38 |
39 | To be on the list, the project **must** have:
40 |
41 | - How to setup/install the project
42 | - How to use the project (examples)
43 |
44 | If your PR is not merged, we will tell you why so that you may be able to improve it.
45 | But usually, we are pretty relaxed people, so just come and say hi, we'll figure something out together.
46 |
47 | # Contribution Guidelines
48 |
49 | ## I want to share a project, what should I do?
50 |
51 | - **Adding to the list:** Submit a pull request or open an [issue](https://github.com/cedrickchee/awesome-wireguard/issues/new)
52 | - **Removing from the list:** Submit a pull request or open an [issue](https://github.com/cedrickchee/awesome-wireguard/issues/new)
53 | - Changing something else: Submit a pull request or open an [issue](https://github.com/cedrickchee/awesome-wireguard/issues/new)
54 | - Don't know what to do: Open an [issue](https://github.com/cedrickchee/awesome-wireguard/issues/new) or join our [chat](https://gitter.im/cedrickchee/awesome-wireguard), let us know what's going on.
55 |
56 | **join the chat:**
57 |
58 | [](https://gitter.im/cedrickchee/awesome-wireguard)
59 |
60 | or you can
61 |
62 | **ping us on Twitter:**
63 |
64 | * [cedric_chee](https://twitter.com/cedric_chee)
65 |
66 | ### Rules for Pull Request
67 |
68 | - Each item should be limited to one link, no duplicates, no redirection (careful with `http` vs `https`!).
69 | - The link should be the name of the package or project or website.
70 | - Description should be clear and concise (read it out loud to be sure).
71 | - Description should follow the link, on the same line.
72 | - If you want to add more than one link, please don't do all PR on the exact same line, it usually results in conflicts and your PR cannot be automatically merged.
73 |
74 |
75 | Please contribute links to packages/projects you have used or are familiar with. This will help ensure high-quality entries.
76 |
77 |
78 |
79 | # New Collaborators
80 |
81 | If you just joined the team of maintainers for this repo, first of all: WELCOME!
82 |
83 | If it is your first time maintaining an open source project, read the [best practice guides for maintainers](https://opensource.guide/best-practices/).
84 |
85 | Here are the few things you need to know:
86 | * We don't push directly to the main branch. Every entry **MUST** be reviewed!
87 | * Each entry should be in accordance to this quality standards and contribution guidelines.
88 | * If something seems weird, i.e. if you don't understand what a project does or the documentation is poor, don't hesitate to (nicely) ask for more explanation (see previous point).
89 | * Say thank you to people who contribute to this project! It may not seems like much but respect and gratitude are important :D
90 |
91 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 | # Awesome WireGuard [](https://awesome.re)
3 |
4 |
5 |
6 |
7 |
9 |
10 | > A curated list of WireGuard tools, projects, and resources.
11 |
12 | WireGuard® - fast, modern, secure VPN tunnel.
13 |
14 | _You can see the updates on [Twitter](https://twitter.com/awesome-wireguard) (coming soon)_
15 |
16 | > Please, help organize these resources so that they are easy to find and understand for newcomers. See how to [Contribute][contributing] for tips!
17 |
18 | _If you see a link here that is not (any longer) a good fit, you can fix it by submitting a [pull request][editreadme] to improve this file. Thank you!_
19 |
20 | ---
21 |
22 | ## Status Badges
23 |
24 | We use emoji to determine repository status.
25 |
26 | :green_circle: **active** repos (last commit date is less than 3 months)
27 |
28 | :yellow_circle: **stale** repos (last commit date is more than 6 months)
29 |
30 | :red_circle: **inactive** repos (last commit date is more than 1 year)
31 |
32 | :black_circle: repos that **were superseded**
33 |
34 | :blue_square: repos that **were code completed**
35 |
36 | :grey_question: repos that **weren't found** (broken link)
37 |
38 | ---
39 |
40 | ## Contents
41 |
42 |
43 |
44 | Expand Table of Contents
45 |
46 | - [What is WireGuard](#what-is-wireguard)
47 | - [Official Resources](#official-resources)
48 | - [Where to Start](#where-to-start)
49 | - [Projects](#projects)
50 | - [Tools](#tools)
51 | - [Mesh Network](#mesh-network)
52 | - [Deployment](#deployment)
53 | - [Container](#container)
54 | - Monitoring
55 | - Security
56 | - Protocol
57 | - Encryption
58 | - Runtime
59 | - [User Interface](#user-interface)
60 | - [Terminal / CLI](#terminal--cli)
61 | - [Web](#web)
62 | - [Desktop](#desktop)
63 | - [Dashboards](#dashboards)
64 | - Development
65 | - Development Environment
66 | - Testing
67 | - Boilerplate
68 | - Homeserver
69 | - [Services based on WireGuard](#services-based-on-wireguard)
70 | - [Cloud Service](#cloud-service)
71 | - [VPN](#vpn)
72 | - [Extensions / Plugins](#extensions--plugins)
73 | - Optimization
74 | - Language Bindings
75 | - [Alternative Implementations](#alternative-implementations)
76 | - [Useful Resources](#useful-resources)
77 | - [Blog Posts](#blog-posts)
78 | - [Articles](#articles)
79 | - [Demos and Examples](#demos-and-examples)
80 | - [Good Tips](#good-tips)
81 | - [Tutorials](#tutorials)
82 | - [Videos](#videos)
83 | - [Books](#books)
84 | - [Podcasts and Interviews](#podcasts-and-interviews)
85 | - [Presentations](#presentations)
86 | - [Newsletters](#newsletters)
87 | - Uncategorized
88 | - [Communities and Meetups](#communities-and-meetups)
89 | - [English](#english)
90 | - Chinese
91 |
92 |
93 |
94 | ---
95 |
96 | ## What is WireGuard
97 |
98 | > WireGuard® is an extremely simple yet fast and modern VPN that utilizes
99 | > state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more
100 | > useful than IPsec, while avoiding the massive headache. It intends to be
101 | > considerably more performant than OpenVPN. WireGuard is designed as a general
102 | > purpose VPN for running on embedded interfaces and super computers alike,
103 | > fit for many different circumstances. Initially released for the Linux kernel,
104 | > it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely
105 | > deployable. It is currently under heavy development, but already it might
106 | > be regarded as the most secure, easiest to use, and simplest VPN solution
107 | > in the industry.
108 |
109 | _Source: [Official WireGuard project website](https://www.wireguard.com/)_
110 |
111 | ## Official Resources
112 |
113 | - [Next Generation Kernel Network Tunnel](https://www.wireguard.com/papers/wireguard.pdf) [PDF] - Whitepaper.
114 | - [WireGuard Docs](https://github.com/pirate/wireguard-docs) - Unofficial WireGuard documentation.
115 |
116 | ## Where to Start
117 |
118 | - [Quick Start](https://www.wireguard.com/quickstart/) - Official quick start.
119 |
120 | ---
121 |
122 | ## Projects
123 |
124 | ### Tools
125 |
126 | - [wg-quick](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8) - Official cross-platform tool to set up a WireGuard interface simply.
127 | - [easy-wg-quick](https://github.com/burghardt/easy-wg-quick) - Creates Wireguard configuration for hub and peers with ease.
128 |  :green_circle:
129 | - [dsnet](https://github.com/naggie/dsnet/) - Simple command to manage a centralised wireguard VPN. Think wg-quick but quicker: key generation + address allocation.
130 |  :green_circle:
131 | - [wgctrl](https://github.com/WireGuard/wgctrl-go) - Package wgctrl enables control of WireGuard interfaces on multiple platforms.
132 |  :red_circle:
133 | - [wgzero](https://github.com/finzzz/wgzero) - Zero overhead wireguard setup.
134 |  :red_circle:
135 | - [wg-make](https://github.com/tevino/wg-make) - A tool to help set up WireGuard based networks. Currently, it generates configurations for peers according to a single configuration file.
136 |  :red_circle:
137 | - [onetun](https://github.com/aramperes/onetun) - A user-space WireGuard port-forwarder -- access ports running on peers in your WireGuard network from any device; without having to install WireGuard locally or without root access (no iptables configs).
138 |  :green_circle:
139 | - [wireproxy](https://github.com/octeep/wireproxy) - A userspace WireGuard client that connects to a WireGuard peer, and exposes a SOCKS5 proxy. (Use cases: Setting up WG as a VPN requires special privilege. It tells the kernel to create a special network interface to handle WG connection. This can get messy if you do not have any special permission (i.e., root), if you do not have proper firewall configuration, or if you want to connect to multiple WG peers at once. wireproxy static tunneling is basically openssh `-D`, which supports SOCKS5 protocols.)
140 |  :green_circle:
141 | - [wireguard-manager-and-api](https://github.com/Mawthuq-Software/wireguard-manager-and-api) - A tool for rotating the keys on peers to increase their privacy by removing their IP address from memory.
142 |  :red_circle:
143 | - [sandialabs/wiretap](https://github.com/sandialabs/wiretap) - Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.
144 |  :green_circle:
145 | - [coder/wush](https://github.com/coder/wush) - Simplest and fastest way to transfer files between computers via WireGuard.
146 |  :green_circle:
147 |
148 | ### Mesh Network
149 |
150 | - [Tailscale](https://tailscale.com/) - Tailscale is a WireGuard-based app that makes secure, private networks easy for teams of any scale.
151 | - [Headscale](https://github.com/juanfont/headscale) - An open source implementation of the Tailscale control server.
152 |  :green_circle:
153 | - [innernet](https://github.com/tonarino/innernet) - A private network system that uses WireGuard under the hood. It is similar in its goals to Slack's nebula or Tailscale.
154 |  :green_circle:
155 | - [Kilo](https://github.com/squat/kilo) - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg).
156 |  :green_circle:
157 | - [NetBird](https://github.com/netbirdio/netbird) - (Previously Wiretrustee) NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home. Technically, it creates an overlay network using ICE protocol (WebRTC) to negotiate P2P connections and WG (kernel module, when possible) to create a fast and encrypted tunnel between machines, falling back to relay (TURN) in case a P2P connection isn't possible. Pretty much just a client app is needed, the rest is done by the software. Their vision is to go beyond traditional VPN by bringing advanced NetSec (Zero Trust security model) like OpenZiti.
158 |  :green_circle:
159 | - [wesher](https://github.com/costela/wesher) - wesher creates and manages an encrypted mesh overlay network across a group of nodes.
160 |  :green_circle:
161 | - [gravitl/netmaker](https://github.com/gravitl/netmaker) - Netmaker is a VPN platform that automates WireGuard from homelab to enterprise. The key distinctions in their solutions are: fast because it can use kernel WireGuard (instead of userspace WireGuard, which is slower), tailored towards the Cloud and Kubernetes, and fully self-hostable.
162 |  :green_circle:
163 | - [HarvsG/WireGuardMeshes](https://github.com/HarvsG/WireGuardMeshes) - Compare WireGuard mesh tools.
164 |  :green_circle:
165 | - [svenstaro/wiresmith](https://github.com/svenstaro/wiresmith) - Auto-config WireGuard clients into a mesh  :green_circle:
166 |
167 | ### Deployment
168 |
169 | - [WireHole](https://github.com/IAmStoxe/wirehole) - A combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
170 |  :red_circle:
171 | - [Autowire](https://github.com/elghazal-a/autowire) - Automatically configure Wireguard interfaces in distributed system. It supports Consul as backend.
172 |  :red_circle:
173 | - [Cloudblock](https://github.com/chadgeary/cloudblock) - Deploys WireGuard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible.
174 |  :green_circle:
175 | - [ansible-role-wireguard](https://github.com/githubixx/ansible-role-wireguard) - Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.
176 |  :green_circle:
177 | - [terraform-aws-wireguard](https://github.com/jmhale/terraform-aws-wireguard) - Terraform module to deploy WireGuard on AWS.
178 |  :red_circle:
179 | - [Firezone](https://github.com/firezone/firezone) - An open-source WireGuard-based VPN server alternative to OpenVPN Access Server. You can self-host this.
180 |  :green_circle:
181 | - [Algo VPN](https://github.com/trailofbits/algo) - Set up a DIY/personal VPN in the cloud. It is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN, open-sourced by Trail of Bits.
182 |  :green_circle:
183 | - [freifunkMUC/wg-access-server](https://github.com/freifunkMUC/wg-access-server) - An all-in-one WireGuard VPN solution with a Web UI for connecting devices. This project aims to deliver a simple VPN solution for developers, homelab enthusiasts and anyone else feeling adventurous.
184 |  :green_circle:
185 | - [WirtBot](https://github.com/b-m-f/WirtBot) - Think of it as a component that will allow you to extend your LAN over the Internet. WirtBot simplifies the process of creating your own private network into 3 steps. No registration, no accounts - Just a network that belongs to you. And it will always be completely free (except for the server/VPS you run it on).
186 |  :red_circle:
187 | - [seashell/drago](https://github.com/seashell/drago) - A self-hosted and flexible configuration manager designed to make it simple to configure secure network overlays spanning heterogeneous nodes via a Web UI.
188 |  :red_circle:
189 |
190 | #### Container
191 |
192 | - [linuxserver/docker-wireguard](https://github.com/linuxserver/docker-wireguard) - A WireGuard container image brought to you by LinuxServer.io. Not all image authors are as great as LinuxServer.io team.
193 |  :green_circle:
194 | - [cmulk/wireguard-docker](https://github.com/cmulk/wireguard-docker) - A Docker image and configuration for a simple personal VPN, used for the goal of security over insecure (public) networks, not necessarily for Internet anonymity. There are currently 3 flavors.
195 |  :red_circle:
196 | - [masipcat/wireguard-go-docker](https://github.com/masipcat/wireguard-go-docker) - WireGuard docker image.
197 |  :green_circle:
198 | - [bitwister/twine](https://github.com/bitwister/twine) - Label based route/port forwarding management tool for Docker that can be used to easily route traffic of containers from/to Wireguard container, while preserving full network isolation. 
199 |
200 | ### Monitoring
201 |
202 | - [MindFlavor/prometheus_wireguard_exporter](https://github.com/MindFlavor/prometheus_wireguard_exporter) - A Prometheus exporter for WireGuard, very light on your server resources.
203 |  :red_circle:
204 |
205 | ### Security
206 |
207 | #### Protocol
208 |
209 | #### Encryption
210 |
211 | ### Runtime
212 |
213 | ### User Interface
214 |
215 | #### Terminal / CLI
216 |
217 | - [WireGuard in NetworkManager](https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/) - Linux NetworkManager has WireGuard support.
218 | - [angristan/WireGuard-install](https://github.com/angristan/wireguard-install) - WireGuard VPN installer for Linux servers.
219 |  :red_circle:
220 | - [PiVPN](https://github.com/pivpn/pivpn) - The Simplest VPN installer (scripts), designed for Raspberry Pi.
221 |  :green_circle:
222 | - [Nyr/wireguard-install](https://github.com/Nyr/wireguard-install) - WireGuard road warrior installer for Ubuntu, Debian, CentOS and Fedora.
223 |  :green_circle:
224 | - [WireGuard-Manager](https://github.com/complexorganizations/wireguard-manager) - enables you to build your own vpn under a minute.
225 |  :green_circle:
226 | - [wg-meshconf](https://github.com/k4yt3x/wg-meshconf) - WireGuard full mesh configuration generator.
227 |  :red_circle:
228 | - [tun2socks](https://github.com/xjasonlyu/tun2socks) - Powered by gVisor TCP/IP stack.
229 |  :green_circle:
230 | - [guard](https://github.com/stellarproject/guard) - A gRPC server for managing wireguard tunnels.
231 |  :red_circle:
232 | - [docker-wireguard-socks-proxy](https://github.com/kizzx2/docker-wireguard-socks-proxy) - Expose a WireGuard tunnel as a SOCKS5 proxy.
233 |  :red_circle:
234 | - [wgctl](https://github.com/apognu/wgctl) - Utility to configure and manage your WireGuard tunnels.
235 |  :red_circle:
236 | - [Wiresteward](https://github.com/utilitywarehouse/wiresteward) - A WireGuard peer manager with OAuth2 authentication.
237 |  :green_circle:
238 | - [psyhomb/wireguard-tools](https://github.com/psyhomb/wireguard-tools) - WireGuard helper scripts.
239 |  :red_circle:
240 | - [b-m-f/wired](https://github.com/b-m-f/wired) - WireGuard network configuration generator with support for multiple topologies written in Rust
241 |  :red_circle:
242 | - [muiquq/wgcfghelp](https://github.com/muqiuq/wgcfghelp) - Lightweight single binary CLI tool, roadwarrior peer management, config file generator, QR code image generator, MikroTik command generator.  :green_circle:
243 | - [AndrianBdn/wg-cmd](https://github.com/AndrianBdn/wg-cmd) - WG Commander is a TUI for a simple WireGuard VPN setup. UI, QR Codes, Setup Wizard in the terminal.
244 |  :green_circle:
245 |
246 | #### Web
247 |
248 | - [vx3r/wg-gen-web](https://github.com/vx3r/wg-gen-web) - Simple Web based configuration generator for WireGuard.
249 |  :red_circle:
250 | - [Subspace](https://github.com/subspacecommunity/subspace) - A simple WireGuard VPN server GUI.
251 |  :red_circle:
252 | - [WireGuard UI](https://github.com/EmbarkStudios/wg-ui) - WireGuard Web UI for self-serve client configurations, with optional auth.
253 |  :red_circle:
254 | - [wg-easy/wg-easy](https://github.com/wg-easy/wg-easy) - The easiest way to run WireGuard VPN + Web-based Admin UI.
255 |  :green_circle:
256 | - [wireguard-ui](https://github.com/ngoduykhanh/wireguard-ui) - Simple, have empty interfaces for authentication
257 |  :yellow_circle:
258 | - [h44z/wg-portal](https://github.com/h44z/wg-portal) - Supports LDAP and more
259 |  :green_circle:
260 | - [brsyuksel/wghttp](https://github.com/brsyuksel/wghttp/) - A http server helps managing wireguard devices and peers on kernel level.
261 |  :green_circle:
262 |
263 | #### Desktop
264 |
265 | - [network-manager-wireguard](https://github.com/max-moser/network-manager-wireguard) - Network-Manager VPN Plugin for WireGuard.
266 |  :red_circle:
267 | - [WireGuardStatusbar](https://github.com/aequitas/macos-menubar-wireguard) - macOS menubar icon for WireGuard/wg-quick.
268 |  :black_circle:
269 | - [TunnlTo/desktop-app](https://github.com/TunnlTo/desktop-app) - TunnlTo is a lightweight, fast, Windows WireGuard VPN client built for split tunneling.
270 |  :green_circle:
271 |
272 | #### Dashboards
273 |
274 | - [Wireguard Dashboard](https://github.com/donaldzou/wireguard-dashboard) - A simple and easy to use WireGuard dashboard written in Python and Flask.
275 |  :green_circle:
276 |
277 | ### Development
278 |
279 | #### Development Environment
280 |
281 | #### Testing
282 |
283 | #### Boilerplate
284 |
285 | ### Homeserver
286 |
287 | ### Services based on WireGuard
288 |
289 | #### Cloud Service
290 |
291 | - [Warp](https://blog.cloudflare.com/1111-warp-better-vpn/) - A free WireGuard VPN from Cloudflare that's trying to fix mobile Internet performance and security.
292 | - [wgcf](https://github.com/ViRb3/wgcf) - Cross-platform, unofficial CLI for Cloudflare Warp.
293 |  :green_circle:
294 |
295 | #### VPN
296 |
297 | - [Mullvad](https://github.com/mullvad/mullvadvpn-app)
298 |  :green_circle:
299 | - [MozWire](https://github.com/NilsIrl/MozWire) - An unofficial configuration manager giving Linux, macOS users (among others), access to Mozilla VPN.
300 |  :green_circle:
301 | - [LNVPN](https://github.com/LightRider5/lnvpn) - A wireguard VPN provider with Ligthning only payments, pay as you use.
302 |  :red_circle:
303 |
304 | ### Extensions / Plugins
305 |
306 | - [wgsd](https://github.com/jwhited/wgsd) - A CoreDNS plugin that serves WireGuard peer information via DNS-SD (RFC6763) semantics. This enables use cases such as mesh networking, NAT-to-NAT connectivity, and dynamic discovery of WireGuard endpoint.
307 |  :yellow_circle:
308 |
309 | ### Optimization
310 |
311 | - [nr-wg-mtu-finder](https://github.com/nitred/nr-wg-mtu-finder) - A Python project to help you find the optimal MTU values for WG server and WG peer that maximizes the upload or download speeds between a peer and server.
312 |  :yellow_circle:
313 |
314 | ### Language Bindings
315 |
316 | ### Alternative Implementations
317 |
318 | Beside Jason Donenfeld's implementation of the WireGuard protocol, written in C and Go, other implementations include:
319 |
320 | - [boringtun](https://github.com/cloudflare/boringtun) - Userspace WireGuard implementation in Rust by Cloudflare.
321 |  :yellow_circle:
322 | - [Matt Dunwoodie's implementation for OpenBSD, written in C](https://undeadly.org/cgi?action=article;sid=20200622052207).
323 | - [Ryota Ozaki's wg(4) implementation, for NetBSD, is written in C](https://man.netbsd.org/wg.4).
324 | - [smartalock/wireguard-lwip](https://github.com/smartalock/wireguard-lwip) - A C implementation of the WireGuard protocol intended to be used with the lwIP IP stack.
325 |  :yellow_circle:
326 | - [ciniml/WireGuard-ESP32-Arduino](https://github.com/ciniml/WireGuard-ESP32-Arduino) - WireGuard implementation for ESP32 Arduino in C.
327 |  :red_circle:
328 |
329 | ## Useful Resources
330 |
331 | ### Blog Posts
332 |
333 | - [WireGuard: great protocol, but skip the Mac app](https://rachelbythebay.com/w/2020/12/24/wg/)
334 | - [WireGuard on Kubernetes with Adblocking](https://codingcoffee.dev/blog/wireguard_on_kubernetes_with_adblocking/)
335 | - [SSH and User-mode IP WireGuard](https://fly.io/blog/ssh-and-user-mode-ip-wireguard/)
336 | - [Setup and Adblocking VPN Using WireGuard and NextDNS](https://blog.paramdeo.com/2019/07/03/setup-an-adblocking-vpn-using-wireguard-and-nextdns.html)
337 | - [WireGuard Endpoint Discovery and NAT Traversal using DNS-SD](https://www.jordanwhited.com/posts/wireguard-endpoint-discovery-nat-traversal/)
338 | - [Taildrop was kind of easy, actually](https://tailscale.com/blog/2021-06-taildrop-was-easy/) - Taildrop was the main new feature launched in Tailscale v1.8.
339 | - [Using Tailscale for Authentication of Internal Tools](https://blog.cloud66.com/using-tailscale-for-authentication-of-internal-tools)
340 | - [IPv6 WireGuard Peering at Fly.io](https://fly.io/blog/ipv6-wireguard-peering/)
341 | - [Our User-Mode WireGuard Year](https://fly.io/blog/our-user-mode-wireguard-year/)
342 | - [Tunnel WireGuard via WebSockets](https://kirill888.github.io/notes/wireguard-via-websocket/) - Setting up WireGuard to work in restricted networks that block UDP traffic.
343 | - [Tailscale's human-scale networks are still controlled by Google and Microsoft](https://iliana.fyi/blog/tailscale-auth-and-threat-modeling/)
344 | - [How to access a peer's local network](https://iliasa.eu/wireguard-how-to-access-a-peers-local-network/) - A simple solution. There is no need of any configurations to set split-tunneling. The example shows how Peer B can route to Peer A through a WG server. Peer B can reach a specific network (subnet) behind Peer A.
345 | - [Routing Specific Docker Containers Through WireGuard VPN with systemd-networkd](https://www.eisfunke.com/article/docker-wireguard-systemd.html) - A simple solution for routing specific docker containers through a WireGuard VPN using only two simple systemd-networkd files, no cumbersome `wg` or `ip` calls.
346 | - [Decoding WireGuard with Wireshark](https://blog.salrashid.dev/articles/2022/wireguard_wireshark/) - A simple guide on how to inspect WireGuard packets in Wireshark.
347 |
348 | ### Articles
349 |
350 | - [In-kernel WireGuard is on its way to FreeBSD and the pfSense router](https://arstechnica.com/gadgets/2021/03/in-kernel-wireguard-is-on-its-way-to-freebsd-and-the-pfsense-router/)
351 | - [It's Looking Like Android Could Be Embracing WireGuard - "A Sane VPN"](https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Android-GKI-Enabled)
352 | - [Tailscale Raises $100 Million Series B to Fix the Internet with its Zero Trust VPN for Modern DevOps Teams](https://www.businesswire.com/news/home/20220504005325/en)
353 | - [Identity management for WireGuard](https://lwn.net/SubscriberLink/910766/7678f8c4ede60928/)
354 |
355 | ### Demos and Examples
356 |
357 | ### Good Tips
358 |
359 | - [WireGuard Gotchas with Multiple Tunnels](https://casavant.org/2020/10/10/wireguard-fwmark.html) - WG has a bit of a trap/gotcha when running multiple independent tunnels, one of which has a default route associated with it.
360 |
361 | ### Tutorials
362 |
363 | - [How to easily configure WireGuard](https://www.stavros.io/posts/how-to-configure-wireguard/)
364 | - [Getting Started with WireGuard](https://miguelmota.com/blog/getting-started-with-wireguard/)
365 | - [What They Don’t Tell You About Setting Up A WireGuard VPN](https://dev.to/tangramvision/what-they-don-t-tell-you-about-setting-up-a-wireguard-vpn-1h2g)
366 | - [Building a simple VPN with WireGuard with a Raspberry Pi as Server](https://snikt.net/blog/2020/01/29/building-a-simple-vpn-with-wireguard-with-a-raspberry-pi-as-server/)
367 | - [Setting up a home VPN server with Wireguard (macOS)](https://mikkel.hoegh.org/2019/11/01/home-vpn-server-wireguard/)
368 | - [Creating a VPN Gateway with a Unikernel running WireGuard](https://nanovms.com/dev/tutorials/running-nanos-wireguard-vpn-gateway)
369 | - [Directions for setting up a WireGuard bounce server](https://gitlab.com/ncmncm/wireguard-bounce-server)
370 | > I find plenty of tutorials online for setting up the most basic Wireguard apparatus.
371 | > Like most peoples', my machines are stuck behind NATs. To connect between NATted hosts, you need control of a host that is not, to keep up on what external addresses the NATs are presenting.
372 | > The docs for WireGuard mention bounce servers, but say nothing about how to set one up.
373 | - [WireGuard VPN Road Warrior Setup](https://emanuelduss.ch/2018/09/29/wireguard-vpn-road-warrior-setup/) - The important feature of this setup is, split tunnelling.
374 | > Either all traffic (default route) or only the traffic desired for the internal network can be routed through the VPN (split tunneling). This can be configured on the client.
375 | - [Routing Docker Host And Container Traffic Through WireGuard](https://www.linuxserver.io/blog/routing-docker-host-and-container-traffic-through-wireguard) using [WireGuard Docker image by linuxserver.io](https://github.com/linuxserver/docker-wireguard)
376 | - [WireGuard setup with Ansible](https://dev.to/tangramvision/exploring-ansible-via-setting-up-a-wireguard-vpn-3389) - A basic Ansible playbook for deploying a WireGuard server and (local) client.
377 | - [Fly-Tailscale-Exit](https://github.com/patte/fly-tailscale-exit) - Run your own VPN with global exit nodes with Fly.io, Tailscale and Github.
378 |
379 | ### Videos
380 |
381 | - [WireGuard: Next Generation Abuse-Resistant Kernel Network Tunnel](https://www.youtube.com/watch?v=eYztYCbV_8U)- A good talk from the WireGuard developer and security researcher, Jason Donenfeld explaining what WireGuard can do and how it works. The talk examine both the cryptography and kernel implementation particulars of WireGuard and explore an offensive attack perspective on network tunnels.
382 | - [How To Build Your Own Wireguard VPN Server in The Cloud](https://www.youtube.com/watch?v=7yC-gJtl9mQ) - A good tutorial from Lawerence Systems regarding WireGuard.
383 |
384 | ### Books
385 |
386 | ### Podcasts and Interviews
387 |
388 | ### Presentations
389 |
390 | - [Presentations by Jason A. Donenfeld](https://www.wireguard.com/presentations/) - A list of all Jason's presentations.
391 |
392 | ### Newsletters
393 |
394 | ## Uncategorized
395 |
396 | - [WebVM: Linux Virtualization in WebAssembly with Full Networking via Tailscale](https://leaningtech.com/webvm-virtual-machine-with-networking-via-tailscale/) - Run WireGuard and Tailscale in the browser. wireguard-go code compiled to Wasm. WebVM is proprietary WebAssembly-powered x86 virtualization tech. I'm genuinely curious how it compares to v86/Fabrice Bellard's JSLinux (like WebVM but free and opened-source).
397 |
398 | ## Communities and Meetups
399 |
400 | ### English
401 |
402 | - [/r/WireGuard](https://www.reddit.com/r/WireGuard/) - Official Reddit WireGuard.
403 | - [#wireguard on Libera](https://web.libera.chat/#wireguard) - Official IRC on Libera Chat.
404 |
405 | ### Chinese
406 |
407 | ## Contribute
408 |
409 | Contributions welcome! If you would like to contribute, please read the [contribution guidelines][contributing] first. It contains a lot of tips and guidelines to help keep things organized.
410 |
411 | _Future: Implement GitHub Actions to monitor and verify all the links with a simple [Node.js script](./scripts/pull_request.js)_
412 |
413 | ## Copyright
414 |
415 | "WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.
416 |
417 | ## License
418 |
419 |
420 |
421 | Expand License
422 |
423 | This repository contains a variety of content; some developed by Cedric Chee,
424 | and some from third-parties. The third-party content is distributed under the
425 | license provided by those parties.
426 |
427 | *I am providing code and resources in this repository to you under an open
428 | source license. Because this is my personal repository, the license you receive
429 | to my code and resources is from me and not my employer.*
430 |
431 | The content developed by Cedric Chee is distributed under the following license:
432 |
433 | ### Text
434 |
435 | The text content is released under the CC-BY-NC-ND license.
436 | Read more at [Creative Commons](https://creativecommons.org/licenses/by-nc-nd/3.0/us/legalcode).
437 |
438 | ### Code
439 |
440 | The code in this repository is released under the [MIT license](LICENSE).
441 |
442 |
443 | [editreadme]: https://github.com/cedrickchee/awesome-wireguard/edit/main/README.md
444 | [contributing]: https://github.com/cedrickchee/awesome-wireguard/blob/main/.github/CONTRIBUTING.md
445 |
--------------------------------------------------------------------------------