Subspace is a simple opensource WireGuard VPN server graphical user interface(GUI). You can install subspace directly on your server which would allow you to track and create client configurations.
Subspace is an open-source, self-hosted front end GUI (graphical user interface) for the Wireguard VPN system on the server-side. Once set up it provides a browser-accessible system to track clients and create client configurations for connecting to the server.
Some of the features of Subspace are:
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
In order to complete this guide, you will first need to perform the following tasks on your Ubuntu 18.04 Droplet:
Ubuntu 18.04 Droplet
Create a sudo user and enable ufw. To set this up, you can follow our Initial Server Setup with Ubuntu 18.04 guide.
Docker installed and up and running, you can follow the steps on how that here: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
Step 1 — Install WireGuard
First, update your existing list of packages:
Add the WireGuard PPA to the system to configure access to the project’s packages:
Once the PPA has been added, update the local package index to pull down information about the newly available packages and then install the WireGuard kernel module and userland components:
dnsmasqbecause it will run inside the container:
Disable systemd-resolved if it blocks port 53.
After that setup CloudFlare as your DNS server:
Step 2 — WireGuard modules
In order to load the required WireGuard modules you need to run the following commands:
Once the modules have been enabled you need to run the following commands in order to enable the modules when the server gets rebooted:
Finally check if systemd-modules-load service is active:
Step 3 - Enable packet Packet forwarding
In order to get WireGuired to work as expected, we need to make sure that package forwarding is enabled. Packet forwarding means allowing packets to go from one network to another.
To do that you need to run the following commands:
Step 4 - Configure Domain name DNS
In order to use Let’s Encrypt and secure our Subspace instance, we need to make sure that we have a domain name that points to our Droplet’s IP address.
To do that make sure to create a DNS A record for your domain or subdomain name and point it to your server’s IP address.
Step 5 - Firewall Rules
As subspace runs a TLS (“SSL”) https server on port 443/tcp and a standard web server on port 80/tcp, we need to make sure that the two ports are open for incoming TCP traffic via our firewall. To do that run the following commands
Also, as port 51820/udp is the default WireGurad port, we need to make sure that it is open as well:
Next, we need to start the subspace Docker container.
Step 6 - Start subspace
Your data directory should be bind-mounted as
/datainside the container using the
After that, we need to create our container. Make sure to change the
--env SUBSPACE_HTTP_HOSTto your domain name which is pointing to your Droplet.
Then start your container:
You can also check the logs of your container to make sure that it starts as expected:
Then visit your domain name via your browser and you will be able to see your subspace installation!
subspacecommunity/subspaceproject is community maintained and is a fork of the simple WireGuard VPN server GUI. If you notice any problems feel free to submit an issue or a pull request!
Hope that this helps! Regards, Bobby
Hi ! The Wireguard VPN doesn’t isolate clients on default. If i want to enable client isolation ??? tnx
403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
someone forgot to update subspace ACME client…