search

tonarino / innernet

A private network system that uses WireGuard under the hood.
https://blog.tonari.no/introducing-innernet
MIT License
4.93k stars 184 forks source link

android client? #2

Open bbigras opened 3 years ago

bbigras commented 3 years ago

Any plan for an Android client?

If so, what would be the alternative to iptables on non-rooted android clients?

Thanks, nice project!

gravypod commented 3 years ago

Android is pretty popular in some IoT spaces so having some way to add an Android device would be amazing.

mcginty commented 3 years ago

Absolutely, we're interested in building both mobile clients and GUIs for desktop OSs.

We haven't started on those and would love help/involvement if there is anyone interested or experienced in that realm.

mrdomino commented 2 years ago

I'm interested in this. Has anything happened on this front yet?

mcginty commented 2 years ago

@mrdomino no, there hasn't been any work done yet on mobile apps. One possibility is to simply fork https://github.com/WireGuard/wireguard-apple and https://github.com/WireGuard/wireguard-android and make modifications to support innernet networks.

l4l commented 9 months ago

I managed to add a client "by hand" which is really awkward, since you need to maintain all the changes. I successfully added an Android device with the installed official Wireguard app linked above. Here are the steps:

  1. Add peer to the server as guided in the README: innernet-server add-peer
  2. Copy from the generated toml into the Android app the interface block fields as follows:
    • Name: interface.network-name
    • Private Key: generate (you'll need the newly generated public key later)
    • Addresses: interface.address
  3. Similarly add server peer:
    • Public Key: server.public-key
    • Endpoint: server.external-endpoint
    • Allowed IPs: <root-cidr> (e.g 10.60.0.0/16 from README example)
  4. Save the config and enable it, you should be connected at this point yet not added to the network.
  5. Install some app for making REST API calls (e.g. API tester) and run the equivalent of the following request: curl -v http://<server.internal-endpoint>/v1/user/redeem -H 'X-Innernet-Server-Key: <server.public-key>' -H 'Content-Type: application/json' -d '{"public_key": %GENERATED PUBLIC KEY%}'. The response should have the code 204.
  6. Then we need to retrieve peer info. Run the equivalent of the following request: curl -X GET http://<server.internal-endpoint>/v1/user/state -H 'X-Innernet-Server-Key: <server.public-key>'
  7. Then add up all these peers to the Wireguard App:
    • Public key: <public_key>
    • Endpoint: <candidate>
    • Allowed IPs: <ip>/32

Now it should work, considering all the devices are staying on the same networks. If changed, last two steps should be repeated (Endpoint need to be changed with some other candidate). Hostnames are also unavailable automatically, one may need to either edit /etc/hosts or set up a DNS server for that. And yeah, this flow might break some day, keep that in mind.