# Tailscale Clone A lightweight Tailscale-like VPN application built in Go, featuring a controller for network management and clients for secure peer-to-peer connections using WireGuard. ## Features - **Controller**: Central management server for node registration and network coordination - **Client**: Lightweight client that connects to the controller and establishes VPN tunnels - **WireGuard Integration**: Uses WireGuard for secure, fast VPN connections - **Web Interface**: Modern web dashboard for monitoring and managing the network - **Real-time Updates**: WebSocket-based communication for live status updates - **Automatic IP Allocation**: Dynamic IP assignment for connected nodes - **Peer Discovery**: Automatic peer configuration and routing - **Subnet Routing**: Nodes can advertise and route traffic for entire subnets ## Architecture ``` ┌─────────────────┐ WebSocket ┌─────────────────┐ │ Controller │◄──────────────►│ Client 1 │ │ (Port 8080) │ │ (10.0.0.2) │ └─────────────────┘ └─────────────────┘ │ │ │ WebSocket │ WireGuard │ │ ┌─────────────────┐ ┌─────────────────┐ │ Web Interface │ │ Client 2 │ │ (Port 8081) │ │ (10.0.0.3) │ └─────────────────┘ └─────────────────┘ ``` ## Prerequisites - Go 1.21 or later - WireGuard installed - Root/Administrator privileges (for WireGuard interface creation) ### Platform Support **Linux:** - WireGuard kernel module - `ip` command available - `sysctl` command available **Windows:** - WireGuard for Windows installed - Administrator privileges required - Uses Windows networking commands (`netsh`, `route`) **macOS:** - WireGuard tools installed via Homebrew - Uses macOS networking commands ### Installing WireGuard **Ubuntu/Debian:** ```bash sudo apt update sudo apt install wireguard ``` **CentOS/RHEL:** ```bash sudo yum install wireguard-tools ``` **macOS:** ```bash brew install wireguard-tools ``` **Windows:** Download and install from [WireGuard website](https://www.wireguard.com/install/) **Note:** On Windows, you must run the client as Administrator for subnet routing functionality. ## Installation ### Option 1: Build from Source 1. Clone the repository: ```bash git clone cd tailscale-clone ``` 2. Install dependencies: ```bash go mod download ``` 3. Build for your platform: ```bash # Build for current platform make build # Or build specific platform make build-client-linux # Linux make build-client-windows # Windows make build-client-darwin # macOS # Or build all platforms make build-all ``` ### Option 2: Download Pre-built Binaries Download the latest release for your platform from the releases page. **Linux:** ```bash # Download and extract wget https://github.com/your-repo/tailscale-clone/releases/latest/download/tailscale-clone-linux.tar.gz tar -xzf tailscale-clone-linux.tar.gz cd linux # Install sudo ./install.sh ``` **Windows:** 1. Download `tailscale-clone-windows.zip` 2. Extract and run `install.bat` as Administrator **macOS:** ```bash # Download and extract curl -L https://github.com/your-repo/tailscale-clone/releases/latest/download/tailscale-clone-macos.tar.gz | tar -xz cd macos # Install sudo ./install.sh ``` ## Usage ### Starting the Controller The controller manages the network and provides a web interface for monitoring: ```bash # Run with default settings sudo ./bin/controller # Or with custom settings sudo ./bin/controller -port 8080 -web-port 8081 -data-dir ./data ``` **Options:** - `-port`: Controller API port (default: 8080) - `-web-port`: Web interface port (default: 8081) - `-data-dir`: Data directory for persistence (default: ./data) The web interface will be available at `http://localhost:8081` ### Starting a Client Each client connects to the controller and establishes VPN tunnels with other nodes: **Linux:** ```bash # Run with required node name sudo ./bin/tailscale-client-linux-amd64 -name "my-node" -controller "localhost:8080" # Or with custom settings sudo ./bin/tailscale-client-linux-amd64 -name "server-01" -controller "192.168.1.100:8080" -interface "wg0" # Run as subnet router (advertises local subnets) sudo ./bin/tailscale-client-linux-amd64 -name "gateway" -controller "192.168.1.100:8080" \ -subnet-router -subnets "192.168.1.0/24,10.0.1.0/24" ``` **Windows:** ```cmd # Run as Administrator tailscale-client-windows-amd64.exe -name "my-node" -controller "localhost:8080" # Run as subnet router (requires Administrator) tailscale-client-windows-amd64.exe -name "gateway" -subnet-router -subnets "192.168.1.0/24" ``` **macOS:** ```bash # Run with required node name sudo ./bin/tailscale-client-darwin-amd64 -name "my-node" -controller "localhost:8080" # Run as subnet router sudo ./bin/tailscale-client-darwin-amd64 -name "gateway" -subnet-router -subnets "192.168.1.0/24" ``` **Options:** - `-name`: Node name (required) - `-controller`: Controller address (default: localhost:8080) - `-interface`: WireGuard interface name (default: wg0 on Linux, utun0 on macOS) - `-subnet-router`: Enable subnet router mode - `-subnets`: Comma-separated list of subnets to advertise (required with -subnet-router) ### Example Setup 1. **Start the controller:** ```bash sudo ./bin/controller ``` 2. **Start multiple clients on different machines:** ```bash # Machine 1 (regular client) sudo ./bin/client -name "laptop" -controller "192.168.1.100:8080" # Machine 2 (subnet router - advertises local network) sudo ./bin/client -name "gateway" -controller "192.168.1.100:8080" \ -subnet-router -subnets "192.168.1.0/24" # Machine 3 (regular client) sudo ./bin/client -name "desktop" -controller "192.168.1.100:8080" ``` 3. **Access the web interface:** Open `http://192.168.1.100:8081` in your browser to monitor the network. ### Subnet Routing Subnet routing allows nodes to advertise entire network segments, making them accessible to all other nodes in the VPN: - **Subnet Router**: A node that advertises one or more subnets (e.g., `192.168.1.0/24`) - **Automatic Routing**: Other nodes automatically receive routes to advertised subnets - **IP Forwarding**: Subnet routers enable IP forwarding to route traffic between networks - **Multiple Subnets**: A single node can advertise multiple subnets **Use Cases:** - Home network access: Advertise your home network (`192.168.1.0/24`) to access devices remotely - Office network: Connect to office resources through a gateway node - Multi-site networking: Connect different office locations ## Network Configuration The application uses the `10.0.0.0/24` network by default. Each client gets a unique IP address from this range: - Controller: Manages the network - Clients: Get IPs from `10.0.0.2` to `10.0.0.254` - Gateway: `10.0.0.1` (reserved) ## Security Features - **Curve25519 Key Exchange**: Secure key generation and exchange - **WireGuard Protocol**: Modern, fast, and secure VPN protocol - **Automatic Key Rotation**: Keys are generated for each session - **Peer Authentication**: Public key-based authentication - **Encrypted Communication**: All traffic is encrypted using WireGuard ## API Endpoints The controller exposes the following REST API endpoints: - `GET /api/nodes` - List all nodes - `GET /api/network` - Get network information - `GET /api/nodes/{id}` - Get specific node details - `DELETE /api/nodes/{id}` - Remove a node - `GET /api/subnets` - List all subnet routes WebSocket endpoint: - `WS /ws` - Real-time communication with clients ## Troubleshooting ### Common Issues 1. **Permission Denied:** - Ensure you're running with sudo/administrator privileges - WireGuard interface creation requires root access 2. **WireGuard Interface Creation Fails:** - Verify WireGuard is installed: `sudo modprobe wireguard` - Check if the interface name is already in use 3. **Connection Issues:** - Verify the controller is running and accessible - Check firewall settings - Ensure ports are open (8080 for API, 8081 for web interface) 4. **Web Interface Not Loading:** - Check if the web server is running on the correct port - Verify CORS settings if accessing from a different domain ### Debug Mode Run with verbose logging: ```bash # Controller sudo ./bin/controller -port 8080 2>&1 | tee controller.log # Client sudo ./bin/client -name "debug-node" 2>&1 | tee client.log ``` ## Development ### Project Structure ``` tailscale-clone/ ├── cmd/ │ ├── controller/ # Controller application │ └── client/ # Client application ├── internal/ │ ├── controller/ # Controller logic │ ├── client/ # Client logic │ └── types/ # Shared types ├── web/ # Web interface ├── go.mod # Go module file └── README.md # This file ``` ### Adding Features 1. **New Message Types**: Add to `internal/types/types.go` 2. **Controller Logic**: Modify `internal/controller/controller.go` 3. **Client Logic**: Modify `internal/client/client.go` 4. **Web Interface**: Update `web/index.html` ### Testing ```bash # Run tests go test ./... # Build and test go build ./cmd/controller go build ./cmd/client ``` ## License This project is open source and available under the MIT License. ## Contributing 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Add tests if applicable 5. Submit a pull request ## Acknowledgments - [WireGuard](https://www.wireguard.com/) - The VPN protocol used - [Gorilla WebSocket](https://github.com/gorilla/websocket) - WebSocket implementation - [Gorilla Mux](https://github.com/gorilla/mux) - HTTP router Perfect! Now you have two ways to generate the WireGuard configuration file. Based on your client output, here's how to use them: ## Option A: Using the Batch Script (Easier) Run this command in your Windows command prompt: ```cmd scripts\generate-wg-config.bat "windows-node" "7cbd4de93860de96aea191ec5630461616cce1baddd700cd370cdcf1de309d80" "10.0.0.3" "10.9.2.100" ``` ## Option B: Using PowerShell Script Run this command in PowerShell: ```powershell .\scripts\generate-wg-config.ps1 -NodeName "windows-node" -PrivateKey "7cbd4de93860de96aea191ec5630461616cce1baddd700cd370cdcf1de309d80" -IP "10.0.0.3" -ControllerIP "10.9.2.100" ``` ## After generating the config file: 1. **Open WireGuard Windows client** 2. **Click "Import tunnel(s) from file"** 3. **Select the generated `wireguard.conf` file** 4. **The tunnel will be created with the name `wg0`** 5. **Click "Activate" to start the tunnel** ## What this will do: - Create a WireGuard interface with your private key - Set the IP address to `10.0.0.3/24` - Configure DNS servers (Google DNS) - The controller will automatically add peers as other nodes connect **Try the batch script first** since it's simpler. Run it from your project directory and it will create a `wireguard.conf` file that you can import directly into WireGuard! Would you like me to help you run the script, or do you have any questions about the configuration?