Documentation ¶
Index ¶
Constants ¶
const FirstHandshakeTimeout = 10 * time.Second
A new peer must connect with a handshake within this time.
const FwmarkBase = 0x54437D00
FwmarkBase is the base value for firewall marks used by vprox.
const PeerIdleTimeout = 5 * time.Minute
If no handshakes are received in this time, the peer is considered idle and removed from the server's WireGuard interface list.
Note that this must be at least 2-3 minutes, since WireGuard sends handshakes interleaved with a data message only when 2-3 minutes have passed since the last successful handshake. This is regardless of the persistent-keepalive setting.
const RunDir string = "/run/vprox"
RunDir is the path for runtime data that should be kept across restarts.
const WireguardListenPort = 50227
UDP listen port for WireGuard connections.
Variables ¶
This section is empty.
Functions ¶
func GetServerKey ¶
func GetVproxPassword ¶
Types ¶
type Client ¶
type Client struct { // Key is the private key of the client. Key wgtypes.Key // Ifname is the name of the client WireGuard interface. Ifname string // ServerIp is the public IPv4 address of the server. ServerIp netip.Addr // Password is authenticates the client connection. Password string // WgClient is a shared client for interacting with the WireGuard kernel module. WgClient *wgctrl.Client // Http is used to make connect requests to the server. Http *http.Client }
Client manages a peering connection with with a local WireGuard interface.
func (*Client) CreateInterface ¶
func (*Client) DeleteInterface ¶
func (c *Client) DeleteInterface()
type IpAllocator ¶
type IpAllocator struct {
// contains filtered or unexported fields
}
IpAllocator is a simple IP address allocator that produces IP addresses within a prefix, in increasing order of available IPs.
All operations on an IpAllocator are thread-safe.
func NewIpAllocator ¶
func NewIpAllocator(prefix netip.Prefix) *IpAllocator
NewIpAllocator creates a new IpAllocator for the given prefix.
The prefix is masked out to normalize its address at the beginning of the IP range. It must be valid.
func (*IpAllocator) Allocate ¶
func (ipa *IpAllocator) Allocate() netip.Addr
Allocate returns the next available IP address in the prefix.
This never uses the initial address (the "zero address") of the prefix. For example, for the prefix `192.168.0.0/24`, the first IP address allocated will be `192.168.0.1`.
If there are no more available IP addresses, this returns the zero address.
type Server ¶
type Server struct { // Key is the private key of the server. Key wgtypes.Key // BindAddr is the private IPv4 address that the server binds to. BindAddr netip.Addr // Password is needed to authenticate connection requests. Password string // Index is a unique server index for firewall marks and other uses. It starts at 0. Index uint16 // Ipt is the iptables client for managing firewall rules. Ipt *iptables.IPTables // WgClient is a shared client for interacting with the WireGuard kernel module. WgClient *wgctrl.Client // WgCidr is the CIDR block of IPs that the server assigns to WireGuard peers. WgCidr netip.Prefix // Ctx is the shutdown context for the server. Ctx context.Context // contains filtered or unexported fields }
Server handles state for one WireGuard network.
The `vprox server` command should create one Server instance for each private IP that the server should bind to.
func (*Server) CleanupIptables ¶
func (srv *Server) CleanupIptables()
func (*Server) CleanupWireguard ¶
func (srv *Server) CleanupWireguard()