Skip to content

brokechubb/wgsplit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
contrib
contrib
 
 
crates
crates
 
 
tui
tui
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

wgsplit

WireGuard Connection Manager with Split Tunneling for Linux.

Manage WireGuard tunnels with per-application and per-domain/IP routing via a terminal UI.

Features

  • Per-application routing: Route specific apps through VPN or direct
  • Per-domain/IP routing: Route specific domains or IP addresses through VPN or direct
  • WireGuard management: Add, edit, delete, connect/disconnect tunnels
  • Terminal UI: Fast, responsive TUI built with OpenTUI
  • Systemd integration: Run as a system service

Requirements

  • Linux with cgroups v2 (Arch, Fedora, modern distros)
  • WireGuard (wireguard-tools package)
  • socat for IPC communication
  • nftables for packet marking
  • Root privileges for the daemon

Installation

From Source

# Build daemon
cargo build --release

# Build TUI (requires Bun)
cd tui && bun build src/index.tsx --compile --outfile wgsplit

# Install
sudo cp target/release/wgsplitd /usr/local/bin/
sudo cp tui/wgsplit /usr/local/bin/
sudo cp contrib/wgsplitd.service /etc/systemd/system/
sudo systemctl daemon-reload

Dependencies

# Arch
sudo pacman -S wireguard-tools socat nftables

# Fedora  
sudo dnf install wireguard-tools socat nftables

Usage

Start the daemon

sudo systemctl start wgsplitd
sudo systemctl enable wgsplitd  # optional: start on boot

Launch the TUI

wgsplit

Import a tunnel

wgsplit import /path/to/tunnel.conf

Command line help

wgsplit --help

TUI Keybindings

Key Action
↑/↓ Navigate tunnel list
c Connect/disconnect
s Open split tunneling config
e Edit tunnel
a Add new tunnel
d Delete tunnel
? Show help
q Quit

Split Tunneling

Per-Application

Add application executables to route through VPN (inclusive mode) or bypass VPN (exclusive mode). Uses cgroups v2 and nftables packet marking.

Per-Domain/IP

Add domains or IP addresses to route through VPN or direct. Domains are resolved via DNS and routes update automatically when IPs change. Raw IP addresses are routed directly without DNS resolution.

Configuration

  • ~/.config/wgsplit/settings.toml - Daemon settings
  • ~/.config/wgsplit/tunnels/ - Tunnel configurations (WireGuard .conf format)

Architecture

wgsplitd (daemon, runs as root)
├── IPC server on /run/wgsplitd.sock
├── WireGuard interface management
├── cgroups v2 process tracking
├── nftables fwmark marking
└── DNS resolution for domain routing

wgsplit (TUI)
└── Connects to daemon via Unix socket

License

GPL-2.0

About

WireGuard Connection Manager with Split Tunneling for Linux. Per-application and per-domain/IP routing, tunnel management, and DNS auto-resolution — all from a terminal UI.

Topics

linux archlinux fedora vpn vpn-manager wireguard nftables wireguard-vpn opentui

Resources

Readme

License

GPL-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages