Crate wireguard_nt

Expand description

Safe rust idiomatic bindings for the WireGuard NT C library: https://git.zx2c4.com/wireguard-nt/about

Features of the WireGuard NT library are wrapped using pure rust types and functions to make usage ergonomic.

§Usage

Add a dependency on this library to your Cargo.toml

[dependencies]
wireguard-nt = "0.4"

Inside your code load the wireguard.dll signed driver file, downloaded from https://git.zx2c4.com/wireguard-nt/about

Then either call Adapter::create or Adapter::open to obtain a wireguard adapter. Start by setting its config with Adapter::set_config.

§Example

// Must be run as Administrator because we create network adapters

// Load the wireguard dll file so that we can call the underlying C functions
// Unsafe because we are loading an arbitrary dll file
let wireguard =
    unsafe { wireguard_nt::load_from_path("examples/wireguard_nt/bin/amd64/wireguard.dll") }
        .expect("Failed to load wireguard dll");

// Try to open an adapter from the given pool with the name "Demo"
let adapter =
    wireguard_nt::Adapter::open(&wireguard, "Demo").unwrap_or_else(|_| {
        wireguard_nt::Adapter::create(&wireguard, "WireGuard", "Demo", None)
            .expect("Failed to create wireguard adapter!")
    });

let interface = wireguard_nt::SetInterface {
    //Let the OS pick a port for us
    listen_port: None,
    //Generated from the private key if not specified
    public_key: None,
    //Fill in private keys in real code
    private_key: None,
    //Add a peer
    peers: vec![wireguard_nt::SetPeer {
        //Provide a public key so that we can communicate with them
        public_key: None,
        //Disable additional AES encryption
        preshared_key: None,
        //Send a keepalive packet every 21 seconds
        keep_alive: Some(21),
        //Route all traffic through the WireGuard interface
        allowed_ips: vec!["0.0.0.0/0".parse().unwrap()],
        //The peer's ip address
        endpoint: "1.2.3.4".parse().unwrap(),
    }],
};

//Set the config our adapter will use
//This lets it know about the peers and keys
adapter.set_config(&interface).unwrap();

let internal_ip = "10.4.0.2".parse().unwrap();
let internal_prefix_length = 24;
let internal_ipnet = ipnet::Ipv4Net::new(internal_ip, internal_prefix_length).unwrap();
//Set up the routing table with the allowed ips for our peers,
//and assign an ip to the interface
adapter.set_default_route(&[internal_ipnet.into()], &interface).unwrap();

//drop(adapter)
//The adapter closes its resources when dropped

See examples/demo_server.rs that connects to the wireguard demo server

§Version compatibility

Wireguard NT versions 0.10 and above are supported. Versions < 0.10 have breaking changes that make interoperability hard. Please file an issue if this effects your use case.

Structs§

Adapter: Representation of a wireGuard adapter with safe idiomatic bindings to the functionality provided by the WireGuard* C functions.
EnumeratedAdapter: Contains information about a single existing adapter
SetInterface: The data required when setting the config for an interface
SetPeer: Representation of a WireGuard peer when setting the config
Sys
Wireguard
WireguardInterface
WireguardPeer

Enums§

AdapterLoggingLevel: What level of logging this adapter is using
Error

Functions§

default_logger: The logger that is active by default. Logs messages to the log crate
get_running_driver_version: Returns the major and minor version of the wireguard driver
load^⚠: Attempts to load the Wireguand NT library from the current directory using the default name “wireguard.dll”.
load_from_library^⚠: Attempts to load the WireGuard NT library from an existing libloading::Library.
load_from_path^⚠: Attempts to load the wireguard library as a dynamic library from the given path.
set_logger: Sets the logger wireguard will use when logging. Maps to the wireguardSetLogger C function

Type Aliases§

RebootRequired
Result

Crate wireguard_ntCopy item path