HeshamTB
32d90b67ce
This is scrapped for now. It may be outside the scope of this service to manage the fw... Let that be handled by automations such as Ansible or other tools during deployment-time. Signed-off-by: HeshamTB <hishaminv@gmail.com> |
||
---|---|---|
cmd/hvpn-node | ||
init | ||
proto | ||
templates | ||
.gitignore | ||
const.go | ||
go.mod | ||
go.sum | ||
handlers.go | ||
ip_pool_test.go | ||
ip_pool.go | ||
LICENSE | ||
link.go | ||
monitor.go | ||
node.go | ||
peer_meta.go | ||
README.md |
hvpn-node3
hvpn is a basic HTTP API service that manages wireguard VPN. Can be part of part of a larger system of services. The program itself does not route and manage the VPN traffic; but the underlying host and kernel wiregaurd driver. hvpn only exposes the state and allows changes to be applied.
Build
cd cmd/hvpn-node && go build .
Run
With root (no recommended!)
sudo ./hvpn-node
Without root; using libcap
set_cap.sh && ./hvpn-node
The program creates a keys for the wireguad interface if non are given.
The device name is hvpn0
.
Add a peer
curl -X POST \
-d '{"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI="}' \
localhost:8080/peer
Response body
{
"mtu": 1380,
"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI=",
"public_key_url_safe": "TxPfKra6%2FBQ2tkVXHM%2FPjeJgzX7j0I07acOn%2B2re%2FyI%3D",
"endpoint": "",
"allowed_ips": "10.42.0.1",
"presistent_keepalive": 25000000000,
"TX": 0,
"RX": 0
}
CLI options
GLOBAL OPTIONS:
--log-level value (default: "INFO") [$LOG_LEVEL]
--private-key value Path to file with private key
--cidr value, -n value The network subnet used for the internal IP Pool (default: "10.42.0.0/16")
--interface value, -i value Name of the Wireguard interface to be created and managed (default: "hvpn0")
--endpoint value Wireguard endpoint domain or address without the port (default: "domain.name.notset")
--port value, -p value UDP Port for wireguard device (default: 6416)
--host value IP address to listen on for HTTP API requests (default: "0.0.0.0")
--http-port value TCP Port for HTTP API (default: 8080)
--help, -h show help
TLS:
--cert value Server x509 certificate file
--cert-private-key value Server x509 certificate private key file
--client-certs value, --ca value Clients x509 file with single or many certificates
--enable-tls, --tls (default: false)