ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c2bbc7bc8ce84672a7a47a99f84db9e588486c95
vpp/src/plugins/wireguard/README.rst
Alexander Chernavin fee9853a4f wireguard: add peers roaming support 
Type: feature

With this change, peers are able to roam between different external
endpoints. Successfully authenticated handshake or data packet that is
received from a new endpoint will cause the peer's endpoint to be
updated accordingly.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib4eb7dfa3403f3fb9e8bbe19ba6237c4960c764c
2022-08-09 15:55:45 +00:00

80 lines
1.5 KiB
ReStructuredText
Raw Blame History

.. _wireguard_plugin_doc:
Wireguard vpp-plugin
====================
Overview
--------
This plugin is an implementation of `wireguard
protocol <https://www.wireguard.com/>`__ for VPP. It allows one to
create secure VPN tunnels. This implementation is based on
`wireguard-openbsd <https://git.zx2c4.com/wireguard-openbsd/>`__.
Crypto
------
The crypto protocols:
- blake2s `[Source] <https://github.com/BLAKE2/BLAKE2>`__
OpenSSL:
- curve25519
- chachapoly1305
Plugin usage example
--------------------
Create wireguard interface
~~~~~~~~~~~~~~~~~~~~~~~~~~
::
> vpp# wireguard create listen-port <port> private-key <priv_key> src <src_ip4> [generate-key]
> *wg_interface*
> vpp# set int state <wg_interface> up
> vpp# set int ip address <wg_interface> <wg_ip4>
Add a peer configuration:
~~~~~~~~~~~~~~~~~~~~~~~~~
::
> vpp# wireguard peer add <wg_interface> public-key <pub_key_other> endpoint <ip4_dst> allowed-ip <prefix> port <port_dst> persistent-keepalive [keepalive_interval]
> vpp# *peer_idx*
Add routes for allowed-ip:
~~~~~~~~~~~~~~~~~~~~~~~~~~
::
> ip route add <prefix> via <wg_ip4> <wg_interface>
Show config
~~~~~~~~~~~
::
> vpp# show wireguard interface
> vpp# show wireguard peer
Remove peer
~~~~~~~~~~~
::
> vpp# wireguard peer remove <peer_idx>
Delete interface
~~~~~~~~~~~~~~~~
::
> vpp# wireguard delete <wg_interface>
Main next steps for improving this implementation
-------------------------------------------------
1. Use all benefits of VPP-engine.
Reference in New Issue View Git Blame Copy Permalink