• Stars
    star
    919
  • Rank 49,718 (Top 1.0 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created about 6 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

WireGuard full mesh configuration generator.

wg-meshconf

wg-meshconf is a tool that will help you to generate peer configuration files for WireGuard mesh networks. You can easily and quickly create WireGuard mesh networks using this tool.

Installation (PyPI)

This is the recommended way to install wg-meshconf for regular users. This installation method installs the newest release version of wg-meshconf and all of the required dependencies from PyPI.

# installing the program with pip
# note that Pip for Python3 might be named "pip3" on some systems
pip install --user -U wg-meshconf

# running the program
wg-meshconf showpeers

You may now run the program by executing the wg-meshconf command.

Installation (GitHub)

Alternatively, if you would like to install the program directly from source code, you can follow the steps below. If you would like to install directly from the Git repository:

# install the HEAD (latest) commit
pip install 'wg-meshconf@git+https://github.com/k4yt3x/wg-meshconf.git'

# install from a specific tag or commit
pip install 'wg-meshconf@git+https://github.com/k4yt3x/[email protected]'
pip install 'wg-meshconf@git+https://github.com/k4yt3x/wg-meshconf.git@aa16407'

You can also clone it and install it locally.

# cloning the repository with git
git clone https://github.com/k4yt3x/wg-meshconf.git

# enter the directory
cd wg-meshconf

# install the program with Pip
# Pip and PDM will take care of dependency installation
pip install -U .

Learn by an Example

Usages are dull and boring. Let's see a real-life example of how this tool can be used. This section will demonstrate how to create a simple mesh network with four nodes using wg-meshconf.

For this example, suppose you have four servers as shown below. These servers can reach each other via the Endpoint address. For instance, server tokyo1 can ping server shanghai1 with the address shanghai1.com.

image

Step 1: Add Basic Peer Information

You will first need to add the peers' information into the database. There are two ways to do it: via Excel and via the command line interface.

Method A: With Excel

wg-meshconf has changed its database format from JSON to CSV and added the init command since version 2.4.0. This means that it is now possible for users to directly edit the database file with Excel or other CSV-compatible editors to create/read/update/delete peer information.

(P.S. I thought about making a fancy GUI for wg-meshconf like the other tools, but then I thought, why do it the complex way when you can simply "borrow" Excel's GUI?)

Run the following command to initialize a new database file. By default, the database file is named database.csv. You can also specify the file's name via -d.

wg-meshconf init

Open the database CSV file with an editor like Excel or LibreOffice Calc. You should see the following column headers.

image

You can then fill in the peers' information. You will need to fill in at least the peers' Name, Address, and Endpoint values. These values cannot be automatically generated.

image

Once you're done, save the file and execute the init command again to automatically generate the rest of the needed information such as peer private keys.

wg-meshconf init

If you check the file again, you'll see the necessary fields getting automatically filed in.

image

Method B: With Terminal

If, for some reason, you don't want to edit the database file directly, you can also use this tool purely through its command line interface.

First we need to add all peers in the mesh network into the database. The basic syntax for adding new peers is:

wg-meshconf addpeer NAME --address IP_ADDRESS --address IP_ADDRESS_2 --endpoint ENDPOINT
  • New private key will be generated automatically if unspecified
  • ListenPort defaults to 51820 per WireGuard standard
  • All other values are left empty by default

There are more options which you can specify. Use the command wg-meshconf addpeer -h for more details.

After adding all the peers into the database, you can verify that they have all been added correctly via the wg-meshconf showpeers command. The simplify switch here omits all columns with only Nones.

image

Step 2: Export Configuration Files

Use the genconfig command to generate configuration files for all peers. You may also export configurations for only one peer by specifying the peer's name.

The configuration files will be named after the peers' names. By default, all configuration files are exported into a subdirectory named output. You can change this by specifying output directory using the -o or the --output option.

image

Step 3: Copy Configuration Files to Peers

Copy each of the configuration files to the corresponding peers.

image

Step 4: Start WireGuard Services

Start up the WireGuard interfaces using the wg-quick command. It is also possible to control WireGuard interfaces via WireGuard's wg-quick@ systemd service. WireGuard status can be verified via the wg command after WireGuard interfaces are set up.

image

Step 5: Verify Connectivity

Verify that all endpoints have been configured properly and can connect to each other.

image

Done. Now a mesh network has been created between the four servers.

Updating Peer Information

If you would like to update a peer's information, use the updatepeer command. The syntax of updatepeer is the same as that of the addpeer command. Instead of adding a new peer, this command overwrites values in existing entries.

In the example below, suppose you would like to update tokyo1's endpoint address and change it to tokyo321.com. Use the updatepeer command and specify the new endpoint to be tokyo321.com. This will overwrite tokyo1's existing Endpoint value.

image

Show Peer Information

The showpeers command prints all peers' information by default.

image

Now that's a lot of info and a lot of unnecessary columns which only have Nones. Therefore, I added the -s/--simplify command which omits those useless columns.

image

You may also query information about a specific peer.

image

Plaintext mode has a similar usage. It's just a bit harder to read, at least for me.

image

Deleting Peers

Use the delpeer command to delete peers. The syntax is delpeer PEER_NAME.

This example below shows how to delete the peer tokyo1 from the database.

image

Database Files

Unlike 1.x.x versions of wg-meshconf, version 2.0.0 does not require the user to save or load profiles. Instead, all add peer, update peer and delete peer operations are file operations. The changes will be saved to the database file immediately. The database file to use can be specified via the -d or the --database option. If no database file is specified, database.csv will be used.

Database files are essentially just CSV files (it was JSON before version 2.4.0). Below is an example.

"Name","Address","Endpoint","AllowedIPs","ListenPort","PersistentKeepalive","FwMark","PrivateKey","DNS","MTU","Table","PreUp","PostUp","PreDown","PostDown","SaveConfig"
"tokyo1","10.1.0.1/16","tokyo1.com","","51820","","","yJndNh80ToNWGOfDlbtho1wHAEZGa7ZhNpsHf7AJVUM=","","","","","","","",""
"germany1","10.2.0.1/16","germany1.com","","51820","","","SEOaOjTrhR4do1iUrTTRRHZs6xCA3Q/H0yHW3ZpkHko=","","","","","","","",""
"canada1","10.3.0.1/16","canada1.com","","51820","","","2D34jpbTsU+KeBqfItTEbL5m7nYcBomWWJGTYCT6eko=","","","","","","","",""
"shanghai1","10.4.0.1/16","shanghai1.com","","51820","","","CGyR7goj/uGH3TQHgVknpb9ZBR+/yMfkve+kVNGBYlg=","","","","","","","",""

Detailed Usages

You may refer to the program's help page for usages. Use the -h switch or the --help switch to print the help page.

$ wg-meshconf -h
usage: wg-meshconf [-h] [-d DATABASE] {addpeer,updatepeer,delpeer,showpeers,genconfig} ...

positional arguments:
  {addpeer,updatepeer,delpeer,showpeers,genconfig}

optional arguments:
  -h, --help            show this help message and exit
  -d DATABASE, --database DATABASE
                        path where the database file is stored (default: database.json)

Specify -h or --help after a command to see this command's usages.

$ wg-meshconf addpeer -h
usage: wg-meshconf addpeer [-h] --address ADDRESS [--endpoint ENDPOINT] [--privatekey PRIVATEKEY] [--listenport LISTENPORT] [--fwmark FWMARK] [--dns DNS] [--mtu MTU] [--table TABLE] [--preup PREUP] [--postup POSTUP] [--predown PREDOWN] [--postdown POSTDOWN] [--saveconfig] name

positional arguments:
  name                  Name used to identify this node

optional arguments:
  -h, --help            show this help message and exit
  --address ADDRESS     address of the server
  --endpoint ENDPOINT   peer's public endpoint address
  --privatekey PRIVATEKEY
                        private key of server interface
  --listenport LISTENPORT
                        port to listen on
  --fwmark FWMARK       fwmark for outgoing packets
  --dns DNS             server interface DNS servers
  --mtu MTU             server interface MTU
  --table TABLE         server routing table
  --preup PREUP         command to run before interface is up
  --postup POSTUP       command to run after interface is up
  --predown PREDOWN     command to run before interface is down
  --postdown POSTDOWN   command to run after interface is down
  --saveconfig          save server interface to config upon shutdown

License

This project is licensed under the GNU General Public License Version 3 (GNU GPL v3)
Copyright (c) 2018-2023 K4YT3X and contributors.

GPLv3 Icon

This project includes or dependson the following software and projects:

Project License
Rich MIT License
WireGuard MIT License
cryptography BSD License

Related Project: wg-dynamic

wg-dynamic is a tool designed officially by the WireGuard developing team. This new utility will provide a convenient way of configuring networks dynamically, where mesh network being one of the them. If you're interested, check it out at wg-dynamic@github or wg-dynamic@official repository. You might also want to read this project's idea page.

This section used to be on the top of the page, but has been moved since there has been no new commits observed in this project since 2019.

More Repositories

1

video2x

A lossless video/GIF/image upscaler achieved with waifu2x, Anime4K, SRMD and RealSR. Started in Hack the Valley II, 2018.
Python
9,433
star
2

orbitaldump

A simple multi-threaded distributed SSH brute-forcing tool written in Python
Python
446
star
3

sysctl

K4YT3X's Hardened sysctl Configuration
191
star
4

sshd_config

K4YT3X's Hardened OpenSSH Server Configuration
117
star
5

scutum

Linux Automatic ARP (TCP / UDP / ICMP) Firewall
Python
79
star
6

flowerhd

花!是一个高清重制机上些许衍生创作的表情包
76
star
7

konadl

Multithreaded Konachan / Yandere (moebooru based site) Image Bulk Downloader | 多线程K站Y站下载器
Python
64
star
8

defense-matrix

Express security essentials deployment for Linux Servers
Python
58
star
9

warplus

An automatic multi-threaded WARP+ quota acquirement tool written in Python 3
Python
32
star
10

rustyping

A prettier lightweight colored ping utility written in Rust
Rust
29
star
11

konachan-popular-rust

A candidate backend for the Telegram channel @KonachanPopular
Rust
24
star
12

cfddns

systemd-daemonized Cloudflare DDNS service
Python
18
star
13

burpsuite

Make Burp Suite run in containers and even minikube
Dockerfile
16
star
14

iss-pointer

A simple machine that points to the ISS
Python
15
star
15

network-security-checklist

A checklist for defending private or corporate networks.
15
star
16

akasio-go

Akasio is a simple HTTP server that redirects traffic based on a JSON redirect table.
Go
13
star
17

syskey

Motorola system key generation utility
Rust
13
star
18

zero-width-text-scrambler

一个在字符串中随机加入随机数量零宽字符的混淆器。
Python
12
star
19

linum

Linum is yet another Linux enumeration script written in shell script.
Shell
12
star
20

drat

A simple RAT written in Python that communicates with the C&C server over DNS requests.
Python
12
star
21

mute

MUTE (WxKill) is an Python Application that kills wifi signals
Python
11
star
22

infotr

A traceroute tool that also displays IP information
Python
11
star
23

avalon-framework

A framework to print messages and get user input easily in Python 3
Python
11
star
24

ssh_config

K4YT3X's Hardened OpenSSH Client Configuration
9
star
25

ffmpeg-concat

A script to help concatenating video files using FFmpeg.
Python
8
star
26

nftables

K4YT3X's template nftables script.
8
star
27

rnnoise-pulseaudio-control

RNNoise installation and control script for PulseAudio on Linux
Python
6
star
28

pixivdaily-rust

Source code for the Telegram channel @pixiv_daily
Rust
6
star
29

akasio-rust

Akasio is a simple HTTP server that redirects traffic based on a JSON redirect table. This is its Rust implementation.
Rust
5
star
30

phoenix

An exploitation framework written for curious reasons
Python
5
star
31

kpm

KPM lets systems with APT upgrade automatically
Python
5
star
32

wordle-solver

A small script to help me solve Wordle
Python
4
star
33

black-industrial-chain-emulator

BLCE is a game for people who are new or interested in cyber security.
JavaScript
4
star
34

ezsoftether

Python script to manage softether client for linux
Python
4
star
35

shadowagent

A commandline tool for configuring shadowsocks easily on Linux
Python
4
star
36

sds-submaker

Uniden SDS100/SDS200 recording metadata subtitle generator
Python
4
star
37

video2x-qt6

A GUI for Video2X written in Python with Qt 6
Python
4
star
38

pwtgbot

PwnWiki Telegram database searching bot
Python
4
star
39

anyradius

Freeradius MySQL Account Controller
Python
3
star
40

ayu-vim-darker

A darker version of the modern theme for modern VIMs
Vim Script
3
star
41

multihasher

Python
2
star
42

entro

ENTRO is an Active SSH Defense System
Python
2
star
43

mbr-translator

A Python script that translates MBR partition records into human-readable information
Python
2
star
44

avant

AvAnt is light-weight network utility tool with many useful functions and features.
Python
2
star
45

rich-help-formatter

2
star
46

txt2epub

A simple tool for converting TXT books into ePub
Python
2
star
47

esimportndjson

A simple script to help importing NDJSON files into Elasticsearch.
Python
2
star
48

shadowgate

A mechanism that blocks non-authenticated traffic to avoid probing
Python
2
star
49

symchat

A secure, symmetrically encrypted chat app built in Rust.
Rust
2
star
50

easy-mute

Easily switch between muted and unmuted profiles, for pulseaudio
Python
1
star
51

ejabberd-radius-auth

ejabberd RADIUS authentication script
Python
1
star
52

write-memory

Write configurations in Linux kernel to persistent configuration file.
Python
1
star
53

konachan-popular-python

Backend for the Telegram channel @KonachanPopular
Python
1
star
54

trojan-cli

Python
1
star
55

wifi-keygen

A utility that generates a long, complex and secure wifi password.
Python
1
star
56

kardinal

A Linux Server Command & Control Server
Python
1
star
57

rs2

Linux Terminal Extender
Python
1
star
58

simple-http-server

A minimal distroless container image for TheWaWaR/simple-http-server
Dockerfile
1
star
59

russian-roulette

The Russian Roulette game for Linux Users / Server Admins
Python
1
star
60

pixivdaily-python

Legacy source code for the Telegram channel @pixiv_daily
Python
1
star
61

wicd-mac-randomizer

A script to randomize WICD interface MACs
Python
1
star