cunīcu is a user-space daemon managing WireGuard® interfaces to establish a mesh of peer-to-peer VPN connections in harsh network environments.
To achieve this, cunīcu utilizes a signaling layer to exchange peer information such as public encryption keys, hostname, advertised networks and reachability information to automate the configuration of the networking links. From a user perspective, cunīcu alleviates the need of manual configuration such as exchange of public keys, IP addresses, endpoints, etc.. Hence, it adopts the design goals of the WireGuard project, to be simple and easy to use.
Thanks to Interactive Connectivity Establishment (ICE), cunīcu is capable to establish direct connections between peers which are located behind NAT firewalls such as home routers. In situations where ICE fails, or direct UDP connectivity is not available, cunīcu falls back to using TURN relays to reroute traffic over an intermediate hop or encapsulate the WireGuard traffic via TURN-TCP.
It relies on the awesome pion/ice package for ICE as well as bundles the a Go user-space implementation of WireGuard in a single binary for systems in which WireGuard kernel support has not landed yet.
With these features, cunīcu can be used to quickly build multi-agent systems or connect field devices such as power grid monitoring infrastructure into a fully connected mesh. Within the ERIGrid 2.0 project, cunīcu is used to interconnect smart grid laboratories for geographically distributed simulation of energy systems.
cunīcu's documentation can be found here: cunicu.li/docs.
- Steffen Vogel (@stv0g)
cunīcu is licensed under the Apache 2.0 license.
The project has been initiated by Steffen Vogel while working at the Institute for Automation of Complex Power Systems (ACS) of RWTH Aachen University.
The development of cunīcu has been supported by the ERIGrid 2.0 project of the H2020 Programme under Grant Agreement No. 870620
WireGuard and the WireGuard logo are registered trademarks of Jason A. Donenfeld.