Skip to content

AdrianVollmer/wgcli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src/wgcli
src/wgcli
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.python-version
.python-version
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

wgcli

A command-line interface for managing WireGuard configuration files using the wgconfig library.

Installation

uv tool install .

Or run directly with:

uv run wgcli --help

Usage

wgcli [OPTIONS] COMMAND [ARGS]...

Commands:
  attr       Manage attributes in a WireGuard config file
  init       Initialize a new WireGuard config file
  interface  Show interface configuration from a WireGuard config file
  peer       Manage peers in a WireGuard config file

Shell Completion

wgcli supports shell completion for bash, zsh, and fish. The completion provides:

  • Config file paths from /etc/wireguard/
  • Peer public keys from the specified config file

To enable completion:

Bash:

_WGCLI_COMPLETE=bash_source wgcli > ~/.wgcli-complete.bash
echo ". ~/.wgcli-complete.bash" >> ~/.bashrc

Zsh:

_WGCLI_COMPLETE=zsh_source wgcli > ~/.wgcli-complete.zsh
echo ". ~/.wgcli-complete.zsh" >> ~/.zshrc

Fish:

_WGCLI_COMPLETE=fish_source wgcli > ~/.config/fish/completions/wgcli.fish

Common Workflows

1. Initialize a new WireGuard config

# Create a new config file
wgcli init wg0.conf

# Create with a comment
wgcli init wg0.conf --comment "Server configuration"

2. Add interface configuration

# Add interface attributes
wgcli attr add wg0.conf Address 10.0.0.1/24
wgcli attr add wg0.conf ListenPort 51820
wgcli attr add wg0.conf PrivateKey "your_private_key_here"

3. Add a peer

# Add a new peer
wgcli peer add wg0.conf "client_public_key_here"

# Add a peer with a comment
wgcli peer add wg0.conf "client_public_key_here" --comment "John's laptop"

# Add peer attributes
wgcli attr add wg0.conf AllowedIPs 10.0.0.2/32 --peer "client_public_key_here"
wgcli attr add wg0.conf Endpoint 192.168.1.100:51820 --peer "client_public_key_here"

4. View configuration

# List all peers
wgcli peer list wg0.conf

# List all peers including disabled ones
wgcli peer list wg0.conf --include-disabled

# List peers with verbose details (includes internal metadata)
wgcli peer list wg0.conf -v

# Show a specific peer
wgcli peer show wg0.conf "client_public_key_here"

# Show interface configuration
wgcli interface wg0.conf

# Show interface with verbose details
wgcli interface wg0.conf -v

5. Manage peers

# Disable a peer (comments out the peer section)
wgcli peer disable wg0.conf "client_public_key_here"

# Enable a peer
wgcli peer enable wg0.conf "client_public_key_here"

# Remove a peer completely
wgcli peer remove wg0.conf "client_public_key_here"

6. Manage attributes

# Remove a specific attribute value
wgcli attr remove wg0.conf DNS --value 1.1.1.1

# Remove all values of an attribute
wgcli attr remove wg0.conf DNS

# Remove an attribute from a peer
wgcli attr remove wg0.conf Endpoint --peer "client_public_key_here"

7. Complete example: Server setup

# Initialize server config
wgcli init /etc/wireguard/wg0.conf --comment "VPN Server"

# Configure interface
wgcli attr add /etc/wireguard/wg0.conf Address 10.0.0.1/24
wgcli attr add /etc/wireguard/wg0.conf ListenPort 51820
wgcli attr add /etc/wireguard/wg0.conf PrivateKey "$(wg genkey)"
wgcli attr add /etc/wireguard/wg0.conf PostUp "iptables -A FORWARD -i wg0 -j ACCEPT"
wgcli attr add /etc/wireguard/wg0.conf PostDown "iptables -D FORWARD -i wg0 -j ACCEPT"

# Add first client
CLIENT_PUBKEY="$(wg pubkey < client_private.key)"
wgcli peer add /etc/wireguard/wg0.conf "$CLIENT_PUBKEY" --comment "Client 1"
wgcli attr add /etc/wireguard/wg0.conf AllowedIPs 10.0.0.2/32 --peer "$CLIENT_PUBKEY"

# View the configuration
wgcli peer list /etc/wireguard/wg0.conf
wgcli interface /etc/wireguard/wg0.conf

8. Complete example: Client setup

# Initialize client config
wgcli init wg0-client.conf --comment "VPN Client"

# Configure interface
wgcli attr add wg0-client.conf Address 10.0.0.2/32
wgcli attr add wg0-client.conf PrivateKey "$(wg genkey)"
wgcli attr add wg0-client.conf DNS 1.1.1.1

# Add server as peer
SERVER_PUBKEY="your_server_public_key_here"
wgcli peer add wg0-client.conf "$SERVER_PUBKEY" --comment "VPN Server"
wgcli attr add wg0-client.conf AllowedIPs 0.0.0.0/0 --peer "$SERVER_PUBKEY"
wgcli attr add wg0-client.conf Endpoint vpn.example.com:51820 --peer "$SERVER_PUBKEY"
wgcli attr add wg0-client.conf PersistentKeepalive 25 --peer "$SERVER_PUBKEY"

# View the configuration
wgcli interface wg0-client.conf
wgcli peer show wg0-client.conf "$SERVER_PUBKEY"

Tips

  • The wgconfig library automatically handles the special file name format. You can use:

    • wg0 -> resolves to /etc/wireguard/wg0.conf
    • wg0.conf -> resolves to /etc/wireguard/wg0.conf
    • Or use any custom path

  • Use --peer option with attr commands to target specific peers instead of the interface

  • Disabled peers remain in the config file but are commented out with #!. This allows you to temporarily disable peers without losing their configuration

  • Use peer list to view all peers in a config file, peer show to view a specific peer, and interface to view interface configuration

License

See LICENSE file for details.

About

A command-line interface for managing WireGuard configuration files using the `wgconfig` library.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages