Not longer updated
Use wg-mesh instead.
Sets up multiple point to point wireguard connections
Make sure the Hostnames are present in /etc/hosts
Wireguard needs to be already installed on all servers
Its recommended to run this on clean servers.
By default 10.0.x.x/16 is used. Can be changed to 172.16.0.0/12 or 192.168.0.0/16.
10.0.id.1 Node /30
10.0.id.4-255 peers /31
10.0.250.1-255 clients /32
10.0.251.1-255 vxlan /32
10.0.252.1-255 source based routing
This script configures only the wireguard connections, to make everything reachable (mesh) there is an addon:
https://github.com/Ne00n/bird-spawner-3000
Which uses bird2 that dynamically creates routes and reroutes traffic if a node goes down.
ToDo
- nothing
Dependencies
wireguard, python3
Debian 10
sh -c "echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"
apt-get update && apt-get install wireguard python3 -y
Prepare
Rename hosts.example.json to hosts.json and fill it up
You can use * or geo if you want to cross-connect to everything else
Geo uses a latency cap for setting up links, its a bit slower than *
Examples
point-to-point
"Server1":{"id":1,"basePort":51194,"type":"native","Targets":["Server3","Server2"]},
"Server2":{"id":2,"basePort":51194,"type":"native","Targets":["Server3"]}
cross-connect (mesh)
"Server1":{"id":1,"basePort":51194,"type":"native","Targets":["*"]},
"Server2":{"id":2,"basePort":"random","type":"native","Targets":["geo"]},
"Server3":{"id":3,"basePort":51194,"type":"native","Targets":["*"]}
cross-connect + point-to-point
"Server1":{"id":1,"basePort":51194,"type":"native","Targets":["*"]},
"Server2":{"id":2,"basePort":51194,"type":"native","Targets":["*","Server5"]},
"Server3":{"id":3,"basePort":"random","type":"native","Targets":["*","Server4"]}
Names should not contain: dummy
/etc/hosts
bla.bla.bla.bla Server1
bla:bla:piss::bla Server1v6
bla.bla.bla.bla Server2
bla:bla:beef::bla Server2v6
bla.bla.bla.bla Server3
bla:bla:bacon::bla Server3v6
Note: No need for dualstack, IPv4 or IPv6 only is supported
Usage
Builds or Updates the network
python3 pipe.py build
- Threading can be enabled, to make stuff run faster, however harder to debug
- Reconfigure can be used to update a server IP or just randomize the wg ports of that server, without impacting the entire network
Don't use that function to enable IPv6 afterwards - You can ignore and remove old servers while doing a build, remove them from the .json before you use it
Shutdown of all Wireguard prefix* connections
python3 pipe.py shutdown
Removes all Wireguard prefix* configuration files
python3 pipe.py clean
- Same as above, you can ignore servers, which are offline, to make things faster