Wiretrustee is an open-source VPN platform built on top of WireGuard making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, vpn gateways, and so forth.
There is no centralized VPN server with Wiretrustee - your computers, devices, machines, and servers connect to each other directly over a fast encrypted tunnel.
Wiretrustee automates Wireguard-based networks, offering a management layer with:
main branch may be in an unstable or even broken state during development. For stable versions, see releases.
Hosted demo version: https://app.wiretrustee.com/.
sudo apt-get update sudo apt-get install ca-certificates curl gnupg -y curl -L https://pkgs.wiretrustee.com/debian/public.key | sudo apt-key add - echo 'deb https://pkgs.wiretrustee.com/debian stable main' | sudo tee /etc/apt/sources.list.d/wiretrustee.list
sudo apt-get update sudo apt-get install wiretrustee
cat <<EOF | sudo tee /etc/yum.repos.d/wiretrustee.repo [Wiretrustee] name=Wiretrustee baseurl=https://pkgs.wiretrustee.com/yum/ enabled=1 gpgcheck=0 gpgkey=https://pkgs.wiretrustee.com/yum/repodata/repomd.xml.key repo_gpgcheck=1 EOF
sudo yum install wiretrustee
brew install wiretrustee/client/wiretrustee
Installation from binary
curl -o ./wiretrustee_<VERSION>_darwin_amd64.tar.gz https://github.com/wiretrustee/wiretrustee/releases/download/v<VERSION>/wiretrustee_<VERSION>_darwin_amd64.tar.gz
tar xcf ./wiretrustee_<VERSION>_darwin_amd64.tar.gz sudo mv wiretrusee /usr/local/bin/wiretrustee chmod +x /usr/local/bin/wiretrustee
After that you may need to add /usr/local/bin in your MAC's PATH environment variable:
wiretrustee_installer_<VERSION>_windows_amd64.exe(Switch VERSION to the latest):
To uninstall the client and service, you can use Add/Remove programs
setup keyin hand (see ).
For Unix systems:
sudo wiretrustee up --setup-key <SETUP KEY>
For Windows systems, start powershell as administrator and:
wiretrustee up --setup-key <SETUP KEY>
Alternatively, if you are hosting your own Management Service provide
--management-url property pointing to your Management Service:
sudo wiretrustee up --setup-key <SETUP KEY> --management-url https://localhost:33073
You could also omit
--setup-keyproperty. In this case the tool will prompt it the key.
sudo ipconfig getifaddr utun100
For Linux systems:
ip addr show wt0
For Windows systems:
netsh interface ip show config name="wt0"
Wiretrustee uses Auth0 for user authentication and authorization, therefore you will need to create a free account and configure Auth0 variables in the compose file (dashboard) and in the management config file. We chose Auth0 to "outsource" the user management part of our platform because we believe that implementing a proper user auth is not a trivial task and requires significant amount of time to make it right. We focused on connectivity instead. It is worth mentioning that dependency to Auth0 is the only one that cannot be self-hosted.
Configuring Wiretrustee Auth0 integration:
Under infrastructure_files we have a docker-compose example to run Dashboard, Wiretrustee Management and Signal services, plus an instance of Coturn, it also provides a turnserver.conf file as a simple example of Coturn configuration. You can edit the turnserver.conf file and change its Realm setting (defaults to wiretrustee.com) to your own domain and user setting (defaults to username1:password1) to proper credentials.
The example is set to use the official images from Wiretrustee and Coturn, you can find our documentation to run the signal server in docker in Running the Signal service, the management in Management, and the Coturn official documentation here.
Run Coturn at your own risk, we are just providing an example, be sure to follow security best practices and to configure proper credentials as this service can be exploited and you may face large data transfer charges.
Also, if you have an SSL certificate for Coturn, you can modify the docker-compose.yml file to point to its files in your host machine, then switch the domainname to your own SSL domain. If you don't already have an SSL certificate, you can follow Certbot's official documentation to generate one from Lets Encrypt, or, we found that the example provided by BigBlueButton covers the basics to configure Coturn with Let's Encrypt certs.
The Wiretrustee Management service can generate and maintain the certificates automatically, all you need to do is run the servicein a host with a public IP, configure a valid DNS record pointing to that IP and uncomment the 443 ports and command lines in the docker-compose.yml file.
Simple docker-composer execution:
cd infrastructure_files docker-compose up -d
You can check logs by running:
cd infrastructure_files docker-compose logs signal docker-compose logs management docker-compose logs coturn
If you need to stop the services, run the following:
cd infrastructure_files docker-compose down
WireGuard is a registered trademark of Jason A. Donenfeld.