WireGuardStatusbar

Notice

There is now an official WireGuard application that supersedes this App. You can find it at: https://www.wireguard.com/install/ or directly download it from the AppStore: https://itunes.apple.com/us/app/wireguard/id1451685025?ls=1&mt=12

The WireGuardStatusbar application will remain available and might get updates/bugfixes but not develop any new features. You might still want to use it if you run a macOS prior to 10.14.

Introduction

This is a macOS statusbar item (aka menubar icon) that wraps wg-quick.

Features

• Sit in your menubar
• Indicate if tunnels are enabled
• Bring tunnel up/down via one click
• Fail miserably when brew/wg-quick is not installed or permissions on files are incorrect

Installation

Manually

• Follow the instruction to install WireGuard for macOS
• Create a tunnel configuration file (eg: /usr/local/etc/wireguard/utun1.conf)
• Download this App from Releases
• Open the .dmg and copy the Application to where you like (eg: '/Applications')
• The next bit is needed because I don't have a Apple Developer account to properly sign the binary. If you don't like it consider building and signing the application yourself.
  • Start the App and get a dialog indicating the app is not signed
  • Go to: Preferences->Security & Privacy->General and click "Open Anyway"

Building & Testing

Automation scripting is provided in this repository to make development a little easier. Primary development using Xcode is supported/preferred but some actions (integration testing, distribution build) are only available using make.

To test the project and check code quality run:

make test-unit

Integration tests require preparation and will ask for a sudo password to install a test configuration file in /etc/wireguard:

make test-integration

Code formatting should preferably by done by computers. To auto correct most violations run (this is also run before each make test or make check):

make fix

To completely verify/test the project, build a distributable .dmg and install to /Applications simply run:

make

Or explore make with tab completion for other options.

Architecture/Security

• This application is split into two parts. The Application and a Privileged Helper.
• The App will sit in the menubar after launching and handle all UI interaction and logic.
• Whenever the App needs to perform actions requiring Administrator privileges (eg: start/stop tunnel, read configurations) it will communicate with the Helper via XPC to have these actions performed.
• The Helper is installed as a Privileged Launchd daemon during the startup of the App. The user will be prompted for credentials during this action.
• Logic/responsability in the Helper is kept to a minimum and communication between the App and the Helper is in simple primitives to reduce attack surface of the Helper.
• The Helper should not allow an unprivileged attacker to perform any actions via the XPC that would not be possible to perform when using the App.
• Both the App and the Helper are signed and these signatures will be verified on Helper installation.
• The Helper will only run during the runtime of the Application.
• The Helper notifies the App on any change in the WireGuard configuration/runtime state. The App will then query the Helper to allow rebuilding its menus.

License

This software as a whole is licensed under GPL-3.0

"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.

Todo/Readmap

• Tunnel connectivity status
• Tunnel configuration editor
• Key management (via keychain)
• Tunnel configuration augmentation (groups, alt. names, etc)
• read configuration using wg
• More tunnel statistics (privilegedhelper)
• Recent tunnels on top option
• Active tunnels on top option
• Start tunnels at startup
• Add application to startup items
• Bundle WireGuard (wireguard-go/wg-quick/bash4)/Drop wg-quick for custom route creations (to drop bash4 as requirements and enable advances routing options like excluding local networks from 0.0.0.0/0).
• Help menu
• Developer ID signing
• Update checking