WireGuard Easy, the streamlined solution for deploying a self-hosted WireGuard VPN, has just released version 15.0. Yeah, I know—another new release, right? But before we dive into what’s new, let me just say this: I’ve tested a lot of WireGuard-based VPN setups, and version 15 of wg-easy really stands out.
It is a full-on rewrite of the project, and it strikes a perfect balance: it’s incredibly easy to use but still gives advanced users plenty of power, all wrapped up in a sleek, clean interface.
And lest you take that as mere talk, here’s the deal: I was so impressed with what v15 brings to the table that I completely rewrote our guide on setting up a self-hosted WireGuard server, focusing specifically on using WireGuard Easy. Now, let’s get into what’s new in this release.
As I already mentioned, the most impactful aspect of v15.0 is its ground-up rewrite of the setup process. In practice, almost all environment variables that previously guided installation have been removed. In their place is a more intuitive configuration scheme that leverages a SQLite database to store settings and user information.
The development team has streamlined how peers, keys, and network layouts are managed by centralizing data in SQLite. As a result, backup strategies become simpler—administrators need only preserve one database file rather than multiple scattered artifacts.
Furthermore, users should note that Dockerless installations are now deprecated. Thus, anyone running WireGuard Easy natively (i.e., outside of Docker) will need to transition to the containerized approach.
For administrators and end users alike, the new and improved UI simplifies complex tasks, such as adding peers, assigning IP ranges, and monitoring connection status, into a clean, responsive dashboard.
In addition, mobile support has been significantly improved, ensuring that users on smartphones or tablets can effortlessly access critical controls without encountering layout issues or performance bottlenecks.
On the security side, WireGuard Easy v15 adds Two-Factor Authentication using Time-based One-Time Passwords, giving administrators an extra layer of protection when logging into the dashboard.
Moreover, API Basic Authentication has been added for scripted interactions, ensuring that any automated calls to the WireGuard Easy API must present valid credentials. It is worth noting, however, that connections over plain HTTP now require the INSECURE environment variable to be set.
Another notable change concerns licensing: the project has moved from the Creative Commons CC BY-NC-SA 4.0 license to the GNU Affero General Public License v3.0 only (AGPL-3.0-only). In other words, anyone modifying or distributing the server-side code must continue to release derivative works under the same terms, thereby preserving long-term openness and collaboration.
We cannot fail to note that this update finally brings robust IPv6 support, allowing administrators to assign global unicast addresses or unique local addresses to peers. Simultaneously, CIDR support has been introduced, enabling more granular network segmentation without resorting to binary netmask notation.
The API structure has also been rethought from the ground up. Endpoints are now more logically grouped, and responses are standardized to reduce client-side parsing complexity. In conjunction with API Basic Authentication, the new structure enables third-party tools or custom scripts to interact with WireGuard Easy more reliably.
Beyond the headline features, WireGuard Easy v15.0 carries several other updates:
- Deprecated ARMv6 Support: Raspberry Pi Zero or older ARMv6 boards are no longer supported, reflecting that maintaining compatibility with legacy CPUs imposes undue complexity.
- Docker Volume Mounts for “/lib/modules“: To ensure kernel modules are correctly loaded, especially on hosts with custom WireGuard builds, the Docker container now requires a volume mount for “/lib/modules.”
- Replacement of Nightly with Edge Tag: Rather than offering a “nightly” build, the project now provides an “edge” tag for bleeding-edge features and bug fixes. This subtle rebranding aligns better with container conventions and clarifies expectations around stability.
- CLI Enhancements: Although most user interaction has shifted toward the web UI, the command-line interface has not been forgotten. v15.0 includes several ergonomic improvements, such as clearer help messages, context-aware tab completion, and new commands for backup and restore operations.
For more information on all changes, see the changelog.
