GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mdlayher → wireguard_exporter

mdlayher / wireguard_exporter

Licence: MIT license
Command wireguard_exporter implements a Prometheus exporter for WireGuard devices. MIT Licensed.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

networkingprometheusvpnwireguard

Projects that are alternatives of or similar to wireguard exporter

W3 Goto World
🍅 Git/AWS/Google 镜像 ,SS/SSR/VMESS节点,WireGuard,IPFS, DeepWeb,Capitalism 、行业研究报告的知识储备库
Stars: ✭ 7,886 (+8289.36%)
Mutual labels:  vpn, wireguard
WGDashboard
Simplest dashboard for WireGuard VPN written in Python w/ Flask
Stars: ✭ 772 (+721.28%)
Mutual labels:  vpn, wireguard
Softethervpn
Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
Stars: ✭ 8,531 (+8975.53%)
Mutual labels:  vpn, wireguard
Tailscale
The easiest, most secure way to use WireGuard and 2FA.
Stars: ✭ 6,157 (+6450%)
Mutual labels:  vpn, wireguard
PromGuard
Prometheus scraping over WireGuard: Example Terraform/Ansible for fully authenticated/encrypted stat scraping
Stars: ✭ 24 (-74.47%)
Mutual labels:  vpn, wireguard
Algo
Set up a personal VPN in the cloud
Stars: ✭ 24,275 (+25724.47%)
Mutual labels:  vpn, wireguard
Wireguard Install
WireGuard VPN installer for Linux servers
Stars: ✭ 2,575 (+2639.36%)
Mutual labels:  vpn, wireguard
wirelink
Experimental P2P configuration plane for Wireguard
Stars: ✭ 16 (-82.98%)
Mutual labels:  vpn, wireguard
split-vpn
A split tunnel VPN script for Unifi OS routers (UDM, UXG, UDR) with policy based routing.
Stars: ✭ 589 (+526.6%)
Mutual labels:  vpn, wireguard
wireguard-kmod
WireGuard for UDM series routers
Stars: ✭ 328 (+248.94%)
Mutual labels:  vpn, wireguard
Freepac
科学上网/翻墙梯子/自由上网/SS/SSR/V2Ray/Brook 搭建教程 免费机场、VPN工具
Stars: ✭ 4,515 (+4703.19%)
Mutual labels:  vpn, wireguard
wg-portal
WireGuard Configuration Portal with LDAP connection
Stars: ✭ 476 (+406.38%)
Mutual labels:  vpn, wireguard
Wireguard Docs
📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.
Stars: ✭ 3,201 (+3305.32%)
Mutual labels:  vpn, wireguard
Streisand
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
Stars: ✭ 22,605 (+23947.87%)
Mutual labels:  vpn, wireguard
warp
WARP one-click script. Add an IPv4, IPv6 or dual-stack CloudFlare WARP network interface and Socks5 proxy for VPS. 一键脚本
Stars: ✭ 950 (+910.64%)
Mutual labels:  vpn, wireguard
Mullvadvpn App
The Mullvad VPN client app for desktop and mobile
Stars: ✭ 1,953 (+1977.66%)
Mutual labels:  vpn, wireguard
AdGuard-WireGuard-Unbound-Cloudflare
The Ultimate Network Security Guide 🔒 Protection | 🔎 Privacy | 🚀 Performance on home network 24/7 🕛 Accessible anywhere 🌏
Stars: ✭ 160 (+70.21%)
Mutual labels:  vpn, wireguard
desktop-app-daemon
Official IVPN Desktop app (service)
Stars: ✭ 34 (-63.83%)
Mutual labels:  vpn, wireguard
Subspace
A simple WireGuard VPN server GUI
Stars: ✭ 2,109 (+2143.62%)
Mutual labels:  vpn, wireguard
Wireguard-DNScrypt-VPN-Server
Fast setup wireguard server script, with dnscrypt and adblocking, maleware blocking, more blocking if you need. Use case eg. always on vpn and adblocking on ios or android, and be more secured in unknown networks.
Stars: ✭ 48 (-48.94%)
Mutual labels:  vpn, wireguard
View All Similar Projects ➔

wireguard_exporter builds.sr.ht status GoDoc Go Report Card

Command wireguard_exporter implements a Prometheus exporter for WireGuard devices. MIT Licensed.

Usage

Use the -h flag to see full usage:

$ wireguard_exporter -h
Usage of wireguard_exporter:
  -metrics.addr string
        address for WireGuard exporter (default ":9586")
  -metrics.path string
        URL path for surfacing collected metrics (default "/metrics")
  -wireguard.peer-file string
        optional: path to TOML friendly peer names mapping file; takes priority over -wireguard.peer-names
  -wireguard.peer-names string
        optional: comma-separated list of colon-separated public keys and friendly peer names, such as: "keyA:foo,keyB:bar"

For simple deployments, specifying peer name mappings on the command line may be sufficient:

$ wireguard_exporter -wireguard.peer-names VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8=:foo

For larger deployments, you can also specify a TOML file of friendly peer name mappings, which will supersede any command line flag mappings.

[[peer]]
public_key = "VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8="
name = "foo"

[[peer]]
public_key = "UvwWyMQ1ckLEG82Qdooyr0UzJhqOlzzcx90DXuwMTDA="
name = "bar"
$ wireguard_exporter -wireguard.peer-file /etc/wireguard/peers.toml

Example

This exporter exposes metrics about each configured WireGuard device and its peers, using any device implementation supported by wgctrl-go.

$ curl -s http://localhost:9586/metrics | grep wireguard
# HELP wireguard_device_info Metadata about a device.
# TYPE wireguard_device_info gauge
wireguard_device_info{device="wg0",public_key="QwAmAD1v4wMIX/0gKJbr9hv1o3YX0YTk7Mdj0L4dylI="} 1
# HELP wireguard_peer_allowed_ips_info Metadata about each of a peer's allowed IP subnets for a given device.
# TYPE wireguard_peer_allowed_ips_info gauge
wireguard_peer_allowed_ips_info{allowed_ips="192.168.20.0/24",device="wg0",family="IPv4",public_key="UvwWyMQ1ckLEG82Qdooyr0UzJhqOlzzcx90DXuwMTDA="} 1
wireguard_peer_allowed_ips_info{allowed_ips="fd9e:1a04:f01d:20::/64",device="wg0",family="IPv6",public_key="UvwWyMQ1ckLEG82Qdooyr0UzJhqOlzzcx90DXuwMTDA="} 1
# HELP wireguard_peer_info Metadata about a peer. The public_key label on peer metrics refers to the peer's public key; not the device's public key.
# TYPE wireguard_peer_info gauge
wireguard_peer_info{device="wg0",endpoint="",name="foo",public_key="VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8="} 1
wireguard_peer_info{device="wg0",endpoint="[fd9e:1a04:f01d:20:e5c2:7b69:90d8:ca45]:49203",name="bar",public_key="UvwWyMQ1ckLEG82Qdooyr0UzJhqOlzzcx90DXuwMTDA="} 1
# HELP wireguard_peer_last_handshake_seconds UNIX timestamp for the last handshake with a given peer.
# TYPE wireguard_peer_last_handshake_seconds gauge
wireguard_peer_last_handshake_seconds{device="wg0",public_key="UvwWyMQ1ckLEG82Qdooyr0UzJhqOlzzcx90DXuwMTDA="} 1.588274629e+09
wireguard_peer_last_handshake_seconds{device="wg0",public_key="VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8="} 0
# HELP wireguard_peer_receive_bytes_total Number of bytes received from a given peer.
# TYPE wireguard_peer_receive_bytes_total counter
wireguard_peer_receive_bytes_total{device="wg0",public_key="UvwWyMQ1ckLEG82Qdooyr0UzJhqOlzzcx90DXuwMTDA="} 76728
wireguard_peer_receive_bytes_total{device="wg0",public_key="VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8="} 0
# HELP wireguard_peer_transmit_bytes_total Number of bytes transmitted to a given peer.
# TYPE wireguard_peer_transmit_bytes_total counter
wireguard_peer_transmit_bytes_total{device="wg0",public_key="UvwWyMQ1ckLEG82Qdooyr0UzJhqOlzzcx90DXuwMTDA="} 76200
wireguard_peer_transmit_bytes_total{device="wg0",public_key="VWRsPtbdGtcNyaQ+cFAZfZnYL05uj+XINQS6yQY5gQ8="} 0

Sample queries

Get the receive and transmit rates and last handshake of individual peers, and enable querying on both the WireGuard device name and the peer's friendly name:

irate(wireguard_peer_receive_bytes_total[5m]) * on (public_key, device) group_left(name) wireguard_peer_info * on (instance) group_left(device) wireguard_device_info

irate(wireguard_peer_transmit_bytes_total[5m]) * on (public_key, device) group_left(name) wireguard_peer_info * on (instance) group_left(device) wireguard_device_info

time()-(wireguard_peer_last_handshake_seconds * on (public_key, device) group_left(name) wireguard_peer_info * on (instance) group_left(device) wireguard_device_info)

Grafana Dashboard

You can view your data using this Grafana Dashboard using Prometheus as source.

Grafana Dashboard

Build Binary

cd cmd/wireguard_exporter/
go build .
mv wireguard_exporter /usr/local/bin/

Add service file for systemd

[Unit]
Description=Prometheus WireGuard Exporter
After=network.target

[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/wireguard_exporter

[Install]
WantedBy=multi-user.target

Load new service and enable autostart:

systemctl daemon-reload
systemctl enable wireguard-exporter.service

Add scraping config to prometheus

In /etc/prometheus/prometheus.yml add following config to the section scrape_configs: :

  - job_name: wireguard
    static_configs:
      - targets: ['localhost:9586']
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].