Hi!

First of all - awesome idea, exactly the solution we need. Thank you for coming up with this!

I wonder what's the status of the project? I see the only release was RC and already some time ago, but at the same time there is something going on on dev branch regularly - so I guess it's not dead, just release cycle is very long? Or was it just some kind of PoC? Do you recommend using it in production environments? Do you know/recommend any alternatives to Drago?

Additionally, I was able to configure it only after accidentally finding out "demo" directory. Before, I had to scan all of the source code to find out what are the possibilities, configuration options etc.. Unfortunately, docs page is empty. Are you looking for contribution when it comes to the documentation?
After playing with Drago a little bit, I'd also have some issues to open - but as with the documentation, I'm not sure whether you are expecting it or not.

Looking forward to hear from you and, once again - great project!

Hi!

Many thanks for the feedback!

I'm sorry to hear you faced difficulties in getting the configurations right. Please understand that the project is still under active development, and despite the limitations when it comes to manpower, we do want to reduce the release cycle as much as possible.

As you have probably seen, the current version still lacks some advanced security features which might limit its applicability in more serious production environments. Additionally, there are no well-defined process to allow for a smooth update of the agent, which will certainly jeopardize your experience, especially in such environments. As we plan to use the tool ourselves in production environments, this will definitely be possible in the future.

That said, we are preparing a new release, which includes significant refactoring, and a bunch of new functionalities targeting production environments. More specifically:

• We replaced Postgres with Etcd as the primary storage backend. Etcd will be embedded in the Drago server, hence allowing operation in cluster mode;
• We added an ACL system for fine-grained access control. The HTTP API was modified to expose endpoints for issuing and managing tokens and policies. The whole experience was heavily inspired on Hashicorp Nomad.
• We did some major refactoring on the client, mostly on the node registration and reconciliation mechanisms in order to make them more secure and robust (if you're curious, please check the dev branch);
• We're working on supporting plugins (for IP leasing, meshing, discovery, anomaly detection, as well for integrating with other tools we're developing). The idea is to move all non-core functionality to a plugin. As it requires a bit more work, this is probably not going to be ready in the next version, though.

We definitely welcome any kind of contribution. If you are willing to help, just let us know what you'd like to do, and let's discuss how to proceed 😊. Also, If you're OK with sharing a bit more of your use case and specific needs, that would be of great help, as it would help us prioritize features.

Finally, regarding similar projects, if you're using k8s, check out kilo. If all you need is a tool for generating static WireGuard configurations for your nodes, there are plenty of solutions out there. If you all you want is a managed VPN based on WireGuard, check out Tailscale.

Looking forward to hearing back from you!

Thanks for quick answer :)

we are preparing a new release

Great to hear that!
I think maybe what I'm missing (and that's why I had slight impression that the project is abandoned) is some kind of transparency when it comes to development - there are no issues and/or PRs documenting the plans, bugs, progress etc.. But of course it's completely up to you and your workflow - just saying because maybe more people had the same impression as I did.

just let us know what you'd like to do

I could help with the documentation, but as more changes are still to come, I'm not sure it makes sense to start right now. Although, maybe with some basics that will not change very soon?

a bit more of your use case and specific needs

We basically run multi-cloud setup (AWS, Hetzner Cloud, Google Cloud), no specific needs besides some overview and automation in managing wireguard networks. Actually at the moment we just consider going with wireguard - using Drago-like tool is pre-condition.

Thanks again for the valuable feedback! We will definitely try to increase the transparency in the project. In this direction, we have just created a Gitter channel, and we'll be available there as well. Hopefully this will help foster discussions about the project.

I could help with the documentation, but as more changes are still to come, I'm not sure it makes sense to start right now. Although, maybe with some basics that will not change very soon?

Feel free to edit the docs and submit a PR. I agree it is a good idea to start with the basics, and then complement it after the changes are released and we reach a more stable state.

Hi, I took some time to structure the project docs, and will start working on documenting everything, starting with the features. It's online at seashell.github.io/drago, with the source available in the dev branch. Feel free to share your thoughts and suggest any changes you see fit.