Original project: angristan/wireguard-install
A zero-configuration WireGuard VPN server installer and management tool that works across multiple Linux distributions. Set up a secure VPN server in minutes with automated installation, client management, and QR code generation.
- π Cross-Platform Support: Works on 8+ Linux distributions with automatic OS detection
- β‘ Zero-Configuration Setup: Automated installation with sensible defaults - no complex networking knowledge required
- π₯ User-Friendly Interface: Interactive CLI with guided prompts and input validation
- π§ Complete Management: Install, create clients, manage connections, and uninstall cleanly
- π± Mobile Ready: Automatic QR code generation for easy mobile device setup
- π Security Focused: Proper file permissions, firewall integration, and secure key generation
- π Full Lifecycle: From installation to client management to complete removal
-
Clone and build:
git clone https://github.com/your-username/wireguard-install.git cd wireguard-install cargo build --release -
Run as root:
sudo ./target/release/wireguard-install
-
Follow the interactive prompts - the installer will guide you through the entire setup process!
| Distribution | Package Manager | Status |
|---|---|---|
| Debian/Ubuntu/Raspbian | apt-get |
β Supported |
| Fedora | dnf |
β Supported |
| CentOS/RHEL | yum |
β Supported |
| AlmaLinux | dnf |
β Supported |
| Rocky Linux | dnf |
β Supported |
| Oracle Linux | yum |
β Supported |
| Arch Linux | pacman |
β Supported |
| Alpine Linux | apk |
β Supported |
The installer handles everything for you automatically:
- Checks for root privileges
- Detects your operating system
- Verifies virtualization compatibility
- Validates network configuration
- Updates your system's package repositories
- Installs WireGuard and required dependencies
- Installs additional tools (iptables, QR code utilities)
- Handles OS-specific package differences
- Auto-detects your public IP address
- Finds your primary network interface
- Generates secure server keys
- Creates optimized server configuration
- Sets up proper file permissions
- Enables IP forwarding for VPN traffic
- Configures firewall rules (iptables or firewalld)
- Sets up NAT masquerading
- Opens necessary ports automatically
- Enables WireGuard system service
- Starts the VPN server
- Configures automatic startup on boot
- Creates your first VPN client automatically
- Generates client configuration file
- Displays QR code for mobile setup
- Saves config to your home directory
When you run the tool for the first time, it will automatically start the installation wizard:
sudo ./target/release/wireguard-installIf WireGuard is already installed, you'll see the management menu:
- Add New Client: Create additional VPN users with unique configurations
- List Clients: View all configured VPN clients and their details
- Revoke Client: Remove a client and update server configuration
- Uninstall WireGuard: Completely remove WireGuard and restore system state
- Exit: Close the management tool
- Select "Add New Client" from the menu
- Enter a name for the client
- Choose IP addressing (IPv4/IPv6 options)
- Configure DNS settings
- Set traffic routing (all traffic or specific networks)
- Get instant QR code for mobile devices
- Desktop/Laptop: Import the
.conffile into your WireGuard client - Mobile Devices: Scan the QR code with the WireGuard mobile app
- Configuration files are saved to your home directory as
client-name.conf
- Linux operating system with systemd
- Root or sudo access
- One of the supported distributions (see table above)
- Internet connection for package installation
- Compatible virtualization environment (LXC/OpenVZ are not supported)
- Public IP address (automatically detected)
- Available UDP port (default: 51820, customizable)
- Network interface with internet access
- Firewall that allows configuration changes
- Rust toolchain (rustc, cargo)
- Git
# Clone the repository
git clone https://github.com/your-username/wireguard-install.git
cd wireguard-install
# Build the project
cargo build --release
# The executable will be available at:
./target/release/wireguard-install# For development/testing
cargo build
# Run directly with cargo
cargo run- Secure Key Generation: Uses WireGuard's native cryptographic key generation
- Proper Permissions: Sets restrictive file permissions (700/600) on all configuration files
- Firewall Integration: Automatically configures firewall rules for your system
- Input Validation: Validates all user inputs to prevent configuration errors
- IP Conflict Prevention: Automatically prevents IP address conflicts between clients
- Clean Uninstallation: Completely removes all traces and restores original system state
- Detection Phase: The tool detects your OS, network setup, and system capabilities
- Installation Phase: Packages are installed using your distribution's package manager
- Configuration Phase: Server keys are generated and configuration files are created
- Network Phase: Firewall rules and IP forwarding are configured
- Service Phase: WireGuard service is enabled and started
- Client Phase: Your first VPN client is created with QR code
- Management Phase: Ongoing client management through the interactive menu
The installer creates these files during setup:
/etc/wireguard/wg0.conf- Main server configuration/etc/wireguard/params- Installation parameters and settings~/client-name.conf- Individual client configuration files
To completely remove WireGuard and restore your system:
- Run the tool:
sudo ./target/release/wireguard-install - Select "Uninstall WireGuard" from the menu
- Confirm the uninstallation
- The tool will:
- Stop the WireGuard service
- Remove all configuration files
- Uninstall WireGuard packages
- Remove firewall rules
- Disable IP forwarding
- Clean up all generated files
Contributions are welcome! Please feel free to:
- Report bugs or issues
- Suggest new features
- Submit pull requests
- Improve documentation
This project is licensed under the MIT License - see the LICENSE file for details.
- Save Time: No need to manually configure complex networking, firewall rules, or service management
- Reduce Errors: Automated setup prevents common configuration mistakes
- Cross-Platform: Works consistently across different Linux distributions
- Production Ready: Includes proper security measures and best practices
- Beginner Friendly: No advanced networking knowledge required
- Complete Solution: Handles everything from installation to ongoing management
- Mobile Ready: QR codes make mobile device setup effortless
Get your secure VPN server running in minutes, not hours!