ale-rinaldi
commented
1 year ago Hi @ojrivera381 , I'm with you on this, I'd love to have some time to clean up documentation, but before this I'd like to do a big refactor of all this stuff (I was new at Golang when I wrote this and the code is pretty much a mess). I'll try to help you, however.
Basically, Engarde will be in the middle of the comunication between the Wireguard on your client and the Wireguard on your server. It will carry the traffic already encrypted by Wireguard. So what you need to do is:
- change the client Wireguard config to direct the traffic to the Engarde client (on the same machine)
- Make the Engarde client direct the traffic to the Engarde server
- Make the Engarde server direct the traffic to the Wiregard server (on the same machine)
No change should be needed on the Wireguard server config, since it will automatically detect that the endpoint changed (and, from its perspective, it will be 127.0.0.1).
The ports on which Engarde listens are totally made up, you can choose them from your free ports.
So, let's say that, as in my example, you choose 59401 as the client listen port and 59402 as the server listen port. And let's suppose the public IP of your server is 198.51.100.32 and your server Wireguard listen port is 12345. In this moment, you'll then have your client Wireguard with a peer set up, and its endpoint is 198.51.100.32:12345.
So, this is what you'll need to do:
- Modify your client Wireguard config, replacing the endpoint of the peer from 198.51.100.32:12345 to 127.0.0.1:59401. This way, your Wireguard will direct its traffic to the Engarde client
- In the Engarde client config, the dstAddr will be 198.51.100.32:59402, so that it will direct the traffic to the Engarde server
- In the Engarde server config, the dstAddr will be 127.0.0.1:12345, so that il will direct the traffic back to the Wireguard on your server.
I hope I clarified this a little; feel free to reach me on https://t.me/AleRinaldi if something is still unclear!
First, thank you for your contribution. If I can get this to work properly it will be a lifesaver for me while trying to stream my daughter's competitive events. That said In my brain, I can't see how all these match up. In your example you have `_client: listenAddr: "127.0.0.1:59401" dstAddr: "198.51.100.32:59402" excludedInterfaces:
server: listenAddr: "0.0.0.0:59402" dstAddr: "127.0.0.1:59301_" `
I get the client dstaddr and server listen address. But 59401 and 59402?
In the actual engarde.yml.sample you have. Random ports and ip address all over the place. I am finding it very difficult to decipher. While I am not an infrastructure engineer I am in the industry with o ver 20 years of experience.
I think I just need to better understand what Ip's need to go where with what ports. My wireguard vpn server is using 192.168.10.1 with a local host of 192.168.1.130 and my client is using 192.168.10.2 for the wireguard vpn address and 192.168.0.23 whil connected to a Netgear Nighthawk M1 hotspot. This setup (Wireguard that is) is up and running properly. Where do I put my public ip that is forwarding to port 51820 in the client yml config. and what do I need to put in the server yml config?
Much appreciated; thank you in advance for any advice offered.
Any chance in creating a video tutorial that shows both client and server setup?