apps/cunicu
1
0
Fork 0
mirror of https://codeberg.org/cunicu/cunicu.git synced 2025-11-02 20:14:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9b9b78033c027858aad3f702990c457675981d9
cunicu/docs/Design.md
Steffen Vogel c9b9b78033 update docs and notes 
Signed-off-by: Steffen Vogel <post@steffenvogel.de>
2022-02-03 18:16:37 +01:00

2.1 KiB
Raw Blame History

Design

Objectives

  • Support Trickle ICE
  • Support ICE restart
  • Support ICE-TCP
  • Encrypt exchanged ICE offers with Wireguard keys
  • Seamless switch between ICE candidates and relays
  • Zero configuration
    • Eleviate users of exchaging endpoint IPs & ports
  • Enables direct communication of Wireguard peers behind NAT / UDP-blocking firewalls
  • Single-binary, zero dependency installation
    • Bundled ICE agent & Wireguard userspace daemon
    • Portablilty
  • Support for user and kernel-space Wireguard implementations
  • Zero performance impact
    • Kernel-side filtering / redirection of Wireguard traffic
    • Fallback to userspace proxying only if no Kernel features are available
  • Minimized attack surface
    • Drop privileges after inital configuration
  • Compatible with existing Wireguard configuration utilities like:
  • Monitoring for new Wireguard interfaces and peers
    • Inotify for new UAPI sockets in /var/run/wireguard
    • Netlink subscription for link updates (patch is pending)