Add README

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Aram Peres
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,75 @@
+# onetun
+
+A cross-platform, user-space WireGuard proxy that requires no network configurations.
+
+## How it works
+
+**onetun** opens a TCP port on your local system, from which traffic is forwarded to a TCP port on a peer in your
+WireGuard network. It requires no changes to your operating system's network interfaces.
+
+The only prerequisite is to register a peer IP and public key on your WireGuard endpoint; those are necessary for the
+WireGuard endpoint to trust the onetun peer and for packets to be routed.
+
+```
+./onetun <SOURCE_ADDR> <DESTINATION_ADDR>                               \
+    --endpoint-addr <public WireGuard endpoint address>                 \
+    --endpoint-public-key <the public key of the peer on the endpoint>  \
+    --private-key <private key assigned to onetun>                      \
+    --source-peer-ip <IP assigned to onetun>                            \
+    --keep-alive <optional persistent keep-alive in seconds>            \
+    --log <optional log level, defaults to "info"
+```
+
+> Note: you can use environment variables for all of these flags. Use `onetun --help` for details.
+
+### Example
+
+Suppose your WireGuard endpoint has the following configuration, and is accessible from `140.30.3.182:51820`:
+
+```toml
+# /etc/wireguard/wg0.conf
+
+[Interface]
+PrivateKey = ********************************************
+ListenPort = 51820
+Address = 192.168.4.1
+
+# A friendly peer that hosts the TCP service we want to reach
+[Peer]
+PublicKey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AllowedIPs = 192.168.4.2/32
+
+# Peer assigned to onetun
+[Peer]
+PublicKey = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
+AllowedIPs = 192.168.4.3/32
+```
+
+We want to access a web server on the friendly peer (`192.168.4.2`) on port `8080`. We can use **onetun** to open a
+local port, say `127.0.0.1:8080`, that will tunnel through WireGuard to reach the peer web server:
+
+```shell
+./onetun 127.0.0.1:8080 192.168.4.2:8080                                  \
+    --endpoint-addr 140.30.3.182:51820                                    \
+    --endpoint-public-key 'PUB_****************************************'  \
+    --private-key 'PRIV_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'          \
+    --source-peer-ip 192.168.4.3                                          \
+    --keep-alive 10
+```
+
+You'll then see this log:
+
+```
+INFO  onetun > Tunnelling [127.0.0.1:8080]->[192.168.4.2:8080] (via [140.30.3.182:51820] as peer 192.168.4.3)
+```
+
+Which means you can now access the port locally!
+
+```
+$ curl 127.0.0.1:8080
+Hello world!
+```
+
+## License
+
+MIT. See `LICENSE` for details.