* added the vendor and vscode dirs to gitignore * added a new method for retrieving all routes for a given interface * Revert "added the vendor and vscode dirs to gitignore" This reverts commit
|8 months ago|
|client||10 months ago|
|cmd||10 months ago|
|linkmgr||8 months ago|
|proto||10 months ago|
|server||10 months ago|
|.gitignore||10 months ago|
|.golangci.yml||10 months ago|
|LICENSE||10 months ago|
|README.md||10 months ago|
|const.go||10 months ago|
|go.mod||8 months ago|
|go.sum||8 months ago|
|ipv6ll.go||10 months ago|
|wg.go||10 months ago|
Dynamic WireGuard tunnel configuration daemon.
Both client & server are Linux-only now.
Acts as a router between connected clients (and possibly other networks), sends client configurations on request using WGDCP protocol.
Install Go toolchain and run the following to install its executable:
$ env GO111MODULE=on go get github.com/foxcpp/wirebox/cmd/wboxd@latest
Grab example configuration file here.
wboxd looks for the configuration file named wboxd.toml in the current
directory. This can be changed using
-config command line option.
Do not forget to enable IP forwarding and adjust your firewall configuration appropriately:
# sysctl net.ipv4.ip_forward=1
CLI utility that requests configuration from the server using WGDCP protocol, configures the WireGuard tunnel appropriately and exits.
Mostly the same as Server, just replace
wboxd in the
go get command.
And the example configuration is here: [cmd/wbox/wbox.example.toml].
WireGuard Dynamic Configuration Protocol
Simple ProtoBuf-based protocol running on top of UDP/IPv6 inside "configuration" WireGuard tunnel. Intended as a specialized minimal DHCP replacement.
The configuration received from the server is authenticated because it is received over WireGuard tunnel.
The server uses strict "Allowed IPs" options for all tunnels and therefore will not allow IP spoofing to happen. Filtering is applied to prevent clients from peeking at configuration of other clients, but it is not bullet-proof.
TODO: Protocol documentation/specification is non-existent.