WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
– https://www.wireguard.com/
Features
WireGuard’s linux package with its standard features
WireGuard UI, an unofficial management web app to configure the server and create client credentials.
Status page is not working, but it should not be preventing standard operation.
Installation
This WireGuard package can be installed through:
YunoHost’s webadmin, in the Community listing
YunoHost’s CLI: yunohost app install wireguard.
Required parameters are:
domain
path: leave it to / for the time being, the web UI can only be installed at the root of the domain
admin, among YunoHost’s users
After installation, open your browser to WireGuard’s page. You can configure the server, and manage clients whose credentials can be downloaded or read as a QR code.
During the installation, WireGuard will add its own kernel module. A manual reboot of the server may be needed.
Client software can be found on the installation page of WireGuard’s website. Mobile clients are available on the Play Store, F-Droid, and the App Store.
Configuration
WireGuard can be configured via the non-official web UI. Do not alter the configuration files.
If you are behind a modem, or an ISP box, open WireGuard’s port in its firewall. The port number can be found in the Listen Port field, under WireGuard Server menu. Do not alter it, it has been assigned by your YunoHost server.
Are LDAP and HTTP auth supported? No, use YunoHost permissions panel to allow users to access the web UI.
Can the app be used by multiple users? Yes, any user allowed to access the web UI will be able to alter the VPN settings and access the clients credentials.
Supported architectures
x86-64 -
ARMv8-A - - you may need to manually do wg-quick up wg0 after configuring WireGuard
Limitations
The web UI can only be installed at the root of a domain.
I have opened an issue in the upstream app about it.
Only one network interface, wg0 can be created with this app.
I will investigate the possibility to have the app installed multiple times, one instance per interface. Or maybe the web UI could handle multiple interfaces.
Hello !
Thanks for the app
I tested it yesterday, without success.
I installed the app at the root of it’s own domain, redirected port 8095 on my box, created a client and flashed the code on my phone (using wireguard app)
I also copy/pasted the 2 conf for routing (even if I don’t understand what this means) without success.
Do I have some more configuration to do ? (like adapt the server ip interface ?)
Hi, and thanks for trying it out. Good point regarding the VPN port behind a modem/box, I will add that to the Configuration! Regarding the routing commands, they are to allow Internet connection through the VPN, it will only allow clients to talk to each other without it.
So, when you say you tested it without success, either you cannot connect to the VPN with your phone (error upon connection), or you cannot access the Internet after connecting to it? What’s the error message?
First ideas:
Easy one, but I forgot twice about it already: do not forget to Apply changes (top right corner) after either altering the clients or the server configuration.
Can you check that your wg0 interface is up with ip a in your terminal ? What’s the output regarding wg0? Check that you do not have a conflict with IP addresses. By default I set the VPN addresses to the 10.10.10.0 range, but indeed you can change it if needed.
Try running sudo wg-quick up wg0 and report any error.
That will not solve your problem, but prevent a subsequent one with Internet connection. Have you replaced eth0 by enp3s0 in the Post Up and Down commands?
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"
Somehow the WireGuard installation was not complete. What is your server hardware? Did you have warnings or errors during the installation of the app? After a quick search let’s try: sudo modprobe wireguard and try sudo wg-quick up wg0 again.
If that fails, I will need some time to investigate.
@tituspijean
I have installed this app on my server and it works fine. Thanks for the job.
I have configured my computer and my smartphone too. It’s OK.
I still can’t access the internet when I configure my router because it doesn’t route ip (although it works with openvpn).
@tituspijean
I don’t know what’s wrong with my router. It works with a mullvad configuration file but it does not with my yunohost server’s one. I will continue my investigations.
Edit: An update of the router and its reset solved the problem.
Everything works fine!
Nov 09 22:45:09 xxx.ynh.fr systemd[1]: Starting WireGuard restart…
Nov 09 22:45:10 xxx.ynh.fr systemctl[24732]: Job for wg-quick@wg0.service failed because the control process exited with error code.
Nov 09 22:45:10 xxx.ynh.fr systemctl[24732]: See “systemctl status wg-quick@wg0.service” and “journalctl -xe” for details.
Nov 09 22:45:10 xxx.ynh.fr systemd[1]: wireguard.service: Main process exited, code=exited, status=1/FAILURE
Nov 09 22:45:10 xxx.ynh.fr systemd[1]: wireguard.service: Failed with result ‘exit-code’.
Nov 09 22:45:10 xxx.ynh.fr systemd[1]: Failed to start WireGuard restart.
and anyway the module wireguard is also not found. Thanks for your feedback.
Nov 10 12:05:14 systemd[1]: Starting WireGuard via wg-quick(8) for wg0…
Nov 10 12:05:14 wg-quick[7099]: [#] ip link add wg0 type wireguard
Nov 10 12:05:14 wg-quick[7099]: RTNETLINK answers: Operation not supported
Nov 10 12:05:14 wg-quick[7099]: Unable to access interface: Protocol not supported
Nov 10 12:05:14 wg-quick[7099]: [#] ip link delete dev wg0
Nov 10 12:05:14 wg-quick[7099]: Cannot find device “wg0”
Nov 10 12:05:14 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE
Nov 10 12:05:14 systemd[1]: wg-quick@wg0.service: Failed with result ‘exit-code’.
Nov 10 12:05:14 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
Well I think the main problem was actually that the module is built for kernel 5.8.0-0.bpo.2-amd64 but I was still running 4.19. So a reboot seems to be the solution.
In addition, from the .conf file downloaded from the Wireguard UI, I had to remove the lines Adress and DNS in order to be able to wg setconf wg0 wg0.conf (Line unrecognized: `Address=192.168.2.2/32’
Configuration parsing error…)
I’ll test more but it looks like it is working now, thanks very much for this app !
Sorry to reply to an older thread, but I’m having the same problems as above. I’ve done clean YNH installs on 2 different VPS’s and have the exact same problem = cannot connect to the internet.
Debian 10
Everything updated
Confirmed eth0 by running ip a.
Set the Post Up and Down Scripts
Can actively connect to the server with Wireguard and packets are sent (but not received …) Cannot connect to the outside internet. It’s almost like a port is closed but I can’t see anything wrong in the firewall.
Thanks! I have a clean fresh install here … so nothing to lose. Can you give me a quick instruction how to ‘try it?’ I’m like a bull in a china shop and break things constantly, but learning as I go along. lol.
During the installation, WireGuard will add its own kernel module. A manual reboot of the server may be needed.
- you may need to manually do 
Good point regarding the VPN port behind a modem/box, I will add that to the Configuration! Regarding the routing commands, they are to allow Internet connection through the VPN, it will only allow clients to talk to each other without it.
There you go: