WireGuard Mesh Manager (wgmesh) is a robust tool for managing WireGuard mesh networks. It provides automatic peer configuration, real-time monitoring, and dynamic configuration updates through a YAML-based configuration system.
- 🔄 Dynamic Configuration: Hot-reload configuration changes without service restart
- 📊 Real-time Monitoring: Track peer status, connection health, and traffic statistics
- 🛡️ Graceful Error Handling: Continues operating in degraded state if some peers fail
- 🔒 Secure by Default: Proper key management and secure configuration handling
- 📝 Detailed Logging: Comprehensive logging of all network changes and events
- Linux system with WireGuard kernel module
- WireGuard tools package
- Proper permissions to configure network interfaces
-
Download the Latest Release: Visit the Releases page and download the appropriate RPM package for your system.
-
Install the RPM Package:
sudo rpm -i wgmesh-<version>.rpm
go install github.com/pilab-cloud/wgmesh/cmd/wgmesh@latestCreate a YAML configuration file at /etc/wgmesh/wgmesh.yaml:
network_name: wg0
listen_port: 51820
private_key: <your-private-key> # Base64-encoded WireGuard private key
peers:
- name: peer1
ip: 10.0.0.1/24
public_key: <peer1-public-key>
allowed_ips: ["10.0.0.0/24"]
endpoint: "peer1.example.com:51820"
persistent_keepalive: 25
nat: truenetwork_name: Name of the WireGuard interfacelisten_port: UDP port for WireGuard trafficprivate_key: Base64-encoded WireGuard private keymtu: Interface MTUdns: DNS serverstable: Routing table
name: Unique identifier for the peerip: IP address for this peer in the meshpublic_key: Peer's WireGuard public keyallowed_ips: List of allowed IP rangesendpoint: Optional endpoint address (hostname:port)persistent_keepalive: Keepalive interval in secondsnat: Enable NAT traversal features
-
Start the Service:
sudo systemctl start wgmesh
-
Enable Auto-start:
sudo systemctl enable wgmesh -
Check Status:
sudo systemctl status wgmesh
-
View Service Logs:
sudo journalctl -u wgmesh -f
-
Check Peer Status:
# View WireGuard interface status sudo wg show wg0 # View detailed peer statistics sudo wg show wg0 dump
Common issues and solutions:
-
Permission Denied:
# Ensure proper permissions sudo setcap cap_net_admin=+ep /usr/local/bin/wgmesh -
Configuration Errors:
# Validate configuration sudo wgmesh --validate-config -
Connection Issues:
# Check firewall rules sudo firewall-cmd --list-ports # Add WireGuard port if needed sudo firewall-cmd --add-port=51820/udp --permanent sudo firewall-cmd --reload
The service provides real-time monitoring through structured logging:
-
Peer Status:
- Connection state (up/down)
- Last handshake time
- Transfer statistics
- Latency metrics
-
Configuration Changes:
- Peer additions/removals
- Configuration updates
- Error states
-
Performance Metrics:
- Bandwidth usage
- Packet loss
- Handshake latency
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
# Install development dependencies
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
# Run tests
go test -v ./...
# Run linter
golangci-lint runThis project is licensed under the MIT License - see the LICENSE file for details.
- WireGuard Official Site
- Progressive Innovation LAB
- Documentation
- Issue Tracker
- GoReleaser
- fsnotify
- wgctrl
Sponsored with ❤️ by
We focus on reliability, quality, and value.
Pioneering the future, together
