# wireguard-management Wireguard management and monitoring utils. * [`wg_status`.py](https://git.hmp.today/pavel.muhortov/wireguard-management#wg_status-py) * [`wg-client-management`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-client-management-sh) * [`wg-heavy@wg1`.service](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-heavy-wg1-service) ____ ## `wg_status`.py **Description:** > Wireguard server status parser. **Dependencies:** > > * privileged rights > * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * [requests](https://requests.readthedocs.io/) Python 3 module (tested version 2.31.0) > * to use peer names instead of their public keys, the existence of a directory with configurations or public keys of peers is required | PARAMETERS | DESCRIPTION | DEFAULT | |--------------|------------------------|---------------| |**[-p, --peers_root]**|root path to peers configs or public keys|`/etc/wireguard/pki`| |**[-f, --filter]**|client names filter by regex|`.*`| |**[-g, --geo]**|check client real ip geo location (may be slow)|`None`| Example usage with Zabbix agent: ```bash # install dependencies sudo pip install requests # download sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg_status.py -O /etc/wireguard/wg_status.py sudo chmod +x /etc/wireguard/wg_status.py ``` ```bash # edit sudoers sudo sh -c "echo ' zabbix ALL=(ALL) NOPASSWD:/etc/wireguard/wg_status.py ' > /etc/sudoers.d/zabbix_agentd" # check permission sudo -u zabbix sudo /etc/wireguard/wg_status.py ``` ```bash # add UserParameter to Zabbix agent sudo sh -c "echo ' Timeout=30 AllowRoot=0 UserParameter=discovery.wg, sudo /etc/wireguard/wg_status.py ' >> /etc/zabbix/zabbix_agentd.conf" sudo systemctl restart zabbix-agent ``` Download [Wireguard_by_Zabbix_agent.yaml](https://git.hmp.today/pavel.muhortov/zabbix/raw/branch/master/templates/applications/vpn/wireguard/6.0/wireguard_by_zabbix_agent.yaml) template Zabbix Server -> Configuration -> Templates -> Import template ____ ## `wg-client-management`.sh **Description:** > Creating or deleting client config for wireguard and sending config and info to email. **Dependencies:** > > * privileged rights > * [wireguard](https://www.wireguard.com/) (tested version 1.0.2 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * [qrencode](https://github.com/fukuchi/libqrencode) (tested version 4.1.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * [grepcidr](https://github.com/ryantig/grepcidr) (tested version 2.0 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/)) > * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) | POSITION | PARAMETERS | DESCRIPTION | DEFAULT | |-----------|--------------|------------------------|---------------| | 1 |**\**|wireguard interface name|**REQUIRED**| | 2 |**add\|del**|add or delete client config|**REQUIRED**| | 3 |**\**|client username|**REQUIRED**| | 4 |**\**|client ip address|**REQUIRED**| | 5 |**\**|client description|| | 6 |**[-f]**,**[--force]**|service will restart after add\|del username|| Example usage: ```bash # create client config template sudo tee /etc/wireguard/client.conf.default > /dev/null <<'EOF' [Interface] Address = clientaddr/32 PrivateKey = clientprivkey DNS = 1.1.1.1,8.8.8.8 # edit this line! [Peer] PublicKey = serverpublkey AllowedIPs = 10.0.0.0/8,192.168.0.0/16 # edit this line! Endpoint = server.public.address:51820 # edit this line! PersistentKeepalive = 5 EOF ``` ```bash # download sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-client-management.sh -O /etc/wireguard/wg-client-management.sh sudo chmod +x /etc/wireguard/wg-client-management.sh # create log directory sudo mkdir /var/log/wireguard ``` ```bash # edit wg-client-management.conf sudo tee /etc/wireguard/wg-client-management.conf > /dev/null <<'EOF' # sendmail configuration from=user@host.zone pass=password dest=user@host.zone smtp=smtp.host.zone port=587 # telegram configuration API_KEY=YOURAPIKEY CHAT_ID=-100123456789 THRD_ID=123 EOF ``` ```bash # create link ln -s /etc/wireguard/wg-client-management.sh ./wg ``` ```bash # create client sudo ./wg wg0 add username address ``` ```bash # delete client and restart service sudo ./wg wg0 del username address -f ``` ```bash # check journal tail -f /var/log/wireguard/wg.log ``` ____ ## `wg-heavy@wg1`.service **Description:** > Launch Wireguard without creating route table. **Dependencies:** > > * privileged rights > * existing /etc/wireguard/wg1.conf Example usage: ```bash # download sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-heavy@wg1.service -O /etc/init.d/wg-heavy@wg1.service sudo chmod +x /etc/init.d/wg-heavy@wg1.service ``` ```bash # debian update init sudo update-rc.d wg-heavy@wg1.service defaults # rhel/alt update init sudo chkconfig --add wg-heavy@wg1.service ``` ```bash # start service sudo service wg-heavy@wg1 start sudo service wg-heavy@wg1 status ```