Everything You Need to Manage WireGuard

Comprehensive tools for deployment, monitoring, and security.

Complete Command Center

Stop wrestling with config files. Manage your entire VPN infrastructure from a beautiful UI.

Deploy Instantly: Spin up new tunnels in seconds
Zero-Friction Onboarding: Auto-generate keys for users
Scan-to-Connect: Mobile access via instant QR codes
One-Click Export: Download configs for any device

The Pulse of Your Network

Visualize traffic flow and connection health in real-time. Never guess about status again.

Live Traffic Maps: Watch bandwidth usage as it happens
Active Monitoring: See exactly who is online right now
Health Checks: Track handshake latency & packet loss
Auto-Pilot: Dashboards refresh automatically

Fortress-Level Security

Enterprise-grade protection baked in by default. Sleep soundly knowing your network is hardened.

Bulletproof Auth: Secure JWT token-based access
Compliance Ready: Full administrative audit trails
Hardened Headers: HSTS, CSP, and XSS protection
Isolated: Runs as non-root container for max security

Developer-First Architecture

Built on a modern, high-performance stack that integrates perfectly with your tools.

Full API Integration: Automate everything via REST API
Blazing Fast: Async Python backend + SvelteKit frontend
Drop-in Deployment: Native Docker & Compose support
Dev Friendly: Mock backend for easy local testing

Ready in 60 Seconds

No complex setup. Just Docker.

Prepare Directory

Create a folder for your configuration.

mkdir tunnbox && cd tunnbox

Configure

Download the environment file, generate a secret key, and set your server's public IP.

curl -o .env https://raw.githubusercontent.com/pgorbunov/tunnbox/v1.0.0/.env.example

# Generate a unique secret key
SECRET_KEY=$(openssl rand -hex 32)
sed -i "s/^SECRET_KEY=.*/SECRET_KEY=$SECRET_KEY/" .env

# Set your server's public IP or domain
sed -i "s/^WG_DEFAULT_ENDPOINT=.*/WG_DEFAULT_ENDPOINT=your.server.ip/" .env

Launch

Use our pre-built Docker image.

docker compose up -d