Configure, Share & Join
WireGuard Networks.

WireHub is a hosted WireGuard Admin UI to securely share configurations with friends, family, and team-mates!

Stop emailing configs around and just share a link to WireHub.

Join the Beta!

Existing member? Login

What people are saying

Awesome work!

Someone on HN

Looks interesting.

A bunch of strangers on HN

Pretty neat actually!

Someone else on HN

What is WireHub?

WireHub is a WireGuard configuration generator — it supports multiple networks and devices, label-based access rules, invitations and permissions, and secure storage of WireGuard PrivateKeys.

PrivateKeys can be generated in-browser or imported if you already have them. If provided, PrivateKeys are encrypted in-browser using WebCrypto with a password of your choice. WireHub never receives nor stores your password.

Peering between network devices is defined with label-based rules. Labels are applied to devices and are then used in connection rules, covering all your Peer, AllowedIPs, and PreSharedKey needs.

Network members may be invited as Guests, Members, Managers or Admins — Guests don't even have to create an account with WireHub. Managers and Admins can generate and manage the keys for any device, while Members and Guests can only manage their assigned devices.

Other than the in-browser PrivateKey encryption/decryption mechanism, all functionality of WireHub is accessible without JavaScript.

Read on to find out more or Join the Beta!

Features

1. Networks

Connect multiple devices over one or more WireGuard Virtual Private Networks (VPN).

For example, a network called Home may be used for all your family's personal devices, and a network called Office may be used for all your work-related devices.

A network-level CIDR of your own choosing, like 10.10.0.0/24, is used to automatically assign unique IP addresses to peers added to the network.

You can even specify default DNS settings to be applied to all connected devices.

2. Devices

Add your laptops, phones, servers or any other WireGuard-enabled device.

Each device automatically gets an IP addresses from the network CIDR, like 10.10.0.5/32, and you may also specify additional addresses, like 192.168.65.5/32.

Using custom labels like pihole, media, server:app-1, etc you can easily group and filter your devices.

3. Connections

Screenshot of Connections preview interface, showing how labels are used to define peers

Label-based Access Controls, using device labels to define network peers.

Peering between devices is achieved via uni-directional label-based connection rules — both devices need to specify the connection using the labels applied to them.

You can also specify the AllowedIPs to be used for each connection using keywords such as peers (only the IPs of the two peers), network (the network CIDR), and all (all traffic, 0.0.0.0/24). For direct peer-to-peer connections, PreShared keys are automatically generated and shared between the peers by default.

And you can specify pass-through connections to describe Hub/Site topologies, Web Proxies, or VPN exit nodes.

4. Members

Screenshot of Members preview UI, showing multiple members with different roles, some of which have joined the network while others are still Pending.

Invite friends, teammates and co-workers to claim their devices.

Simple Role-Based Access Controls to specify who gets to do what in your network.

Guests — for when you just want to securely share WireGuard Configuration files. Guests can only view devices assigned to them. No WireHub account required.

Members — for when you want people to manage their own devices. Members can add their own devices and view other network devices, but can only modify their own devices or those assigned to them.

Managers & Admins — when you want others to manage the network. Managers and Admins can invite new members, revoke memberships, create or modify connections, and make changes to network configuration.

Managers and Admins can also preview their networks from the perspective of other members to make sure everything's all right.

5. Interfaces

Securely store and manage your Private/Public Keys.

Interfaces represent the [Interface] section of a WireGuard configuration file — most importantly the Private/Public Keys. As such, Interfaces are considered private to the user that created them.

Once an Interface is assigned to a network Device, either by a network Manager or the device owner, its Public Key and Endpoint (if any) are shared with the Device's peers.

Private Keys, if shared with WireHub, are client-side encrypted using WebCrypto and password protected with a password that does not leave your browser — you really own your private keys.

Here's what you get

This is an interactive example WireGuard Configuration Preview UI for the Hub device in my Home network where the Hub connects to all available devices.
Try it out!

WireGuard Configuration
Copy Copied Error QR Download
  1. Viewing configuration for Home Network. 
  2. [Interface]
# Name = admin/home-hub
# PrivateKey = ********
# PublicKey = DHlM/s59bdfP4/sKj6eyPesWKsc2Y5QNd8kMlMzPOSI=
  3. # Device = home/hub
Address = 10.10.10.1
  4. [Peer]
# Name = home/iphone
PublicKey = GkCpbysgq35AUCDGqJ5O0a086fdTbG85b3Ces2iVFCQ=
PresharedKey = PMeoZ/E1/I7lg7xF5zNtJV+3MZnfXoBi4KiGXFzFwgI=
AllowedIPs = 10.10.10.4/32
  5. [Peer]
# Name = home/home-server
PublicKey = Y6vLxZNeGC2y9mpo0g9QCm2yuAu7UDTT77pEdgiOASg=
PresharedKey = ZfZMWyeEYs6swPfY5gpxL6CRuxeNS73h6LLGHNfZQKQ=
AllowedIPs = 10.10.10.2/32
AllowedIPs = 192.168.68.24/32
  6. [Peer]
# Name = home/ipad
PublicKey = ygoa+Y44zbQg9loEqofkMIiKVXYhNbunVbY+KClwkys=
PresharedKey = fB689E6GqReGknOEu1RrtXWmjUPA59+IZLoludmYV7k=
AllowedIPs = 10.10.10.3/32
  7. [Peer]
# Name = home/macbook
PublicKey = 1TgSkmCdHRyARlZy3DZ8r8/p/LbXHvb/REhiRlGj2yY=
PresharedKey = YihQc9YZVvA2LSb0h6uw0FIyseRsZkMuGmZ81P3mCTE=
AllowedIPs = 10.10.10.5/32

Join the Beta!
Free
Existing member? Login

Frequently Asked Questions

Is WireHub a VPN service?

No. WireHub helps you generate and distribute WireGuard configurations.

You can then use the offical WireGuard apps and command line tools to import and activate these configurations.

Who is this for?

People who run and manage their own WireGuard networks.

Why do I need an account?

WireHub is not a static, get it and forget it, WireGuard configuration generator.

You need an account to save your network settings, devices, and private and public keys. In some cases, you also need an account to accept invites to existing WireHub networks.

How secure are my Private Keys on WireHub?

You can use WireHub without providing your Private Keys — only your Public Keys and Endpoints are needed in order to generate valid WireGuard configurations.

If you do provide your Private Keys, each key is encrypted in the browser with a password of your choice. The password can be anything and of any length. Neither the password nor the plain-text Private Key are ever sent to WireHub — just the encrypted string.

WireHub makes use of existing cryptographic libraries, namely the standard WebCrypto API to encrypt/decrypt Private Keys and Jason's wireguard.js to generate Private keys in the browser.

Join the Beta!