As of January '23, WireHub is in early development. Watch this space or follow @WireHubNetworks to receive updates.
Why not tailscale/headscale, firezone, netbird, netmaker, innernet, etc.
WireHub is heavily inspired by the simplicity of WireGuard and the effectiveness of doing just one thing and doing it well.
In our case, that means helping users generate WireGuard configurations, even for the most complex networks — that's it.
There are no agents to install, no magic tunneling, proxying, nor DNSing, and nothing in between your devices in your network.
You use WireHub's UIs and APIs to define your networks, peers, and connections, and WireHub generates your configuration files — one for each peer.
Then, using just the official WireGuard application for your device, you can import and enable the corresponding configuration file. Your private keys never have to leave your device.
The full power of Wireguard concentrated in a handful of features.
A WireHub network helps you connect multiple devices over a WireGuard VPN.
For example, a network called Home
may be used
for all your and your family's personal devices,
and a network called Office
may be used
for all your work-related devices.
A network-level CIDR is used to automatically assign unique IP addresses to peers added to the network.
{
"id": "my-home-network",
"name": "Home",
"cidr": "10.0.0.1/24"
}
{
"id": "my-office-network",
"name": "Office",
"cidr": "10.100.0.1/24"
}
Add your laptop, phone, workstation or any other WireGuard-enabled device in your network.
Along with their name and unique IP address(es) in the network, you can define other WireGuard-specific information like Pre/Post Up/Down commands, DNS settings, etc.
{
"id": "home-peer-1"
"network": "my-home-network",
"address": "10.0.0.2/32",
"name": "Laptop",
},
{
"id": "home-peer-2"
"network": "my-home-network",
"address": "10.0.0.3/32",
"name": "Phone",
},
{
"id": "office-peer-1"
"network": "my-office-network",
"address": "10.100.0.1/32",
"name": "Hub",
},
{
"id": "office-peer-2"
"network": "my-office-network",
"address": "10.100.0.10/32",
"name": "Laptop",
},
{
"id": "office-peer-3"
"network": "my-office-network",
"address": "10.100.0.11/32",
"name": "Dev Server",
}
Communication between devices is via explicit, bi-directional connections between peers — both peers need to verify the connection.
You can even specify pass-through connections to describe Hub/Site topologies.
In the Office
network example, my laptop would only directly connect to the Hub peer so that connections to other peers (eg. the Dev Server) will happen only through the Hub.
// peer-to-peer
{
"id": "hub-and-laptop",
"from": "office-peer-1", // Hub
"to": "office-peer-2", // Laptop
"keep_alive": 25,
},
// hub and spoke / site
{
"id": "laptop-and-dev-server",
"from": "office-peer-2", // Laptop
"to": "office-peer-3", // Dev Server
"via": "hub-and-laptop", // Hub/Laptop
},
Add other people to your networks so that they can claim or register their own devices.
The Invite page contains everything they need to know about their devices and the network, and nothing they don't.
Registered network members can also see other network devices and request new peer connections.
Interfaces bring together multiple networks and peers to generate WireGuard configuration files for your devices.
Users get templated instructions on how to install WireGuard and the resulting interface configuration file.
As you make changes to your WireHub networks the peer configurations will also change.
Access Tokens are one-time shareable URLs that allow network owners to share those configuration changes to their end-users.
API Keys are reusable secrets that can be used by network owners to distribute interface changes to remote devices (servers, IoT, etc) in a pull-based fashion.
Wireguard configuration files for all your networks and devices within them.
# /Users/rudasn/wg0.conf
[Interface]
PrivateKey = ... # Generated by WireGuard
Address = 10.0.0.2/32 # Assigned by Home Network
Address = 10.100.0.10/32 # Assigned by Office Network
[Peer]
PublicKey = ...
AllowedIPs = 10.0.0.3/32 # Phone in Home Network
[Peer]
PublicKey = # Generated by WireGuard
Endpoint = hub.my-office.com:52410
PersistentKeepAlive = 25
AllowedIPs = 10.100.0.1/32 # Hub in Office Network
AllowedIPs = 10.100.0.11/32 # Dev Server in Office Network
Copyright © 2023 — Nicolas Rudas. All rights reserved.
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.