diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7479b85 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Aram Peres + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..6fa6563 --- /dev/null +++ b/README.md @@ -0,0 +1,75 @@ +# onetun + +A cross-platform, user-space WireGuard proxy that requires no network configurations. + +## How it works + +**onetun** opens a TCP port on your local system, from which traffic is forwarded to a TCP port on a peer in your +WireGuard network. It requires no changes to your operating system's network interfaces. + +The only prerequisite is to register a peer IP and public key on your WireGuard endpoint; those are necessary for the +WireGuard endpoint to trust the onetun peer and for packets to be routed. + +``` +./onetun \ + --endpoint-addr \ + --endpoint-public-key \ + --private-key \ + --source-peer-ip \ + --keep-alive \ + --log Note: you can use environment variables for all of these flags. Use `onetun --help` for details. + +### Example + +Suppose your WireGuard endpoint has the following configuration, and is accessible from `140.30.3.182:51820`: + +```toml +# /etc/wireguard/wg0.conf + +[Interface] +PrivateKey = ******************************************** +ListenPort = 51820 +Address = 192.168.4.1 + +# A friendly peer that hosts the TCP service we want to reach +[Peer] +PublicKey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AllowedIPs = 192.168.4.2/32 + +# Peer assigned to onetun +[Peer] +PublicKey = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB +AllowedIPs = 192.168.4.3/32 +``` + +We want to access a web server on the friendly peer (`192.168.4.2`) on port `8080`. We can use **onetun** to open a +local port, say `127.0.0.1:8080`, that will tunnel through WireGuard to reach the peer web server: + +```shell +./onetun 127.0.0.1:8080 192.168.4.2:8080 \ + --endpoint-addr 140.30.3.182:51820 \ + --endpoint-public-key 'PUB_****************************************' \ + --private-key 'PRIV_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB' \ + --source-peer-ip 192.168.4.3 \ + --keep-alive 10 +``` + +You'll then see this log: + +``` +INFO onetun > Tunnelling [127.0.0.1:8080]->[192.168.4.2:8080] (via [140.30.3.182:51820] as peer 192.168.4.3) +``` + +Which means you can now access the port locally! + +``` +$ curl 127.0.0.1:8080 +Hello world! +``` + +## License + +MIT. See `LICENSE` for details.