Dynamic WireGuard tunnel configuration.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Alex Giurgiu 742e75ef2d
linkmgr: Add Link.GetRoutes() method (#16)
8 months ago
client Rework address assignment logic 10 months ago
cmd Rework address assignment logic 10 months ago
linkmgr linkmgr: Add Link.GetRoutes() method (#16) 8 months ago
proto Rework address assignment logic 10 months ago
server Rework address assignment logic 10 months ago
.gitignore Proof-of-Concept 10 months ago
.golangci.yml Fix some linter warnings, add .golangci-lint.yml 10 months ago
LICENSE Proof-of-Concept 10 months ago
README.md Proof-of-Concept 10 months ago
const.go Abstract away network interface management 10 months ago
go.mod linkmgr: Add Link.GetRoutes() method (#16) 8 months ago
go.sum linkmgr: Add Link.GetRoutes() method (#16) 8 months ago
ipv6ll.go Fix some linter warnings, add .golangci-lint.yml 10 months ago
wg.go Abstract away network interface management 10 months ago

README.md

Wirebox WIP

Dynamic WireGuard tunnel configuration daemon.

Both client & server are Linux-only now.

Features

  • Clients need no configuration other than ed25519 key pair and server endpoint (IP + port).
  • Multicast-friendly thanks to PtP mode.
  • Can assign IPs dynamically if you do not care.
  • Centralized configuration at a single node (server).

Server

Acts as a router between connected clients (and possibly other networks), sends client configurations on request using WGDCP protocol.

Installation & configuration

Install Go toolchain and run the following to install its executable:

$ env GO111MODULE=on go get github.com/foxcpp/wirebox/cmd/wboxd@latest

Grab example configuration file here. wboxd looks for the configuration file named wboxd.toml in the current directory. This can be changed using -config command line option.

Do not forget to enable IP forwarding and adjust your firewall configuration appropriately:

# sysctl net.ipv4.ip_forward=1

Client

CLI utility that requests configuration from the server using WGDCP protocol, configures the WireGuard tunnel appropriately and exits.

Installation & configuration

Mostly the same as Server, just replace wboxd in the go get command. And the example configuration is here: [cmd/wbox/wbox.example.toml].

WGDCP

WireGuard Dynamic Configuration Protocol

Simple ProtoBuf-based protocol running on top of UDP/IPv6 inside "configuration" WireGuard tunnel. Intended as a specialized minimal DHCP replacement.

The configuration received from the server is authenticated because it is received over WireGuard tunnel.

The server uses strict "Allowed IPs" options for all tunnels and therefore will not allow IP spoofing to happen. Filtering is applied to prevent clients from peeking at configuration of other clients, but it is not bullet-proof.

TODO: Protocol documentation/specification is non-existent.