aramperes/onetun
1
0
Fork 0
mirror of https://github.com/aramperes/onetun.git synced 2025-09-08 23:18:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
User space WireGuard port-forward in Rust https://crates.io/crates/onetun
27 commits 9 branches 33 tags 660 KiB
Find a file
Aram Peres 0154b1cea1 Update README
2021-10-15 20:43:36 -04:00
.github No need to run clippy and fmt on MSRV 2021-10-15 20:11:27 -04:00
src Dockerize, and switch back to main boringtun repo 2021-10-15 20:05:18 -04:00
.dockerignore Dockerize, and switch back to main boringtun repo 2021-10-15 20:05:18 -04:00
.gitignore Initial commit 2021-10-10 17:52:10 -04:00
Cargo.lock Dockerize, and switch back to main boringtun repo 2021-10-15 20:05:18 -04:00
Cargo.toml Dockerize, and switch back to main boringtun repo 2021-10-15 20:05:18 -04:00
Dockerfile Dockerize, and switch back to main boringtun repo 2021-10-15 20:05:18 -04:00
LICENSE Add README 2021-10-15 20:39:37 -04:00
README.md Update README 2021-10-15 20:43:36 -04:00

README.md

onetun

A cross-platform, user-space WireGuard port-forwarder that requires no system network configurations.

How it works

onetun opens a TCP port on your local system, from which traffic is forwarded to a TCP port on a peer in your WireGuard network. It requires no changes to your operating system's network interfaces.

The only prerequisite is to register a peer IP and public key on your WireGuard endpoint; those are necessary for the WireGuard endpoint to trust the onetun peer and for packets to be routed.

./onetun <SOURCE_ADDR> <DESTINATION_ADDR>                               \
    --endpoint-addr <public WireGuard endpoint address>                 \
    --endpoint-public-key <the public key of the peer on the endpoint>  \
    --private-key <private key assigned to onetun>                      \
    --source-peer-ip <IP assigned to onetun>                            \
    --keep-alive <optional persistent keep-alive in seconds>            \
    --log <optional log level, defaults to "info"

Note: you can use environment variables for all of these flags. Use onetun --help for details.

Example

Suppose your WireGuard endpoint has the following configuration, and is accessible from 140.30.3.182:51820:

# /etc/wireguard/wg0.conf

[Interface]
PrivateKey = ********************************************
ListenPort = 51820
Address = 192.168.4.1

# A friendly peer that hosts the TCP service we want to reach
[Peer]
PublicKey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AllowedIPs = 192.168.4.2/32

# Peer assigned to onetun
[Peer]
PublicKey = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
AllowedIPs = 192.168.4.3/32

We want to access a web server on the friendly peer (192.168.4.2) on port 8080. We can use onetun to open a local port, say 127.0.0.1:8080, that will tunnel through WireGuard to reach the peer web server:

./onetun 127.0.0.1:8080 192.168.4.2:8080                                  \
    --endpoint-addr 140.30.3.182:51820                                    \
    --endpoint-public-key 'PUB_****************************************'  \
    --private-key 'PRIV_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'          \
    --source-peer-ip 192.168.4.3                                          \
    --keep-alive 10

You'll then see this log:

INFO  onetun > Tunnelling [127.0.0.1:8080]->[192.168.4.2:8080] (via [140.30.3.182:51820] as peer 192.168.4.3)

Which means you can now access the port locally!

$ curl 127.0.0.1:8080
Hello world!

License

MIT. See LICENSE for details.