Go to file

HeshamTB 32d90b67ce WIP: feat: commands and tools to setup fw and system settings for VPN: This is scrapped for now. It may be outside the scope of this service to manage the fw... Let that be handled by automations such as Ansible or other tools during deployment-time. Signed-off-by: HeshamTB <hishaminv@gmail.com>		2024-03-31 00:30:33 +03:00
cmd/hvpn-node	WIP: feat: commands and tools to setup fw and system settings for VPN:	2024-03-31 00:30:33 +03:00
init	init:	2024-03-11 17:34:06 +03:00
proto	fix: correctly set the country code when no flag is passed:	2024-03-28 22:58:20 +03:00
templates	feat: grace period for new peers as a new evection policy	2024-03-28 01:22:29 +03:00
.gitignore	LICENSE, README.md, and .gitignore	2024-03-15 00:46:18 +03:00
const.go	WIP: feat: commands and tools to setup fw and system settings for VPN:	2024-03-31 00:30:33 +03:00
go.mod	feat: Node info includes country code, and added cli flag	2024-03-28 22:35:17 +03:00
go.sum	feat: Node info includes country code, and added cli flag	2024-03-28 22:35:17 +03:00
handlers.go	feat: Node info includes country code, and added cli flag	2024-03-28 22:35:17 +03:00
ip_pool_test.go	init:	2024-03-11 17:34:06 +03:00
ip_pool.go	fix: Assign IP to wg device	2024-03-19 02:55:31 +03:00
LICENSE	LICENSE, README.md, and .gitignore	2024-03-15 00:46:18 +03:00
link.go	feat: grace period for new peers as a new evection policy	2024-03-28 01:22:29 +03:00
monitor.go	feat: grace period for new peers as a new evection policy	2024-03-28 01:22:29 +03:00
node.go	setup: allow running when uuid can not be read or saved	2024-03-18 20:30:40 +03:00
peer_meta.go	feat: grace period for new peers as a new evection policy	2024-03-28 01:22:29 +03:00
README.md	feat: monitor peers in logs, README, Status	2024-03-19 02:56:52 +03:00

README.md

hvpn-node3

hvpn is a basic HTTP API service that manages wireguard VPN. Can be part of part of a larger system of services. The program itself does not route and manage the VPN traffic; but the underlying host and kernel wiregaurd driver. hvpn only exposes the state and allows changes to be applied.

Build

cd cmd/hvpn-node && go build .

Run

With root (no recommended!)

sudo ./hvpn-node

Without root; using libcap

set_cap.sh && ./hvpn-node

The program creates a keys for the wireguad interface if non are given. The device name is hvpn0.

Add a peer

curl -X POST \
    -d '{"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI="}' \
    localhost:8080/peer

Response body

{
  "mtu": 1380,
  "public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI=",
  "public_key_url_safe": "TxPfKra6%2FBQ2tkVXHM%2FPjeJgzX7j0I07acOn%2B2re%2FyI%3D",
  "endpoint": "",
  "allowed_ips": "10.42.0.1",
  "presistent_keepalive": 25000000000,
  "TX": 0,
  "RX": 0
}

CLI options

GLOBAL OPTIONS:
   --log-level value            (default: "INFO") [$LOG_LEVEL]
   --private-key value          Path to file with private key
   --cidr value, -n value       The network subnet used for the internal IP Pool (default: "10.42.0.0/16")
   --interface value, -i value  Name of the Wireguard interface to be created and managed (default: "hvpn0")
   --endpoint value             Wireguard endpoint domain or address without the port (default: "domain.name.notset")
   --port value, -p value       UDP Port for wireguard device (default: 6416)
   --host value                 IP address to listen on for HTTP API requests (default: "0.0.0.0")
   --http-port value            TCP Port for HTTP API (default: 8080)
   --help, -h                   show help

TLS:

   --cert value                      Server x509 certificate file
   --cert-private-key value          Server x509 certificate private key file
   --client-certs value, --ca value  Clients x509 file with single or many certificates
   --enable-tls, --tls               (default: false)