wg-access-server was a hobby project i put together because I was interested in wireguard and wanted something for my home network.

i opensourced it so that others could see it and perhaps use it for inspiration which this fork seems to be doing :)

Glad to hear it. And no need to read what I wrote as criticism. It's just me deciding I'm not in the audience for it. It sounds like you're clear on who your audience is, and generally that's the only criticism you should care much about.

For what it's worth GRPC-Web is a pretty nice solution here.

My team generates backend stubs from our GRPC spec which allows us to jump right to implementing our business logic.

Frontend projects make use of the GRPC-Web client codegen to make calling the API simple and type safe (we use typescript).

We mostly use all the official GRPC tooling for this. We write backends in golang and dotnet core so GRPC-Web is supported quite well out of the box.

I wrote a slightly modified Typescript codegenerator to make client code simpler as well: https://github.com/Place1/protoc-gen-grpc-ts-web

Yeah, after experiencing type safe APIs + editor integration with TypeScript I don’t think I can go back.

There are, of course, other solutions besides GRPC.

> wireguard is itching for a nice ui or cli tool for managing configs.... if anyone knows one please let me know...

I'm been writing wg-access-server[1] which is an open source all-in-one solution for getting a wireguard based VPN server up and running.

There are a few others i've come across as well: streisand[2], wg-ui[3], subspace[4]

If you like, i'd be happy to hear about your use-cases and see if I can fit them into wg-access-server :D

[1] https://github.com/Place1/wg-access-server [2] https://github.com/StreisandEffect/streisand [3] https://github.com/EmbarkStudios/wg-ui [4] https://github.com/subspacecloud/subspace

Thank you for your work on wg-access-server, I am happily using it at work with the multi user support to let staff self-service their VPN logins.

There's a few rough edges if you wander off from the simplest use case and a few nice-to-have features that I'm sure will show up in due course, but the core product nails it IMO.

Thanks for the kind words. I'd be happy to hear more about the rough edges and the nice-to-haves you're after in more detail in a github issue :D

FWIW, I'm looking for a HA solution that will allow me to use WG instead IPSec for site to site connectivity from on-prem DC to public cloud.

So basically, something to replace this (as an example): https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gatew...

I never even thought about using a DNS based tunnel for this problem. Amazing.

I'm a big fan of Wireguard. I wrote wg-access-server [1] as an all-in-one wireguard VPN solution. I recently added some docs [2] and support for deploying with Helm. I'd love some feedback on here or on github. Give it a try.

[1] https://github.com/place1/wg-access-server [2] https://place1.github.io/wg-access-server/

Thank you place1.

I was looking for something like wg-access-server web UI when moving away from strongSwan. Found Subspace but id didn't work the way I wanted, settled pretty well with some shell scripting for my own use cases and happy lol

I think wg-access-server makes a lot of sense to people who want to self-host VPN on cheap VPS like Vultr or DigitalOcean, Lightsail, etc., it is simple, easy to deploy and use, flexible and scalable (if deployed to k8s).

Looks nice. Is it possible to run this on a raspberry pi?

This is awesome news. I’ve been using my self written access server deployed as a docker container at my home for ages now with no problems at all. Wg is a pleasure to use and their apps for iOS and desktop are great. The QR code feature in the mobile app is really good.

I can’t wait for better adoption amongst businesses for corporate VPNs.

https://github.com/Place1/wg-access-server

I'm also working on something like this

https://github.com/place1/wireguard-access-server

It's mostly a hobby project but it'll run a userspace wireguard implementation (boringtun) and a webapp to configure it.

You can run it in docker

    docker run \
      -it \
      --rm \
      --name wg \
      --cap-add NET_ADMIN \
      --device /dev/net/tun:/dev/net/tun \
      -p 8000:8000/tcp \
      -p 51820:51820/udp \
      place1/wireguard-access-server:0.0.5

I can't zoom in or out on this website, and it's huge by default on my monitor...

out of curiosity, how does that even happen? do they use JS to change the font size when the window zoom changes?

Is it though? Hosted k8s clusters make deploying a single app just as simple as heroku or elasticbeanstalk, but you still have the flexibility to deploy more. For a small team it's just as easy to setup a managed k8s cluster as it is any other PaaS - you go though a wizard on GKE or some other provider. And if you apps are simple then you don't need to use the complicated features of k8s itself. 1 deployment and 1 LoadBalanced service is simple enough for most Ruby, Python, C#, Java monolith apps to be off to the races.

I'm not trying to argue that it's a silver bullet but there's a bit of circle jerk over k8s complexity when it's not that hard.

Yes, I quite liked this about Rust's `Result` and `Option` type and using monads in general but I don't think Golang could achieve this pragmatically without generics.