This project provides a fully automated VPN infrastructure using WireGuard and a custom REST API.
Clients on Linux and Windows can connect to the VPN by simply entering a username and password — no static config files, no manual distribution.
- Server-side: WireGuard + REST API (Flask)
- Client-side (Linux): Bash CLI with interactive menu
- Client-side (Windows): PowerShell menu with logging
- One-click scripts, preconfigured with examples and instructions
- 🔐 Authentication-based access (login & password)
- ⚙️ One-click installation on server and clients
- 🔄 Automatic key generation and assignment
- 📡 REST API for config delivery (no file sharing)
- 💻 Interactive CLI for Linux, PowerShell menu for Windows
- 🌍 Full tunnel mode — all traffic goes through VPN
- 📝 Logging on Windows clients
- 🧩 Easily expandable, portable, open
| Component | OS | Notes |
|---|---|---|
| Server | Debian 12 | Required: root access |
| Linux Client | Debian/Ubuntu | WireGuard, curl, jq, resolvconf |
| Windows Client | Windows 10+ | WireGuard app, PowerShell |
sudo apt update
sudo apt install -y wireguard iptables iptables-persistent python3-pip python3-venv curlnano server-setup.shPaste the full script from server-setup.sh, then update:
SERVER_IP="your.server.ip"
INTERFACE_NAME="your_network_interface"Inside Flask app (at bottom of script), change credentials:
USER_CREDENTIALS = {"your_username": "your_password"}chmod +x server-setup.sh
sudo ./server-setup.shAfter completion:
- VPN listens on UDP port
51820 - API available at
http://<SERVER_IP>:5000/get-config
sudo apt update
sudo apt install -y wireguard curl jq resolvconfnano client-linux.shPaste the Linux script and modify this line:
API_URL="http://your.server.ip:5000/get-config"Make it executable:
chmod +x client-linux.sh./client-linux.shMenu options:
1) Connect VPN
2) Disconnect VPN
3) Exit
1. Install WireGuard for Windows
Open PowerShell as Administrator:
Set-ExecutionPolicy Bypass -Scope CurrentUserCreate a file:
vpn-interactive.ps1Paste the full script, then update this line:
$global:ApiUrl = "http://your.server.ip:5000/get-config"cd C:\Path\To\Script
.\vpn-interactive.ps1Menu options:
1) Connect VPN
2) Disconnect VPN
3) Exit
- Right click desktop → New → Shortcut
- Command:
powershell.exe -ExecutionPolicy Bypass -File "C:\Path\To\vpn-interactive.ps1"
- Right click → Properties → Advanced → ✅ "Run as Administrator"
.
├── .github/
│ └── workflows/
│ └── lint.yml ✅ GitHub Actions: shell script linter
├── assets/
│ └── architecture.svg 🧭 SVG diagram of VPN architecture
├── LICENSE 📄 MIT License
├── README.md 📘 Full documentation and usage guide
├── client-linux.sh 🎯 Linux client script (menu + login/password)
├── server-setup.sh 🚀 One-click installer for WireGuard VPN server + REST API
└── vpn-interactive.ps1 💻 Windows PowerShell client (interactive, logs)
- Server handles all key generation
- Configs are per-session and not stored permanently
- No need to manually distribute
.conffiles - Users only need login/password to connect
Whether you're protecting remote clients, setting up a self-hosted VPN for home or office, or deploying simple secure access for users — this project gets you running in minutes with minimal effort.
It combines the speed and security of WireGuard with the flexibility of API-driven configuration and a modern approach to VPN onboarding.
MIT License — see LICENSE
Thanks to:
Pull requests welcome!
Have ideas for Android, QR-code login, or GUI version?
Create an issue or fork and build!
# Secure. Simple. Yours.