Wireguard Integration
Wireguard is a modern, fast, and secure VPN solution. Xitogent integrates with Wireguard by periodically collecting its stats to get key metrics directly from the Wireguard kernel interface.
1. Prepare Wireguard for metrics collection
Wireguard exposes its operational data through the wg show command. Xitogent will execute this command to gather metrics. The wg command-line utility is typically installed alongside Wireguard. Verify its presence and functionality:
wg show
This command should output information about your Wireguard interfaces and peers, similar to this:
interface: wg0
public key: <server_public_key>
private key: (hidden)
listening port: 51820
peer: <client_public_key_1>
endpoint: 192.0.2.1:51820
allowed ips: 10.0.0.2/32
latest handshake: 1 minute, 2 seconds ago
transfer: 1.2 MiB received, 800 KiB sent
peer: <client_public_key_2>
endpoint: 192.0.2.2:51820
allowed ips: 10.0.0.3/32
latest handshake: 30 seconds ago
transfer: 500 KiB received, 300 KiB sent
2. Enable Wireguard integration in Xitogent
Run:
xitogent integrate
Select Wireguard. Xitogent will create /etc/xitogent/integrations/wireguard_integration.conf.
3. Metrics collected
Xitogent parses the output of wg show to collect the following metrics:
| Metric | Type | Description |
|---|---|---|
| peer_count | Gauge | Current number of active Wireguard peers (based on latest handshake). |
| rx_bytes_per_sec | Gauge | Instantaneous receive throughput (bytes/s) for the interface. |
| tx_bytes_per_sec | Gauge | Instantaneous transmit throughput (bytes/s) for the interface. |
| clients.*.rx_bytes_per_sec | Gauge | Per-client receive rate. |
| clients.*.tx_bytes_per_sec | Gauge | Per-client transmit rate. |
| clients.*.latest_handshake | Gauge | Time in seconds since the last successful handshake with the client. |
4. Setup Triggers for Wireguard integration
| Use-case | Condition | Severity |
|---|---|---|
| Client surge | connected_clients > 200 for 5 min | WARNING |
| High bandwidth | rx_bytes_per_sec > 50 MB/s for 2 min | MAJOR |
| Stale handshake | clients.*.latest_handshake > 300 for 1 min | WARNING |
5. Next steps
- Combine Wireguard metrics with PING/TCP checks to monitor uplink quality.
- Build dashboards that chart bandwidth trends against connected client counts during peak hours.