Archived
1
1
Fork
You've already forked flake
0
highly experimental VPN client
This repository has been archived on 2025年07月24日. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
  • Rust 99.7%
  • Shell 0.3%
2025年02月19日 18:25:29 +00:00
resources made "flake" lowercase so it's cuter 2025年02月19日 10:26:09 +03:00
src solving my own crimes 2025年02月19日 12:40:14 +03:00
wireguard-go @f7d8e0fe86 owo 2025年02月17日 15:25:27 +03:00
.gitattributes proper readme, gitignore fixes 2025年02月17日 16:30:08 +03:00
.gitmodules owo 2025年02月17日 15:25:27 +03:00
build.rs strip wireguard-go binary for sane reasons 2025年02月19日 18:25:29 +00:00
Cargo.lock made "flake" lowercase so it's cuter 2025年02月19日 10:26:09 +03:00
Cargo.toml made "flake" lowercase so it's cuter 2025年02月19日 10:26:09 +03:00
killswitch.example.nft proper readme, gitignore fixes 2025年02月17日 16:30:08 +03:00
LICENSE proper readme, gitignore fixes 2025年02月17日 16:30:08 +03:00
readme.md proper readme, gitignore fixes 2025年02月17日 16:30:08 +03:00
update.sh owo 2025年02月17日 15:25:27 +03:00

flake

a linux (possibly *nix with some adjustments?) airvpn client (can be used with other providers with some work) utilizing wireguard with support for routing handshakes through a gateway for bypassing censorship by DPI (deep packet inspection) systems it was designed to work in tandem with a special version of wireguard-go that adds support for gateways

a word of caution

this is like, extremely experimental. it should be secure enough as it relies on a widely used piece of software (wireguard-go) for the actual protocol with only minimal non-invasive changes (feel free to check my diffs), but still, please exercise caution.

flake contains a killswitch that is activated whenever upon turning the tunnel on and persists after closing flake. however, it does not protect you before flake is started, which means you should use external firewall rules for that. how you do that is at your discretion, an example nftables configuration is provided in killswitch.example.nft.

flake is unfortunately rather memory hungry when running, as that's simply how iced is. no, it's not electron, it's slightly better. the codebase is also an old mess that really needs some refactoring.

installing

cargo install --git https://codeberg.org/riscVl/flake the special version of wireguard-go is automatically built during installation and bundled with the executable. you will need to have go installed alternatively, clone this repo (git clone https://codeberg.org/riscVl/flake), run ./update.sh to update the server lists and install using cargo install --path .

since iced is rather heavy and wireguard-go is bundled uncompressed, it's a good idea to compress the whole thing with UPX or a similar tool if you're going to be distributing it or using it on a very slow disk. how you do that is, yet again, at your own discretion.

requirements

build-time

  • a recent enough cargo and rustc
  • a go compiler (for the specialized wireguard-go)
  • a sane libc

if you don't want to use the specialized wireguard-go or want to compile it separately, remove the related code in build.rs and put the binary in this repo as wg-go

runtime

  • ip (from iproute2)
  • nft (from nftables, remove the code if you don't want it)
  • wg (from wireguard-tools)

running

in order for flake to have the necessary privileges to do all its stuff, it needs to have the net_admin capability. the safest way to do that is by executing setcap cap_net_admin=+eip [path to flake executable] as root. you can also run flake as root, but it won't work well without hacks and is heavily discouraged.

configuration

everything relevant is in the settings menu alternatively, it creates the flake.toml file in XDG_CONFIG_DIR (usually ~/.config/) on startup which contains all available options

license

the GNU AGPL version 3