wg-api is an API endpoint for a Wireguard® VPN server. It allows you to make HTTP GET requests with JSON responses, enabling you to create & revoke peers (eg. clients), access QR/plaintext/JSON config files and receive realtime server info.
It also currently includes an installer script to configure your Wireguard® interface correctly as per wg-api's construction.
It's still a baby project but I plan on building it out into a full-featured RESTful API for this amazing VPN software. I would NOT use this in production for awhile. It is a very insecure endpoint that could and most likely will give an attacker access to your user's keys and full control over your system. The only thing securing it currently is an IP-based whitelist in config.json
. Seriously, don't even think about exposing this as a public IP and/or port.
Use a fresh Ubuntu 18.* install with up-to-date apt dependencies, with Node and NPM installed and Wireguard uninstalled.
apt-get install nodejs npm -y
git clone https://github.com/alectrocute/wg-api
cd wg-api
npm install fastify fastify-static chalk ini
cd ./scripts/bash
./installer.sh
Take time to configure the options in /wg-api/scripts/data/wg.def
and /wg-api/config.json
.
Then get your Wireguard® server up and running:
cd ./wg-api/scripts/bash
./wg.sh -i
node server.js
Will return a JSON object of all Wireguard® interface stats:
{
"wg0": {
"privateKey": "[hidden]",
"publicKey": "dutH7c8K2VX4OcQ1c/rvIAAFJBRcf2a9ieVmq2GI4UA=",
"listenPort": 27953,
"peers": {
"EobS6jP7+b4jqI1o97PAjp8rhLBpmD9hSbcnhLRqcTQ=": {
"endpoint": "12.34.45.545:21807",
"latestHandshake": "Nov 5, 2019 3:23:3 UTC",
"transferRx": "3.034 MB",
"transferTx": "21.65 MB",
"allowedIps": [
"10.9.0.6/32"
]
}
}
}
}
Will generate a new peer, assign IP, etc. based on customized template and return JSON of their details:
{
"code": 200,
"profile": {
"Interface": {
"Address": "10.9.0.7/24",
"PrivateKey": "eOksCc/sE+MYmHBlXc9t4ZPpIdBcB94Bgbip12gbEVI=",
"DNS": "1.1.1.1, 1.0.0.1"
},
"Peer": {
"PublicKey": "dutH7c8K2VX4OcQ1c/rvIAAFJBRcf2a9ieVmq2GI4UA=",
"AllowedIPs": "0.0.0.0/0, ::/0",
"Endpoint": "45.76.174.177:27953",
"PersistentKeepalive": "25"
},
"qr": "/peer/qr/alec2"
}
}
Will revoke a peer, remove all associated files, reload the interface and return a basic message:
{
"code": 200,
"profile": "Revoked"
}
Will return a PNG image of a Wireguard® peer's QR code.
Will return a JSON object of a Wireguard® peer's stats:
{
"code": 200,
"profile": {
"Interface": {
"Address": "10.9.0.6/24",
"PrivateKey": "8PZh0lf2lZ0CB8i585ei2ZYcCBruZGKubiRgt+b3NGA=",
"DNS": "1.1.1.1, 1.0.0.1"
},
"Peer": {
"PublicKey": "dutH7c8K2VX4OcQ1c/rvIAAFJBRcf2a9ieVmq2GI4UA=",
"AllowedIPs": "0.0.0.0/0, ::/0",
"Endpoint": "12.34.56.343:27953",
"PersistentKeepalive": "25"
},
"qr": "/peer/qr/alec"
}
}
Will return a INI-formatted plaintext document of a Wireguard® peer's configuration file:
[Interface]
Address = 10.9.0.6/24
PrivateKey = PZh0lf2lZ0CB8i585ei2ZYcCBruZGKubiRgt+b3NGA=
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = dutH7c8K2VX4OcQ1c/rvIAAFJBRcf2a9ieVmq2GI4UA=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 12.34.56.343:27953
PersistentKeepalive = 25
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.