Secure self-hosted Wireguard Installer / Manager for CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian

Wireguard Manager

GitHub release ShellCheck GitHub issues GitHub contributors GitHub forks GitHub Workflow Status

What is WireGuard?

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

WireGuard Goals

  • strong, modern security by default
  • minimal config and key management
  • fast, both low-latency and high-bandwidth
  • simple internals and small protocol surface area
  • simple CLI and seamless integration with system networking


  • CentOS, Debian, Ubuntu, Arch, Fedora, Redhat, Raspbian
  • Linux Kernel 4.1 or newer
  • You will need root access or a user account with sudo privilege.


Lets first use curl and save the file in /etc/wireguard/

curl --create-dirs -o /etc/wireguard/

Than lets make the script user executable (Optional)

chmod +x /etc/wireguard/

Its finally time to execute the script

bash /etc/wireguard/

In your /etc/wireguard/clients directory, you will have .conf files. These are the client configuration files. Download them from your WireGuard Interface and connect using your favorite WireGuard Peer.

After Installation

  • Show WireGuard Interface
  • Start WireGuard Interface
  • Stop WireGuard Interface
  • Restart WireGuard Interface
  • Add WireGuard Peer
  • Remove WireGuard Peer
  • Uninstall WireGuard Interface
  • Update this script


  • Installs and configures a ready-to-use WireGuard Interface
  • IPv6 Supported, IPv6 Leak Protection
  • Iptables rules and forwarding managed in a seamless way
  • If needed, the script can cleanly remove WireGuard, including configuration and iptables rules
  • Variety of DNS resolvers to be pushed to the clients
  • The choice to use a self-hosted resolver with Unbound.
  • Block DNS leaks
  • Many other little things!


  • PRIVATE_SUBNET_V4 - private IPv4 subnet configuration by default
  • PRIVATE_SUBNET_V6 - private IPv6 subnet configuration fd42:42:42::0/64 by default
  • SERVER_HOST_V4 - public IPv4 address, detected by default using curl
  • SERVER_HOST_V6 - public IPv6 address, detected by default using curl
  • SERVER_PUB_NIC - public nig address, detected by default
  • SERVER_PORT - public port for wireguard server, default is 51820
  • DISABLE_HOST - Disable or enable ipv4 and ipv6, default disabled
  • CLIENT_ALLOWED_IP - private or public IP range allowed in the tunnel
  • NAT_CHOICE - Keep sending packets to keep the tunnel alive 25
  • INSTALL_UNBOUND - Install unbound settings y/n
  • DNS_CHOICE - Without Unbound you have to use a public dns like
  • CLIENT_NAME - name of the client
  • MTU_CHOICE - the MTU the client will use to connect to DNS 1420

Compatibility with Linux Distro

| OS | Supported | i386 | amd64 | armhf | arm64 | | -------------- | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | | Ubuntu 14.04 ≤ |:x: |:x: |:x: |:x: |:x: | | Ubuntu 16.04 |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Ubuntu 18.04 |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Ubuntu 19.10 ≥ |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Debian 7.x ≤ |:x: |:x: |:x: |:x: |:x: | | Debian 8.x |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Debian 9.x |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Debian 10.x ≥ |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | CentOS 6.x ≤ |:x: |:x: |:x: |:x: |:x: | | CentOS 7.x |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | CentOS 8.x ≥ |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Fedora 29 ≤ |:x: |:x: |:x: |:x: |:x: | | Fedora 30 |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Fedora 31 |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Fedora 32 ≥ |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | RedHat 6.x ≤ |:x: |:x: |:x: |:x: |:x: | | RedHat 7.x |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | RedHat 8.x ≥ |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Arch |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | Raspbian |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | LXC |:x: |:x: |:x: |:x: |:x: | | KVM |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: |:white_check_mark: | | OpenVZ |:x: |:x: |:x: |:x: |:x: |

Compatibility with Cloud Providers

| Cloud | Supported | | -------------- | ------------------ | | AWS |:white_check_mark: | | Google Cloud |:white_check_mark: | | Linode |:white_check_mark: | | Digital Ocean |:white_check_mark: | | Vultr |:white_check_mark: | | Microsoft Azure |:white_check_mark: | | OpenStack |:white_check_mark: | | Rackspace |:white_check_mark: | | Scaleway |:white_check_mark: | | EuroVPS |:white_check_mark: | | Hetzner Cloud |:white_check_mark: | | Strato |:x: |


Which hosting provider do you recommend? - Google Cloud: Worldwide locations, starting at $10/month - Vultr: Worldwide locations, IPv6 support, starting at $3.50/month - Digital Ocean: Worldwide locations, IPv6 support, starting at $5/month - Linode: Worldwide locations, IPv6 support, starting at $5/month

Which WireGuard client do you recommend? - Windows: WireGuard. - Android: WireGuard. - macOS: WireGuard. - iOS: WireGuard.

Is there WireGuard documentation? - Yes, please head to the WireGuard Manual, which references all the options.

How do i install wireguard without the questions? (Headless Install) Server Only - HEADLESS_INSTALL=y /etc/wireguard/

Official Links - Homepage: - Install: - QuickStart: - Compiling: - Whitepaper:


Using a browser based development environment:

Open in Gitpod

Channels: - Master (Stable) - Dev (Development)


git clone /etc/wireguard/
bash -x /etc/wireguard/wireguard-(server|client).sh >> /etc/wireguard/wireguard-(server|client).log


Angristan l-n-s


This project is under the MIT

Repo Not Found