top | item 26324417

(no title)

aleph- | 5 years ago

True, yeah!

Just thought it'd be fun to futz with network code for once given the most I do is http usually.

Been checking out gliberlabs/ssh the past few hours which is neat. And which I can think of fun ways to pair with a micro-vm and step ca.

discuss

tptacek|5 years ago

Seriously, check out the code in pkg/wg. The code you need is like 4 lines (get a working WireGuard connection first, outside of your code, and then bring the configuration --- keys, addresses --- into your code); everything else will be normal Go code.

I would take credit for this, but it's Ben's c--- hey, wait, I paid Ben Burkert for this, I'm going to take full credit.

aleph-|5 years ago

Hahaha.

So I have been actually looking at the code under pkg/wg and tracing stuff back into the wireguard-go pkg and so on for a bit. (Which is some very nice and clean code haha, so you definitely got what you paid for. :P)

I guess the conceptual hurdle I'm stuck on now is, great I've got this wg tunnel open in my code go. How do I actually force packets over it? Say I've got a sshd listening on the other end of the tunnel with netfilter rules that say only allow access over this tunnel.

Can I just do normal ssh calls and use the wg tunnel remote addr to do stuff?

Is it that simple and I'm vastly over thinking things, or is it more complicated then I thought?

Incidentally, fly.io is awesome!

Might have to see about getting our workloads running on it for any customers who might want to run them.

It's definitely given me some fun ideas custom wg and sshd impls running over micro-vm's for at home haha.