WireGuard Everywhere 🌐

Fast and secure WireGuard VPN server installer for Linux. Install a production-ready WireGuard server in minutes on any VPS or cloud server.

✨ Features

• 🚀 Quick Installation: One command to set up a complete WireGuard server
• 🔒 Secure by Default: Uses modern cryptography and secure defaults
• 🐳 Container Support: Works on both bare metal and containerized environments (LXC, Docker)
• 🎯 Multiple DNS Options: Google, Cloudflare, Quad9, AdGuard, Gcore, or custom DNS
• 📱 QR Code Generation: Instant QR codes for mobile client setup
• 🔄 Easy Client Management: Add, remove, and manage clients interactively
• 🌍 Multi-Distribution: Supports Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, and Fedora

📋 Requirements

Supported Operating Systems

• Ubuntu: 22.04 LTS or higher
• Debian: 11 (Bullseye) or higher
• AlmaLinux / Rocky Linux / CentOS: 9 or higher
• Fedora: Latest stable releases

System Requirements

• Root access or sudo privileges
• Public IPv4 address (or NAT with port forwarding)
• At least 512 MB RAM
• 1 GB free disk space

For Containerized Environments

• TUN device must be available
• x86_64 architecture (if WireGuard kernel module is not available)

🚀 Quick Start

Installation

Run as root:

wget https://raw.githubusercontent.com/yuryja/wireguard-everywhere/main/install.sh -O install.sh
sudo bash install.sh

Or with curl:

curl -O https://raw.githubusercontent.com/yuryja/wireguard-everywhere/main/install.sh
sudo bash install.sh

First-Time Setup

The installer will guide you through:

1. IP Address Selection: Choose which network interface to use
2. Public IP/Hostname: Enter your server's public IP or domain name
3. Port Selection: Choose WireGuard listening port (default: 51820)
4. First Client Name: Name for your first VPN client
5. DNS Server: Select DNS provider for VPN clients
6. BoringTun Updates (containers only): Enable automatic updates

After installation, you'll get:

• A QR code for mobile clients
• A .conf file for desktop clients
• Instructions for adding more clients

📱 Client Setup

Mobile Devices (iOS/Android)

1. Install the WireGuard app from App Store or Google Play
2. Scan the QR code displayed after installation
3. Enable the VPN connection

Desktop/Laptop

1. Install WireGuard from wireguard.com
2. Import the .conf file generated by the installer
3. Activate the connection

🔧 Managing Your VPN

Run the script again to access the management menu:

bash install.sh

Available options:

1. Add a new client: Create additional VPN client configurations
2. Remove an existing client: Revoke access for a client
3. Remove WireGuard: Completely uninstall WireGuard
4. Restart WireGuard: Restart the VPN service
5. Exit: Close the menu

🛡️ Security Features

• PresharedKey (PSK): Additional layer of security beyond public key cryptography
• Modern Ciphers: Uses ChaCha20 for encryption and Poly1305 for authentication
• Minimal Attack Surface: Only opens the configured WireGuard port
• HTTPS for External Services: All external API calls use HTTPS

🐳 Container Support

The installer automatically detects containerized environments and uses:

• Kernel Module (preferred): If WireGuard kernel module is available
• BoringTun (fallback): Userspace implementation for containers without kernel module

Container Requirements

• TUN device must be enabled
• For LXC containers, add to container config:

  lxc.cgroup2.devices.allow: c 10:200 rwm
  lxc.mount.entry: /dev/net dev/net none bind,create=dir
  

🌐 Network Configuration

Default Settings

• VPN Subnet: 10.7.0.0/24 (IPv4)
• VPN Subnet: fddd:2c4:2c4:2c4::/64 (IPv6, if available)
• Default Port: 51820/UDP
• Max Clients: 253

Firewall

The installer automatically configures:

• firewalld (RHEL-based systems)
• iptables (Debian-based systems)

📊 DNS Providers

Provider	IPv4 Addresses
System Default	Uses your server's DNS
Google	8.8.8.8, 8.8.4.4
Cloudflare	1.1.1.1, 1.0.0.1
OpenDNS	208.67.222.222, 208.67.220.220
Quad9	9.9.9.9, 149.112.112.112
Gcore	95.85.95.85, 2.56.220.2
AdGuard	94.140.14.14, 94.140.15.15
Custom	Your own DNS servers

🔍 Troubleshooting

Check WireGuard Status

systemctl status wg-quick@wg0

View Active Connections

wg show

Check Logs

journalctl -u wg-quick@wg0 -f

🖥️ Web Interface (New!)

WireGuard Everywhere now includes a lightweight web interface to manage your VPN clients visually.

Features

• 📊 Dashboard: View active clients and statistics
• ➕ Client Management: Create, delete, enable, and disable clients
• 📱 QR Codes: Display QR codes for easy mobile setup
• 📥 Downloads: Download .conf files directly
• 🔒 Secure: Password protected login
• 🌍 Multi-language: Supports English, Spanish, Portuguese, French, and Italian

How to Run

1. Start the Web Interface:

   sudo ./start_web.sh

2. Access the Interface: Open your browser and navigate to http://YOUR_SERVER_IP:5000

3. Login:

   • Default Username: admin
   • Default Password: The script will print a secure randomly generated password on first launch. Save this password!

Requirements

• Python 3
• Root privileges (to manage wireguard interface)

Common Issues

Port already in use

# Check what's using the port
ss -tulpn | grep :51820

TUN device not available (containers)

# Check if TUN is available
ls -l /dev/net/tun

Kernel module not loading

# Check if module is loaded
lsmod | grep wireguard

🤝 Contributing

Contributions are welcome! Please feel free to submit issues or pull requests.

☕ Support

If you find this project useful, you can support my work here:

• PayPal

📄 License

This project is released under the MIT License.

• Original installer logic: Copyright (c) 2020 Nyr
• Web Interface & Modifications: Copyright (c) 2026 Yury Jajitzky

⚠️ Disclaimer

This software is provided "as is", without warranty of any kind. Use at your own risk.

🙏 Credits

This project is significantly based on the excellent wireguard-install script.

• Web Interface & Extended Features: Yury Jajitzky
• Original Installer Logic: Nyr
• WireGuard®: Jason A. Donenfeld
• BoringTun: Cloudflare

---

WireGuard is a registered trademark of Jason A. Donenfeld.