jwhited / Wgsd
Licence: apache-2.0
A CoreDNS plugin that provides WireGuard peer information via DNS-SD semantics
Stars: ✭ 169
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Wgsd
Wireguard Private Networking
Build your own multi server private network using wireguard and ansible
Stars: ✭ 124 (-26.63%)
Mutual labels: mesh-networks
Simple Rpc
RPC with service discovery base on netty
Stars: ✭ 103 (-39.05%)
Mutual labels: service-discovery
Lastbackend
System for containerized apps management. From build to scaling.
Stars: ✭ 1,536 (+808.88%)
Mutual labels: service-discovery
Hippo
💨A well crafted go packages that help you build robust, reliable, maintainable microservices.
Stars: ✭ 134 (-20.71%)
Mutual labels: service-discovery
Wifimeshraspberrypi
Workshop to create a sensor application over a WiFi Mesh network
Stars: ✭ 99 (-41.42%)
Mutual labels: mesh-networks
Library
A microservice project using .NET Core 2.0, DDD, CQRS, Event Sourcing, Redis and RabbitMQ
Stars: ✭ 122 (-27.81%)
Mutual labels: service-discovery
User.api
集成网关、身份认证、Token授权、微服务、.netcore等的基于CQRS的微服务开发框架示例
Stars: ✭ 109 (-35.5%)
Mutual labels: service-discovery
Kubernetes Envoy Example
Teaching myself about Envoy on Kubernetes
Stars: ✭ 116 (-31.36%)
Mutual labels: service-discovery
Doge
Doge is a high-performance, Python based, open source RPC framework
Stars: ✭ 144 (-14.79%)
Mutual labels: service-discovery
Amalgam8
Content and Version-based Routing Fabric for Polyglot Microservices
Stars: ✭ 152 (-10.06%)
Mutual labels: service-discovery
Dubbo Registry Nacos
Dubbo Registry for Alibaba Nacos
Stars: ✭ 99 (-41.42%)
Mutual labels: service-discovery
Django Netjsongraph
Network Topology Visualizer & Network Topology Collector
Stars: ✭ 131 (-22.49%)
Mutual labels: mesh-networks
Multipeer
📱📲 A wrapper for the MultipeerConnectivity framework for automatic offline data transmission between devices
Stars: ✭ 170 (+0.59%)
Mutual labels: mesh-networks
Lighthouse
Lighthouse - a simple service discovery platform for Akka.Cluster (Akka.NET)
Stars: ✭ 164 (-2.96%)
Mutual labels: service-discovery
Condenserdotnet
API Condenser / Reverse Proxy using Kestrel and Consul, Including light weight consul lib
Stars: ✭ 147 (-13.02%)
Mutual labels: service-discovery
wgsd
wgsd is a CoreDNS plugin that serves WireGuard peer information via DNS-SD (RFC6763) semantics. This enables use cases such as:
- Building a mesh of WireGuard peers from a central registry
- Dynamic discovery of WireGuard Endpoint addressing (both IP address and port number)
- NAT-to-NAT WireGuard connectivity where UDP hole punching is supported.
See this blog post for a deep dive on the underlying techniques and development thought.
Installation
Binary releases are available here.
Each release contains 2 binaries:
-
coredns- CoreDNS server with all the "internal" plugins +wgsd -
wgsd-client- A sample client
Building from source
External CoreDNS plugins can be enabled in one of two ways:
For method #2 you can simply go build the contents of cmd/coredns. The resulting binary is CoreDNS server with all the "internal" plugins + wgsd.
% go build
% ./coredns -plugins | grep wgsd
dns.wgsd
A basic client is available under cmd/wgsd-client.
Configuration Syntax
wgsd ZONE DEVICE
-
ZONEis the zone name wgsd should be authoritative for, e.g. example.com. -
DEVICEis the name of the WireGuard interface, e.g. wg0
wgsd ZONE DEVICE {
self [ ENDPOINT ] [ ALLOWED-IPS ... ]
}
- Supplying the
selfoption enables serving data about the local WireGuard device in addition to its peers. The optionalENDPOINTargument enables setting a custom endpoint in ip:port form. IfENDPOINTis omitted wgsd will default to the local IP address for the DNS query andListenPortof the WireGuard device. This can be useful if your host is behind NAT. The optional, variadicALLOWED-IPSargument sets allowed-ips to be served for the local WireGuard device.
Querying
Following RFC6763 this plugin provides a listing of peers via PTR records at the namespace _wireguard._udp.<zone>. The target for the PTR records is of the format <base32PubKey>._wireguard._udp.<zone>. This same format is used for the accompanying SRV, A/AAAA, and TXT records. When querying the SRV record for a peer, the target A/AAAA & TXT records will be included in the "additional" section of the response. TXT records include Base64 public key and allowed IPs. Public keys are represented in Base32 rather than Base64 in record names as they are treated as case-insensitive by the DNS.
Example
This configuration:
$ cat Corefile
.:5353 {
wgsd example.com. wg0 {
self 192.0.2.1:51820 10.0.0.254/32
}
}
With the following WireGuard peers:
$ sudo wg show
interface: wg0
public key: JeZlz14G8tg1Bqh6apteFCwVhNhpexJ19FDPfuxQtUY=
private key: (hidden)
listening port: 51820
peer: xScVkH3fUGUv4RrJFfmcqm8rs3SEHr41km6+yffAHw4=
endpoint: 203.0.113.1:7777
allowed ips: 10.0.0.1/32
latest handshake: 14 hours, 24 minutes, 40 seconds ago
transfer: 840.64 KiB received, 85.54 KiB sent
peer: syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js=
endpoint: 198.51.100.1:8888
allowed ips: 10.0.0.2/32
latest handshake: 4 days, 15 hours, 8 minutes, 12 seconds ago
transfer: 1.38 MiB received, 139.42 KiB sent
Will respond with:
$ dig @127.0.0.1 -p 5353 _wireguard._udp.example.com. PTR +noall +answer +additional
_wireguard._udp.example.com. 0 IN PTR yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com.
_wireguard._udp.example.com. 0 IN PTR wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com.
_wireguard._udp.example.com. 0 IN PTR extglt26a3znqnigvb5gvg26cqwblbgynf5re5pukdhx53cqwvda====._wireguard._udp.example.com.
$
$ dig @127.0.0.1 -p 5353 yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. SRV +noall +answer +additional
yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. 0 IN SRV 0 0 7777 yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com.
yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. 0 IN A 203.0.113.1
yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. 0 IN TXT "txtvers=1" "pub=xScVkH3fUGUv4RrJFfmcqm8rs3SEHr41km6+yffAHw4=" "allowed=10.0.0.1/32"
$
$ dig @127.0.0.1 -p 5353 wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. SRV +noall +answer +additional
wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. 0 IN SRV 0 0 8888 wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com.
wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. 0 IN A 198.51.100.1
wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. 0 IN TXT "txtvers=1" "pub=syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js=" "allowed=10.0.0.2/32"
$
$ dig @127.0.0.1 -p 5353 extglt26a3znqnigvb5gvg26cqwblbgynf5re5pukdhx53cqwvda====._wireguard._udp.example.com. SRV +noall +answer +additional
extglt26a3znqnigvb5gvg26cqwblbgynf5re5pukdhx53cqwvda====._wireguard._udp.example.com. 0 IN SRV 0 0 51820 extglt26a3znqnigvb5gvg26cqwblbgynf5re5pukdhx53cqwvda====._wireguard._udp.example.com.
extglt26a3znqnigvb5gvg26cqwblbgynf5re5pukdhx53cqwvda====._wireguard._udp.example.com. 0 IN A 192.0.2.1
extglt26a3znqnigvb5gvg26cqwblbgynf5re5pukdhx53cqwvda====._wireguard._udp.example.com. 0 IN TXT "txtvers=1" "pub=JeZlz14G8tg1Bqh6apteFCwVhNhpexJ19FDPfuxQtUY=" "allowed=10.0.0.254/32"
Converting public keys to Base64 with coreutils:
$ echo yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha==== | tr '[:lower:]' '[:upper:]' | base32 -d | base64
xScVkH3fUGUv4RrJFfmcqm8rs3SEHr41km6+yffAHw4=
$ echo wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q==== | tr '[:lower:]' '[:upper:]' | base32 -d | base64
syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js=
$ echo extglt26a3znqnigvb5gvg26cqwblbgynf5re5pukdhx53cqwvda==== | tr '[:lower:]' '[:upper:]' | base32 -d | base64
JeZlz14G8tg1Bqh6apteFCwVhNhpexJ19FDPfuxQtUY=
TODOs
- [x] unit tests
- [ ] SOA record support
- [x] CI & release binaries
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].