sfttech / wirespider Goto Github PK

Wireguard Mesh VPN - automatic tunnel and authorization management 🕸

License: GNU General Public License v3.0

Rust 98.00% Shell 2.00%

mesh vpn wireguard

wirespider's Introduction

Wirespider

Wirespider consists of a server and a client. The server is responsible of pushing the wireguard configuration and routes to the clients and helping with NAT hole punching. The client listens for configuration changes, and modifies the wireguard configuration and routes accordingly.

Features

Distribute Wireguard tunnel configuration
Distribute routes to all clients
Create VXLAN overlay network for layer 2 networking
RFC 5780 NAT detection
NAT hole punching or relay over other nodes when not possible
detect other nodes in the same network

Installation

An APT repository for wirespider is avaiable, to add it run the following commands:

wget -O- https://sfttech.github.io/wirespider/public.key | gpg --dearmor | sudo dd of=/usr/share/keyrings/wirespider-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/wirespider-archive-keyring.gpg] https://sfttech.github.io/wirespider/repo/ stable main" | sudo tee /etc/apt/sources.list.d/wirespider.list

There is an official wirespider AUR package as well (wirespider), and an ebuild for gentoo in the sft overlay.

Otherwise the deb and rpm can be downloaded from the releases page.

Manual installation

cargo build --release
sudo cp target/release/wirespider /usr/bin
sudo mkdir -p /etc/wirespider/keys
sudo cp systemd/system/[email protected] /etc/systemd/system
# rename file to any other device name here
sudo cp systemd/wirespider/wg0 /etc/wirespider/wg0-example
# create a wirespider system user for the server
sudo adduser --system --group --home /var/lib/wirespider wirespider

How to run the wirespider server

This must be run as root or just prefix all commands (even those starting with sudo) with sudo

# create runtime directory
mkdir -p /var/lib/wirespider/
chown -R wirespider:wirespider /var/lib/wirespider/
sudo -u wirespider wirespider database migrate -d sqlite:/var/lib/wirespider/config.sqlite
# create a ip network for the clients
sudo -u wirespider wirespider database create-network -d sqlite:/var/lib/wirespider/config.sqlite 10.1.2.0/24
# add admin with ip in this new network
# the command will return a token you can use with wirespider start-client and wirespider send-command
sudo -u wirespider wirespider database create-admin -d sqlite:/var/lib/wirespider/config.sqlite admin 10.1.2.1/24


# enable auto start and start the server
systemctl enable --now wirespider-server.service

The admin can now use the wirespider send-command commands to create other peers and routes

Running wirespider client

To run the client:

sudo cp /etc/wirespider/wg0-example /etc/wirespider/wg0
# edit the file to fit your setup (use correct device name)
sudo nano /etc/wirespider/wg0
# enable auto start and start the tunnel
# use the same device name
sudo systemctl enable --now [email protected]

Contact

If you have questions, suggestions, encounter any problem, please join our Matrix channel and ask!

#sfttech:matrix.org

Of course, create issues and pull requests.

wirespider's People

Contributors

Stargazers

Watchers

Forkers

ojafuenf westcope apersonintech githangar

wirespider's Issues

Installation fails still

Installation doc says to execute:

$ wirespider database migrate -d sqlite:/var/lib/wirespider/config.sqlite

But executing that returns...

thread 'main' panicked at 'called Result::unwrap() on an Err value: NotPresent', src/server/commands.rs:81:66
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

Installation Instructions - I must be misunderstanding your instructions

Maybe I am just misunderstanding your instructions since you say it works for you.

I downloaded the v5.1 .DEB file (amd64) from your Github.

Used GDEBI to install the .DEB file

$ gdebi *.deb

(it seems to install fine)

Then I continue with your instructions

$ sudo cp /etc/wirespider/wg0-example /etc/wirespider/wg0
# edit the file to fit your setup (use correct device name)
# sudo nano /etc/wirespider/wg0
# enable auto start and start the tunnel
# use the same device name
$ sudo systemctl enable --now [email protected]

then... again the 1st command in the "How to run the server" section...

Question: does your .DEB install sqlite? Or is it a Prerequisite that it needs to be install prior to all this? Your README doesn't say if sqlite needs to be preinstalled or not. I found I had to install sqlite myself but then still get the following failure:

$ sudo wirespider database migrate -d sqlite:/var/lib/wirespider/config.sqlite
Error: error returned from database: (code: 14) unable to open database file

When you try this are you doing it in a fresh VM or server? re no artifacts installed previously?

Lets assume someone just wants to install wirespider using the .DEB file !

Could you just show a Bash script with ONLY the necessary commands to install the Client & the Server?

Maybe split the instructions into 2 sections:

**installing from Source/Manually
installing from the .DEB file**

Instead of intermixing the instructions in your Github README.md file. Right now... it first mentions using wget to get the latest but it doesn't mention whether the commands also install the latest.

Next, the instructions talk about "Manual Installation"... just being a (tech doc critic here - I suffer too trying to be clear)... but
is that actually to be done after the section above about using wget ? Can't leave that to the new user/reader.

Then the Sections about "Running Wirespider" and "How to Run the Server".

Running WireSpider...
How would an end-user know what the "same device" means...? save device as what?

use the same device name

$ sudo systemctl enable --now [email protected]

Brian

Server and Client installation question on full mesh

I wanted to ask if the Server and Client software could be installed on multiple compute "nodes"

In my use-case test example:
I use Ubuntu 22.04 machines on multiple Clouds (Digital Ocean here in US and in a Hetzner DC in Germany)
I use LXD "system" Containers each also running Ubuntu 22.04 but could be many diff distro's.

By default, the LXD Containers on any one "Host" server are behind a 10.x.x.x. dnsmasq Bridge (default name "lxdbr0")

My use-case is to interconnect all the local/remote "Host" LXD containers via a mesh vpn environment.

My question is -

Can Both the Server & Client be installed on each Cloud Host server?
Should they be?
Is that how wirespider "Server" Redundancy might be provided?

Basically, can there be more than 1 "Server" deployed?

Error running 1st command in section "How to run the Server"

When I run the following command per the README.md

/etc/wirespider$ sudo wirespider database migrate -d sqlite:/var/lib/wirespider/config.sqlite
error: Found argument '-d' which wasn't expected, or isn't valid in this context

If you tried to supply -d as a value rather than a flag, use -- -d

USAGE:
wirespider database migrate

Is there an error in the documentation regarding the "-d" cmd option?