Diagrams
Technical diagrams and visualizations for WolfGuard architecture and protocols.
Note: This page has been moved from
/docs/guides/diagramsto/docs/resources/diagrams
Architecture Diagramsβ
WolfGuard System Architectureβ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β WolfGuard Architecture β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β REST API β β WebUI β �β CLI Tool β β
β ββββββββ¬ββββββββ ββββββββ¬ββββββββ ββββββββ¬ββββββββ β
β β β β β
β ββββββββββββββββββββ΄βββββββββββββββββββ β
β β β
β ββββββββββΌβββββββββ β
β β Control Plane β β
β β - Auth/Authz β β
β β - Config Mgmt β β
β β - User Mgmt β β
β ββββββββββ¬βββββββββ β
β β β
β βββββββββββββββββββ΄ββββββββββββββββββ β
β β β β
β ββββββββΌβββββββ ββββββββΌβββββββ β
β β TLS/HTTPS β β DTLS Tunnel β β
β β Handler β β Handler β β
β ββββββββ¬βββββββ ββββββββ¬βββββββ β
β β β β
β ββββββββββββββββ¬βββββββββββββββββββββ β
β β β
β ββββββββΌβββββββ β
β β WolfSentry β β
β β Firewall β β
β ββββββββ¬βββββββ β
β β β
β ββββββββΌβββββββ β
β β IP Stack β β
β β (TUN/TAP) β β
β βββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Protocol Flow Diagramsβ
OpenConnect Connection Establishmentβ
Client Server
| |
|--- 1. TLS ClientHello ------->|
| | Establish
|<-- 2. TLS ServerHello --------| TLS 1.3
| | Connection
|--- 3. TLS Finished ---------->|
| |
|--- 4. HTTP POST /auth ------->|
| | Present
|<-- 5. Auth Challenge ---------| Login Form
| |
|--- 6. Credentials ----------->|
| (username/password/2FA) | Authenticate
| |
|<-- 7. CONNECT Response -------|
| (Session cookie) |
| |
|<-- 8. XML Configuration ------|
| (IP, routes, DNS, etc.) |
| |
|--- 9. DTLS ClientHello ------>|
| | Establish
|<-- 10. DTLS ServerHello ------| DTLS
| | Data Tunnel
|--- 11. DTLS Finished -------->|
| |
|<====== IP Traffic ==========>|
| (Encrypted UDP tunnel) |
| |
Authentication Flowβ
ββββββββββ ββββββββββββ ββββββββββ
β Client β β WolfGuardβ β Backendβ
βββββ¬βββββ ββββββ¬ββββββ βββββ¬βββββ
β β β
β 1. Connect β β
ββββββββββββββββββββ>β β
β β β
β 2. Present Form β β
β<ββββββββββββββββββββ€ β
β β β
β 3. Credentials β β
ββββββββββββββββββββ>β β
β β 4. Verify β
β βββββββββββββββββββ>β
β β β
β β 5. Auth Response β
β β<βββββββββββββββββββ€
β β β
β 6. Session Token β β
β<ββββββββββββββββββββ€ β
β β β
β 7. Establish VPN β β
ββββββββββββββββββββ>β β
β β β
Network Topology Diagramsβ
Split-Tunnel Configurationβ
Internet
β
ββββββββββββββββΌβββββββββββββββ
β β β
Non-VPN VPN Server Corporate
Traffic β Network
β β β
β ββββββΌβββββ β
β βWolfGuardβ β
β ββββββ¬βββββ β
β β β
ββββββββββββββββΌβββββββββββββββ
β
VPN Client
Full-Tunnel Configurationβ
Internet
β
β
VPN Server
β
ββββββΌβββββ
βWolfGuardβββββββββ> Corporate
ββββββ¬βββββ Network
β
β
VPN Client
(All traffic via VPN)
High Availability Setupβ
Internet
β
ββββββββΌβββββββ
βLoad Balancerβ
ββββββββ¬βββββββ
β
ββββββββββββββββΌβββββββββββββββ
β β β
ββββββΌβββββ ββββββΌβββββ ββββββΌβββββ
βWolfGuardβ βWolfGuardβ βWolfGuardβ
β Node 1 β β Node 2 β β Node 3 β
ββββββ¬βββββ ββββββ¬βββββ ββββββ¬βββββ
β β β
ββββββββββββββββ΄βββββββββββββββ
β
Shared Backend
(Database, Storage)
Deployment Diagramsβ
Docker Deploymentβ
βββββββββββββββββββββββββββββββββββββββββββ
β Docker Host β
β β
β ββββββββββββββββββββββββββββββββββββββ β
β β WolfGuard Container β β
β β β β
β β ββββββββββββββββββββββββββββββββ β β
β β β WolfGuard Process β β β
β β ββββββββββββββββββββββββββββββββ β β
β β β β
β β Volumes: β β
β β - /etc/wolfguard (config) β β
β β - /etc/wolfguard/certs (certs) β β
β β β β
β ��β Ports: β β
β β - 443/tcp β β
β β - 443/udp β β
β ββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββ
Kubernetes Deploymentβ
βββββββββββββββββββββββββββββββββββββββββββββββ
β Kubernetes Cluster β
β β
β ββββββββββββ�ββββββββββββββββββββββββββββββ β
β β Ingress/LoadBalancer β β
β βββββββββββββββββββ¬βββββββββββββββββββββββ β
β β β
β βββββββββββββββββββΌβββββββββββββββββββββββ β
β β Service (wolfguard) β β
β βββββββββββββββββββ¬βββββββββββββββββββββββ β
β β β
β βββββββββββββββΌββββββββββββββ β
β β β β β
β βββββΌββββ βββββΌββββ βββββΌββββ β
β β Pod β β Pod β β Pod β β
β β Node1 β β Node2 β β Node3 β β
β βββββ¬ββββ βββββ¬ββββ βββββ¬ββββ β
β β β β β
β βββββββββββββββ΄ββββββββββββββ β
β β β
β βββββββββββββββββββΌβββββββββββββββββββββββ β
β β PersistentVolume (Config/Certs) β β
β ββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββ
Data Flow Diagramsβ
VPN Traffic Flowβ
ββββββββββββββ
β Client β
βApplication β
βββββββ¬βββββββ
β Plain IP packets
β
βββββββΌβββββββ
β TUN/TAP β
β Device β
βββββββ¬βββββββ
β IP packets
β
βββββββΌβββββββ
β WolfGuardβ
β Client β
βββββββ¬βββββββ
β DTLS encrypted
β
β Network (UDP 443)
β
βββββββΌβββββββ
β WolfGuardβ
β Server β
βββββββ¬βββββββ
β Decrypted IP packets
β
βββββββΌβββββββ
β WolfSentryβ
β Firewall β
βββββββ¬βββββββ
β Filtered packets
β
βββββββΌβββββββ
β TUN/TAP β
β Device β
βββββββ¬βββββββ
β Routed packets
β
βββββββΌβββββββ
β Corporate β
β Network β
ββββββββββββββ
See Alsoβ
For more diagrams and visualizations, see the specific documentation sections or view the source in GitHub.