search

jwhited / wgsd

A CoreDNS plugin that provides WireGuard peer information via DNS-SD semantics
https://www.jordanwhited.com/posts/wireguard-endpoint-discovery-nat-traversal/
MIT License
818 stars 76 forks source link

Usage without wgsd-client for e.g. iOS / Android #55

Open stackcoder opened 10 months ago

stackcoder commented 10 months ago

I was wondering, if this could even work with vanilla WireGuard clients only. At least for iOS there is no way to get wgsd-client without building an own app.

So why not using fixed udp source ports, and DNS records with short TTL?

For example Alice's config could look like:

[Interface]
Address = 10.0.0.1/32
PrivateKey = 0CtieMOYKa2RduPbJss/Um9BiQPSjgvHW+B7Mor5OnE=
ListenPort = 51820
DNS = 10.0.0.254

# Registry
[Peer]
PublicKey = JeZlz14G8tg1Bqh6apteFCwVhNhpexJ19FDPfuxQtUY=
Endpoint = 4.4.4.4:51820
PersistentKeepalive = 5
AllowedIPs = 10.0.0.254/32

# Bob
[Peer]
PublicKey = syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js=
Endpoint = YUTRLED535IGKL7BDLERL6M4VJXSXM3UQQPL4NMSN27MT56AD4HA====._wireguard._udp.<zone>:51820
PersistentKeepalive = 5
AllowedIPs = 10.0.0.2/32

I'm completely fine with doing any possible quirk on the registry, also further config on "Server-Peers" is possible. Even relaying or WG over WG would be okish. But not touching the mobile clients. Also I'm aware that we're building poor man's tailscale / headscale here.

cirias commented 9 months ago

You won't need this tool if you can have a fixed port on the NAT server. Just set up a dynamic DNS record for your Bob.

stackcoder commented 8 months ago

Sure, but dynamic DNS is publicly available and requires additional config on the peers. This approach allows keeping all data on the registry itself.