README
WireGuard Portal v2

Introduction
WireGuard Portal is a simple, web-based configuration portal for WireGuard server management.
The portal uses the WireGuard wgctrl library to manage existing VPN
interfaces. This allows for the seamless activation or deactivation of new users without disturbing existing VPN
connections.
The configuration portal supports using a database (SQLite, MySQL, MsSQL, or Postgres), OAuth or LDAP
(Active Directory or OpenLDAP) as a user source for authentication and profile data.
Features
- Self-hosted - the whole application is a single binary
- Responsive multi-language web UI with dark-mode written in Vue.js
- Automatically selects IP from the network pool assigned to the client
- QR-Code for convenient mobile client configuration
- Sends email to the client with QR-code and client config
- Enable / Disable clients seamlessly
- Generation of wg-quick configuration file (
wgX.conf) if required
- User authentication (database, OAuth, or LDAP), Passkey support
- IPv6 ready
- Docker ready
- Can be used with existing WireGuard setups
- Support for multiple WireGuard interfaces
- Supports multiple WireGuard backends (wgctrl, MikroTik, or pfSense)
- Peer Expiry Feature
- Handles route and DNS settings like wg-quick does
- Exposes Prometheus metrics for monitoring and alerting
- REST API for management and client deployment
- Webhook for custom actions on peer, interface, or user updates

Documentation
For the complete documentation visit wgportal.org.
What is out of scope
- Automatic generation or application of any
iptables or nftables rules.
- Support for operating systems other than linux.
- Automatic import of private keys of an existing WireGuard setup.
Application stack
License
Contributors and Sponsors
Thanks so much for all your contributions! They’re truly appreciated and help keep WireGuard Portal moving ahead.
Want to support the project? You can buy me a coffee or join as a contributor - every bit of support helps!
Become a sponsor!
[!IMPORTANT]
Since the project was accepted by the Docker-Sponsored Open Source Program, the Docker image location has moved to wgportal/wg-portal.
Please update the Docker image from h44z/wg-portal to wgportal/wg-portal.
Extension points exported contracts — how you extend this code
InterfaceDatabaseRepo (Interface)
(no doc) [7 implementers]
internal/app/users/user_manager.go
InterfaceController (Interface)
(no doc) [4 implementers]
internal/domain/interface_controller.go
NetlinkClient (Interface)
A NetlinkClient is a type which can control a netlink device. [1 implementers]
internal/adapters/wgcontroller/local.go
NetlinkClient (Interface)
A NetlinkClient is a type which can control a netlink device. [1 implementers]
internal/lowlevel/netlink.go
WebsocketPeerService (Interface)
(no doc) [6 implementers]
internal/app/api/v0/handlers/endpoint_websocket.go
WgCtrlRepo (Interface)
region dependencies WgCtrlRepo is used to control local WireGuard devices via the wgctrl-go library.
internal/adapters/wgcontroller/local.go
WireGuardClient (Interface)
A WireGuardClient is a type which can control a WireGuard device.
internal/lowlevel/wgctrl.go
Handler (Interface)
(no doc) [13 implementers]
internal/app/api/v0/handlers/base.go
Core symbols most depended-on inside this repo
Errorf
called by 762
internal/app/api/core/middleware/recovery/middleware.go
push
called by 600
internal/app/api/core/assets/js/rapidoc-min.js
get
called by 443
internal/app/api/core/assets/js/rapidoc-min.js
set
called by 417
internal/app/api/core/assets/js/rapidoc-min.js
J
called by 407
internal/app/api/core/assets/js/rapidoc-min.js
default
called by 288
internal/app/api/core/assets/js/rapidoc-min.js
JSON
called by 268
internal/app/api/core/respond/basic.go
includes
called by 240
internal/app/api/core/assets/js/rapidoc-min.js
Shape
Method
2,049
Function
1,482
Class
413
Struct
196
Interface
84
TypeAlias
23
FuncType
9
Languages
TypeScript54%
Go46%
Modules by API surface
internal/app/api/core/assets/js/rapidoc-min.js1,967 symbols
internal/app/api/core/assets/js/jquery.min.js83 symbols
internal/adapters/wgcontroller/local.go60 symbols
internal/adapters/database.go55 symbols
internal/app/api/core/assets/js/bootstrap.bundle.min.js54 symbols
internal/app/auth/auth.go44 symbols
internal/lowlevel/netlink.go38 symbols
internal/app/users/user_manager.go37 symbols
internal/app/api/core/assets/js/popper.min.js37 symbols
internal/app/api/v0/handlers/endpoint_authentication.go36 symbols
internal/app/wireguard/wireguard.go35 symbols
internal/app/api/v0/handlers/endpoint_users.go34 symbols
Dependencies from manifests, versioned
filippo.io/edwards25519v1.2.0 · 1×
github.com/Azure/go-ntlmsspv0.1.1 · 1×
github.com/KyleBanks/depthv1.2.1 · 1×
github.com/a8m/envsubstv1.4.3 · 1×
github.com/alexedwards/scs/v2v2.9.0 · 1×
github.com/beorn7/perksv1.0.1 · 1×
github.com/cespare/xxhash/v2v2.3.0 · 1×
github.com/coreos/go-oidc/v3v3.18.0 · 1×
github.com/davecgh/go-spewv1.1.1 · 1×
github.com/dustin/go-humanizev1.0.1 · 1×
github.com/fxamacker/cbor/v2v2.9.2 · 1×
github.com/gabriel-vasile/mimetypev1.4.13 · 1×