Go to file
HeshamTB 7d1a0cdbdc
feat: grace period for new peers as a new evection policy
Signed-off-by: HeshamTB <hishaminv@gmail.com>
2024-03-28 01:22:29 +03:00
cmd/hvpn-node WIP: create new peers server-side 2024-03-27 09:28:13 +03:00
init init: 2024-03-11 17:34:06 +03:00
proto mon cycle and uptime 2024-03-24 18:13:26 +03:00
templates feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
.gitignore LICENSE, README.md, and .gitignore 2024-03-15 00:46:18 +03:00
const.go WIP: create new peers server-side 2024-03-27 09:28:13 +03:00
go.mod feat: Add, Check, Get, and Delete peers 2024-03-14 01:46:05 +03:00
go.sum feat: Add, Check, Get, and Delete peers 2024-03-14 01:46:05 +03:00
handlers.go feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
ip_pool_test.go init: 2024-03-11 17:34:06 +03:00
ip_pool.go fix: Assign IP to wg device 2024-03-19 02:55:31 +03:00
LICENSE LICENSE, README.md, and .gitignore 2024-03-15 00:46:18 +03:00
link.go feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
monitor.go feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
node.go setup: allow running when uuid can not be read or saved 2024-03-18 20:30:40 +03:00
peer_meta.go feat: grace period for new peers as a new evection policy 2024-03-28 01:22:29 +03:00
README.md feat: monitor peers in logs, README, Status 2024-03-19 02:56:52 +03:00

hvpn-node3

hvpn is a basic HTTP API service that manages wireguard VPN. Can be part of part of a larger system of services. The program itself does not route and manage the VPN traffic; but the underlying host and kernel wiregaurd driver. hvpn only exposes the state and allows changes to be applied.

Build

cd cmd/hvpn-node && go build .

Run

With root (no recommended!)

sudo ./hvpn-node

Without root; using libcap

set_cap.sh && ./hvpn-node

The program creates a keys for the wireguad interface if non are given. The device name is hvpn0.

Add a peer

curl -X POST \
    -d '{"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI="}' \
    localhost:8080/peer

Response body

{
  "mtu": 1380,
  "public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI=",
  "public_key_url_safe": "TxPfKra6%2FBQ2tkVXHM%2FPjeJgzX7j0I07acOn%2B2re%2FyI%3D",
  "endpoint": "",
  "allowed_ips": "10.42.0.1",
  "presistent_keepalive": 25000000000,
  "TX": 0,
  "RX": 0
}

CLI options

GLOBAL OPTIONS:
   --log-level value            (default: "INFO") [$LOG_LEVEL]
   --private-key value          Path to file with private key
   --cidr value, -n value       The network subnet used for the internal IP Pool (default: "10.42.0.0/16")
   --interface value, -i value  Name of the Wireguard interface to be created and managed (default: "hvpn0")
   --endpoint value             Wireguard endpoint domain or address without the port (default: "domain.name.notset")
   --port value, -p value       UDP Port for wireguard device (default: 6416)
   --host value                 IP address to listen on for HTTP API requests (default: "0.0.0.0")
   --http-port value            TCP Port for HTTP API (default: 8080)
   --help, -h                   show help

TLS:

   --cert value                      Server x509 certificate file
   --cert-private-key value          Server x509 certificate private key file
   --client-certs value, --ca value  Clients x509 file with single or many certificates
   --enable-tls, --tls               (default: false)