unetd/CMakeLists.txt, branch master WireGuard based VPN connection manager for OpenWrt https://git-03.infra.openwrt.org/project/unetd/atom?h=master 2025-10-03T21:38:37Z CMakeLists: update cmake minimum required version to 3.10 2025-10-03T21:38:37Z Christian Marangi 2025-10-03T21:38:37Z urn:sha1:2f67f6faa08aa4b20663d4cbaf063a79041947c1 New cmake version 4.0 requires at least 3.5 version as the minimum required version with it increased to 3.10 in to-be-released cmake versions. Set the minimum required version to 3.10 to future-proof for future cmake version. Suggested-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> add udebug support 2025-02-28T13:30:56Z Felix Fietkau 2025-02-28T13:30:53Z urn:sha1:3fab99eab4d5fe29280babcfa5d6b86e43b88cad Signed-off-by: Felix Fietkau <nbd@nbd.name> ubus: add api for generating and validating security tokens 2025-01-31T12:42:05Z Felix Fietkau 2025-01-31T11:01:17Z urn:sha1:f5341f3275394504a1d5a86ea3db817029f9e2f2 These tokens can be used to authenticate communication between hosts over the unet network. Tokens can only be decrypted by unetd on the receiver, using the private wireguard key. Since no time based replay checks are performed, the service that validates the token should first send a challenge to the other side first and verify its presence in the decrypted token data. If a service name is passed in the call, validation enforces that both sides must be a member of that service. Signed-off-by: Felix Fietkau <nbd@nbd.name> enroll: add PEX sub-protocol to support enrolling new nodes into a network 2025-01-26T10:14:35Z Felix Fietkau 2024-12-21T19:54:28Z urn:sha1:d13752814651c70d2afc71383612fafc835b631b This protocol does a full DH exchange and allows both sides to confirm the result based on a session id hash derived from the DH session key. It exchanges the public auth_key for a network and a newly generated keypair for the added node Signed-off-by: Felix Fietkau <nbd@nbd.name> pex: add support for figuring out the external data port via STUN servers 2022-09-16T16:56:53Z Felix Fietkau 2022-09-16T09:00:15Z urn:sha1:639cdcdf6edacbcd00db746727ea1ae881bef5c6 When establishing a direct connection on the auth/PEX port via DHT, both sides need to know the externally mapped data port number in order to establish a wireguard connection. If there is an existing data connection, the port can be queried via PEX over the tunnel. If that is not available, an external public server is needed in order to poke a hole in the NAT. The easiest way to do this is to use STUN, since there are a lot of public servers available. The servers can be configured via the network data, based on the assumption, that an auth exchange with network data update can be done directly Signed-off-by: Felix Fietkau <nbd@nbd.name> add DHT discovery service 2022-09-16T16:55:17Z Felix Fietkau 2022-09-10T06:43:22Z urn:sha1:e58a5669713197278e4317a1128b9a7be0818d5a This uses the BitTorrent 'Mainline' DHT in order to find peers. It operates on the global PEX port, in order to allow exchanging network data through double NAT. Only the IPv4 DHT is used at the moment. Signed-off-by: Felix Fietkau <nbd@nbd.name> add support for disabling VXLAN/eBPF support 2022-08-29T18:52:22Z Felix Fietkau 2022-08-29T18:52:20Z urn:sha1:0041fcacb62492653a1054098ec7d811d8eaacbf This makes it easier to backport or de-bloat on smaller systems Signed-off-by: Felix Fietkau <nbd@nbd.name> build: explicitly link in libelf and zlib 2022-08-25T10:15:40Z Felix Fietkau 2022-08-25T10:15:40Z urn:sha1:56c6b83e1885add6ca29219570a5c3387fc978d2 Signed-off-by: Felix Fietkau <nbd@nbd.name> add protocol for exchanging signed network data 2022-08-23T21:20:25Z Felix Fietkau 2022-08-13T12:57:43Z urn:sha1:bf43cce3830426f5a4faf78dc38d02cc063e0263 Signed-off-by: Felix Fietkau <nbd@nbd.name> add chacha20 implementation 2022-08-23T11:48:18Z Felix Fietkau 2022-08-05T13:32:15Z urn:sha1:6e1898f7de3743e524e10cdf117fe2b2e13de244 Signed-off-by: Felix Fietkau <nbd@nbd.name>