Hesham/hvpn-node3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
489ecd65fb
hvpn-node3/README.md
HeshamTB ed0fcb59eb feat: monitor peers in logs, README, Status 
Signed-off-by: HeshamTB <hishaminv@gmail.com>
2024-03-19 02:56:52 +03:00

64 lines
2.1 KiB
Markdown
Raw Blame History

# hvpn-node3
hvpn is a basic HTTP API service that manages wireguard VPN. Can be part of part of
a larger system of services. The program itself does not route and manage the
VPN traffic; but the underlying host and kernel wiregaurd driver. hvpn only
exposes the state and allows changes to be applied.
## Build
```bash
cd cmd/hvpn-node && go build .
```
## Run
With root (no recommended!)
```bash
sudo ./hvpn-node
```
Without root; using libcap
```bash
set_cap.sh && ./hvpn-node
```
The program creates a keys for the wireguad interface if non are given.
The device name is `hvpn0`.
## Add a peer
```bash
curl -X POST \
-d '{"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI="}' \
localhost:8080/peer
```
Response body
```json
{
"mtu": 1380,
"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI=",
"public_key_url_safe": "TxPfKra6%2FBQ2tkVXHM%2FPjeJgzX7j0I07acOn%2B2re%2FyI%3D",
"endpoint": "",
"allowed_ips": "10.42.0.1",
"presistent_keepalive": 25000000000,
"TX": 0,
"RX": 0
}
```
## CLI options
```
GLOBAL OPTIONS:
--log-level value (default: "INFO") [$LOG_LEVEL]
--private-key value Path to file with private key
--cidr value, -n value The network subnet used for the internal IP Pool (default: "10.42.0.0/16")
--interface value, -i value Name of the Wireguard interface to be created and managed (default: "hvpn0")
--endpoint value Wireguard endpoint domain or address without the port (default: "domain.name.notset")
--port value, -p value UDP Port for wireguard device (default: 6416)
--host value IP address to listen on for HTTP API requests (default: "0.0.0.0")
--http-port value TCP Port for HTTP API (default: 8080)
--help, -h show help
TLS:
--cert value Server x509 certificate file
--cert-private-key value Server x509 certificate private key file
--client-certs value, --ca value Clients x509 file with single or many certificates
--enable-tls, --tls (default: false)
```
Reference in New Issue View Git Blame Copy Permalink