Documentation
¶
Index ¶
Constants ¶
const FirstHandshakeTimeout = 10 * time.Second
A new peer must connect with a handshake within this time.
const FwmarkBase = 0x54437D00
FwmarkBase is the base value for firewall marks used by vprox.
const PeerIdleTimeout = 5 * time.Minute
If no handshakes are received in this time, the peer is considered idle and removed from the server's WireGuard interface list.
Note that this must be at least 2-3 minutes, since WireGuard sends handshakes interleaved with a data message only when 2-3 minutes have passed since the last successful handshake. This is regardless of the persistent-keepalive setting.
const RunDir string = "/run/vprox"
RunDir is the path for runtime data that should be kept across restarts.
const WireguardListenPort = 50227
UDP listen port for WireGuard connections.
Variables ¶
This section is empty.
Functions ¶
func GetServerKey ¶
func GetVproxPassword ¶
Types ¶
type Client ¶
type Client struct {
// Key is the private key of the client.
Key wgtypes.Key
// Ifname is the name of the client WireGuard interface.
Ifname string
// ServerIp is the public IPv4 address of the server.
ServerIp netip.Addr
// Password is authenticates the client connection.
Password string
// WgClient is a shared client for interacting with the WireGuard kernel module.
WgClient *wgctrl.Client
// Http is used to make connect requests to the server.
Http *http.Client
}
Client manages a peering connection with with a local WireGuard interface.
func (*Client) CreateInterface ¶
func (*Client) DeleteInterface ¶
func (c *Client) DeleteInterface()
type IpAllocator ¶
type IpAllocator struct {
// contains filtered or unexported fields
}
IpAllocator is a simple IP address allocator that produces IP addresses within a prefix, in increasing order of available IPs.
All operations on an IpAllocator are thread-safe.
func NewIpAllocator ¶
func NewIpAllocator(prefix netip.Prefix) *IpAllocator
NewIpAllocator creates a new IpAllocator for the given prefix.
The prefix is masked out to normalize its address at the beginning of the IP range. It must be valid.
func (*IpAllocator) Allocate ¶
func (ipa *IpAllocator) Allocate() netip.Addr
Allocate returns the next available IP address in the prefix.
This never uses the initial address (the "zero address") of the prefix. For example, for the prefix `192.168.0.0/24`, the first IP address allocated will be `192.168.0.1`.
If there are no more available IP addresses, this returns the zero address.
type Server ¶
type Server struct {
// Key is the private key of the server.
Key wgtypes.Key
// BindAddr is the private IPv4 address that the server binds to.
BindAddr netip.Addr
// Password is needed to authenticate connection requests.
Password string
// Index is a unique server index for firewall marks and other uses. It starts at 0.
Index uint16
// Ipt is the iptables client for managing firewall rules.
Ipt *iptables.IPTables
// WgClient is a shared client for interacting with the WireGuard kernel module.
WgClient *wgctrl.Client
// WgCidr is the CIDR block of IPs that the server assigns to WireGuard peers.
WgCidr netip.Prefix
// Ctx is the shutdown context for the server.
Ctx context.Context
// contains filtered or unexported fields
}
Server handles state for one WireGuard network.
The `vprox server` command should create one Server instance for each private IP that the server should bind to.
func (*Server) CleanupIptables ¶
func (srv *Server) CleanupIptables()
func (*Server) CleanupWireguard ¶
func (srv *Server) CleanupWireguard()
Source Files