Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/svenstaro/wiresmith
Auto-config WireGuard clients into a mesh
https://github.com/svenstaro/wiresmith
mesh wireguard
Last synced: 9 days ago
JSON representation
Auto-config WireGuard clients into a mesh
- Host: GitHub
- URL: https://github.com/svenstaro/wiresmith
- Owner: svenstaro
- License: mit
- Created: 2023-03-16T00:57:04.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-10-04T02:48:52.000Z (about 1 month ago)
- Last Synced: 2024-10-29T15:34:08.338Z (10 days ago)
- Topics: mesh, wireguard
- Language: Rust
- Homepage:
- Size: 366 KB
- Stars: 84
- Watchers: 4
- Forks: 4
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-wireguard - svenstaro/wiresmith - Auto-config WireGuard clients into a mesh  :green_circle: (Projects / Mesh Network)
README
# wiresmith - Auto-config WireGuard clients into a mesh
[](https://github.com/svenstaro/wiresmith/actions)
[](https://crates.io/crates/wiresmith)
[](https://github.com/svenstaro/wiresmith/blob/master/LICENSE)
[](https://github.com/svenstaro/wiresmith)
**wiresmith** automatically discovers other peers using a shared backend and adds them to the local
network configuration while also publishing the local node so that others can talk to it. In short,
it will create a self-maintaining mesh network using WireGuard.
You choose to let it figure out the addresses by itself or provide static addresses yourself. It
can also clean up dead peers if desired.
## Features
- Simple usage
- Automatic address allocation
- Mesh connectivity
- IPv4/IPv6
- Value store backends: Consul
- Network configuration backends: systemd-networkd
- Cleanup of dead peers
- Pretty logging!
## How to use
You need to at least provide the internal netork to use and the local node's endpoint. The endpoint
can either be an interface or a specific local interface address. For instance, one of the simplest
invocations would be:
wiresmith --network 192.168.0.0/24 --endpoint-interface eth0
This will:
1. Connect to a local Consul agent
2. Generate or load a local WireGuard configuration for `systemd-networkd`
3. Use an address within the `192.168.0.0/24` WireGuard network for internal addressing
4. Pick a usable global address from `eth0` and uses that to communicate with other peers
The endpoint interface needs to be reachable from all the other peers.
If you use [Consul
Federation](https://developer.hashicorp.com/consul/tutorials/networking/federation-gossip-wan)
we fetch peers from all available datacenters using the same `--consul-prefix`
value.
## Usage
Auto-config WireGuard clients into a mesh
Usage: wiresmith [OPTIONS] --network
Options:
--consul-address
Consul backend socket address
[default: http://127.0.0.1:8500]
--consul-token
Consul secret token
--consul-ttl
Consul TTL times out after this duration without being renewed
[default: 1min]
--consul-prefix
Consul KV prefix
[default: wiresmith]
-u, --update-period
Update period - how often to check for peer updates
[default: 10s]
-i, --wg-interface
WireGuard interface name
[default: wg0]
-p, --wg-port
WireGuard UDP listen port
[default: 51820]
-k, --keepalive
Set persistent keepalive option for wireguard
Set to 0 in order to disable.
[default: 25s]
--endpoint-interface
Public endpoint interface name
You need to provide either this or --endpoint-address.
--endpoint-address
Public endpoint address
Can be a hostname or IP address. You need to provide either this or --endpoint-interface.
--network-backend
Network configuration backend
[default: networkd]
[possible values: networkd]
--networkd-dir
Directory in which to place the generated networkd configuration
[default: /etc/systemd/network/]
-a, --address
Address to allocate
If not provided, will allocate available address from the subnet. For instance 10.0.0.4 or fc00::4
-n, --network
Network to use
Must be the same for all clients. For instance 10.0.0.0/24 or fc00::/64
-v, --verbose...
Be verbose
Provide twice for very verbose.
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
## How to install
Pre-compiled binaries for supported platforms are available on the
[releases](https://github.com/svenstaro/wiresmith/releases) page.
If you are on Arch Linux, you can just
pacman -S wiresmith
Alternatively, you can use the provided OCI images using Podman or Docker:
podman run --rm --name wiresmith --cap-add SYS_ADMIN,NET_ADMIN --network host ghcr.io/svenstaro/wiresmith
docker run --rm --name wiresmith --privileged --network host ghcr.io/svenstaro/wiresmith
You can also use the provided systemd service.
## Similar projects
If `wiresmith` doesn't fulfill your needs, perhaps one of these projects does:
- [wg-meshconf](https://github.com/k4yt3x/wg-meshconf)
- [autowire](https://github.com/elghazal-a/autowire)
- [wgmesh](https://github.com/aschmidt75/wgmesh)
You might also find some tools in these lists:
- [awesome-wireguard](https://github.com/cedrickchee/awesome-wireguard)
- [WireGuardMeshes](https://github.com/HarvsG/WireGuardMeshes)
## Development
This project uses Podman in rootless mode to facilitate rapid local testing. Before starting a
development session, run
just prepare-test
to make sure you have the necessary images.
Make sure you have [just](https://github.com/casey/just) and [zellij](https://zellij.dev/)
installed locally and then run either `just test` for automatic testing or `just interactive` for
interactive testing. The interactive session will spawn two systemds in containers and then run one
instance of `wiresmith` in each of them so you can watch them and see how they interact.
## Releasing
This is mostly a note for me on how to release this thing:
- Make sure `CHANGELOG.md` is up to date.
- `cargo release `
- `cargo release --execute `
- OCI images and binaries will automatically be deployed by Github Actions.
- Update Arch package.