wg-nat is a tool helping WireGuard peers behind NAT or firewall to communicate as well as turning tunnels into a full-mesh network.
=>
The tunnel between the registry server and client (e.g., client A) is guaranteed by persistent keepalives. This application multiplexes the port used by that tunnel so that other clients could use it to directly connect to client A.
The registry server is also responsible for informing other clients about client A's endpoint information.
Inspirations are from:
To utilize this application, a machine with internet access and public IP address is required for registry.
Machines behind the firewall or NAT could be configured as clients.
Set up Wireguard interfaces as usual. A registry interface is set and make sure that all clients have configurations to connect with the registry interface (as shown in the first figure).
To download the newest binaries supporting multiple platforms, check GitHub Action Artifacts.
The server application collects endpoint information and distributes that to all clients so that they can connect with each other.
Usage of server:
-i string
Interface name to use (default "wg0")
-imust be followed with the name of Wireguard interface. Note that the interface should be brought up before the server application launching.
Usage of client:
-i string
Interface name to use (default "wg0")
-r string
Registry public key
-t duration
Time interval to send keepalive (default 1m0s)
-iis already mentioned in the server usage.-ris used to distinguish the registry server from peers by specifying the server's public key.-tis the time interval for the client to actively communicate with the server. The value should be given in Golang time format.
Run the server and client application with proper arguments. Then the client should be able to connect to other peers directly.
Be awared that the server should only be accessed within the your WireGuard network. It is very important to set up firewall rules to avoid exposing server on Internet.