https://github.com/secshellnet/wpm-api-vyos

Wireguard Peer Manager: Router API for VyOS
https://github.com/secshellnet/wpm-api-vyos

debian-package vyatta vyos

Last synced: about 1 year ago
JSON representation

Wireguard Peer Manager: Router API for VyOS

• Host: GitHub
• URL: https://github.com/secshellnet/wpm-api-vyos
• Owner: secshellnet
• Created: 2023-10-01T15:01:45.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-02-04T12:12:11.000Z (about 2 years ago)
• Last Synced: 2024-02-05T11:56:42.007Z (about 2 years ago)
• Topics: debian-package, vyatta, vyos
• Language: Rust
• Homepage:
• Size: 309 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Wireguard Peer Manager: VyOS API

Wireguard Peer Manager is used for managing Road Warrior VPN endpoints and consists of two components. Users and 

administrators utilize the Django app for graphical management of Wireguard peers. It communicates with the router's 

REST API (for VyOS [this project](https://github.com/secshellnet/wpm-api-vyos)) to apply the Wireguard configuration.

After the user logs in, they can easily create new Wireguard peers (each device should have its own peer to enable 

simultaneous connections) and view or delete the Wireguard configuration. Due to this abstraction layer, end-users don't

need access to the router to manage their peers but also don't have to open a ticket every time they want to make a new 

device VPN-enabled.

When creating new peers, the browser generates an asymmetric key pair upon the user's request and also a pre-shared key

(PSK), which needs to be set up on both sides for the tunnel to function. The private key is not sent to the server and 

not stored in the browser, so the user must save it directly.

Afterward, the user sees the newly created peer in the list of registered peers with a red status indicator. Once it

changes to green (usually taking no longer than 30 seconds), the peer is usable.

All clients connecting to the same router use the same Wireguard endpoint (in our case, the interface `wg100`), 

differing only in the IPv4 and IPv6 addresses used within the tunnel.

## Specification

- HTTP Authorization using Bearer Access Tokens.

### Endpoints

| HTTP Method | Endpoint                | Description                 | Returns (on success) |

|-------------|-------------------------|-----------------------------|----------------------|

| GET         | `/api/peer/:identifier` | Check the status of a peer  | `StatusResponse`     |

| POST        | `/api/peer/`            | Create new peer             | `ApiResponse`        |

| DELETE      | `/api/peer/:identifier` | Delete peer by identifier   | `ApiResponse`        |

### Schemas

#### AddPeerSchema

```json

{

    "user_identifier": "",

    "peer_identifier": "",

    "publicKey": "",

    "psk": "",

    "tunnelIpv4": "",

    "tunnelIpv6": ""

}

```

#### ApiResponse

```json

{

    "status": "success",

    "message": "..."

}

```

#### StatusResponse

```json

{

    "valid": true

}

```