A simple script to install Wireguard and Wireguard-ui

🇫🇷 French version

• Automate minimal installation of Wirguard and Wireguard-ui
• Make wireguard-ui as service
• Setup quite strict firewall (Optional)
  • Default policy => DROP
  • Allow loopback ipv4 & ipv6
  • Allow Outgoing SSH, HTTPs, HTTP, DNS, Ping
  • Allow Ingoing SSH, Wireguard ($wg_port)
  • Allow everything needed by wireguard
• Save iptables rules in /etc/iptables/
  • Load them at boot via /etc/network/if-up.d/iptables
  • Backup actual rules in /etc/iptables/rules.v[4-6].bak

• Be sure that the server is fully up to date.
• If the server is doing something else, please at the question "Set the strict firewall" select n

bash <(curl -s https://gitlab.com/snax44/wireguard-ui-setup/-/raw/master/install.sh)

Just answer 6 questions and take a coffee.

Open a new ssh connection with port forwarding:
In command line:

ssh -L 5000:localhost:5000 user@vpn_server_ip

or directly in your SSH config file:

Host myserver
	hostname myserver.domain.tld
	IdentityFile ~/.ssh/myprivatekey
	user myuser
	LocalForward 5000 localhost:5000

Browse to Wireguard UI:

Browse http://localhost:5000
(username/password = admin)

💡 Default password can be changed in /opt/wgui/db/server/users.json

Please check that linux-headers-$(uname -r) was installed propely.

• Debian Buster
• Debian Bulseye
• Ubuntu 20.04
• Ubuntu 20.10

• Wireguard:
  • https://www.wireguard.com
  • https://github.com/WireGuard
• Wireguard-ui:
  • https://github.com/ngoduykhanh/wireguard-ui