Secure, peer-to-peer, decentralized mesh networking using WireGuard and libp2p.
wgmesh is a lightweight tool that transforms a collection of nodes into a distributed, encrypted, and decentralized mesh network. It combines WireGuard's fast, secure VPN tunneling with libp2p's powerful peer-to-peer networking to form a resilient overlay mesh -- no central server required.
Perfect for:
- 🌍 Distributed VPN mesh networks
- 📦 Private infrastructure overlays
- 🛰 Remote clusters or sensor networks
Make sure you have Go 1.23.8+ installed: https://golang.org/dl/
git clone https://github.com/dan-j-d/wgmesh.git
cd wgmesh
go buildsudo ./wgmesh \
--public-ip <YOUR_PUBLIC_IP> \
--wireguard-ip 10.0.0.1 \
--port 37950 \
--wireguard-port 51820 \
--wireguard-interface wg0ℹ️ On first run, the tool will generate and store its iconfig under ./data/.
To connect to another peer:
- Ask the other node to run /connect-string to get its connection JSON.
- Run the following command on your node:
/connect [{"Addr":"/ip4/1.2.3.4/tcp/37950/p2p/QmPeerID"}, ...]- The nodes will automatically establish secure connections and form a mesh.
| Command | Description |
|---|---|
| /connect | Connects to a peer using its multiaddr(s) |
| /connect-string | Outputs connection JSON strings for sharing |
| /peers | Lists currently connected libp2p peers |
| /exit | Gracefully shuts down the node |
All persistent state (keys, WireGuard configs, DHT store) are stored under the specified --data-path. On startup, the tool will reuse previous identities and settings if present.
- Uses WireGuard’s modern encryption for tunnel traffic.
- Peer communication secured via libp2p’s TLS and optional shared secrets.
- Can run on public internet or in private networks.
- Optionally supports a shared secret (
--pre-shared-key) to restrict network access.
Run this on multiple VPS instances, assign each a unique --wireguard-ip, and they will:
- Discover each other
- Exchange encrypted configs
- Form a decentralized VPN mesh with no central coordinator
Wireguard(Kernel module and tools required)Go1.23.8+- Supported platforms: Linux and Windows
Apache 2.0 License. Feel free to fork, contribute, or use this in your own systems.