WireGuard Business-VPN WISECP module
The module is created to empower IT companies to enrich their service offerings through the provision of paid WireGuard VPN accounts. Once installed, the module takes care of the entire process of creating, modifying, and suspending WireGuard VPN accounts. It seamlessly integrates with the WISECP billing system, streamlining the exchange of crucial data for customer settlements, account activations, and service suspensions. In essence, the service is tailored for business clients who have the capability to manage their VPN accounts.
- Description
- Changelog
- Installation and configuration guide
- Setup (install/update)
- License Activation
- PUQVPNCP installation and configuration
- Add server (PUQVPNCP) in WISECP
- Service/Product configuration
- WireGuard clients configuring
- WireGuard Official clients
- Android WireGuard client configuration
- macOS WireGuard client configuration
- Windows WireGuard client configuration
- Linux WireGuard client configuration
- Mikrotik WireGuard client configuration
- iOS WireGuard client configuration
- Admin Area
- Client Area
Description
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
The WireGuard Business-VPN module is designed to provide a customizable Virtual Private Network service for business clients who have the capability to independently manage their VPN accounts.
At its core, the module gives the end customer control over a group of VPN account entries, allowing them to add, remove, block, and perform port forwarding on these accounts. All accounts are part of a unified network and share a common external IP address. Additionally, there's a feature enabling internal traffic to be routed among these accounts.
This innovative system empowers end clients to establish corporate private networks tailored to their own customers. With the flexibility to manage VPN accounts and the added functionality of internal traffic forwarding, businesses can customize their VPN service to meet the specific needs of their clientele.
Attention.
The module require the PUQVPNCP control panel with active license.
PUQVPNCP Documentation
PUQVPNCP Download
PUQVPNCP Order now
Requirements
WISECP: v3.1.5+, php: v8.x, Ioncube: V12+
PUQVPNCP: v1.8+
Supports protocols:
- WireGuard
- IKEv2
Module Functions:
- Auto create and deploy VPN account/accounts
- Suspend/Unsuspend/Delete/Change Package
- Port forwarding
- Module require active PUQVPNCP API (need separte license)
- Possibility to set Bandwidth speed limits per client VPN account
- Module supports multilingualism (Arabic, Azerbaijani, Catalan, Chinese, Croatian, Czech, Danish, Dutch, English, Estonian, Farsi, French, German, Hebrew, Hungarian, Italian, Macedonian, Norwegian, Polish, Romanian, Russian, Spanish, Swedish, Turkish, Ukrainian)
- Link to instructions for setting up the service in the client area.
- Mechanism for working with servers and server groups
Available options in the admin panel:
- Create users
- Suspend users
- Unsuspend users
- Delete users
- Change Package
- VPN connection status
Available options in the client panel:
- Links in the form of buttons to the instruction and VPN clients
- General information about the service
- Password change option (for IKEv2)
- One-time link generation button for transmitting authorization data
- Option to download WireGuard configuration as a file
- QR code for WireGuard configuration
- Server certificate download button (for IKEv2)
- Download button for the profile for the strongSwan mobile application (for IKEv2)
- VPN connection status
Screenshot of the client area
Screenshot of the Admin area
Changelog
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
v1.2 Released 07-04-2024
- Added "endpoint configuration option" to service configuration
v1.1 Released 15-02-2024
- Fixed a bug with some cases where it was not possible to delete the server
- Improved security
v1.0 Released 06-12-2023
First version
Installation and configuration guide
Setup (install/update)
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
To install and update a module, you must perform one and the same action.
1. Download the latest version of the module.
wget https://download.puqcloud.com/WISECP/Product/PUQ_WISECP-WireGuard-Business-VPN/PUQ_WISECP-WireGuard-Business-VPN-latest.zipAll versions are available: https://download.puqcloud.com/WISECP/Product/PUQ_WISECP-WireGuard-Business-VPN/
2. Unzip the archive with the module.
unzip PUQ_WISECP-WireGuard-VPN-latest.zip3. Copy and Replace "puqMikrotikWireGuardBusinessVPN" from "PUQ_WISECP-WireGuard-Business-VPN" to "WISECP_WEB_DIR/coremio/modules/Product/"
License Activation
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
1. Log in to the administrative area of your WISECP.
2. Go to module configuration.
Services -> Service Management -> Module Settings -> Other -> All Modules -> PUQ WireGuard Business-VPN
3. On the open page, enter the purchased license key for this product and click the 'Check and Save' button to validate the key and save it.
PUQVPNCP installation and configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Official documentation:
PUQVPNCP Documentation
PUQVPNCP Download
PUQVPNCP Order now
1. Install the required packages
apt-get update
apt-get install wireguard wireguard-dkms wireguard-tools -y
apt-get install iproute2 iptables -y
apt-get install bind9 -y2. Download the latest version of the package
https://download.puqcloud.com/cp/puqvpncp/
3. Install the puqvpncp package
wget https://download.puqcloud.com/cp/puqvpncp/puqvpncp_XXXX_amd64.deb
dpkg -i puqvpncp_XXXX_amd64.deb4. After installation, connect to your server via a web browser.
http://SERVER_IP:8098
Username: admin
Password: admin
5. Enable SSL Let’s Encrypt
Requirements
- The active domain name that resolves the server's IP address
- Port 80 and 443 are always open, and not busy with another process
In order for the system to start the procedure for obtaining an SSL certificate from Let's Encrypt, it is necessary.
In the configuration file, enable the use of SSL and enter the domain name.
nano /etc/puqvpncp/puqvpncp.conf LetsEncrypSSL=yes
Domain=XXXXXX.XXXRestart the PUQVPNCP service
service puqvpncp restartAfter these steps, the first time you connect to the server via the https protocol, the system will request an SSL certificate and automatically renew it if necessary.
ATTENTION. After activating SSL, the system will only work in the https protocol on port 443.
A redirect is also set from port 80 to port 443.
To connect to the server via the https protocol, use only the domain that was set in the configuration file.
Otherwise, you will get an error that SSL is not working correctly.
6. License configuration is available in the menu item Settings->License
By default, the system limit is 50 users and the API is disabled.
In order to activate the license key, the key must be entered in the "License Key" field and click on the "Save" button
7.Creation of access API
To manage API Access Hashs, go to the section Settings->API
Enter the name and IP address of the WHMCS server and click the ADD button
Attention.
The generated Access hash will only be shown once. Copy it, it will be needed during configuration of the product server in the WHMCS system.
Accept the fact that once the Access Hashs API is created, it will only be shown once.
Each API Access Hash only works from a specific IP address.
8. Creation of access API
Add new WireGuard is available in the menu item VPN servers->WireGuard->Click Create
Enter or edit the parameters of the new server/interface and click the ADD button
Add server (PUQVPNCP) in WISECP
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
1. Log in to the administrative area of your WISECP.
2. Go to module configuration.
Services -> Service Management -> Module Settings -> Other -> All Modules -> PUQ WireGuard Business-VPN
3. In the opened page, click the 'Add Server' button.
4. On the opened page, enter all the necessary information:
- Name: Displayed name of the server.
- Maximum Number of Accounts: The number of services that can be on this server.
- Server Group: Optionally, choose the server group.
- Main Public IP Address: is the public IP that will be used in those services which will utilize a single public IP for all.
- DNS 1 and DNS 2: are DNS servers that will be specified in the configuration of WireGuard clients.
- IP Address or Domain: The address of the PUQVPNCP server you are connecting to
- Access Hash: API key that you created in the previous step on the PUQVPNCP server. (IP addresses should be configured on the interfaces in PUQVPNCP.)
- Check the SSL box if you want to use SSL-encrypted connection. If necessary, specify the port and perform a connection test.
Service/Product configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
If you do not have a Service Group where you want to place the new service, you need to create a new Service Group
1. Log in to the administrative area of your WISECP.
2. Create New Service Group
Go to
Services -> Service Management -> Add Group
Enter all the necessary data and click the 'Create Group' button.
3. Adding a New Service
Go to
Services -> our service group where you need to add the new service.
In the opened window, click the 'Create New Service' button.
On the opened page, enter all the necessary details for your new service and navigate to the 'Core' tab.
Select the 'PUQ WireGuard Business-VPN' module from the drop-down list of modules.
4. Fill in the configuration options according to your preferences.
- Server Group is the group of servers from which a server will be chosen for provisioning the service
- Number of VPN Accounts: the quantity of VPN user accounts a client can create within this package
- Bandwidth Download and Bandwidth Upload represent the connection speed that will be restricted by these parameters, in megabits per second, respectively.
- Username prefix: Will be attached to the beginning of username. Only small letters and numbers and symbol "-"
- Username suffix: Will be appended to the end of username. Only small letters and numbers and symbol "-"
- Use main Public IP Address: Use one main public IP for all services
- Internal Traffic: If the checkbox is selected, it indicates that internal traffic between VPN clients of the client will be allowed.
- Persistent Keepalive/AllowedIPs: parameters of configuration WireGuard clients
-
Interface MTU: This parameter will be set during the creation of the WireGuard interface.
- Link to Instruction Provide the link to the instruction for the service, and it will be displayed in the client area as a separate button
- Link to VPN Clients Provide the link to the page for downloading VPN clients for the service, and it will be displayed in the client area as a separate button
WireGuard clients configuring
WireGuard Official clients
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Our solution works great with official client programs. We strongly invite you to use them.
 |
 |
You can download from the https://www.wireguard.com/install/
Please always download latest versions. The following list is intended as a general direction only.
Windows [7, 8.1, 10, 11, 2008R2, 2012R2, 2016, 2019, 2022 – v0.5.3]
Download Windows Installer
Browse MSIs
macOS [app store – v1.0.15]
Android [play store – vunknown – out of date & f-droid – v1.0.20220516]
Download from Play Store
Download from F-Droid
iOS [app store – v1.0.15]
Debian/Ubuntu
$ sudo apt install wireguard
Android WireGuard client configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
In order to connect to a VPN, follow these steps:
- Open the link you received in a browser to get instructions and configuration for your new VPN connection. And you will see the following page in the browser window
- Since we are setting up a connection for an android device, we need the WireGuard client for android. To download the client on your phone, open the link on your mobile device and click "Download client Android".
- After you click on the "Download client Android" button, your application store will open, where you need to install your client for Android. Click "Install" to install the application on your mobile device.
- After completing the app installation, open the app to configure your VPN connection.
- This is how the main window of the application looks like, which has no configured connections. To set up a new VPN connection, you must press the plus button.
- After you click on the button that allows you to create a new connection, you will be presented with several options. Now we will use the QR code scanning method. Click on the "SCAN FROM QR CODE" button to start scanning.
Later in this manual, in point number 13, we will look at creating a connection using a configuration file.
- It is worth noting that if you are using the application for the first time, your device will ask you if you can allow access to the camera. You need to allow access to the camera, otherwise scanning will not be possible.
- After you can already start scanning and see that your device is ready, point your camera at the QR code you received.
- After scanning the code, when the scan was successful, the application will prompt you to enter a name for the new connection. Enter a name and save the new configuration by clicking on the "CREATE TUNEL" button.
- After you save your new connection, you will see a list of your VPN connections. Find the required connection to activate it and switch the slider to activation mode.
- It is worth noting that if you have activated your connection for the first time, the system will ask you if it is possible to add such a connection, you must agree that a new connection will be established in order to establish a new connection.
- And so, now your connection is established, you can notice that the slider is in activation mode and you can see a special system icon in the notification bar, which indicates that the VPN connection is activated.
- To create a connection using a configuration file: You need to download the configuration file to your mobile device. To download this file, click on the "Dowload config file" button.
-
Once your configuration file has been downloaded to your device, you need to proceed. You need to return to the "WireGuard" application to import your configuration file. Click "IMPORT FROM FILE OR ARCHIVE" to start importing the configuration file.
-
Next, you will be prompted to find your configuration file. You need to find the configuration file and select it.
-
After you select your configuration file, the connection will be created.
-
To connect to a new VPN connection, you need to activate the slider opposite to the activate position.
macOS WireGuard client configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
In order to connect to a VPN, follow these steps:
- Open the link you received in a browser to get instructions and configuration for your new VPN connection. And you will see the following page in the browser window
- In order to start the configuration you need to download the configuration file. To download the configuration file, click the "Dowload config file" button.
- Save the file to downloads or any other place to import later.
- Since we are setting up a connection for an android device, we need the WireGuard client for macOS. To download the client on your device, open the link on your device and click "Download client macOS".
- After you click on the "Download client macOS" button, your application store will open, where you need to install your client for macOS. Click "Get" and after "Install" to install the application on your device.
- After completing the app installation, open the app to configure your VPN connection.
- This is how the main window of the application looks like, which has no configured connections. To set up a new VPN connection, you must press the "Import tunel(s) from file" button.
-
Next, you will be prompted to find your configuration file. You need to find the configuration file and select it.
- After you select your configuration file, the connection will be created.
- Click the "Activate" button. To activate your VPN connection.
- Congratulations. Your VPN connection is active. We can see this by looking at the system icon bar.
Windows WireGuard client configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
In order to connect to a VPN, follow these steps:
- Open the link you received in a browser to get instructions and configuration for your new VPN connection. And you will see the following page in the browser window
- In order to start the configuration you need to download the configuration file. To download the configuration file, click the "Dowload config file" button.
- Save the file to downloads or any other place to import later.
- Since we are setting up a connection for an android device, we need the WireGuard client for Windows. To download the client on your device, open the link on your device and click "Download client Windows".
- Install the app on your device.
- This is how the main window of the application looks like, which has no configured connections. To set up a new VPN connection, you must press the "Import tunel(s) from file" button.
- Next, you will be prompted to find your configuration file. You need to find the configuration file and select it.
- After you select your configuration file, the connection will be created.
- Click the "Activate" button. To activate your VPN connection.
- Congratulations. Your VPN connection is active.
Linux WireGuard client configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
In order to connect to a VPN, follow these steps:
- Open the link you received in a browser to get instructions and configuration for your new VPN connection. And you will see the following page in the browser window
- In order to start the configuration you need to download the configuration file. To download the configuration file, click the "Dowload config file" button.
- Save the file to downloads or any other place to import later. You can download the configuration file and move it to your server, or you can create a new file and copy the configuration text into it. We will copy the configuration text into a new file in this WireGuard client setup guide.
- Since we are setting up a connection for an Linux device, we need the WireGuard client for Linux. To download and install the client on your device, by command
sudo apt install wireguard - After installing the client, navigate to the folder
cd /etc/wireguard/and create a configuration file. With the help of the commandnano wg0.conf - Copy the configuration text into your terminal window.
- Save the file, after saving the file you need to complete the connection.
Connect using the command:sudo wg-quick up wg0
Mikrotik WireGuard client configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Configuring Mikrotik as an WireGuard Client.
Make sure you have an up to date routerOS system.
Version must be at least: 7.6
[admin@VPN-CLIENT] > system package print
Columns: NAME, VERSION
# NAME VERSION
0 routeros 7.6 Open a single-use shipment on the WireGuard section for the client's configuration request
Login to Mikrotik via Winbox
Copy the private key from the text configuration from the [Interface] section to the PrivateKey field in the WireGuard interface settings in Mikrotik
Click OK to create the interface
Go to the peers tab.
Click plus to add a new peer
Interface - Select the previously created WireGuard interface
Public key - Copy the public key from the text configuration from the [Peer] section to the Public key field
Endpoint - Copy the server address from the text configuration from the [Peer] section to the endpoint field
Endpoint Port - Copy the server port from the text configuration from the [Peer] section to the Endpoint Port field
Allowed Address - Copy AllowedIPs from the text configuration from the [Peer] section to the Allowed Address field
Persistent Keepalive - Copy the PersistentKeepalive from the text configuration from the [Peer] section to the Persistent Keepalive field
Click OK to create a peer
In order to have communication with the server, you need to set the address on the WireGuard interface
Addresse - Copy the Address from the text configuration from the [Interface] section to the Address field
Interface - Select the previously created WireGuard interface
You also need to configure the traffic routes you need at your discretion.
iOS WireGuard client configuration
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
In order to connect to a VPN, follow these steps:
- Open the link you received in a browser to get instructions and configuration for your new VPN connection. And you will see the following page in the browser window
- Since we are setting up a connection for an iOS device, we need the WireGuard client for iOS. To download the client on your phone, open the link on your mobile device and click "Download client iOS".
- After you click on the "Download client iOS" button, your application store will open, where you need to install your client for iOS. Click "Install" to install the application on your mobile device.
- After completing the app installation, open the app to configure your VPN connection.
- This is how the main window of the application looks like, which has no configured connections. To set up a new VPN connection, you must press the plus button or "Add a tunnel" button.
- After you click on the button that allows you to create a new connection, you will be presented with several options. Now we will use the QR code scanning method. Click on the "SCAN FROM QR CODE" button to start scanning.
Later in this manual, in point number 10, we will look at creating a connection using a configuration file.
It is worth noting that if you are using the application for the first time, your device will ask you if you can allow access to the camera. You need to allow access to the camera, otherwise scanning will not be possible.
- After you can already start scanning and see that your device is ready, point your camera at the QR code you received.
It is worth noting the system will ask your password
- After scanning the code, when the scan was successful, the application will prompt you to enter a name for the new connection. Enter a name and save the new configuration by clicking on the "Save" button.
- After you save your new connection, you will see a list of your VPN connections. Find the required connection to activate it and switch the slider to activation mode.
- To create a connection using a configuration file: You need to download the configuration file to your mobile device. To download this file, click on the "Dowload config file" button.
-
Once your configuration file has been downloaded to your device, you need to proceed. You need to return to the "WireGuard" application to import your configuration file. Click "Create fron file or archive" to start importing the configuration file.
-
Next, you will be prompted to find your configuration file. You need to find the configuration file and select it.
-
After you select your configuration file, the connection will be created.
-
To connect to a new VPN connection, you need to activate the slider opposite to the activate position.
Admin Area
Order Detail
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Navigate to the service you want to manage, then go to the 'Core' tab.
In the opened tab, you have a view of the online status of the service. The available online information includes:
- Connection status to the API
- Information about the VPN accounts on the PUQVPNCP server
- Diagnostic information about the account (online status, firewall rule counters, and so on).
Also, below are fields with the client's personal data, such as Username, Server, and Dedicated IP.
You can also individually override package options for the client by checking the 'Overwrite package settings' box.
After modifying the configuration options, check the 'Send changes to server' box to save the data to the PUQVPNCP server.
Note: When changing the Server Group, Server, and WireGuard Server fields, make sure you have a user with the username as specified in the 'Username' field pre-created on the new server. Otherwise, you will need to recreate the service for your client.
Client Area
Product Home Screen
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Available options in the client panel:
-
VPN Account Creation Button
-
Port Forwarding Management Button
- Links in the form of buttons to the instruction and VPN clients
- General information about the service
-
List of VPN Users Encrypted by the Client with Status and Edit Button
Screenshot of the client area
Add VPN account
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
To create a new VPN account, you need to click on the "Add VPN Account" button on the main screen of the product.
In the opened window, you need to enter the Username, Password and select an IP address for the account that the account will use. Don't forget to click the "Add VPN Account" button.
Port Forwarding
WireGuard Business-VPN module WISECP
Order now | Download | FAQ
To access the port forwarding settings, you need to click on the "Port Forwarding" button on the main screen of the product.
To create a new port forwarding rule, enter the port you want to forward, select the protocol, choose the VPN account from the dropdown list to which the port will be forwarded, and enter the port to which the forwarding will occur. After filling in the details, press the "Add Port Forwarding" button.
