# hvpn-node3 hvpn is a basic HTTP API service that manages wireguard VPN. Can be part of part of a larger system of services. The program itself does not route and manage the VPN traffic; but the underlying host and kernel wiregaurd driver. hvpn only exposes the state and allows changes to be applied. ## Build ```bash cd cmd/hvpn-node && go build . ``` ## Run With root (no recommended!) ```bash sudo ./hvpn-node ``` Without root; using libcap ```bash set_cap.sh && ./hvpn-node ``` The program creates a keys for the wireguad interface if non are given. The device name is `hvpn0`. ## Add a peer ```bash curl -X POST \ -d '{"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI="}' \ localhost:8080/peer ``` Response body ```json { "mtu": 1380, "public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI=", "public_key_url_safe": "TxPfKra6%2FBQ2tkVXHM%2FPjeJgzX7j0I07acOn%2B2re%2FyI%3D", "endpoint": "", "allowed_ips": "10.42.0.1", "presistent_keepalive": 25000000000, "TX": 0, "RX": 0 } ``` ## CLI options ``` GLOBAL OPTIONS: --log-level value (default: "INFO") [$LOG_LEVEL] --private-key value Path to file with private key --cidr value, -n value The network subnet used for the internal IP Pool (default: "10.42.0.0/16") --interface value, -i value Name of the Wireguard interface to be created and managed (default: "hvpn0") --endpoint value Wireguard endpoint domain or address without the port (default: "domain.name.notset") --port value, -p value UDP Port for wireguard device (default: 6416) --host value IP address to listen on for HTTP API requests (default: "0.0.0.0") --http-port value TCP Port for HTTP API (default: 8080) --help, -h show help TLS: --cert value Server x509 certificate file --cert-private-key value Server x509 certificate private key file --client-certs value, --ca value Clients x509 file with single or many certificates --enable-tls, --tls (default: false) ```