cunicu
cunicu copied to clipboard
cunicu
A zeroconf peer-to-peer mesh VPN using Wireguard® and Interactive Connectivity Establishment (ICE)
During the development of cunicu I have implemented some code which would be better located in the [wgctrl](https://github.com/WireGuard/wgctrl-go) Go-package: - Watching of Wireguard interface changes - [ ] https://github.com/stv0g/wice/blob/master/pkg/intf/watch.go -...
Currently, cunicu expects to build a full mesh between all peers to establish full reachability. In cases where peer connections can not be directly established, we fall back to TURN...
See: https://github.com/stv0g/cunicu/blob/master/.github/workflows/release.yaml @PJungkamp
cunicu currently attempts at auto-detecting a correct tunnel MTU by taking the link/route MTUs into consideration. However, this will not be optimal as the path MTU can be smaller than...
This could further simpify the setup as the user would not need to setup dedicated STUN/TURN servers. Checkout existing [`pion/stun`](https://github.com/pion/stun) & [`pion/turn`](https://github.com/pion/turn) packages.
Ideally, we implement [the rosenpass protocol](https://rosenpass.eu/) which is based on this work on [Post-Quantum WireGuard](https://eprint.iacr.org/2020/379) by Andreas Hülsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, and Philip R. Zimmermann
The general idea would be to use ECDH with a secret key backend on a hardware security token/HSM/TPM to generate a PSK which we either use directly or as an...
Instead of relying on a dedicated signalling server, we could also send signaling messages via other peers to whom we already established a tunnel. These peers are then tasked with...
## Test cases | # | Topology | # Hosts | Signaling | Proxy | Relay | Candidates Types | Network Types | Implemented | Passing | | :-- |...
For testing a manual signaling backend would be nice. Instead of relying on a public signaling server, it would simply print out the signaling messages as Base64 encoded strings in...