VintageNetWireguard
Experimental
An attempt to support Wireguard VPN peer connections on Nerves devices. See https://wireguard.com for more info
Configuration
Wireguard needs to configure an interface and peer connections for that
interface. Below is a list of the expected configuration parameters
which are referenced from wg(8)
and wg-quick(8):
Interface
| Key | wg name |
Required? | Description |
|---|---|---|---|
:private_key |
PrivateKey |
X | base64 private key for the interface registered with the server |
:addresses |
Address |
X | list of IP addresses for the connection to use (CIDR supported) |
:listen_port |
ListenPort |
port for the connection. Randomly assigned if empty or 0 |
|
:fwmark |
FwMark |
32-bit fwmark for outgoing packets | |
:dns |
DNS |
list of DNS IP's | |
:peers |
[PEER] |
list of peer configs (see below) |
Peer
| Key | wg name |
Required? | Description |
|---|---|---|---|
:public_key |
PublicKey |
X | base64 public key |
:endpoint |
Endpoint |
X | endpoint to the wireguard server which the peer attempts to connect |
:allowed_ips |
AllowedIps |
X | list of IP addresses for allowed incoming packets and outgoing packets directed to. Defaults to ["0.0.0.0/0", "::0"] |
:persistent_keepalive |
PersistentKeepalive |
optional integer seconds for sending an authenticated packet as a keepalive |
Using Wireguard Config Files
Wireguard commonly uses *.conf configuration files to simplify the setup
process and VintageNetWireguard provides a helper function to parse those
config files into the expected format:
iex)> config = VintageNetWireguard.ConfigFile.parse("/path/to/wg0.conf")
iex)> VintageNet.configure("wg0", config)Goals/Ideas
- Setup
wg*network interfaces - Notes/cookbook for setting up Wireguard server
- fly.io
- Another service?
- Parse wireguard peer configs
- Potentially support authentication via other routes (i.e. NervesKey)
- Mechanism for registering a new peer with remote server
- Prevent storing private keys on disc