dupont

Creates VXLAN tunnels over wireguard

Why ?

Wireguard does not allow you to route arbitrary traffic through a tunnel, let's say I have this setup

Network A: 10.0.0.0/24
Network B: 10.1.0.0/24
Tunnel A<>B 10.3.0.0/24

You cannot make A and B communicate without having to NAT traffic, hence masking the original IPs.

To get around this you can create an overlay network on top of the wireguard tunnel.

How ?

Look at the config files in the examples directory

Then compile the binary

$ make
$ ./bin/dupont -what apply -config examples/host-1.hcl
# You can teardown the config by doing
$ ./bin/dupont -what delete -config examples/host-1.hcl

Example config

You can write the configurations both in yaml and HCL, the HCL being the more readable one, as follows:

# Make sure we enable ip forward and co
ensureSysctl = true

# Our interfaces definitions
interfaces {
  # Wireguard interfaces definitions
  wireguard "wg-0" {
    # First interface definition
    address = "192.168.69.1/32"
    port    = 6969
    key {
      privateKey = "4CQWNQylWDWoZGgWDj58skAQuC84v1JXBKKqLTwcb3c="
      # Note that specifying the public key here is a matter
      # of convenience, you would not have that (prolly) on
      # an actual deployment
      publicKey = "bScGfgslFnmIEcuAdU8PQla6OtE29VntPOd3rOb5phs="
    }
    peer "wg-0" {
      description = "Laptop"
      key {
        publicKey = "NYNj4shJcxucrhgNTwRg1sshlCT9cGKvClWEsycm/28="
      }
      allowedIPs = [
        "192.168.69.2/32",
      ]
      endpoint {
        address = "10.99.1.200"
        port    = 6969
      }
      keepAlive = 5
    }
  }
  vxlan "vx-0" {
    address = "192.168.70.1/24"
    vni     = 60
    parent  = "wg-0"
    neighbour {
      address = "192.168.70.2"
    }
  }
}

Which produces something like that:

$ ip address
[...]
40: wg-0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default 
    link/none 
    inet 192.168.69.2/24 brd 192.168.69.255 scope global wg-0
       valid_lft forever preferred_lft forever
41: br-vx-0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc noqueue state UP group default 
    link/ether 8a:a5:6a:ec:81:e5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.70.2/24 brd 192.168.70.255 scope global br-vx-0
       valid_lft forever preferred_lft forever
    inet6 fe80::88a5:6aff:feec:81e5/64 scope link 
       valid_lft forever preferred_lft forever
42: vx-0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc noqueue master br-vx-0 state UNKNOWN group default 
    link/ether 8a:a5:6a:ec:81:e5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::88a5:6aff:feec:81e5/64 scope link 
       valid_lft forever preferred_lft forever

Topologies

You can also use dupont to generate the topology of the network for you. Create a file like so

name = "example topology"

network {
    wireguard     = "10.80.0.1/24"
    overlay       = "10.80.1.1/24"
    vni           = 42
    wireguardPort = 6060
}

hosts = {
    pi1 = "19.99.1.60"
    pi2 = "19.99.1.61"
    pi3 = "19.99.1.62"
    pi4 = "19.99.1.63"
}

Then run ./bin/dupont -what generate -config config/topology.hcl and it will generate one file per host in a folder named after the topology ID of the said topology. It is basically a short hash of the topology name. You would have then something like

$ tree 657861/
657861/
├── pi1.hcl
├── pi2.hcl
├── pi3.hcl
└── pi4.hcl

0 directories, 4 files

You only have to copy those files on every host of the mesh, then apply the config and you are done !

thomas-maurice / dupont Goto Github PK

dupont's Introduction

dupont

Why ?

How ?

Example config

Topologies

dupont's People

Contributors

Stargazers

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent