Wireguard Support in RADIUSdesk

• As of November 2025, RADIUSdesk can centrally manage Wireguard running on Ubuntu and Raspberry Pi based devices.
• With the Wireguard Servers applet you declare and manage one or more instances of Wireguard on these devices.
• On the device you install lightweight agent which interacts with RADIUSdesk.
• The agent also reports back to RADIUSdesk on the status of Wireguard and any active peer connections.
• The following graphic shows how everything fits together.

• Wireguard Servers can be found under the Other → VPN & Tunneling grouping.
• It has two tabs
  • The Servers tab displays all of the Wireguard servers which are managed centrally.
  • The New Arrivals lists Wireguard servers that reported to RADIUSdesk but which require on-boarding.

• When you add a Wireguard server, you will need the following information from the server where the agent is installed on.

• MAC Address is used to uniquely identify the server.
• IP Address will be used in the peer configuration to specify the IP Address where a peer needs to connect with.
• Uplink Interface is used for the firewall rules when NAT is specified on a Wireguard instance.

Each Wireguard server will have one or more Wireguard Instances associated with it.

We will cover Wireguard Instances next.

• We will cover Profiles first although it is the second sub-tab since it is required to have a profile ready in order to define a server.

• Profiles allow you to override certain values which were specified in the Base Config so that they become unique to that profile.
• These include items which might need tweaking for certain environments.
• Each of the sections inside the GUI maps to a section in the /etc/accel-ppp.conf file.

• This is the final category and one that is specific to an Accel-ppp server in the applet.
• An Accel-ppp server needs a mandatory Profile (Unique settings) and then two items which are specific.
  • Interface This is the interface name on the server where we want to run the PPPoE servie on.
  • NAS Identifier This is the specific identifier used to identify the Accel-ppp server on RADIUS.

• Although the Servers tab is first we started with the Profiles tab since we need to have a Profile available which we can associate with a server.
• Each server has the following mandatory fields.
  • Name A unique name to identify the server with.
  • MAC Address This has to match the MAC Address of the interface on the device running Accel-ppp and is used as a identity field.
  • Server Profile This was covered earlier in this document.
  • Interface The name of the interface on which you plan to run the PPPoE service on (using Accel-ppp)
  • NAS Identifier Used to identify the server when interacting with the RADIUS server.

• The screenshot above is from the Accel-ppp server applet.
• Let's look at some key points
  • The Refresh button has an option to automatically refresh at fixed intervals. This is handy if you want to see when an Accel-ppp server comes online without having to hit the refresh button the whole time.
  • Next to it is a toggle button which allows you to see either all defined server or only those servers which are currently online.
  • The Add, Delete and Edit buttons should be self explanatory.
  • The Restart Service button is used to set the restart service flag on a selected server.
  • If it is set (indicated visually with a gears icon prepended to the name) and the next heartbeat arrives from the RADIUSdesk Accel-ppp agent. the agent will detect the flag and restart the Accel-ppp service.
  • The visual indication will also be cleared.
  • The final button is used to launch a new tab which will list all the active sessions.

• The final button on the active sessions tab in turn will allow you to terminate selected sessions.
• It works is a similar way to the Restart Service button for the server itself where a flag is set and there is a visual indication that a session is marked for disconnect until the next heartbeat where it will be cleared and the RADIUSdesk Accel-ppp agent will terminate the user's session.

• Any of the Accel-ppp servers that still needs on-boarding will be listed under New Arrivals.
• Simply select the one you want to on-board and provide the required information to allow it to become part of the managed servers.
• Reboot the device after on-boarding and the configuration will be applied through the RADIUSdesk Accel-ppp agent.

• Be sure to check out the steps to follow on the Ubuntu or Raspberry Pi to install the RADIUSdesk Accel-ppp agent so it can be managed by RADIUSdesk.