[!NOTE] Moved to Gitlab Months Ago https://gitlab.com/Noxcis/Wiregate.

AmneziaWG 1.5 support is fully functional but is still in devlopement in flat-bridge builds.<hr>

[!NOTE] DOCKER INSTALL

DOCKER REPO WireGate Docker Repo

DEV (ONGING DEBUGING) (Has Bugs): noxcis/wiregate:acid-rain-beta-v0.4.2 docker image.

EDGE (ONGOING PROD TESTING) (Pre Release Images):noxcis/wiregate:jasper-beta docker image.

STABLE (PROD TESTED) (Stable Tested Images) : noxcis/wiregate:vidar docker image.

[!IMPORTANT] BARE METAL INSTALL

Pull the update staging branch and .... Supported Distros Ubuntu/Debian, Alpine, Fedora, Arch, SUSE, CentOS|RHEL Other Distros may be supported with manual build dependacy install.

#Install these packages before wiregate
wireguard-tools
amneziawg linux kernel module (amneziawg-go already installed)
iptables
tor
curl
ip6tables (Optional Per Disto)
tzdata
sudo

git clone -b update-staging https://github.com/NOXCIS/Wiregate.git
cd Wiregate/Src
sudo ./wiregate.sh metal_install &&
cd ../WireGate_Built
./wiregate.sh start

Dont Expose your Dashboard :).

<hr>

WireGate

Wiregate Supported architectures: x86-64 , arm64, armv7, armv6 Test OS: Ubuntu LTS | Debian 12 Test Device: Raspberry Pi 5 | Apple M2 | x86 CPUs Build: Daily UTC

Show your support
Give a ⭐ if this project helped you!

<img src="https://cdn.buymeacoffee.com/buttons/v2/default-orange.png" style="width: auto; height: 50px;" alt="Buy Me A Coffee">

Table of Contents

• About

• Infrastructure Map

• Screenshots

• Installation

  • Quick Install
  • Docker Compose
  • Docker Compose Standalone

• Additional Resourses

• Acknowledgements

• Contributing

• License

About

WireGate is a fully automated Docker Based Wireguard & AmneziaWG VPN Sever Deployment & Management Tool with and attachable intranet via docker private networks and support for Tor as an exit proxy.

It allows users to host web other applications on their existing server and be able to securely connect to said web applications without exposing them to the open internet. This is done by utilizing the WireGuard protocol in conjunction with Docker Networks and Containers. Hence applications hosted behind the WireGate private network need not expose any ports and can only be accessed via a WireGuard connection already registered to to an existing server interface on the deployed WireGate instance. Secure by Design, the WireGuard Dashboard & other services are only accessible on first deployment via the master configuration that is generated at install and encrypted after being outputted to the console. Wiregate also acts as a ISP DNS query logging bypass. Wiregate by default is configured to have minimal or no logging.

Default Zone Permissions

Wiregate is configured with 4 zones that peers can be added to. The zone a peer belongs to dictates the network access permissions of said peer.

| Zone | Internet Access | WireGuard Dashboard Access | Docker Network Access | Peer to Peer Access | |--|--|--|--|--| | Admin |✅| ✅ | ✅ | ✅ | | Members|✅|❌|✅|✅| | LAN Users|❌|❌|❌|✅| | Guest|✅|❌|❌|❌|

Infrastructure

Symbolic Network Map

Installation

To get started, run the installation script using the following command:

Via Quick Installer

[!NOTE] The quick installer only supports Debian based Distros but will run on anything that runs Docker. Its main purpose is to serve as an aid to less teachincal users. Advanced users are expected to use the docker compose directly after using the installer to deploy.

[!NOTE] Use the installer after running the quick installer to avoid recursive downloads. The -e flag isnt required you can just pass your enviornment witout the flag.

Running the command below installs prerequsites and runs the terminal based menu.

curl  -O  https://raw.githubusercontent.com/NOXCIS/Wiregate/main/stackscript.sh && \

sudo  chmod  +x  stackscript.sh && \

sudo  ./stackscript.sh

Example Usage: The last option must always be -e.

./stackscript.sh  -b  main -t  Tor-br-snow  -n  {CH},{GB} -e  E-P-D 

The available options are:

|Flag | Usage| Example | |--|--|--| |-b |for specifying a branch. | main or <branch-name-here> | |-e |for specifying Enviorment | E-A-D | |-t |for specifying Tor. | -t Tor-br-webtun |-n |Tor Proxy Exit Nodes | -n {us},{ch},{gb} |-l |Tor DNS Exit Nodess | -l {us},{ch},{gb} |-p |Wireguard Protocol Type | -p awg for Amnezia Wireguard or -p wg for Vannilla WireGuard| |-s |Deploy State | -s static or -s dynamic |-d |Docker In Docker | Dont Use In Prod, Dev Only. For more exit node options go to Tor Country codes list.

---

-e : Enviorment Install Options

|Option String | Details| |--|--| | E-A-D: | Express, AdGuard, Darkwire | E-A-C: |Express, AdGuard, Channels | E-P-D: |Express, Pihole, Darkwire | E-P-C: |Express, Pihole, Channels | A-A-D: |Advanced, AdGuard, Darkwire | A-A-C: |Advanced, AdGuard, Channels | A-P-D: |Advanced, Pihole, Darkwire | A-P-C: |Advanced, Pihole, Channels | dev :| Development Build | help:| Display help menu | reset:| Reset WireGate

---

-t: TOR Install Options

| Option String | Details| |--|--| | off: |Disable TOR | Tor-br-snow:| Use Tor with bridges (snowflake) | Tor-br-webtun:| Use Tor with bridges (webtunnel) | Tor-br-obfs4:| Use Tor with bridges (obfs4) | Tor-snow:| Use Tor without bridges (snowflake) | Tor-webtun:| Use Tor without bridges (webtunnel) | Tor-obfs4: | `Use Tor with