Layer2 version of wireguard with Floyd Warshall implement in go.




A Full Mesh Layer2 VPN based on wireguard-go

OSPF can find best route based on it's cost.
But sometimes the lentancy are different in the packet goes and back.
I'am thinking, is it possible to find the best route based on the single-way latency?
For example, I have two routes A and B at node N1, both of them can reach my node N2. A goes fast, but B backs fast.
My VPN can automatically send packet through route A at node N1, and the packet backsfrom route B.

Here is the solution. This VPN Etherguard can collect all the single-way lentancy from all nodes, and calculate the best route using Floyd–Warshall algorithm.


Usage of ./etherguard-go:
  -config string
        Config path.
        Print example config
        Show this help
  -mode string
        Running mode. [super|edge|solve]
        Do not use UAPI
        Show version


  1. Static Mode: Similar to origional wireguard. Introduction.
  2. Super Mode: Inspired byn2n. Introduction.
  3. P2P Mode: Inspired bytinc. Introduction.

Common Config Paramater

Edge Config

  1. interface
    1. itype: Interface type.
      1. dummy: Dymmy interface, drop any packet received. You need this if you want to setup it as a relay node.
      2. stdio: Wrtie to stdout,read from stdin.
        Paramaters: macaddrprefix,l2headermode
      3. udpsock: Write to an udp socket, and read from an net assress.
        Paramaters: macaddrprefix,recvaddr,sendaddr
      4. vpp: Integrate to VPP by libmemif.
        Paramaters: name,vppifaceid,vppbridgeid,macaddrprefix,mtu
      5. tap: Read/Write to tap device from linux.
        Paramaters: name,macaddrprefix,vppifaceid,mtu
    2. name : Device name
    3. vppifaceid: Interface ID。Muse be unique in same VPP runtime
    4. vppbridgeid: VPP Bridge ID. Fill 0 if you don't use it.
    5. macaddrprefix: Mac address Prefix.
      Real Mac address=[Prefix]:[NodeID].
      If you fill full mac address here, NodeID will be ignored.
    6. recvaddr: Listen address for udpsock mode
    7. sendaddr: Packet send address for udpsock mode
    8. l2headermode: For debug usage, stdio and udpsock mode only
      1. nochg: Do not change anything.
      2. kbdbg: Keyboard debug mode.
        Let me construct Layer 2 header by ascii character only.
        So that I can track the packet flow with loglevel option.
      3. noL2: Remove all Layer 2 header
  2. nodeid: NodeID. Must be unique in the whole Etherguard network.
  3. nodename: Node Name.
  4. privkey: Private key. Same spec as wireguard.
  5. listenport: UDP lesten port
  6. loglevel: Log Level
    1. loglevel: debug,error,slient for wirefuard logger.
    2. logtransit: Log packets that neither the source or distenation is self.
    3. logcontrol: Log for all Control Message.
    4. lognormal: Log packets that either the source or distenation is self.
    5. logntp: NTP related logs.
  7. dynamicroute: Log for dynamic route.
    1. sendpinginterval: Send Ping interval
    2. dupchecktimeout: Duplication chack timeout.
    3. conntimeout: Connection timeout.
    4. savenewpeers: Save peer info to local file.
    5. supernode: See Super Mode
    6. p2p See P2P Mode
    7. ntpconfig: NTP related settings
      1. usentp: USE NTP or not.
      2. maxserveruse: How many NTP servers should we use at once.
        First time we will measure lentancy for all NTP server, next time it will use only fastest server.
      3. synctimeinterval: NTP sync interval.
      4. ntptimeout: NTP timeout
      5. servers: NTP server list
  8. nexthoptable: Nexthop table。Only static mode use it. See Static Mㄍㄟ
  9. resetconninterval: Reset the endpoint for peers. You may need this if that peer use DDNS.
  10. peers: Peer info.
    1. nodeid: Node ID.
    2. pubkey: Public key.
    3. pskey: Preshared key. Not implement yet.
    4. endpoint: Peer enddpoint. Will be overwrite if the peer roaming unless static=true.
    5. static: Do not overwrite by roaming and reset the connection every resetconninterval seconds.

Super config

See Super Mode.


No-vpp version

Build Etherguard.

Install Go 1.16

add-apt-repository ppa:longsleep/golang-backports
apt-get -y update
apt-install -y wireguard-tools golang-go build-essential



VPP version

Build Etherguard with VPP integrated.
You need installed to run this version.

Install VPP and libemif

/etc/apt/sources.list.d/ curl -L | sudo apt-key add - apt-get -y update apt-get install -y vpp vpp-plugin-core python3-vpp-api vpp-dbg vpp-dev libmemif libmemif-dev ">
echo "deb [trusted=yes] focal main" > /etc/apt/sources.list.d/
curl -L | sudo apt-key add -
apt-get -y update
apt-get install -y vpp vpp-plugin-core python3-vpp-api vpp-dbg vpp-dev libmemif libmemif-dev


make vpp
  • Add static build and CI

    Add static build and CI

    This PR provides following features:

    • statically linked build to Makefile.
    • Github Action workflow to upload build results on multiple arch when publish a new release.

    You can build statically linked executables by using make static and make vpp-statc.

    Following arch are supported in workflow:
    | | no-vpp version, dynamic | no-vpp version, static | vpp version, dynamic| vpp version, static | | ------------- | ------------- | ------------- | ------------- | ------------- | | x86_64 | ✔️ | ✔️ | ✔️ | ⛔ | | mipsle | ✔️ | ✔️ | ⛔ | ⛔ | | aarch64 | ✔️ | ✔️ | ✔️ | ⛔ | | armv7 | ✔️ | ✔️ | ⛔ | ⛔ |

    Known issues

    • ~make vpp-static will fail in the workflow.~ (Deleted)
    opened by lss233 0
日下部 詩
日下部 詩
A fork of the simple WireGuard VPN server GUI community maintained

Subspace - A simple WireGuard VPN server GUI Subspace - A simple WireGuard VPN server GUI Slack Screenshots Features Contributing Setup 1. Get a serve

null 1.6k Jun 24, 2022
A flexible configuration manager for Wireguard networks

Drago A flexible configuration manager for WireGuard networks Drago is a flexible configuration manager for WireGuard networks which is designed to ma

Seashell 940 Jun 21, 2022
Simple Web based configuration generator for WireGuard. Demo:

Wg Gen Web Simple Web based configuration generator for WireGuard. Why another one ? All WireGuard UI implementations are trying to manage the service

vx3r 935 Jun 22, 2022
The easiest, most secure way to use WireGuard and 2FA.

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs primarily on Linux; it also works to varying degrees on FreeBSD, OpenBSD, Darwin, and Windows.

Tailscale 8k Jun 28, 2022
Connect your devices into a single private WireGuard®-based mesh network.

Wiretrustee A WireGuard®-based mesh network that connects your devices into a single private network. Why using Wiretrustee? Connect multiple devices

null 2.6k Jul 3, 2022
An userspace SORACOM Arc client powered by wireguard-go

soratun An easy-to-use, userspace SORACOM Arc client powered by wireguard-go. For deploying and scaling Linux servers/Raspberry Pi devices working wit

Soracom, Inc. 6 Jun 2, 2022
A Wireguard VPN Server Manager and API to add and remove clients

Wireguard Manager And API A manager and API to add, remove clients as well as other features such as an auto reapplier which deletes and adds back a c

null 124 Jun 15, 2022
Magic util that "bridges" Wireguard with OpenVPN without a TUN/TAP interface

wg-ovpn Magic util that "bridges" Wireguard with OpenVPN without a TUN/TAP interface Warning: really ugly and unstable code! Building Obtain latest so

Patrycja 6 Jan 18, 2022
Mount your podman container into WireGuard networks on spawn

wg-pod A tool to quickly join your podman container/pod into a WireGuard network. Explanation wg-pod wires up the tools ip,route,wg and podman. It cre

Maximilian Ehlers 12 Mar 29, 2022
Go Implementation of WireGuard

Go Implementation of WireGuard

WireGuard 1.4k Jun 26, 2022
A HTTP proxy server tunnelling through wireguard

wg-http-proxy This project hacks together the excellent and into an HTTP proxy s

Sebastian Himberger 8 Jun 21, 2022
NAT puncher for Wireguard mesh networking.

natpunch-go This is a NAT hole punching tool designed for creating Wireguard mesh networks. It was inspired by Tailscale and informed by this example.

Malcolm Seyd 99 Jun 19, 2022
generate Wireguard keypairs with a given prefix string

wireguard-vanity-address Generate Wireguard keypairs with a given prefix string. The Wireguard VPN uses Curve25519 keypairs, and displays the Base64-e

yinheli 2 Mar 19, 2022
udppunch hole for wireguard

udppunch udp punch for wireguard, inspired by natpunch-go usage server side ./punch-server-linux-amd64 -port 19993 client side make sure wireguard is

yinheli 104 Jun 17, 2022
language server protocol sdk implement for go

LSP(language server protocol) defines for golang lsp types is from vscode-languageserver-node. Project is working in progress. Example func main() {

Tobias Yin 31 Jun 7, 2022
An experimental package that rely on go generics to implement collection functions utilities

go-underscore go-underscore is a utility-belt library for Golang that provides s

null 21 Mar 20, 2022
Let's implement some basic ZeroMQ publisher and subscriber in Golang. Utilize Envoy as a proxy.

Envy proxy with ZeroMQ Solution tested on DigitalOcean Droplet. In case of re-creation VM follow this article. Introduction Let's implement some basic

Jakub Wołynko 0 Jan 25, 2022
High-precision indoor positioning framework, version 3.

The Framework for Internal Navigation and Discovery (FIND) is like indoor GPS for your house or business, using only a simple smartphone or laptop. Th

Zack 4.3k Jun 28, 2022
SOCKS Protocol Version 5 Library in Go. Full TCP/UDP and IPv4/IPv6 support

socks5 中文 SOCKS Protocol Version 5 Library. Full TCP/UDP and IPv4/IPv6 support. Goals: KISS, less is more, small API, code is like the original protoc

TxThinking 466 Jun 22, 2022