Connect your devices into a single private WireGuard®-based mesh network.

Overview

Wiretrustee

A WireGuard®-based mesh network that connects your devices into a single private network.

Why using Wiretrustee?

  • Connect multiple devices to each other via a secure peer-to-peer Wireguard VPN tunnel. At home, the office, or anywhere else.
  • No need to open ports and expose public IPs on the device.
  • Automatically reconnects in case of network failures or switches.
  • Automatic NAT traversal.
  • Relay server fallback in case of an unsuccessful peer-to-peer connection.
  • Private key never leaves your device.
  • Works on ARM devices (e.g. Raspberry Pi).

A bit on Wiretrustee internals

  • Wiretrustee uses WebRTC ICE implemented in pion/ice library to discover connection candidates when establishing a peer-to-peer connection between devices.
  • A connection session negotiation between peers is achieved with the Wiretrustee Signalling server signal
  • Contents of the messages sent between peers through the signaling server are encrypted with Wireguard keys, making it impossible to inspect them. The routing of the messages on a Signalling server is based on public Wireguard keys.
  • Occasionally, the NAT-traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT). For that matter, there is support for a relay server fallback (TURN) and a secure Wireguard tunnel is established via TURN server. Coturn is the one that has been successfully used for STUN and TURN in Wiretrustee setups.

What Wiretrustee is not doing:

  • Wireguard key management. In consequence, you need to generate peer keys and specify them on Wiretrustee initialization step.
  • Peer address management. You have to specify a unique peer local address (e.g. 10.30.30.1/24) when configuring Wiretrustee

Product Roadmap

Client Installation

Linux

  1. Checkout Wiretrustee releases
  2. Download the latest release (Switch VERSION to the latest):

Debian packages

wget https://github.com/wiretrustee/wiretrustee/releases/download/v<VERSION>/wiretrustee_<VERSION>_linux_amd64.deb
  1. Install the package
sudo dpkg -i wiretrustee_<VERSION>_linux_amd64.deb

Fedora/Centos packages

wget https://github.com/wiretrustee/wiretrustee/releases/download/v<VERSION>/wiretrustee_<VERSION>_linux_amd64.rpm
  1. Install the package
sudo rpm -i wiretrustee_<VERSION>_linux_amd64.rpm

MACOS

  1. Checkout Wiretrustee releases
  2. Download the latest release (Switch VERSION to the latest):
curl -o ./wiretrustee_<VERSION>_darwin_amd64.tar.gz https://github.com/wiretrustee/wiretrustee/releases/download/v<VERSION>/wiretrustee_<VERSION>_darwin_amd64.tar.gz
  1. Decompress
tar xcf ./wiretrustee_<VERSION>_darwin_amd64.tar.gz
sudo mv wiretrusee /usr/local/bin/wiretrustee
chmod +x /usr/local/bin/wiretrustee

After that you may need to add /usr/local/bin in your MAC's PATH environment variable:

export PATH=$PATH:/usr/local/bin

Client Configuration

  1. Initialize Wiretrustee:

For MACOS, you need to create the configuration directory:

sudo mkdir /etc/wiretrustee

Then, for all systems:

sudo wiretrustee init \
 --stunURLs stun:stun.wiretrustee.com:3468,stun:stun.l.google.com:19302 \
 --turnURLs <TURN User>:<TURN password>@turn:stun.wiretrustee.com:3468  \
 --signalAddr signal.wiretrustee.com:10000  \
 --wgLocalAddr 10.30.30.1/24  \
 --log-level info

It is important to mention that the wgLocalAddr parameter has to be unique across your network. E.g. if you have Peer A with wgLocalAddr=10.30.30.1/24 then another Peer B can have wgLocalAddr=10.30.30.2/24

If for some reason, you already have a generated Wireguard key, you can specify it with the --wgKey parameter. If not specified, then a new one will be generated, and its corresponding public key will be output to the log. A new config will be generated and stored under /etc/wiretrustee/config.json

  1. Add a peer to connect to.
sudo wiretrustee add-peer --allowedIPs 10.30.30.2/32 --key '<REMOTE PEER WIREUARD PUBLIC KEY>'
  1. Restart Wiretrustee to reload changes For MACOS you will just start the service:
sudo wiretrustee up --log-level info 
# or
sudo wiretrustee up --log-level info & # to run it in background

For Linux systems:

sudo systemctl restart wiretrustee.service
sudo systemctl status wiretrustee.service 

Running the Signal service

After installing the application, you can run the signal using the command below:

/usr/local/bin/wiretrustee signal --log-level INFO

This will launch the Signal server on port 10000, in case you want to change the port, use the flag --port.

Docker image

We have packed the Signal server into docker image. You can pull the image from Docker Hub and execute it with the following commands:

docker pull wiretrustee/wiretrustee:signal-latest
docker run -d --name wiretrustee-signal -p 10000:10000 wiretrustee/wiretrustee:signal-latest

The default log-level is set to INFO, if you need you can change it using by updating the docker cmd as followed:

docker run -d --name wiretrustee-signal -p 10000:10000 wiretrustee/wiretrustee:signal-latest --log-level DEBUG

Running Signal and Coturn

Under infrastructure_files we have a docker-compose example to run both, Wiretrustee Signal server and an instance of Coturn, it also provides a turnserver.conf file as a simple example of Coturn configuration. You can edit the turnserver.conf file and change its Realm setting (defaults to wiretrustee.com) to your own domain and user setting (defaults to username1:password1) to proper credentials.

The example is set to use the official images from Wiretrustee and Coturn, you can find our documentation to run the signal server in docker in [Running the Signal service](#Running the Signal service) and the Coturn official documentation here.

Run Coturn at your own risk, we are just providing an example, be sure to follow security best practices and to configure proper credentials as this service can be exploited and you may face large data transfer charges.

Also, if you have an SSL certificate you can modify the docker-compose.yml file to point to its files in your host machine, then switch the domainname to your own SSL domain. If you don't already have an SSL certificate, you can follow Certbot's official documentation to generate one from Let’s Encrypt, or, we found that the example provided by BigBlueButton covers the basics to configure Coturn with Let's Encrypt certs.

Simple docker-composer execution:

cd infrastructure_files
docker-compose up -d

You can check logs by running:

cd infrastructure_files
docker-compose logs signal
docker-compose logs coturn

If you need to stop the services, run the following:

cd infrastructure_files
docker-compose down
Comments
  • Peer Status Online but not Connected.

    Peer Status Online but not Connected.

    Hello,

    I was trying to connect two windows machines and looks like they are shown online in the management dashboard but are not shown as connected is there something that I missed?

    Since they are not shown as connected I am not able to get a ping response.

    image

    image

    opened by MANKUD 36
  • No route between hosts

    No route between hosts

    I've installed netbird 0.8.2 on 3 hosts in 3 different locations.

    2022-07-13_10-26

    They appear to be online but netbird status on each of them doesn't seem to be seeing the other hosts:

    Daemon status: Connected
    Management: Connected
    Signal:  Connected
    NetBird IP: 100.64.94.238/16
    Interface type: Kernel
    Peers count: 0/2 Connected
    

    On 2 of them I've enabled debugging and the log files are here: bslog1.log pcweb1.log

    I can't ping between the hosts and when trying to ssh into them, I get the error Error: dial tcp 100.64.94.238:44338: connect: no route to host

    Any idea what's wrong?

    opened by jurgenhaas 17
  • using the Self-hosting Guide without success

    using the Self-hosting Guide without success

    1:management.json: management json

    2:docker-compose.yml: 2022-02-27_214029

    3:Coturn_log.txt

    4:https://github.com/wiretrustee/wiretrustee/blob/main/docs/self-hosting.md vs README.md start with ""Running Dashboard, Management, Signal and Coturn" The descriptions are inconsistent.

    In addition to modifying setup.env, what else do I need to modify? Can the documentation be improved? Thank you.

    opened by chmis8000 9
  • Do we need to trust signal server?

    Do we need to trust signal server?

    From docs it is not clear, how setup key is used during adding new peer. However, given that:

    • setup key looks like uuid
    • setup key shown in web interface equals to one used in command line on peer

    I assume that it is used like a shared secret.

    This probably means that malicious signal server can insert a MITM between your peers; and when app.wiretrustee.com is hacked, all networks using it are at risk.

    It would be nice if less trust is required to signal server. It seems to be possible with public key cryptography, for example:

    • to setup a new network one obtain private key with wg genkey
    • app.wiretrustee.com identifies the network by its public counterpart
    • when new peer is added, it uses private network key to sign own public key and send it via signal server's pub-sub topic, identified by public network key
    • other peers from the given network check signature and only after verification start to trust new public key
    • they send to new peer their public keys, also signed with private network key, plus info about their endpoints, suggested IP for new peer and so on

    For enterprise-grade setups with ACLs, audit et cetera one may use private network key as certificate authority which issues keys for joining the network, keys for server(s) who is responsible for IP assigning, keys for audit servers and so on.

    Web UI for management in this case may run on any server in the network, and it is safer because sysadmin knows that he/she runs a binary compiled from official sources.

    Authorization at app.wiretrustee.com is not mandatory at all, though may be used to manage some additional services like TURN which is not open for anyone.

    Do you consider such a scheme? Or am I wrong about currently used one?

    opened by le-chat 9
  • macOS: problem installing from Homebrew cask / M1 Mac Mini?

    macOS: problem installing from Homebrew cask / M1 Mac Mini?

    Wanted to try this out so I followed the install instructions, but it's failing. Seems to be related to wiretrustee dependency.

    macOS 12.5 / M1 Mac Mini.

    $ brew install netbirdio/tap/netbird
    ==> Downloading https://github.com/netbirdio/netbird/releases/download/v0.8.5/netbird_0.8.5_darwin_arm64.tar.gz
    Already downloaded: /Users/luke/Library/Caches/Homebrew/downloads/e57146d1abdb10de1d122c8031f374f8a3a978f2d3713bb64c207b2ede0c314a--netbird_0.8.5_darwin_arm64.tar.gz
    ==> Installing netbird from netbirdio/tap
    Warning: netbird: No available formula with the name "wiretrustee". Did you mean wiredtiger?
    'conflicts_with "wiretrustee"' should be removed from netbird.rb.
    Warning: No available formula with the name "wiretrustee". Did you mean wiredtiger?
    ==> Searching for similarly named formulae...
    This similarly named formula was found:
    wiredtiger
    To install it, run:
      brew install wiredtiger
    ==> Searching for a previously deleted formula (in the last month)...
    Error: No previously deleted formula found.
    ==> Searching taps on GitHub...
    Error: No formulae found in taps.
    
    $ brew install --cask netbirdio/tap/netbird-ui
    ==> Downloading https://github.com/netbirdio/netbird/releases/download/v0.8.5/netbird-ui_0.8.5_darwin_arm64_signed.zip
    Already downloaded: /Users/luke/Library/Caches/Homebrew/downloads/764db04869eba635b474cf8c5b946c62055e3a93bdff2f25d9bd812e94c6ed4d--netbird-ui_0.8.5_darwin_arm64_signed.zip
    ==> Installing dependencies: netbird
    ==> Downloading https://github.com/netbirdio/netbird/releases/download/v0.8.5/netbird_0.8.5_darwin_arm64.tar.gz
    Already downloaded: /Users/luke/Library/Caches/Homebrew/downloads/e57146d1abdb10de1d122c8031f374f8a3a978f2d3713bb64c207b2ede0c314a--netbird_0.8.5_darwin_arm64.tar.gz
    Warning: netbird: No available formula with the name "wiretrustee". Did you mean wiredtiger?
    'conflicts_with "wiretrustee"' should be removed from netbird.rb.
    Warning: No available formula with the name "wiretrustee". Did you mean wiredtiger?
    ==> Searching for similarly named formulae...
    This similarly named formula was found:
    wiredtiger
    To install it, run:
      brew install wiredtiger
    ==> Searching for a previously deleted formula (in the last month)...
    Error: No previously deleted formula found.
    ==> Searching taps on GitHub...
    Error: No formulae found in taps.
    
    opened by luckman212 8
  • Ignore tailscale and zerotier interfaces when collecting endpoints

    Ignore tailscale and zerotier interfaces when collecting endpoints

    Like https://github.com/tailscale/tailscale/issues/1208 Maybe we need ignore tailscale and zerotier interfaces when collecting endpoints to avoid DoS each other by doing traffic amplification. The zerotier interfaces name like: https://github.com/tailscale/tailscale/blob/55095df6445f15be35d64dc36c23b719be62be5e/net/interfaces/interfaces.go#L72-L82

    strings.HasPrefix(name, "zt") || (runtime.GOOS == "windows" && strings.Contains(name, "ZeroTier"))
    

    The tailscale interfaces name like: https://github.com/tailscale/tailscale/blob/55095df6445f15be35d64dc36c23b719be62be5e/net/interfaces/interfaces.go#L59-L67

    s == "Tailscale" || strings.HasPrefix(s, "wg") || strings.HasPrefix(s, "ts") || strings.HasPrefix(s, "tailscale") || strings.HasPrefix(s, "utun")
    
    opened by wwqgtxx 7
  • Client Login via device authorization flow

    Client Login via device authorization flow

    The client will fetch the device authorization flow information from management and will use it to login using our hosted provider.

    • moved the OAuth package to internal as we only have one option
    • use management URL in the service configuration
    • Added SSO login to UI and CLI clients
    • Check if the client is logged in when starting UI
    • retrieve device authorization flow information from management
    opened by mlsmaycon 7
  • Avoid pulling in management code in client

    Avoid pulling in management code in client

    Avoid management code import for the legacy port value, hardcoding it instead (it's literally spelled out in a comment below as well).

    Fixes #436, saving around 9% disk space (go build -ldflags="-s -w" client/main.go: old: 16838656 bytes, new: 15253504 bytes, go 1.18.4 x86-86). This doesn't look much but it counts in embedded devices.

    opened by szakharchenko 5
  • Error: context deadline exceeded on macOS

    Error: context deadline exceeded on macOS

    HI there, while adding a macos peer to the network, i get the following error all the time.

    Error: context deadline exceeded
    Usage:
      wiretrustee up [flags]
    
    Flags:
      -h, --help   help for up
    ......
    

    Tries with the 0.5.1 binaries and brew install on two different systems with same error.

    It works fine on an Ubuntu20.04 Machine though.

    Thanks, khedar

    opened by ykhedar 5
  • keycloak support

    keycloak support

    Hi guys, I just found this project and it looks like something I've been wanting for a while.. (and only tailscale does - but I'm not a fan of trusting such services :)

    I leave this here to suggest perhaps supporting keycloak as an auth mechanism? Its very widely supported (through OIDC protocol) - here's f.ex. how we setup ArgoCD to allow login via keycloak: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/user-management/keycloak.md And you CAN actually also setup keycloak to allow google user account auth - which means keycloak login - will allow you to login with your google account (if thats what you want) or a keycloak user..

    Supporting keycloak is a one-stop way to get 2fa, google-auth, with self-hosting support and everything (as keycloak supports these things).

    ArgoCd implements it by using https://github.com/coreos/go-oidc

    opened by KlavsKlavsen 5
  • Wireguard interface not up

    Wireguard interface not up

    Hello everyone

    I have a 5.10 kernel:

    uname -a

    Linux debian-1cpu-1gb-sg-sin1 5.10.0-0.bpo.7-amd64 #1 SMP Debian 5.10.40-1~bpo10+1 (2021-06-04) x86_64 GNU/Linux

    The wireguard kernel module has been loaded:

    modprobe wireguard
    lsmod | grep wireguard
    
    wireguard              94208  0
    libchacha20poly1305    16384  1 wireguard
    ip6_udp_tunnel         16384  1 wireguard
    udp_tunnel             20480  1 wireguard
    libblake2s             16384  1 wireguard
    curve25519_x86_64      49152  1 wireguard
    libcurve25519_generic    49152  2 curve25519_x86_64,wireguard
    

    After starting wiretrustee, there is no wiretrustee0 interface:

    systemctl status wiretrustee.service

    ● wiretrustee.service - Wiretrustee Service
       Loaded: loaded (/lib/systemd/system/wiretrustee.service; enabled; vendor preset: enabled)
       Active: active (running) since Mon 2021-07-05 14:41:31 UTC; 6min ago
     Main PID: 799 (wiretrustee)
        Tasks: 3 (limit: 1135)
       Memory: 6.7M
       CGroup: /system.slice/wiretrustee.service
               └─799 /usr/local/bin/wiretrustee up --config /etc/wiretrustee/config.json --log-level debug
    

    ip a

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
        link/ether 46:d1:1a:9d:07:2e brd ff:ff:ff:ff:ff:ff
        inet xxx.xxx.xxx.xxx/22 brd xxx.xxx.xxx.xxx scope global dynamic eth0
           valid_lft 85710sec preferred_lft 85710sec
        inet6 fe80::44d1:1aff:fe9d:72e/64 scope link 
           valid_lft forever preferred_lft forever
    

    What did i do wrong? Any suggestions, thanks

    opened by xiya233 5
  • Add return forward rule for network routes

    Add return forward rule for network routes

    In some cases, the default FORWARD rule will be set to DROP, making return traffic to be dropped and communication to fail.

    We can create a new forwarding rule for the return traffic e.g:

    iptables -A NETBIRD-RT-FWD -s 100.64.0.0/16 -d 172.16.1.0/24 -m comment --comment netbird-fwd-out-ttt -j 
    iptables -A NETBIRD-RT-FWD -s 172.16.1.0/24 -d 100.64.0.0/16 -m comment --comment netbird-fwd-in-ttt -j 
    
    opened by mlsmaycon 0
  • Enhance peer logging to include username and peer name when using netbird ssh

    Enhance peer logging to include username and peer name when using netbird ssh

    When you log into a peer via netbird ssh you get a line in the peers logs such as:

    Sep 23 17:26:58 <hostname> login[92347]: ROOT LOGIN  on '/dev/pts/2' from '100.103.62.186'
    

    For auditing purposes it would be super helpful to extend this log and have it look something like this

    Sep 23 17:26:58 <hostname> login[92347]: ROOT LOGIN  on '/dev/pts/2' from '[email protected]'
    

    and once the peer DNS feature is complete ultimately look something like this. (netbird_machine01=100.103.62.186)

    Sep 23 17:26:58 <hostname> login[92347]: ROOT LOGIN  on '/dev/pts/2' from '[email protected]_machine01'
    
    opened by finnje 0
  • Validate Netbird UI with older MacOS versions

    Validate Netbird UI with older MacOS versions

    We've received the following report on Reddit:

    You can't use this version of the application "Netbird UI" with this version of macOS. You have macOS %@. The application requires macOS %@ or later.
    
    I can't remember if macOS %@ was before or after Mojave. It had lousy wallpaper, though.
    

    We need to investigate the issue with older macOS versions as the first release of the UI client was made in March 2022

    opened by mlsmaycon 2
  •  rpc error: code = Unknown desc = context deadline exceeded

    rpc error: code = Unknown desc = context deadline exceeded

    Hello there,

    I set up erverything like described in the selfhosting guide with keycloak. I can login to the admin console with keycloak and can see Peers etc.

    However, when I try to do a netbird up, it wont connect to the management service.

    $ netbird up  --management-url https://netbird-api.company.com/
    WARN[2022-09-22T00:52:36+02:00] retrying Login to the Management service in 1.104660288s due to error rpc error: code = Unknown desc = context deadline exceeded
    
    • Dashboard is runing under netbird.company.com
    • API is running under netbird-api.company.com

    I can curl the api from my machin:

    $ curl https://netbird-api.compay.com/api/groups
    The token isn't valid
    
    opened by ykorzikowski 12
  • Self hosted keycloak integration shows user ID under email in netbird ui

    Self hosted keycloak integration shows user ID under email in netbird ui

    For some reason keycloak users info is not being pulled properly when displayed in the netbird ui

    Keycloak UI

    Screen Shot 2022-09-13 at 9 16 49 AM

    Netbird UI

    Screen Shot 2022-09-13 at 9 12 10 AM

    I would expect the email address seen in keycloak to be displayed under email in the netbird instead of the ID and likely the username from keycloak to be displayed under Name in netbird.

    enhancement management-service integrations 
    opened by finnje 1
  • Request: leverage another crypto library that would allow for FIPS validation

    Request: leverage another crypto library that would allow for FIPS validation

    Wireguard itself won't be FIPS validated as the encryption algorithms aren't approved for FIPs validation, but other crypto in use, for example the netbird ssh connections could be FIPS validated if something like https://github.com/golang-fips/go was used instead of the default go crypto library.

    enhancement agent 
    opened by finnje 1
Releases(v0.9.6)
NAT puncher for Wireguard mesh networking.

natpunch-go This is a NAT hole punching tool designed for creating Wireguard mesh networks. It was inspired by Tailscale and informed by this example.

Malcolm Seyd 106 Sep 9, 2022
🐉 Simple WireGuard proxy with minimal overhead for WireGuard traffic.

swgp-go ?? Simple WireGuard proxy with minimal overhead for WireGuard traffic. Proxy Modes 1. Zero overhead Simply AES encrypt the first 16 bytes of a

null 35 Sep 9, 2022
Mount your podman container into WireGuard networks on spawn

wg-pod A tool to quickly join your podman container/pod into a WireGuard network. Explanation wg-pod wires up the tools ip,route,wg and podman. It cre

Maximilian Ehlers 13 Aug 14, 2022
inlets-connect is a proxy that supports HTTPS and the CONNECT method

inlets-connect inlets-connect is a proxy that supports HTTPS and the CONNECT method. It can be deployed as a side-car or stand-alone to proxy to a sin

Alex Ellis 21 Sep 13, 2022
Minekube Connect allows you to connect any Minecraft server

Minekube Connect allows you to connect any Minecraft server, whether online mode, public, behind your protected home network or anywhere else in the world, with our highly available, performant and low latency edge proxies network nearest to you.

Minekube 9 Aug 17, 2022
Generates file.key file for IPFS Private Network.

ipfs-keygen Generates file.key file for IPFS Private Network. Installation go get -u github.com/reixmor/ipfs-keygen/ipfs-keygen Usage ipfs-keygen > ~/

Camilo Abel Monreal Aguero 0 Jan 18, 2022
Tool for monitoring network devices (mainly using SNMP) - monitoring check plugin

Thola Description A tool for monitoring network devices written in Go. It features a check mode which complies with the monitoring plugins development

inexio 252 Sep 22, 2022
Prometheus exporter for counting connected devices to a network using nmap

nmapprom Prometheus exporter for counting the hosts connected to a network using nmap · Report Bug · Request Feature Table of Contents About The Proje

Oisín Aylward 3 Oct 17, 2021
wire protocol for multiplexing connections or streams into a single connection, based on a subset of the SSH Connection Protocol

qmux qmux is a wire protocol for multiplexing connections or streams into a single connection. It is based on the SSH Connection Protocol, which is th

Jeff Lindsay 191 Sep 25, 2022
Simple Web based configuration generator for WireGuard. Demo:

Wg Gen Web Simple Web based configuration generator for WireGuard. Why another one ? All WireGuard UI implementations are trying to manage the service

vx3r 1k Sep 27, 2022
A tool helps connect to your AriPods when sound playing in your Mac

Auto connect to airpods this tool helps connect to your AriPods when sound playing in your Mac. dependencenes SwitchAudioSource $ brew install switcha

Fndroid 2 Dec 9, 2021
Proxtor - A simple tool to connect to the network using Tor

Proxtor A simple tool to connect to the network using Tor. Installing Go to rele

null 1 Jan 1, 2022
Totem - A Go library that can turn a single gRPC stream into bidirectional unary gRPC servers

Totem is a Go library that can turn a single gRPC stream into bidirectional unar

Joe Kralicky 2 Jan 10, 2022
A fork of the simple WireGuard VPN server GUI community maintained

Subspace - A simple WireGuard VPN server GUI Subspace - A simple WireGuard VPN server GUI Slack Screenshots Features Contributing Setup 1. Get a serve

null 1.7k Sep 16, 2022
A flexible configuration manager for Wireguard networks

Drago A flexible configuration manager for WireGuard networks Drago is a flexible configuration manager for WireGuard networks which is designed to ma

Seashell 982 Sep 25, 2022
MOSN is a cloud native proxy for edge or service mesh. https://mosn.io

中文 MOSN is a network proxy written in Golang. It can be used as a cloud-native network data plane, providing services with the following proxy functio

MOSN 3.9k Sep 22, 2022
The easiest, most secure way to use WireGuard and 2FA.

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs primarily on Linux; it also works to varying degrees on FreeBSD, OpenBSD, Darwin, and Windows.

Tailscale 9k Sep 19, 2022
An userspace SORACOM Arc client powered by wireguard-go

soratun An easy-to-use, userspace SORACOM Arc client powered by wireguard-go. For deploying and scaling Linux servers/Raspberry Pi devices working wit

Soracom, Inc. 6 Jun 2, 2022
A Wireguard VPN Server Manager and API to add and remove clients

Wireguard Manager And API A manager and API to add, remove clients as well as other features such as an auto reapplier which deletes and adds back a c

null 138 Sep 22, 2022