WireHub Social Networking.

WireHub is the easiest way to create and join WireGuard™ networks.
  1. Create and store WireGuard networks, peers, and connections.
  2. Invite friends, family and co-workers to claim their devices.
  3. View, Send or Download interface configuration files.
  4. Distribute configurations to edge/cloud/on-prem servers (pull mode).

How is it different?

Why not tailscale/headscale, firezone, netbird, netmaker, innernet, etc.

WireHub is heavily inspired by the simplicity of WireGuard and the effectiveness of doing just one thing and doing it well.

In our case, that means helping users generate WireGuard configurations, even for the most complex networks — that's it.

There are no agents to install, no magic tunneling, proxying, nor DNSing, and nothing in between your devices in your network.

You use WireHub's UIs and APIs to define your networks, peers, and connections, and WireHub generates your configuration files — one for each peer.

Then, using just the official WireGuard application for your device, you can import and enable the corresponding configuration file. Your private keys never have to leave your device.

How does it work?

The full power of Wireguard concentrated in a handful of features.

1. Create Networks

A WireHub network helps you connect multiple devices over a WireGuard VPN.

For example, a network called Home may be used for all your and your family's personal devices, and a network called Office may be used for all your work-related devices.

A network-level CIDR is used to automatically assign unique IP addresses to peers added to the network. 

    {
      "id": "my-home-network",
      "name": "Home",
      "cidr": "10.0.0.1/24"
    }
    {
      "id": "my-office-network",
      "name": "Office",
      "cidr": "10.100.0.1/24"
    }
2. Add your Devices

Add your laptop, phone, workstation or any other WireGuard-enabled device in your network.

Along with their name and unique IP address(es) in the network, you can define other WireGuard-specific information like Pre/Post Up/Down commands, DNS settings, etc.

      {
        "id": "home-peer-1"
        "network": "my-home-network",
        "address": "10.0.0.2/32",
        "name": "Laptop",
      },
      {
        "id": "home-peer-2"
        "network": "my-home-network",
        "address": "10.0.0.3/32",
        "name": "Phone",
      },
      {
        "id": "office-peer-1"
        "network": "my-office-network",
        "address": "10.100.0.1/32",
        "name": "Hub",
      },
      {
        "id": "office-peer-2"
        "network": "my-office-network",
        "address": "10.100.0.10/32",
        "name": "Laptop",
      },
      {
        "id": "office-peer-3"
        "network": "my-office-network",
        "address": "10.100.0.11/32",
        "name": "Dev Server",
      }
3. Specify Connections

Communication between devices is via explicit, bi-directional connections between peers — both peers need to verify the connection.

You can even specify pass-through connections to describe Hub/Site topologies.

In the Office network example, my laptop would only directly connect to the Hub peer so that connections to other peers (eg. the Dev Server) will happen only through the Hub.

      // peer-to-peer
      {
        "id": "hub-and-laptop",
        "from": "office-peer-1",  // Hub
        "to": "office-peer-2",    // Laptop
        "keep_alive": 25,
      },

      // hub and spoke / site
      {
        "id": "laptop-and-dev-server",
        "from": "office-peer-2",  // Laptop
        "to": "office-peer-3",    // Dev Server
        "via": "hub-and-laptop",  // Hub/Laptop
      },
4. Invite friends, family or co-workers!

Add other people to your networks so that they can claim or register their own devices.

The Invite page contains everything they need to know about their devices and the network, and nothing they don't.

Registered network members can also see other network devices and request new peer connections.

5. View & Download Configurations (Interfaces)

Interfaces bring together multiple networks and peers to generate WireGuard configuration files for your devices.

Users get templated instructions on how to install WireGuard and the resulting interface configuration file.

6. API Keys & Access Tokens

As you make changes to your WireHub networks the peer configurations will also change.

Access Tokens are one-time shareable URLs that allow network owners to share those configuration changes to their end-users.

API Keys are reusable secrets that can be used by network owners to distribute interface changes to remote devices (servers, IoT, etc) in a pull-based fashion.

What do you get?

Wireguard configuration files for all your networks and devices within them. 



        # /Users/rudasn/wg0.conf

        [Interface]
        PrivateKey = ...  # Generated by WireGuard

        Address = 10.0.0.2/32  # Assigned by Home Network
        Address = 10.100.0.10/32  # Assigned by Office Network

        [Peer]
        PublicKey = ...
        AllowedIPs = 10.0.0.3/32  # Phone in Home Network

        [Peer]
        PublicKey =  # Generated by WireGuard
        Endpoint = hub.my-office.com:52410
        PersistentKeepAlive = 25

        AllowedIPs = 10.100.0.1/32  # Hub in Office Network
        AllowedIPs = 10.100.0.11/32  # Dev Server in Office Network

Copyright © 2023 — Nicolas Rudas. All rights reserved.

"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.