Wag

Appearance

What is Wag?

Wag enhances WireGuard (tm) with multi-factor authentication (MFA), route restrictions, and device enrollment capabilities. It also adds a number of helpful features to enable in-depth automation.

Key Features

  • Easy device registration - Simple API for client enrollment
  • Fully Featured Administration Portal - Manage all aspects of your wireguard peers from a UI
  • Multiple MFA methods - Security keys, Single Sign On (OIDC), PAM, and TOTP support
  • Route-based MFA - Define specific routes requiring authentication
  • Webhooks - Accept webhooks to create or delete resources
  • Route restrictions - Control access to specific network segments
  • OIDC group awareness - Centralise the management of your access in your identity provider
  • High availability - Built-in clustering with etcd
  • Automatic TLS Support - LetsEncrypt support, with ACME HTTP-01 and DNS-01

Screenshots

Administrative UI

Dashboard showing panels and log messagesUser management tableRegistration token creationDefining custom route rules

User UI

Code based MFA UIA successful user loginA locked user

Released under the MIT License