25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Vincent Batts cabf16cc0a
*: raven is archived, long live sentry-go
2 달 전
api/v1 Clear private keys 1 년 전
vendor *: raven is archived, long live sentry-go 2 달 전
.gitignore Init create and delete workflow 1 년 전
LICENSE Add list support 1 년 전
Makefile static builds 9 달 전
Protobuild.toml vendor; update protobuild 9 달 전
README.md Fix typo in readme 1 년 전
go.mod *: raven is archived, long live sentry-go 2 달 전
go.sum *: raven is archived, long live sentry-go 2 달 전
guard-server.service Add guard service file 1 년 전
main.go *: raven is archived, long live sentry-go 2 달 전
proto.go vendor; update protobuild 9 달 전
server.go Clear private keys 1 년 전

README.md

guard

A GRPC server for managing wireguard tunnels.

Status: alpha

Requirements

Wireguard and it’s utilities, wg, wg-quick, and wg-quick@.service must be installed on the system hosting the guard server.

Run the server

When you run the wireguard server it will automatically create its own wireguard tunnel that the server binds to. This makes the server secure to manage across your network. Use the --address flag to manage this server.

> sudo guard server

INFO[0000] tunnel created                                tunnel=guard0
INFO[0000] created guard0 tunnel
{
 "id": "guard0",
 "listen_port": "10100",
 "address": "10.199.199.1/32",
 "public_key": "37uzie/EZzzDpRbVTUOtuVXwhht/599pdhseh9MJ7QE=",
 "endpoint": "127.0.0.1"
}
> sudo wg

interface: guard0
  public key: 37uzie/EZzzDpRbVTUOtuVXwhht/599pdhseh9MJ7QE=
  private key: (hidden)
  listening port: 10100

Create a new tunnel

To create a new tunnel specify the address and the endpoint for the tunnel. The last argument is used as the tunnel ID and interface name on the server.

> guard create --address 192.168.5.1/32 --endpoint 127.0.0.1:31000 wg0

{
 "id": "wg0",
 "listen_port": "31000",
 "address": "192.168.5.1/32",
 "public_key": "irDV3wkkNe6f1GLAPFNGjj0xsQsoxPCNko4Lf3igcjM=",
 "endpoint": "127.0.0.1"
}

Delete a tunnel

Delete a tunnel using the tunnel ID

> guard delete wg0

Create a new peer

To create a new peer and have all the keys generated for you use the peers new command. The peer configuration will be output to stdout that you can copy and paste into your client.

> guard peers --tunnel wg0 new --ip 192.168.5.2/32 --dns 192.168.5.1 --ips 192.168.5.0/24 --ips 192.168.0.1/24 mypeer

[Interface]
PrivateKey = kFJ6VSq+l6sBPaI2DUbEWSVI83Kcfz/yo7WfVheT+FI=
Address = 192.168.5.2/32
DNS = 192.168.5.1

# wg0
[Peer]
PublicKey = irDV3wkkNe6f1GLAPFNGjj0xsQsoxPCNko4Lf3igcjM=
AllowedIPs = 192.168.5.0/24, 192.168.0.1/24
Endpoint = 127.0.0.1:31000

List all tunnels

> guard list

[
 {
  "id": "wg0",
  "listen_port": "31000",
  "address": "192.168.5.1/32",
  "peers": [
   {
    "id": "mypeer",
    "public_key": "u/eGf6olYeFSH4XoPvOSZJb9swA/qWPAlfSxRBi6Uw8=",
    "allowed_ips": [
     "192.168.5.2/32"
    ],
   }
  ],
  "public_key": "irDV3wkkNe6f1GLAPFNGjj0xsQsoxPCNko4Lf3igcjM=",
  "endpoint": "127.0.0.1"
 }
]

Delete a peer by ID

You can remove and update peers using the peers commands.

> guard peers --tunnel wg0 delete mypeer

{
 "id": "wg0",
 "listen_port": "31000",
 "address": "192.168.5.1/32",
 "public_key": "irDV3wkkNe6f1GLAPFNGjj0xsQsoxPCNko4Lf3igcjM=",
 "endpoint": "127.0.0.1"
}