Skip to content
/ wg-conf-gen Public

Small python script to generate a Wireguard network mesh

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xanarin/wg-conf-gen

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
example.yml
example.yml
 
 
wg-conf-gen.py
wg-conf-gen.py
 
 

Repository files navigation

wg-conf-gen

This Python script takes a YAML file enumerating Wireguard peers (with their settings) and creates a wg-quick configuration file for each peer so that it can directly connect to all other peers using Wireguard.

It's kind of like Tailscale but static, less secure, and dumber.

Configuration File

Take a look at example.yml. Basically, you must have a top-level peers: list containing named peers. Each named peer needs the following fields:

  • endpoint_host - IP address or FQDN of this host on the non-Wireguard network (probably the internet) that other nodes should use to reach it
  • endpoint_port - The UDP port that this host will listen on for Wireguard traffic
  • private_key - The Wireguard Private key (base64-ed Curve25519) that this node will use
  • wg_ips - A list of IP addresses that this peer will use inside of the Wireguard network. Each IP address requires a subnet mask (i.e. 2001:db8:1234:4321::101/64 or 10.1.0.1/24)
  • routes - An optional list of IP networks that should be routed through this peer. This is useful if the peer is a router that can reach another network.
    • NOTE: These routes will be added to all other peer's AllowedIPs directives and may unintentionally hijack traffic if the user is not careful.

Output Files

This script will create a directory called output_configs in the current directory and create a configuration file for each peer with the peer's name, like example.conf. This file can then be uploaded to the Wireguard peer and set up with wg-quick.

For my use case (Debian servers with the wireguard package installed), I did the following to get the configuration file working on the peer(s):

$ # On my host machine
$ /wg-conf-gen.py example.yml 
Writing config for node1 to output_configs/node1.conf
Writing config for node2 to output_configs/node2.conf
Writing config for node3 to output_configs/node3.conf
Writing config for node😎 to output_configs/node😎.conf
$ scp output_config/node1.conf node1.example.com:
node1.conf                                      100%  861    27.8KB/s   00:00 

$ # On node1.example.com
$ sudo mv ~/node1.conf /etc/wireguard/wg0.conf
$ sudo systemctl enable --now wg-quick@wg0
$ sudo wg
interface: wg0
  public key: 8/Ezkexvrzwy6ULixqlogngScYhQn4BpKsx0oUX/c0c=
  private key: (hidden)
  listening port: 45678

peer: 4HbhtecVt8Am1fZVvicmmy4IVoGzB76FJW3unUSA7Qo=
# output truncated here for clarity

$ # All finished!

About

Small python script to generate a Wireguard network mesh

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages