ambrose
/
wireguard-negotiator
mirror of https://github.com/serverwentdown/wireguard-negotiator.git
1
0
Fork 0
Code Releases Activity
4 Commits
1 Branch
0 Tags
68 KiB
Go 100%
 
Go to file
Ambrose Chua d4730edf42 Add terrible config writer 2019-12-19 15:55:17 +00:00
cmd Add terrible config writer 2019-12-19 15:55:17 +00:00
lib Initial project scaffold 2019-12-19 11:48:52 +00:00
.gitignore Initial project scaffold 2019-12-19 11:48:52 +00:00
LICENSE Initial commit 2019-12-19 18:03:15 +08:00
README.md Update README and initial routes 2019-12-19 20:52:27 +08:00
go.mod Add terrible config writer 2019-12-19 15:55:17 +00:00
go.sum Add terrible config writer 2019-12-19 15:55:17 +00:00
main.go Initial project scaffold 2019-12-19 11:48:52 +00:00

README.md

wireguard-negotiator

A not-very-secure manual WireGuard negotiator

Purpose

wireguard-negotiator is built for scenarios where a simple mechanism to exchange and manually accept WireGuard keys is needed. This makes it slightly easier to provision a group of Linux WireGuard peers that peer with a "server".

In summary:

  • Manage "client" keys
  • Exchange keys over HTTP(S)
  • Exchange IP addressing (DHCP-like)
  • Manually gate new peers
  • Sets up network interface on the "client"
  • Generate Ansible INI inventory

The primary scenario this tool is going to be used for is to manage machines using Ansible within an unknown LAN behind NAT. I am planning to use it for FOSSASIA Summit 2020.

Limitations

  • Linux-only
  • Manages existing config files only
  • Removing peers is a manual process

Usage

TODO