wgsd
dsnet
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wgsd
-
Mesh VPN - WireGuard admin
if your looking at setting up coredns aswell then i would highly suggest checking out wgsd https://github.com/jwhited/wgsd
- DNS System for storing WireGuard IPs
-
CVE-2022-41924 – tailscaled can be used to remotely execute code
https://github.com/jwhited/wgsd does NAT traversal with Wireguard, but you need to operate a CoreDNS server to do it.
More info on how it works: https://www.jordanwhited.com/posts/wireguard-endpoint-discov...
-
For CGNAT peers - is there an alternative which is open source and as simple to use as Tailscale?
Another one which looks promising is wgsd, a dns like plugin to discover peer's endpoints that sit behind a NAT. For me this is part of the solution, however not a complete one, as my client devices are also on Android and Android TV.
-
Wireguard with holepunching and DNS
that guide is literally someone promoting their CoreDNS plugin, so I'm confused as to what you mean: https://github.com/jwhited/wgsd
- Wiretrustee: WireGuard-Based Mesh Network
-
traceroute between two clients, server is always in the middle
If they are behind a NAT that you can't do port-forwarding on then you may need to run some additional software like https://github.com/jwhited/wgsd so 10.10.0.2 and 10.10.0.3 know where to look for each other by asking 10.10.0.1
-
Yet Another Mesh Overlay Tool
Our current implementation just has the nodes configured with PersistentKeepAlive by default, which works well enough for our small setup. In future iterations our plan is to incorporate another service. Our inclination is to use WGSD: https://github.com/jwhited/wgsd
dsnet
-
Recommended VPN?
Yes, that is true. But there are projects that can simplify WG's deployment without compromising security like dsnet.
-
Android Client: multiple private keys?
I have a config provided by a VPN provider, which generates the private key as well as the public (I think there's no way to provide a public key for them to use). I'm also using dsnet to generate peer configurations, and that also generates a new priv/pub key pair. The end result is that I have two different private keys, one for each endpoint. This (having multiple pub/priv pairs) is neither bad security[1], nor uncommon, and while it's trivial to have multiple Wireguard configurations running at the same time on Linux I haven't found a way to do this through the mobile app. This is because the app allows only one active Wireguard configuration at a time, and there's no facility for supplying two private keys within one Wireguard config file.
- DSNet for WireGuard VPN: Like wg-quick but even quicker
-
Wiretrustee: WireGuard-Based Mesh Network
I made this: https://github.com/naggie/dsnet/ -- a simple command to manage a centralised wireguard VPN. Think wg-quick but quicker: key generation + address allocation
What are some alternatives?
Netmaker - Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
headscale - An open source, self-hosted implementation of the Tailscale control server
wgctrl-go - Package wgctrl enables control of WireGuard interfaces on multiple platforms.
innernet - A private network system that uses WireGuard under the hood.
cjdns - An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing.
netbird - Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
kilo - Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)
ansible-role-wireguard - Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.
wireproxy - Wireguard client that exposes itself as a socks5 proxy