Config.yaml #
VeilNet Rift relies on a single YAML file for configurations. A minimal configuration file looks like this:
host_interface: eth0 # The host interface to use; in a container, this should be eth0
local_username: veilnet # Your chosen local username, this is not your veilnet account
local_password: veilnet # Your chosen local password, this is not your veilnet account password
wireguard_config:
external_ip: x.x.x.x # The external IP address for the WireGuard interface
ip: 10.0.0.1 # The IP address of the WireGuard interface
Host Interface #
The host interface is the “physical” interface that the WireGuard TUN will rely on for sending packets. Since VeilNet Rift is running inside a container, the container’s interface name is defaulted to “eth0”. You should not have to change this unless you are running the executable of VeilNet Rift directly on a physical machine.
Local Username and Password #
This is the username and password for your local instance of VeilNet Rift for HTTP Basic authentication. It stored locally only and could not be changed while the instance is running. This is different from your VeilNet account!
WireGuard Config #
These are the configurations required for WireGuard.
- External IP: This is the IP that will be passed as the endpoint in the generated WireGuard Peer configuration file. If you only plan to connect your Rift instance locally, then this IP should be the container’s IP. If you plan to connect with the Rift externally, you should configure a port forward on your ISP router and specify your public IP if you have one.
- IP: This is the IP assigned to the WireGuard TUN. It is also used inside the VeilNet. You must own the IP registration in order for the Rift to work properly. If you do not own the registration of the IP, your Rift will simply act as a local WireGuard Hub.
Additional Configuration #
host_interface: eth0
local_username: veilnet
local_password: veilnet
rift_config:
name:
rift_token:
local_networks: []
wireguard_config:
external_ip: x.x.x.x
ip: x.x.x.x
public_key:
private_key:
active: true
peers:
- name:
public_key:
private_key:
ip: x.x.x.x
endpoint: x.x.x.x:51820
endpoint_public_key:
active: true
A full configuration file may look like above.
Rift Config #
These are the configurations related to the Rift:
- name: The name of the Rift instance for human-readable purpose only.
- rift_token: Access token for this Rift instance. This token is valid for 7 days after your successfully logged into your veilnet account via the UI. You should not have to manually set this!
- local_networks: it is a list of local network that this rift instance will expose to all other rift instance under your account for creating site-to-site VPN. Only Rift instance belongs to you will be able to access them.
Additional WireGuard Config #
The WireGuard config may also contains:
- public_key: the public key for the WireGuard TUN.
- private_key: the private key for the WireGuard TUN.
- peers: the peers under the WireGuard TUN.
- active: It indicates if the Rift is module is running.
Note that, you should not manually set these additional configurations. They will be automatically generated.
Peer Config #
This is the WIreGuard Peer configuration list. Each member represents a peer, including:
- name: a human-readable name.
- public_key: the peer’s public key.
- private_key: the peer’s private key.
- endpoint: the address and port that the peer should use to for WireGuard Tunnel.
- endpoint_public_key: the public key of the WireGuard endpoint, it should be same as the public key under WireGuard configuration.
- active: it indicates if the Rift Module is functional for this peer.
Note that, you should not manully create these settings. It will be generated via the admin UI.
