|
||
---|---|---|
cmd/hvpn-node | ||
init | ||
proto | ||
scripts | ||
templates | ||
.gitignore | ||
const.go | ||
go.mod | ||
go.sum | ||
handlers.go | ||
ip_pool_test.go | ||
ip_pool.go | ||
LICENSE | ||
link.go | ||
monitor.go | ||
node.go | ||
peer_meta.go | ||
README.md |
hvpn-node3
hvpn is a basic HTTP API service that manages wireguard VPN. Can be part of part of a larger system of services. The program itself does not route and manage the VPN traffic; but the underlying host and kernel wiregaurd driver. hvpn only exposes the state and allows changes to be applied.
Build
cd cmd/hvpn-node && go build .
Run
With root (no recommended!)
sudo ./hvpn-node
Without root; using libcap
set_cap.sh && ./hvpn-node
The program creates a keys for the wireguad interface if non are given.
The device name is hvpn0
.
Add a peer
curl -X POST \
-d '{"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI="}' \
localhost:8080/peer
Response body
{
"mtu": 1380,
"public_key": "TxPfKra6/BQ2tkVXHM/PjeJgzX7j0I07acOn+2re/yI=",
"public_key_url_safe": "TxPfKra6%2FBQ2tkVXHM%2FPjeJgzX7j0I07acOn%2B2re%2FyI%3D",
"endpoint": "",
"allowed_ips": "10.42.0.1",
"presistent_keepalive": 25000000000,
"TX": 0,
"RX": 0
}
CLI options
GLOBAL OPTIONS:
--log-level value (default: "INFO") [$LOG_LEVEL]
--private-key value Path to file with private key
--cidr value, -n value The network subnet used for the internal IP Pool (default: "10.42.0.0/16")
--interface value, -i value Name of the Wireguard interface to be created and managed (default: "hvpn0")
--endpoint value Wireguard endpoint domain or address without the port (default: "domain.name.notset")
--port value, -p value UDP Port for wireguard device (default: 6416)
--host value IP address to listen on for HTTP API requests (default: "0.0.0.0")
--http-port value TCP Port for HTTP API (default: 8080)
--help, -h show help
TLS:
--cert value Server x509 certificate file
--cert-private-key value Server x509 certificate private key file
--client-certs value, --ca value Clients x509 file with single or many certificates
--enable-tls, --tls (default: false)