Skip to content
/ jwg Public

Lightweight CLI manager for WireGuard & AmneziaWG. Single binary that automates networking, firewall (nftables/UFW), and peer management.

5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Jipok/jwg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
amneziawg-go
amneziawg-go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

JWG

The lightweight CLI manager for WireGuard and AmneziaWG.

Most WireGuard tools fall into two extremes: manual config editing or heavy web UIs that require Docker, PostgreSQL, and a browser.

jwg is a single-binary CLI that handles the entire lifecycle of your VPN server: networking, keys, firewall rules, and peer management automatically. It doesn't need a database server or a web panel—it just works.

Crucially, it is compatible with AmneziaWG-go.

✨ Why jwg?

  • 👻 AmneziaWG Ready: Designed to work seamlessly with amneziawg-go and wireguard-go interfaces, not just kernel modules.
  • 🚫 No Web UI Needed: Forget about docker-compose, databases, or opening HTTP ports.
  • 🔋 Battery Included: Handles NAT, Packet Forwarding, and Firewall (nftables & UFW) automatically. You don't need to be a Linux network engineer to set this up.
  • 📱 QR Codes in Terminal: Generate configs and display QR codes directly in the console.
  • 📂 Embedded Database: Stores peers in a jwg.db file. Zero external dependencies.

🚀 Quick Start

1. Start the Interface

jwg manages the configuration logic, but you need to keep the interface process running.

Recommended: AmneziaWG

wget https://raw.githubusercontent.com/Jipok/jwg/refs/heads/master/amneziawg-go
chmod +x amneziawg-go
./amneziawg-go wg0

Or: Standard Kernel WireGuard

ip link add dev wg0 type wireguard

2. Initialize Server

Run jwg for the first time. It will auto-detect your Public IP and apply necessary firewall rules.

wget https://github.com/Jipok/jwg/releases/latest/download/jwg
chmod +x jwg
./jwg

3. Add a Client

Add a new peer. jwg will find the next available IP, generate keys, and sync the interface.

./jwg -add phone

The output matches the standard client config format and includes a QR code.

📖 Command Reference

Managing Peers

Command Description
jwg -add <name> Add a new peer. Auto-assigns IP.
jwg -add <name> -ip 10.8.0.5/32 Add a peer with a specific internal IP.
jwg -del <name> Delete a peer.
jwg -show <name> Display config and QR code for an existing peer.
jwg Show server status, used IPs, and connected peers.

Configuration & Storage

Flags override default settings and persist in the database.

Database Location: jwg first checks for ./jwg.db. If not found, it defaults to /var/lib/jwg/jwg.db. You can specify a custom path manually:

jwg -db /etc/wireguard/my_vpn.db

Network Settings:

# Set custom listen port
jwg -port 51820

# Set custom DNS for clients
jwg -dns "1.1.1.1, 8.8.8.8"

# Force a specific endpoint (e.g. behind NAT/Cloudflare)
jwg -endpoint "vpn.my-server.com:51820"

# Change internal subnet
jwg -subnet "192.168.100.1/24"

🔥 Firewall & Networking

jwg is opinionated about networking to save you time:

  1. Forwarding: It enables kernel IP forwarding.
  2. NAT: It creates a dedicated jwg_nat table in nftables to masquerade traffic (allow peers to access the internet).
  3. UFW Support: If UFW is active, jwg automatically adds generic allows and route rules to prevent silent packet drops.

About

Lightweight CLI manager for WireGuard & AmneziaWG. Single binary that automates networking, firewall (nftables/UFW), and peer management.

Topics

go cli wireguard wireguard-configuration amneziawg

Resources

Readme
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 6

1.4.0 Latest
Dec 23, 2025
+ 5 releases

Languages