-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add examples
- Loading branch information
Showing
6 changed files
with
278 additions
and
1 deletion.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,27 @@ | ||
# defguard-wireguard | ||
<p align="center"> | ||
<img src="docs/header.png" alt="defguard"> | ||
</p> | ||
|
||
**wireguard-rs** is a library providing Rust interface for working with wireguard which can | ||
be used to create your own [Wireguard:tm:](https://www.wireguard.com/) VPN servers or clients for secure and private networking with native FreeBSD and wireguard-go support. | ||
|
||
To learn more about the system see our [documentation](https://defguard.gitbook.io). | ||
|
||
## Quick start | ||
|
||
If you already have your defguard instance running you can set up a gateway by following our [deployment guide](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/gateway). | ||
|
||
## Documentation | ||
|
||
See the [documentation](https://defguard.gitbook.io) for more information. | ||
|
||
## Community and Support | ||
|
||
Find us on Matrix: [#defguard:teonite.com](https://matrix.to/#/#defguard:teonite.com) | ||
|
||
## Contribution | ||
|
||
Please review the [Contributing guide](https://defguard.gitbook.io/defguard/for-developers/contributing) for information on how to get started contributing to the project. You might also find our [environment setup guide](https://defguard.gitbook.io/defguard/for-developers/dev-env-setup) handy. | ||
|
||
# Legal | ||
WireGuard is [registered trademarks](https://www.wireguard.com/trademark-policy/) of Jason A. Donenfeld. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
use std::{net::SocketAddr, str::FromStr}; | ||
|
||
#[cfg(target_os = "linux")] | ||
use wireguard_rs::netlink::{address_interface, create_interface, delete_interface}; | ||
use wireguard_rs::{wgapi::WGApi, Host, IpAddrMask, Key, Peer}; | ||
use x25519_dalek::{EphemeralSecret, PublicKey, StaticSecret}; | ||
|
||
fn main() -> Result<(), Box<dyn std::error::Error>> { | ||
#[cfg(target_os = "linux")] | ||
{ | ||
log::info!("create interface"); | ||
create_interface("wg0")?; | ||
log::info!("address interface"); | ||
// Set interface address | ||
let addr = IpAddrMask::from_str("10.6.0.30").unwrap(); | ||
address_interface("wg0", &addr)?; | ||
} | ||
// Create new api object for interface | ||
let api = if cfg!(target_os = "linux") || cfg!(target_os = "freebsd") { | ||
WGApi::new("wg0".into(), false) | ||
} else { | ||
WGApi::new("utun3".into(), true) | ||
}; | ||
// host | ||
let secret = StaticSecret::random(); | ||
let host = Host::new(12345, secret.to_bytes().as_ref().try_into().unwrap()); | ||
|
||
// Peer configuration | ||
let secret = EphemeralSecret::random(); | ||
let key = PublicKey::from(&secret); | ||
// Peer secret key | ||
let peer_key: Key = key.as_ref().try_into().unwrap(); | ||
let mut peer = Peer::new(peer_key.clone()); | ||
|
||
log::info!("endpoint"); | ||
// Your wireguard server endpoint which peer connects too | ||
let endpoint: SocketAddr = "<server_ip>:<server_port>".parse().unwrap(); | ||
// Peer endpoint and interval | ||
peer.endpoint = Some(endpoint); | ||
peer.persistent_keepalive_interval = Some(25); | ||
|
||
// Peer allowed ips | ||
let allowed_ips = vec!["10.6.0.0/24", "192.168.2.0/24"]; | ||
for allowed_ip in allowed_ips { | ||
let addr = IpAddrMask::from_str(allowed_ip)?; | ||
peer.allowed_ips.push(addr); | ||
// Add a route for the allowed IP using the `ip -4 route add` command | ||
let output = std::process::Command::new("ip") | ||
.args(&["-4", "route", "add", allowed_ip, "dev", "wg0"]) | ||
.output()?; | ||
|
||
if output.status.success() { | ||
log::info!("Added route for {}", allowed_ip); | ||
} else { | ||
log::error!("Failed to add route for {}: {:?}", allowed_ip, output); | ||
} | ||
} | ||
api.write_host(&host)?; | ||
api.write_peer(&peer)?; | ||
|
||
// Remove interface | ||
delete_interface("wg0")?; | ||
|
||
Ok(()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
use std::str::FromStr; | ||
|
||
use log; | ||
#[cfg(target_os = "linux")] | ||
use wireguard_rs::netlink::{address_interface, create_interface}; | ||
use wireguard_rs::{wgapi::WGApi, Host, IpAddrMask, Key, Peer}; | ||
use x25519_dalek::{EphemeralSecret, PublicKey, StaticSecret}; | ||
|
||
fn main() -> Result<(), Box<dyn std::error::Error>> { | ||
#[cfg(target_os = "linux")] | ||
{ | ||
log::debug!("create interface"); | ||
create_interface("wg0")?; | ||
log::debug!("address interface"); | ||
let addr = IpAddrMask::from_str("10.20.30.40/24").unwrap(); | ||
address_interface("wg0", &addr)?; | ||
} | ||
let api = if cfg!(target_os = "linux") || cfg!(target_os = "freebsd") { | ||
WGApi::new("wg0".into(), false) | ||
} else { | ||
WGApi::new("utun3".into(), true) | ||
}; | ||
let host = api.read_host()?; | ||
log::debug!("{host:#?}"); | ||
|
||
// host | ||
let secret = StaticSecret::random(); | ||
let mut host = Host::new(12345, secret.to_bytes().as_ref().try_into().unwrap()); | ||
|
||
let secret = EphemeralSecret::random(); | ||
let key = PublicKey::from(&secret); | ||
let peer_key: Key = key.as_ref().try_into().unwrap(); | ||
let mut peer = Peer::new(peer_key.clone()); | ||
let addr = IpAddrMask::from_str("10.20.30.40/24").unwrap(); | ||
peer.allowed_ips.push(addr); | ||
// Insert peers to host | ||
host.peers.insert(peer_key, peer); | ||
|
||
// Create host interfaces | ||
api.write_host(&host)?; | ||
|
||
// Create peers | ||
for _ in 0..32 { | ||
let secret = EphemeralSecret::random(); | ||
let key = PublicKey::from(&secret); | ||
let peer = Peer::new(key.as_ref().try_into().unwrap()); | ||
api.write_peer(&peer)?; | ||
api.delete_peer(&peer)?; | ||
} | ||
|
||
Ok(()) | ||
} |