{"id":25230619,"url":"https://github.com/heusalagroup/wg-discovery","last_synced_at":"2026-02-16T04:04:04.651Z","repository":{"id":276519488,"uuid":"929405479","full_name":"heusalagroup/wg-discovery","owner":"heusalagroup","description":"WireGuard P2P Endpoint Detection Service","archived":false,"fork":false,"pushed_at":"2025-02-10T21:12:19.000Z","size":133,"stargazers_count":0,"open_issues_count":14,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-03T11:36:15.647Z","etag":null,"topics":["mesh","mesh-network","nat-hole-punching","networking","p2p","p2p-network","secure-networking","vpn","vpn-connections","wireguard"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/heusalagroup.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-08T13:28:38.000Z","updated_at":"2025-02-09T18:38:13.000Z","dependencies_parsed_at":"2025-06-03T08:33:06.664Z","dependency_job_id":null,"html_url":"https://github.com/heusalagroup/wg-discovery","commit_stats":null,"previous_names":["heusalagroup/wg-discovery"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/heusalagroup/wg-discovery","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heusalagroup%2Fwg-discovery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heusalagroup%2Fwg-discovery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heusalagroup%2Fwg-discovery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heusalagroup%2Fwg-discovery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/heusalagroup","download_url":"https://codeload.github.com/heusalagroup/wg-discovery/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heusalagroup%2Fwg-discovery/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29499810,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T03:57:51.541Z","status":"ssl_error","status_checked_at":"2026-02-16T03:55:59.854Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mesh","mesh-network","nat-hole-punching","networking","p2p","p2p-network","secure-networking","vpn","vpn-connections","wireguard"],"created_at":"2025-02-11T12:00:10.468Z","updated_at":"2026-02-16T04:04:04.619Z","avatar_url":"https://github.com/heusalagroup.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wg-discovery\n\n`wg-discovery` is a lightweight tool/service for WireGuard that automates the\ndiscovery and management of peer-to-peer endpoints. It runs as an HTTP\nservice, providing a JSON API to:\n\n- Expose a list of reachable peers via a GET request over the WireGuard\n  interface.\n- Allows the peer to dynamically configure their endpoint information from\n  remote peers in the network.\n\n`wg-discovery` is designed to work in decentralized WireGuard setups — helping\npeers to detect one another’s direct connection details automatically without\nrelying on central servers to forward actual traffic. Only the connection\nendpoint details are provided to peers through other nodes in the WireGuard\nnetwork. For this to work over NAT networks (including NAT vs NAT), at least one of\nthe nodes within the network must have a public IP and this discovery service\navailable.\n\n## NAT Hole Punching\n\nNAT hole punching is a technique that allows two devices behind separate NATs\nto establish direct communication. This usually works even if both systems are\nbehind a NAT, as long as at least one device has a way to discover and share\nits external address. However, if multiple devices behind the same NAT use the\nsame WireGuard port, only one of them will be reachable at a time. To ensure\nproper connectivity for multiple devices behind the same NAT, each system\nshould use a unique WireGuard port number.\n\nFor NAT hole punching to work effectively, at least one peer in the network\nmust have a public IP address and be running this WireGuard discovery service.\nThis peer acts as a relay for endpoint information, helping nodes behind NATs\ndiscover each other’s external addresses and establish direct communication.\nWithout a publicly reachable discovery service, peers behind NATs would have\nno way to learn the necessary connection details.\n\nIt is intended to be run on the internal WireGuard network and secured by\nWireGuard's own security layers. It is **NOT** intended to be exposed as a\npublicly available HTTP service.\n\n## Sudo Access\n\nIf you run the service as a non-root user, you'll need to allow that user to\nexecute the `wg` command via sudo without a password prompt. For example, to\nallow the user `bob` to run the `wg` command located at `/usr/bin/wg`, add the\nfollowing line to your sudoers configuration (using visudo):\n\n```sudoers\nbob ALL=(root) NOPASSWD: /usr/bin/wg\n```\n\nReplace `bob` with your username and adjust the path to the wg binary if necessary.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheusalagroup%2Fwg-discovery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fheusalagroup%2Fwg-discovery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheusalagroup%2Fwg-discovery/lists"}