README
¶
wgnet
wgnet provides a thin frontend for user-space VPN connections using the Go WireGuard implementation running on the gVisor user-space network stack.
It allows Go applications to dial and listen on a WireGuard network entirely in user-space, without requiring root privileges or special kernel modules.
Installation
go get github.com/chrj/wgnet
Quick Start
Client: Dialing over WireGuard
package main
import (
"io"
"log"
"net/netip"
"os"
"github.com/chrj/wgnet"
)
func main() {
// 1. Configure the device
cfg := wgnet.NewDefaultConfiguration()
cfg.MyIPv4 = netip.MustParseAddr("10.42.0.2")
cfg.PrivateKey = "your-private-key"
cfg.ServerPublicKey = "server-public-key"
cfg.ServerEndpoint = "1.2.3.4:51820"
// 2. Create the device
dev, err := wgnet.NewDevice(cfg)
if err != nil {
log.Fatal(err)
}
defer dev.Close()
// 3. Use the device to dial a connection over the VPN
conn, err := dev.Dial("tcp", "10.42.0.1:80")
if err != nil {
log.Fatal(err)
}
defer conn.Close()
// Use conn like a regular net.Conn
io.WriteString(conn, "GET / HTTP/1.1\r\nHost: 10.42.0.1\r\n\r\n")
io.Copy(os.Stdout, conn)
}
Server: Listening over WireGuard
package main
import (
"fmt"
"log"
"net/http"
"net/netip"
"github.com/chrj/wgnet"
)
func main() {
cfg := wgnet.NewDefaultConfiguration()
cfg.MyIPv4 = netip.MustParseAddr("10.42.0.2")
cfg.PrivateKey = "your-private-key"
cfg.ServerPublicKey = "server-public-key"
cfg.ServerEndpoint = "1.2.3.4:51820"
dev, err := wgnet.NewDevice(cfg)
if err != nil {
log.Fatal(err)
}
defer dev.Close()
// Listen on the VPN interface
ln, err := dev.ListenTCP(&net.TCPAddr{
IP: net.ParseIP("10.42.0.2"),
Port: 8080,
})
if err != nil {
log.Fatal(err)
}
http.Serve(ln, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, "Hello from WireGuard!")
}))
}
WireGuard Server: Allow other WireGuard clients to connect to you
package main
import (
"fmt"
"log"
"net/http"
"net/netip"
"github.com/chrj/wgnet"
)
func main() {
cfg := wgnet.NewDefaultConfiguration()
cfg.MyIPv4 = netip.MustParseAddr("10.42.0.2")
cfg.PrivateKey = "your-private-key"
dev, err := wgnet.NewDevice(cfg)
if err != nil {
log.Fatal(err)
}
defer dev.Close()
dev.AddPeer("public-key-of-peer1", netip.MustParseAddr("10.42.0.3"))
dev.AddPeer("public-key-of-peer2", netip.MustParseAddr("10.42.0.4"))
for {} // wait forever
}
License
MIT - See LICENSE for details.
Documentation
¶
Overview ¶
Package wgnet provides a thin frontend for user-space VPN connections using the Go wireguard implementation running on the gVisor user-space network stack
Index ¶
- type Configuration
- type Device
- func (d *Device) AddPeer(publicKey string, clientIP netip.Addr) error
- func (d *Device) Close() error
- func (d *Device) Dial(network, address string) (net.Conn, error)
- func (d *Device) DialContext(ctx context.Context, network, address string) (net.Conn, error)
- func (d *Device) DialTCP(addr *net.TCPAddr) (net.Conn, error)
- func (d *Device) ListenTCP(addr *net.TCPAddr) (net.Listener, error)
- type Key
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Configuration struct {
MyIPv4 netip.Addr
PrivateKey string
DNS []netip.Addr
MTU int
ServerPublicKey string
ServerEndpoint string
PersistentKeepaliveInterval int
}
func NewDefaultConfiguration ¶
func NewDefaultConfiguration() *Configuration
type Device ¶
type Device struct {
// contains filtered or unexported fields
}
func NewDevice ¶
func NewDevice(c *Configuration) (*Device, error)
func (*Device) DialContext ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.