Guardpost

WireGuard, an open-source VPN protocol based on modern cryptography standards, debuted in 2015 and was eventually added into the Linux kernel in March of 2020. While WireGuard outperforms all other VPN protocols, it can be difficult to set up for new users due to its reliance on terminal commands and configuration files. Moreover, remote management of these interfaces necessitates SSHing into the host computer and making any changes via the shell.

I am creating Guardpost as a way to reduce the barrier of entry to WireGuard for new users as well as to make remote management of it easier. Guardpost is an open-source web app that anyone can deploy on their own server. The backend is built on Node.js with MongoDB for database management, and the frontend is constructed with Bootstrap elements.

Guardpost consists of users, groups, networks and interfaces. Users, which may be a part of one or more groups for permission management, can log into the Guardpost website and/or perform queries via the API. Users can add interfaces for each of their devices to a network, which is represented by a CIDR range (e.g., 10.0.0.0/24).

Interfaces have the option to be remotely managed, in which case any change made to their network (e.g., the addition of a new interface) will be pushed to them over SSH. This reduces the work users have to do to add interfaces for new devices, change their public key, etc.

Networks have the option to enable dynamic IP address assignment, which allows users to request an IP address for their device's interface on demand via an API call. The user's WireGuard interface queries the API URL with an address request using a command like curl in the pre-up stage, and Guardpost returns an address along with other information like recommended DNS servers. When the user disables the interface, a release request is sent to the API in the post-down stage. This feature allows users to bypass interacting with the Guardpost website altogether.

Guardpost is still in its infancy, but you can view my progress on its GitHub page. There you can also view a list of features that I want to add before its first formal release.