A proof-of-concept for creating convenient VPN environments on top of secure WireGuard tunnels.
This runbook will guide you through the process of setting up an appropriate testbed environment. It will provision a number of Vagrant machines and configure them to talk to each other over a software-defined secure private network.
After that, you will easily be able to conduct connectivity tests and continue with further experiments.
This section will guide you through setting up a development/testing sandbox on your machine.
Acquire source repository:
git clone https://github.com/tunfish/tunfish-sandbox
Install requirements on Mac OS X using Homebrew:
./requirements-macosx.sh
Make Vagrant provision and spin up all machines configured in this environment:
vagrant up
There are three machines "tf-portier"
, "tf-gateway-1"
and
"tf-client-1"
, completely provisioned by Vagrant.
Here is a short overview as an introduction. Please read this section carefully.
The Vagrant network "192.168.50.0/24".
192.168.50.1 The hypervisor host on its "vboxnet0" interface 192.168.50.70 Portier server 192.168.50.71 Gateway server 1 192.168.50.80 Client 1
Login to each virtual machine:
vagrant ssh tf-portier vagrant ssh tf-gateway-1 vagrant ssh tf-client-1
To repeat the virtual machine provisioning, run:
vagrant up --provision
To reprovision just a single host, use:
vagrant up --provision tf-portier
The source code directory ./src
will be mounted into each
virtual machine at /opt/tunfish-sandbox
for convenient live
editing.
The "Tunfish sandbox" spike is released under the GNU AGPL license. Its source code lives on GitHub. You might also want to have a look at the documentation.
If you'd like to contribute you're most welcome! Spend some time taking a look around, locate a bug, design issue or spelling mistake and then send us a pull request or create an issue.
Thanks in advance for your efforts, we really appreciate any help or feedback.
Licensed under the GNU AGPL license. See LICENSE file for details.
Tunfish would not have been possible without these awesome people:
- Jason Donenfeld for conceiving and building WireGuard. After reading the introduction [RFC] WireGuard: next generation secure network tunnel in late 2016 and quickly scanning his paper about WireGuard, nobody wondered that WireGuard rapidly gained attraction.
- Mitchell Hashimoto, Chris Roberts and the countless other contributors to Vagrant for conceiving and maintaining Vagrant.
- Michael DeHaan, James Cammarata, Toshio Kuratomi, Brian Coca, Matt Clay, Dag Wieers and the countless other contributors to Ansible for conceiving and maintaining Ansible.
- Countless other authors of packages from the Python ecosystem and beyond for gluing everything together.
Thank you so much for providing such great infrastructure components and resources to the community! You know who you are.
If you encounter any problems during setup, we may humbly refer you to the doc/troubleshooting.rst documentation.
Have fun!