Documentation
¶
Index ¶
Constants ¶
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppConfig ¶
type AppConfig struct {
// Set the log level.
// Defaults to "info" (fatal, error, warn, info, debug, trace)
LogLevel string `yaml:"loglevel"`
// Set the superadmin username
// Defaults to "admin"
AdminUsername string `yaml:"adminUsername"`
// Set the superadmin password (required)
AdminPassword string `yaml:"adminPassword"`
// Port sets the port that the web UI will listen on.
// Defaults to 8000
Port int `yaml:"port"`
// ExternalHost is the address that clients
// use to connect to the WireGuard interface
// By default, this will be empty and the web ui
// will use the current page's origin.
ExternalHost string `yaml:"externalHost"`
// The storage backend where device configuration will
// be persisted.
// Supports memory:// postgresql:// mysql:// sqlite3://
// Defaults to memory://
Storage string `yaml:"storage"`
// DisableMetadata allows you to turn off collection of device
// metadata including last handshake time & rx/tx bytes
DisableMetadata bool `yaml:"disableMetadata"`
// EnableInactiveDeviceDeletion allows you to delete inactive devices
// automatically after a time duration defined by InactiveDeviceGracePeriod
EnableInactiveDeviceDeletion bool `yaml:"enableInactiveDeviceDeletion"`
// InactiveDeviceGracePeriod sets the duration after which inactive
// devices are automatically deleted
// Defaults to 1 year
InactiveDeviceGracePeriod time.Duration `yaml:"inactiveDeviceGracePeriod"`
// The name of the WireGuard configuration file that can
// be downloaded through the web UI after adding a device.
// Do not include the '.conf' extension
// Defaults to 'WireGuard' (resulting full name 'WireGuard.conf')
Filename string `yaml:"filename"`
// Configure WireGuard related settings
WireGuard struct {
// Set this to false to disable the embedded WireGuard
// server. This is useful for development environments
// on mac and windows where we don't currently support
// the OS's network stack.
Enabled bool `yaml:"enabled"`
// The network interface name of the WireGuard
// network device.
// Defaults to wg0
Interface string `yaml:"interface"`
// The WireGuard PrivateKey
// If this value is lost then any existing
// clients (WireGuard peers) will no longer
// be able to connect.
// Clients will either have to manually update
// their connection configuration or setup
// their VPN again using the web ui (easier for most people)
PrivateKey string `yaml:"privateKey"`
// The WireGuard ListenPort
// Defaults to 51820
Port int `yaml:"port"`
// The maximum transmission unit (MTU) used on the server-side.
// Empty by default.
MTU int `yaml:"mtu"`
} `yaml:"wireguard"`
// Configure VPN related settings (networking)
VPN struct {
// The "AllowedIPs" for VPN clients.
// This value will be included in client config
// files and in server-side iptable rules
// to enforce network access.
// defaults to ["0.0.0.0/0", "::/0"]
AllowedIPs []string `yaml:"allowedIPs"`
// CIDR configures a network address space
// that client (WireGuard peers) will be allocated
// an IP address from
// defaults to 10.44.0.0/24
CIDR string `yaml:"cidr"`
// CIDRv6 configures an IPv6 network address space
// that client (WireGuard peers) will be allocated
// an IP address from
// defaults to fd48:4c4:7aa9::/64
CIDRv6 string `yaml:"cidrv6"`
// GatewayInterface will be used in iptable forwarding
// rules that send VPN traffic from clients to this interface
// Most use-cases will want this interface to have access
// to the outside internet
GatewayInterface string `yaml:"gatewayInterface"`
// NAT44 configures whether IPv4 traffic leaving
// through the GatewayInterface should be masqueraded
// defaults to true
NAT44 bool `yaml:"nat44"`
// NAT66 configures whether IPv6 traffic leaving
// through the GatewayInterface should be
// masqueraded like IPv4 traffic
// defaults to true
NAT66 bool `yaml:"nat66"`
// ClientIsolation configures whether traffic between client devices will be blocked or allowed
// defaults to false
ClientIsolation bool `yaml:"clientIsolation"`
} `yaml:"vpn"`
// Configure the embedded DNS server
DNS struct {
// Enabled allows you to turn on/off
// the VPN DNS proxy feature.
// DNS Proxying is enabled by default.
Enabled bool `yaml:"enabled"`
// Upstream configures the addresses of upstream
// DNS servers to which client DNS requests will be sent to.
// NOTE: currently wg-access-server will always prefer the first upstream and fall back on failures.
// Defaults the host's upstream DNS servers (via resolvconf)
// or Cloudflare DNS if resolvconf cannot be used.
Upstream []string `yaml:"upstream"`
// Domain sets a domain that the embedded dns server should serve authoritatively for device addresses.
// A and AAAA queries for names in the format <device>.<user>.<domain> will be answered with the IP addresses
// of the according device. Queries for <domain> will be answered with the VPN server address.
// Example domain: 'vpn.home.arpa.'
// Disabled by default.
Domain string `yaml:"domain"`
} `yaml:"dns"`
// Configures settings in the configuration file distributed to clients, either by download, or QR-code.
ClientConfig struct {
// DNS servers to be provided with the client configuration file.
// These are written into the configuration file as is.
// If left empty the server decides about the address; usually the wg-access-server address.
// If not empty, these replace the wg-access-servers DNS addresses.
// Empty by default.
DNSServers []string `yaml:"dnsServers"`
// Search domain to be provided with the client configuration file.
// Empty by default.
DNSSearchDomain string `yaml:"dnsSearchDomain"`
// The maximum transmission unit (MTU) to be written into the client configuration file.
// If left empty "the MTU is automatically determined from the endpoint addresses or the system default route,
// which is usually a sane choice." (From wg-quick 8 manual page.)
// Empty by default.
MTU int `yaml:"mtu"`
} `yaml:"clientConfig"`
// Auth configures optional authentication backends
// to control access to the web ui.
// Devices will be managed on a per-user basis if any
// auth backends are configured.
// If no authentication backends are configured then
// the server will not require any authentication.
Auth authconfig.AuthConfig `yaml:"auth"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.