WireGuard admin interface UI that is actively maintained but also isn't cloud-based? (e.g., no Tailscale or Headscale or ZeroTier)

VPN
1

I’m looking for a self-hosted WireGuard VPN admin interface UI that is actively maintained but also is not cloud-based (e.g., no Tailscale or Headscale or ZeroTier). I’m talking about opening port 51820 in my firewall without some cloud-server brokering the connection.

Project Comments
GitHub - subspacecloud/subspace: A simple WireGuard VPN server GUI No longer maintained
GitHub - subspacecommunity/subspace: A fork of the simple WireGuard VPN server GUI community maintained No longer maintained
GitHub - perara/wg-manager: A easy to use WireGuard dashboard and management tool No longer maintained
GitHub - joseantmazonsb/linguard: A simple, yet powerful web GUI to manage your Wireguard server, powered by Flask. No longer maintained
GitHub - EmbarkStudios/wg-ui: WireGuard Web UI for self-serve client configurations, with optional auth. No longer maintained
GitHub - firezone/firezone: Enterprise-ready zero-trust access platform built on WireGuard®. New version 1.x doesn’t allow self-hosting
https://www.zerotier.com/ Requires a cloud-based server
https://www.twingate.com/ Requires a cloud-based server
https://www.bowtie.works/ Requires a cloud-based server
GitHub - slackhq/nebula: A scalable overlay networking tool with a focus on performance, simplicity and security Requires a cloud-based server
GitHub - tonarino/innernet: A private network system that uses WireGuard under the hood. Requires a cloud-based server
GitHub - netbirdio/netbird: Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls. Requires a cloud-based server
GitHub - gravitl/netmaker: Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks. Requires a cloud-based server
https://openziti.io/ Requires a cloud-based server

Based on what I’ve read, these are my best options:

2

I use wg-easy and didn’t have any issues so far.

3

I’m not sure if it’s still maintained but I think so, it is a docker called ngoduykhanh/wireguard-ui.

4

Headscale is not cloud based and can be self hosted.

5

For an access VPN deployment for my department, I’ve tested several variations of wireguard based VPN provisioning servers. My basic requirements were simple setup for end users, split tunnel, and LDAP user support (can be via proxy like oidc) with groups and/or ACLs

Tailscale - easy but not really self-hosted. Good off-the-shelf solution if you can pay for it

Headscale - self hosted but not really easy. The configuration required for clients is problematic and there is no official web UI

Pritunl - functional but very clunky. Had various issues with the client application failing to switch between openvpn and wireguard as well as authentication issues.

Nebula - fantastic system but the user management isn’t really there and it’s not “point and click” enough for some end users

NetBird - great UI and highly configurable, but poor error logging and some things intentionally difficult to set up to push people towards their cloud version

Firezone - 0.X was nice but not ready, and 1.X apparently won’t support self-hosting

Zerotier - good but had a few issues with its nat-punching. Not a bad option but also not wireguard

NetMaker - reasonably good product with easy user-facing support but lacking some client platforms and vital user/ACL features are paywalled

I never ended up putting any of them into production, NetBird came the closest but with some small test groups I had lots of complaints of very slow connections which seemed to be from a storming issue between endpoints on different subnets. Not particularly easy to diagnose and didn’t happen with a very similarly configured traditional VPN

Based on this thread, I will be checking out DefGuard as it looks quite polished and feature-rich, although it does seem fairly new and very much “in development”

6

Defguard is fully selfhosted

7

I use wg-easy and it’s great. It sounds like exactly what you want: open the port and connect your device, no third party servers involved.

8

Where did you get the info on the upcoming Firezone 1.x release not being self hostable? I haven’t seen anything to that effect in the roadmap

9

Btw: opnsense and pfsense have gui.

10

OpenZiti does not require a cloud-based server, it can be deployed fully behind your own FW, in fact, a large defence contractor uses it in an air-gapped network. It does not use Wireguard though.

11

I just put up a GitHub - donaldzou/WGDashboard: Simple dashboard for WireGuard VPN written in Python & Vue.js recently and it works pretty well.

12

Firezone 1.x will allow self hosting, but it will get tricky.

I really like Firezone 0.x and hope 1 will be just as nice

13

Another recommendation for wg-easy. It’s damn easy :smiling_face_with_sunglasses:

14

Pivpn has worked flawlessly for me at multiple sites over the space of 5 years. Simple but reliable setup procedure.

15

Netbird also doesn’t require a Cloud-Based Server you can fully self-host it last time i checked :smiley:

16

Anyone used this github.com/ngoduykhanh/wireguard-ui ?

19

I tried wg-easy, wgdashboard and wg-portal… all lack some critical feature for my usecase.
The best one I found to be is : https://github.com/NOXCIS/Wiregate which is based on wgdashboard but brings a lot more to the party.

20

I use ez-wireguard. Was easy to setup in a container. Put it behind a reverse proxy and that was it.