WireGuard is amazing for securely accessing your devices even behind private networks and NATs. I wrote a guide for installing WireGuard on Raspberry Pi.
Adding a new devices to your WireGuard network requires adding the public key of the new client to the list of known peers at the public endpoint used by all other peers. The standard way is to SSH into the public peer and update its network configuration file to include the public key of the new peer. This can become pretty tedious as your network grows.
Here is a list of various tools and applications that simplify this workflow of managing the WireGuard network:
wg-gen-web is a web UI for generating and updating the WireGuard network config file for the public peer. It must be hosted on the same device as the public peer. It is a Go application that runs inside a Docker container.
Subspace is a web application written in Go for managing the network peers with support for single-sign-on. There is also a community fork since the original application hasn’t been updated recently.
wg-access-server is a Go application for managing WireGuard peer configuration files. Supports several single-sign-on providers for the Web UI authentication.
wg-ui is a Go application for generating WireGuard peer configuration files.