Create a convenient VPN infrastructure on top of secure WireGuard tunnels.
This runbook will guide you through the process of setting up an appropriate testbed environment. It will provision a number of Vagrant machines and configure them to talk to each other in order.
After that, you will easily be able to conduct connectivity tests and continue with further experiments.
This section will guide you through setting up a development/testing sandbox on your machine.
Acquire source repository:
git clone https://github.com/tunfish/tunfish-system
Make Vagrant provision and spin up all machines configured in this environment:
vagrant up
There are three machines "tf-crossbar"
, "tf-portier"
, "tf-gateway-1"
and
"tf-client-1"
, completely provisioned by Vagrant.
Here is a short overview as an introduction. Please read this section carefully.
Public facing hosts:
192.168.42.1 WAMP broker 192.168.42.50 Gateway server 1
DMZ hosts:
192.168.23.1 Portier server
VPN clients:
192.168.100.10 Client 1
Login to each virtual machine:
vagrant ssh tf-crossbar vagrant ssh tf-portier vagrant ssh tf-gateway-1 vagrant ssh tf-client-1
To repeat the virtual machine provisioning, run:
vagrant up --provision
To reprovision just a single host, use:
vagrant up --provision tf-portier
The repository root will be mounted into each virtual machine at
/opt/tunfish-system
for convenient live editing.
Please be ware to invoke vagrant reload
when making changes
within the ./salt
directory, if something is fishy.
The "Tunfish sandbox" spike is released under the GNU AGPL license. Its source code lives on GitHub.
If you'd like to contribute you're most welcome! Spend some time taking a look around, locate a bug, design issue or spelling mistake and then send us a pull request or create an issue.
Thanks in advance for your efforts, we really appreciate any help or feedback.
Licensed under the GNU AGPL license. See LICENSE file for details.
Tunfish would not have been possible without these awesome people:
- Jason Donenfeld for conceiving and building WireGuard. After reading the introduction [RFC] WireGuard: next generation secure network tunnel in late 2016 and quickly scanning his paper about WireGuard, nobody wondered that WireGuard rapidly gained attraction.
- `Tobias Oberstein`_ for conceiving the Web Application Messaging Protocol (WAMP) and its implementation through Crossbar.io and Autobahn, along with all other contributors to it.
- Mike Bayer for conceiving the excellent Python SQL Toolkit and Object Relational Mapper SQLAlchemy.
- Peter V. Saveliev for creating the pyroute2 netlink framework and @ldx for python-iptables.
- Mitchell Hashimoto, Chris Roberts and the countless other contributors to Vagrant for conceiving and maintaining Vagrant.
- Thomas Hatch, Pedro Algarvio, Erik Johnson, Nicole Thomas and all the other contributors to Salt for conceiving and maintaining Salt.
- Countless other authors of packages from the Python ecosystem and beyond for gluing everything together.
Thank you so much for providing such great infrastructure components and resources to the community! You know who you are.
If you encounter any problems during setup, we may humbly refer you to the doc/troubleshooting.rst documentation.
- Bluefin Tuna image by National Oceanic & Atmospheric Administration (NOAA), Photo Library. http://www.photolib.noaa.gov https://en.wikipedia.org/wiki/File:Bluefin-big.jpg
Have fun!