porta-rs 0.1.1

Zero-trust CGNAT bypass via WireGuard tunnel
# Porta Configuration

## Configuration Files

- **Client**: `~/.config/porta/client.toml`
- **Server**: `/etc/porta/server.toml`

## Client Configuration

```toml
[client]
role = "client"
server_address = "203.0.113.50"
server_port = 51820
local_interface = "wg-porta"
local_ip = "10.0.0.2/32"
server_ip = "10.0.0.1/32"

[client.auth]
client_id = "my-machine"
hmac_secret = "${PORTA_HMAC_SECRET}"

[[ports]]
id = "web"
local_port = 8080
remote_port = 80
protocol = "tcp"
description = "Web server"
enabled = true
```

## Server Configuration

```toml
[server]
role = "server"
listen_port = 51820
interface = "wg-porta"
ip = "10.0.0.1/24"
data_dir = "/var/lib/porta"

[server.auth]
allowed_clients = [
    { id = "my-machine", pubkey = "abc123..." }
]
```

## Port Mapping Options

| Field | Type | Description |
|-------|------|-------------|
| id | string | Unique identifier |
| local_port | u16 | Local port to forward to |
| remote_port | u16 | Remote port to listen on |
| protocol | string | "tcp" or "udp" |
| description | string | Human-readable description |
| enabled | bool | Whether this mapping is active |

## Environment Variables

- `PORTA_HMAC_SECRET` - HMAC secret for authentication
- `RUST_LOG` - Log level (info, debug, trace)