Go to file
HeshamTB 32d90b67ce
WIP: feat: commands and tools to setup fw and system settings for VPN:
This is scrapped for now. It may be outside the scope of
    this service to manage the fw...

    Let that be handled by automations such as Ansible or other tools
    during deployment-time.

Signed-off-by: HeshamTB <hishaminv@gmail.com>
2024-03-31 00:30:33 +03:00
cmd/hvpn-node WIP: feat: commands and tools to setup fw and system settings for VPN: 2024-03-31 00:30:33 +03:00
init init: 2024-03-11 17:34:06 +03:00
proto fix: correctly set the country code when no flag is passed: 2024-03-28 22:58:20 +03:00
templates feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
.gitignore LICENSE, README.md, and .gitignore 2024-03-15 00:46:18 +03:00
const.go WIP: feat: commands and tools to setup fw and system settings for VPN: 2024-03-31 00:30:33 +03:00
go.mod feat: Node info includes country code, and added cli flag 2024-03-28 22:35:17 +03:00
go.sum feat: Node info includes country code, and added cli flag 2024-03-28 22:35:17 +03:00
handlers.go feat: Node info includes country code, and added cli flag 2024-03-28 22:35:17 +03:00
ip_pool_test.go init: 2024-03-11 17:34:06 +03:00
ip_pool.go fix: Assign IP to wg device 2024-03-19 02:55:31 +03:00
LICENSE LICENSE, README.md, and .gitignore 2024-03-15 00:46:18 +03:00
link.go feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
monitor.go feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
node.go setup: allow running when uuid can not be read or saved 2024-03-18 20:30:40 +03:00
peer_meta.go feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
README.md feat: monitor peers in logs, README, Status 2024-03-19 02:56:52 +03:00

hvpn-node3

hvpn is a basic HTTP API service that manages wireguard VPN. Can be part of part of a larger system of services. The program itself does not route and manage the VPN traffic; but the underlying host and kernel wiregaurd driver. hvpn only exposes the state and allows changes to be applied.

Build

cd cmd/hvpn-node && go build .

Run

With root (no recommended!)

sudo ./hvpn-node

Without root; using libcap

set_cap.sh && ./hvpn-node

The program creates a keys for the wireguad interface if non are given. The device name is hvpn0.

Add a peer

curl -X POST \
    -d '{"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI="}' \
    localhost:8080/peer

Response body

{
  "mtu": 1380,
  "public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI=",
  "public_key_url_safe": "TxPfKra6%2FBQ2tkVXHM%2FPjeJgzX7j0I07acOn%2B2re%2FyI%3D",
  "endpoint": "",
  "allowed_ips": "10.42.0.1",
  "presistent_keepalive": 25000000000,
  "TX": 0,
  "RX": 0
}

CLI options

GLOBAL OPTIONS:
   --log-level value            (default: "INFO") [$LOG_LEVEL]
   --private-key value          Path to file with private key
   --cidr value, -n value       The network subnet used for the internal IP Pool (default: "10.42.0.0/16")
   --interface value, -i value  Name of the Wireguard interface to be created and managed (default: "hvpn0")
   --endpoint value             Wireguard endpoint domain or address without the port (default: "domain.name.notset")
   --port value, -p value       UDP Port for wireguard device (default: 6416)
   --host value                 IP address to listen on for HTTP API requests (default: "0.0.0.0")
   --http-port value            TCP Port for HTTP API (default: 8080)
   --help, -h                   show help

TLS:

   --cert value                      Server x509 certificate file
   --cert-private-key value          Server x509 certificate private key file
   --client-certs value, --ca value  Clients x509 file with single or many certificates
   --enable-tls, --tls               (default: false)