curl -sSL https://install.phantom.tc | bash
With the Core module, client management, cryptographic key generation, automatic IP allocation, and firewall configuration are all managed from a single center. Maintain full control over your entire infrastructure with service monitoring, health tracking, and subnet management.
Chain your traffic through external WireGuard servers with the Multihop module. Create a double VPN layer using your own servers or commercial VPN providers and route your traffic through multiple layers.
With the Ghost module, your WireGuard traffic is masked as standard HTTPS web traffic. Bypass DPI systems and firewall blocks with a fully masked, censorship-resistant connection.
Use the Ghost and Multihop modules together with the MultiGhost scenario. Your connection is masked as HTTPS and routed through a double VPN layer, achieving maximum privacy and censorship resistance.
Phantom-WG is a fully open-source system with a flexible, modular architecture. Developed with transparent management processes, detailed test scenarios, and mature DevOps methodologies. Audit the code, perform security analysis, and run it with full control on your own infrastructure or development environment.
Phantom-WG Cockpit
The Core module is the heart of Phantom-WG and provides fundamental WireGuard server management operations. It consolidates essential functions such as client creation, configuration generation, firewall management, service monitoring, and health tracking under a single interface.
Core Module Key Functions:
Your Core traffic follows this path:
Create a new client:
phantom-api core add_client client_name="ghost"
Export client configuration:
phantom-api core export_client client_name="ghost"
Remove a client:
phantom-api core remove_client client_name="ghost"
List clients (with pagination and search support):
phantom-api core list_clients page=1 per_page=10
phantom-api core list_clients search="ghost"
View the most recently added clients:
phantom-api core latest_clients count=5
Get comprehensive server status information:
phantom-api core server_status
View WireGuard service logs:
phantom-api core service_logs lines=50
Restart the WireGuard service:
phantom-api core restart_service
Check firewall configuration status:
phantom-api core get_firewall_status
View current subnet information:
phantom-api core get_subnet_info
Validate the new subnet (before applying changes):
phantom-api core validate_subnet_change new_subnet="192.168.100.0/24"
Change the subnet (requires confirmation):
phantom-api core change_subnet new_subnet="192.168.100.0/24" confirm=true
Layered Multi-VPN Architecture
The Multihop module routes your traffic through an external WireGuard server, creating a double VPN layer. This external server can be either a commercial VPN provider or another server you have set up yourself. Phantom-WG connects to the external server using the WireGuard client configuration you provide and routes all traffic through this connection. Simply import the client configuration — the entire routing process is managed automatically by the system.
This advanced architecture makes traffic analysis significantly harder, providing high levels of anonymity and multiple security layers. Phantom-WG manages this process fully automatically, giving you complete flexibility and control without depending on any third party or service.
Thanks to the system's flexibility, you can also chain multiple Phantom-WG servers together and route your traffic sequentially through them. By importing the WireGuard client configuration from each Phantom-WG server as the exit server configuration in the previous server's Multihop module, you can build a layered chain structure. Each server connects to the next one as a client and routes traffic through it. This approach lets you build a multi-server chain entirely under your own control, creating a reliable infrastructure tailored to your use cases without relying on commercial VPN providers.
With Multihop, your traffic follows this path:
This layered approach conceals your real IP address behind a double VPN layer and makes tracing your traffic significantly harder.
Import a WireGuard client configuration:
phantom-api multihop import_vpn_config config_path="/home/user/exit-wg.conf"
List existing exit points:
phantom-api multihop list_exits
Remove an exit point configuration:
phantom-api multihop remove_vpn_config exit_name="exit-wg"
Enable Multihop mode:
phantom-api multihop enable_multihop exit_name="exit-wg"
Check Multihop connection status:
phantom-api multihop status
Test the VPN exit connection:
phantom-api multihop test_vpn
Disable Multihop mode:
phantom-api multihop disable_multihop
View Multihop session logs:
phantom-api multihop get_session_log lines=50
Completely reset Multihop state:
phantom-api multihop reset_state
Censorship-Resistant Tunnel Architecture
The Ghost module disguises your WireGuard traffic as standard HTTPS web traffic, helping you bypass DPI systems and firewall blocks. It achieves this using the wstunnel service under the hood. Phantom-WG automatically handles wstunnel service configuration, SSL certificate management, firewall rules, and systemd services. Simply provide a domain with its A record pointed to your server — the system takes care of the entire technical process.
You can use both your own domain name and free services such as sslip.io or nip.io.
With Ghost, your traffic follows this path:
Thanks to this transformation, censorship systems do not see VPN traffic — they only see a legitimate HTTPS connection.
Point your domain's A record to your server IP, or use sslip.io.
Enable Ghost mode (with a domain):
phantom-api ghost enable domain="cdn.example.com"
Enable Ghost mode (with sslip.io):
phantom-api ghost enable domain="157-230-114-231.sslip.io"
Check Ghost module connection status:
phantom-api ghost status
Disable Ghost mode:
phantom-api ghost disable
Get the Ghost client configuration via phantom-casper:
phantom-casper [username]
Symphony of Invisibility Layers
MultiGhost is an advanced security scenario where the Multihop and Ghost modules are used together. In this scenario, your connection is masked as HTTPS traffic while your traffic is routed through an external VPN server, creating a double layer. By combining the strengths of both modules, this approach provides an ideal solution for use cases requiring maximum privacy and censorship resistance.
The connection to the Phantom-WG server is concealed by the Ghost module and appears as standard HTTPS traffic. Once the traffic reaches the server, it is routed to an external VPN server via the Multihop module. This way, you bypass DPI systems while achieving a high level of anonymity through the double VPN layer.
Both modules operate independently and can be disabled at any time.
With MultiGhost, your traffic follows this path:
This layered structure both bypasses DPI systems and makes traffic analysis harder. Your connection appears as HTTPS while your real destination and IP address remain hidden behind the double VPN layer.
Step 1: Enable Ghost mode:
phantom-api ghost enable domain="cdn.example.com"
Step 2: Import the external VPN configuration:
phantom-api multihop import_vpn_config config_path="/home/user/exit-wg.conf"
Step 3: Enable Multihop mode:
phantom-api multihop enable_multihop exit_name="exit-wg"
Check Ghost module status:
phantom-api ghost status
Check Multihop module status:
phantom-api multihop status
Test the VPN exit connection:
phantom-api multihop test_vpn
Disable Multihop mode:
phantom-api multihop disable_multihop
Disable Ghost mode:
phantom-api ghost disable