Skip to content

WireBuddy

WireBuddy Logo WireBuddy Logo

Modern WireGuard VPN Management with Integrated DNS Ad-Blocking

GitHub Release Docker Pulls License

What is WireBuddy?

WireBuddy is a powerful, user-friendly web interface for managing WireGuard VPN servers with built-in DNS ad-blocking capabilities. It combines enterprise-grade security features with an intuitive interface, making VPN management accessible to both beginners and advanced users.

Key Features

  • Secure VPN Management

    Multi-interface WireGuard management with automatic keypair generation, routing presets, and QR codes for easy mobile setup.

    WireGuard Features

  • DNS Ad-Blocking

    Integrated Unbound resolver with customizable blocklists, DNS-over-TLS, real-time query logging, and per-client custom rules.

    DNS Features

  • Analytics & Monitoring

    Built-in time-series database with per-peer traffic charts, GeoIP mapping, and traffic analysis by country & ASN.

    Monitoring

  • Advanced Authentication

    Multi-user support with Passkeys (WebAuthn), TOTP, and granular role-based access control.

    User Management

  • Let's Encrypt Integration

    Built-in ACME client with HTTP-01 challenge for automatic SSL certificate management.

    ACME

  • Modern Web UI

    Responsive Bootstrap 5 interface with dark/light/auto theme and Material Design icons.

    Getting Started

Quick Start

Get WireBuddy up and running in minutes:

git clone https://github.com/Gill-Bates/wirebuddy.git
cd wirebuddy
cp .env-example settings.env
# Edit settings.env - set WIREBUDDY_SECRET_KEY!
docker compose up -d

Default Access

Navigate to http://localhost:8000 and login with:

  • Username: admin
  • Password: admin

Warning

Change the default password immediately after first login!

Full Installation Guide Quick Start

Screenshots

Dashboard

Peers

DNS

Why WireBuddy?

Feature WireBuddy Traditional Solutions
Web Interface ✅ Modern & Responsive ⚠️ CLI or Basic Web UI
DNS Ad-Blocking ✅ Built-in Unbound ❌ Requires Separate Setup
Traffic Analytics ✅ Per-peer with GeoIP ⚠️ Limited or None
Multi-User Auth ✅ Passkeys + TOTP ⚠️ Single Admin Only
Let's Encrypt ✅ Integrated ❌ Manual Configuration
Docker Support ✅ Official Images ⚠️ Community Maintained

Security First

WireBuddy implements defense-in-depth security:

  • Password Security: PBKDF2-SHA256 with 600,000 iterations
  • Passkeys Support: WebAuthn (FIDO2) for passwordless authentication
  • Secrets Encryption: Fernet encryption with per-row salt
  • CSRF Protection: Double-submit cookie with Origin validation
  • Rate Limiting: Progressive IP lockout with backoff
  • Input Validation: Strict regex and Pydantic validation
  • Container Hardening: Minimal capabilities and no-new-privileges

Security Overview

Community & Support

GitHub Repository Docker Hub Report Issues

License

WireBuddy is licensed under the GNU Affero General Public License v3.0.

Made with ☕ by Gill-Bates