You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Shiz
7ee35a990e
|
2 years ago | |
|---|---|---|
| misc | 2 years ago | |
| weegee | 2 years ago | |
| .gitignore | 2 years ago | |
| Dockerfile | 2 years ago | |
| README.md | 2 years ago | |
| pyproject.toml | 2 years ago | |
| setup.cfg | 2 years ago | |
| setup.py | 2 years ago | |
README.md
weegee
Fearless green WireGuard config manager.
Goals
- One central place to declaratively configure your WireGuard installs from;
- Automatic peer management, for local and remote hosts (if
autosyncis enabled); - Automatic interface management, for local and remote hosts (if
automanageis enabled); - Automatable manual management, for other hosts;
- Solid and flexible foundation, transparent data model, hookable;
Non-goals
- Automagic firewall configuration: this is better off planned by the user and automated through the use of hooks;
Quickstart
- Setup:
weegee system setup
- Either add a remote host:
weegee host create --type linux --host elisha.projectflower.eu --auto-sync --auto-manage my-host
Or configure the built-in local host:
weegee host configure --type linux --auto-manage local
- (optional) Configure forwarding hooks for your host, if your firewall is restrictive or you're using IPv6 on Linux. An example that allows every WireGuard client to access
10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16andfd10:573:1df::/48:
weegee host configure \
--add-post-hook interface_add 'iptables -A FORWARD -i %i -d 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
--add-post-hook interface_add 'iptables -A FORWARD -o %i -s 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
--add-pre-hook interface_del 'iptables -D FORWARD -i %i -d 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
--add-pre-hook interface_del 'iptables -D FORWARD -o %i -s 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
--add-post-hook interface_add 'ip6tables -A FORWARD -i %i -d fd10:573:1df::/48 -j ACCEPT' \
--add-post-hook interface_add 'ip6tables -A FORWARD -o %i -s fd10:573:1df::/48 -j ACCEPT' \
--add-pre-hook interface_del 'ip6tables -D FORWARD -i %i -d fd10:573:1df::/48 -j ACCEPT' \
--add-pre-hook interface_del 'ip6tables -D FORWARD -o %i -s fd10:573:1df::/48 -j ACCEPT' \
my-host
You can also add per-client entries using the route_ipv4_add and route_ipv6_add hooks.
- Create a server for your host, in this example reachable on
10.60.0.1/24andfd10:573:1df:5000::1/64, and announcing routes for10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16andfd10:573:1df::/48, namedeagleand publically connectable throughvpn.eagle.pm:7574:
weegee server create \
-H my-host \
-a 10.60.0.1/24 -a fd10:573:1df:5000::1/64 \
-r 10.57.0.0/16 -r 10.58.0.0/16 -r 10.59.0.0/16 -r 10.60.0.0/16 -r fd10:573:1df::/48 \
eagle \
vpn.eagle.pm 7574
- Create a client, in this example reachable on
10.60.99.1/24andfd10:573:1df:5063::1/64, nameddev-arcade:
weegee client create \
-a 10.60.99.1/24 -a fd10:573:1df:5063::1/64 \
eagle/dev-arcade
- Get client configuration:
weegee client print-config eagle/dev-arcade
Tips
- You can configure the data directory per-user, to not be in the current directory:
weegee configure -u -d /path/to/dataOr even globally:weegee configure -s -d /path/to/data - There's an OpenRC and a systemd service!
- weegee is runnable in Docker:
docker run --cap-add=NET_ADMIN --cap-add=NET_RAW --network host -v ~/weegee/data:/weegee-data --rm weegee weegee ...