wg-manager

command module

v1.3.5 Latest Latest Go to latest Published: May 12, 2021 License: GPL-3.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mullvad/wg-manager

README ¶

wg-manager

Introduction

This tool is used on our server side infrastructure to manage Wireguard interfaces for our customers. This is not designed to be used by customers.

wg-manager runs as a service on our infrastructure to enable users to connect and use our Wireguard servers.

This services performs a number of tasks such as:

Keeping track and syncing the public key and peer data from our API
Removing and re-adding peers that were connected and subsequently disconnected, zeroing out information about when a peer was last connected.
Managing IPTable (firewall) rules for portforwarding
Gathering metrics about our Wireguard servers

This project is not affiliated with the WireGuard project. WireGuard is a registered trademark of Jason A. Donenfeld.

Building

Clone this repository, and run make to build. This will produce a wg-manager binary and put them in your GOBIN.

Testing

There are three ways to run tests:

To run tests which do not depend on wireguard or iptables, run make test.
To run integrations tests which requires wireguard and iptables, run make integration-test.
To run continuous testing in docker, run make docker-test. This requires wireguard to be setup on the host machine

Testing iptables using network namespaces

To test iptables without messing with your system configuration, you can use network namespaces. To set one up, enter it and allow localhost routing, run the following commands:

sudo ip netns add wg-test
sudo -E env "PATH=$PATH" nsenter --net=/var/run/netns/wg-test
ip link set up lo
./setup_testing_environment.sh

Then you can run the tests as described above.

Testing iptables using docker

Run make shell to get a docker shell which has an isolated network. It will drop you in the /repo folder which is mounted to the source. You can then run make integration-test or any other make or go commands.

Usage

All options can be either configured via command line flags, or via their respective environment variable, as denoted by [ENVIRONMENT_VARIABLE]. To get a list of all the options, run wg-manager -h.

When installed via the .deb package, a user named wireguard-manager will be created for the service to run as, as well as a systemd service named wireguard-manager.service. The name of the binary when installed via the .deb package is wireguard-manager. Configuration is done by creating a file at /etc/default/wireguard-manager and defining the environment variables there. All logs are sent to stdout/stderr, so in order to debug issues with the service, simply use journalctl or systemctl status.

Packaging

In order to deploy wg-manager, we build .deb packages. We use docker to make this process easier, so make sure you have that installed and running. To create a new package, first create a new tag in git, this will be used for the package version:

git tag -s -a v1.0.0 -m "1.0.0"

Then, run make package. This will output the new package in the build folder. Don't forget to push the tag to git afterwards.

make package creates files as root. So to cleanup using make clean you might have to run sudo make clean

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
subscriber
iputil
portforward
wireguard

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL