Drop nodes onto the canvas, draw tunnels between them, and download per-node WireGuard configs. Browser-side; nothing leaves your machine.
# /etc/wireguard/wg0.conf — tokyo [Interface] Address = 10.7.0.1/24 ListenPort = 51820 PrivateKey = <tokyo-private-key> SaveConfig = false PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] # laptop PublicKey = <laptop-public-key> AllowedIPs = 10.7.0.2/32 [Peer] # phone PublicKey = <phone-public-key> AllowedIPs = 10.7.0.3/32
# wg-laptop.conf — laptop [Interface] PrivateKey = <laptop-private-key> Address = 10.7.0.2/32 DNS = 1.1.1.1, 9.9.9.9 [Peer] # tokyo PublicKey = <tokyo-public-key> Endpoint = tokyo.example.com:51820 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25
# wg-phone.conf — phone [Interface] PrivateKey = <phone-private-key> Address = 10.7.0.3/32 DNS = 1.1.1.1, 9.9.9.9 [Peer] # tokyo PublicKey = <tokyo-public-key> Endpoint = tokyo.example.com:51820 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25
The generator emits skeleton configs with placeholder keys. Generate real keys on each host with wg genkey, paste them in, then run the result through the auditor.