diff options
Diffstat (limited to 'src/plugins/wireguard')
-rwxr-xr-x | src/plugins/wireguard/README.md | 60 | ||||
-rw-r--r-- | src/plugins/wireguard/README.rst | 81 |
2 files changed, 81 insertions, 60 deletions
diff --git a/src/plugins/wireguard/README.md b/src/plugins/wireguard/README.md deleted file mode 100755 index 0b624b8104c..00000000000 --- a/src/plugins/wireguard/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# Wireguard vpp-plugin {#wireguard_plugin_doc} - -## Overview -This plugin is an implementation of [wireguard protocol](https://www.wireguard.com/) for VPP. It allows one to create secure VPN tunnels. -This implementation is based on [wireguard-openbsd](https://git.zx2c4.com/wireguard-openbsd/). - -## Crypto - -The crypto protocols: - -- blake2s [[Source]](https://github.com/BLAKE2/BLAKE2) - -OpenSSL: - -- curve25519 -- chachapoly1305 - -## Plugin usage example - -### Create wireguard interface - -``` -> vpp# wireguard create listen-port <port> private-key <priv_key> src <src_ip4> [generate-key] -> *wg_interface* -> vpp# set int state <wg_interface> up -> vpp# set int ip address <wg_interface> <wg_ip4> -``` - -### Add a peer configuration: -``` -> vpp# wireguard peer add <wg_interface> public-key <pub_key_other> endpoint <ip4_dst> allowed-ip <prefix> port <port_dst> persistent-keepalive [keepalive_interval] -> vpp# *peer_idx* -``` - -### Add routes for allowed-ip: -``` -> ip route add <prefix> via <wg_ip4> <wg_interface> -``` - -### Show config -``` -> vpp# show wireguard interface -> vpp# show wireguard peer -``` - -### Remove peer -``` -> vpp# wireguard peer remove <peer_idx> -``` - - -### Delete interface -``` -> vpp# wireguard delete <wg_interface> -``` - -## Main next steps for improving this implementation -1. Use all benefits of VPP-engine. -2. Add IPv6 support (currently only supports IPv4) -3. Add DoS protection as in original protocol (using cookie) diff --git a/src/plugins/wireguard/README.rst b/src/plugins/wireguard/README.rst new file mode 100644 index 00000000000..cb7a024fdf9 --- /dev/null +++ b/src/plugins/wireguard/README.rst @@ -0,0 +1,81 @@ +.. _wireguard_plugin_doc: + +Wireguard vpp-plugin +==================== + +Overview +-------- + +This plugin is an implementation of `wireguard +protocol <https://www.wireguard.com/>`__ for VPP. It allows one to +create secure VPN tunnels. This implementation is based on +`wireguard-openbsd <https://git.zx2c4.com/wireguard-openbsd/>`__. + +Crypto +------ + +The crypto protocols: + +- blake2s `[Source] <https://github.com/BLAKE2/BLAKE2>`__ + +OpenSSL: + +- curve25519 +- chachapoly1305 + +Plugin usage example +-------------------- + +Create wireguard interface +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + > vpp# wireguard create listen-port <port> private-key <priv_key> src <src_ip4> [generate-key] + > *wg_interface* + > vpp# set int state <wg_interface> up + > vpp# set int ip address <wg_interface> <wg_ip4> + +Add a peer configuration: +~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + > vpp# wireguard peer add <wg_interface> public-key <pub_key_other> endpoint <ip4_dst> allowed-ip <prefix> port <port_dst> persistent-keepalive [keepalive_interval] + > vpp# *peer_idx* + +Add routes for allowed-ip: +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +:: + + > ip route add <prefix> via <wg_ip4> <wg_interface> + +Show config +~~~~~~~~~~~ + +:: + + > vpp# show wireguard interface + > vpp# show wireguard peer + +Remove peer +~~~~~~~~~~~ + +:: + + > vpp# wireguard peer remove <peer_idx> + +Delete interface +~~~~~~~~~~~~~~~~ + +:: + + > vpp# wireguard delete <wg_interface> + +Main next steps for improving this implementation +------------------------------------------------- + +1. Use all benefits of VPP-engine. +2. Add IPv6 support (currently only supports IPv4) +3. Add DoS protection as in original protocol (using cookie) |