WireGuard Wrapper (Key Management + Friendly Names)
This is a wrapper script for WireGuard VPN that displays friendly names when listing WireGuard connection status, and also handles key management chores (e.g. creating new keys, listing existing keys, etc.)
This is what WireGuard connection status looks like when it's displayed through this script:
- The
.publickeyfiles of vpn peers are stored under theclientsfolder (see Repository Structure below). - The filename of
.publickeyfiles becomes the "friendly name" shown for each peer (e.g. a publickey file namedDave's Cell.publickeycreates a friendly name of "Dave's Cell" for his peer connection). - In addition to formatting
WG infooutput with "friendly names", wgw also provides commands that help manage creating and maintaining private and public keys for vpn peers. - Use
wgwinstead ofwgto list peer connection status/information, to create new vpn clients or list existing clients, or to perform any otherwgcommand (it will call wg with the full parameter list of any command it doesn't internally recognize).
├── <Repo_Base_Folder>
│ ├── wgw.sh
│ ├── clients
│ │ ├── Dave's Cell.privatekey
│ │ ├── Dave's Cell.publickey
│ │ ├── Dan's Tablet.privatekey
│ │ ├── Dan's Tablet.publickey
│ ├── server
│ │ ├── server.privatekey
│ │ ├── server.publickey
- Determine where the Repo_Base_Folder will be located (which holds the client public and private keys, as well as the server public and private keys)
- Determine where to store the wgw.sh script. (The example below stores it in the Repo_Base_Folder and then creates a symlink to it in /usr/local/bin.)
A suitable place to store configuration data might be /usr/local/etc (i.e. set Repo="/usr/local/etc/wireguard" in wgw.sh).
A good place to store configuration data on EdgeOS is under /config/auth since it persists across version upgrades (i.e. set Repo="/config/auth/wireguard" in wgw.sh).
The follow steps use /config/auth/wireguard as the repository base folder (Repo_Base_Folder). Change it to reflect the base folder you actually want to use for the key repository.
# Make the base repository folder (Repo_Base_Folder) if it doesn't already exist
mkdir -p /config/auth/wireguard
# Download (or update) wgw
cd /config/auth/wireguard
curl -OL https://raw.githubusercontent.com/ndfan77/wgw/main/wgw.sh
chmod +x wgw.sh
cd -
# Create a symlink to wgw.sh in /usr/local/bin (which is normally in the path)
sudo mkdir -p /usr/local/bin
sudo ln -s -f /config/auth/wireguard/wgw.sh /usr/local/bin/wgwEdit the wgw.sh file with your favorite text editor (e.g. vi /config/auth/wireguard/wgw.sh), and change the Repo="/config/auth/wireguard" variable (currently line 3) to reflect the correct path.
Use your favorite file management tool to organize them as shown above in Repository Structure (rename if necessary)
wgw initialize
Warning
- This command will create the
<Repo_Base_Folder>/serverand<Repo_Base_Folder>/clientsfolders if they do not exist, and will generate new public and private keys for the server (server.publickeyandserver.privatekeyunder the<Repo_Base_Folder>/serverfolder). - Don't issue this command if you already have public and private keys for your vpn server. Instead, manually make the
<Repo_Base_Folder>/serverand<Repo_Base_Folder>/clientsfolders and place the server.publickey and server.privatekey files under the server folder as shown above in Repository Structure (rename them if necessary). - If
server.publickeyorserver.privatekeyfiles already exist under the<Repo_Base_Folder>/serverfolder when the initialize command is issued, they will be renamed using the current date.
wgw server endpoint <my_endpoint:1305>
Tip
This is the public URL and port for your vpn server that peer's will connect to.
Important
This only alters the template text suggested for client configuration files. It has no functional effect.
wgw server ipaddress 172.17.250.1
Important
This only alters the template text suggested for client configuration files. It has no functional effect.
To see command line options:
wgw --help
For example:
dave@myhost:~$ wgw --help
Usage: wgw <command> <arguments>
wgw internal commands:
show: Calls wg for current config and device info and adds friendly names
initialize: Initialize repository folder structure and create server keys
client show | addkey | listkeys: Show, add, or list client keys
server show | endpoint | ipaddress | createkeys: Show server template information, set it, or initialize keys
<command> can also be any valid wg command:
Usage: /usr/bin/wg <cmd> [<args>]
Available subcommands:
show: Shows the current configuration and device information
showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
set: Change the current configuration, add peers, remove peers, or change peers
setconf: Applies a configuration file to a WireGuard interface
addconf: Appends a configuration file to a WireGuard interface
syncconf: Synchronizes a configuration file to a WireGuard interface
genkey: Generates a new private key and writes it to stdout
genpsk: Generates a new preshared key and writes it to stdout
pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.