docs: update README with desktop requirements, helper builds, and realistic MVP usage notes
Expand README with desktop platform requirements (Windows x86, macOS ARM), helper build commands, gateway utility scripts, and updated local test flow. Add realistic MVP usage section clarifying current platform build status, gateway configuration needs, and admin debug profile behavior with client private key handling.
This commit is contained in:
40
README.md
40
README.md
@@ -41,8 +41,30 @@ This repository contains the initial production-minded MVP scaffold:
|
||||
- WireGuard remains the tunnel transport. NexaVPN is the control plane around it.
|
||||
- Client private keys are generated on-device and are not stored server-side.
|
||||
- Gateway-side enforcement uses nftables generated from issued policy state.
|
||||
- The Tauri client is structured around embedded tunnel management. Native system WireGuard import can be added as an optional integration later.
|
||||
- The current desktop client now performs real backend login and enrollment calls, but secure OS key storage and native tunnel activation are still the next hardening step.
|
||||
- The desktop client is structured so NexaVPN is the only user-facing VPN app.
|
||||
- The tunnel layer still uses WireGuard internally, but the intended delivery model is a NexaVPN-bundled tunnel backend, not a separately used WireGuard app.
|
||||
|
||||
## Desktop Requirements
|
||||
|
||||
- Windows x86: package NexaVPN with the bundled Windows x86 tunnel helper
|
||||
- macOS ARM: package NexaVPN with the bundled macOS ARM tunnel helper
|
||||
|
||||
See [client-platforms.md](/mnt/c/Users/neste/Documents/GIT/NexaVPN/docs/client-platforms.md) for the current platform strategy.
|
||||
|
||||
Helper build commands:
|
||||
|
||||
```bash
|
||||
cd desktop-client
|
||||
npm run helper:windows-x86
|
||||
npm run helper:macos-arm64
|
||||
```
|
||||
|
||||
Gateway utility scripts:
|
||||
|
||||
```bash
|
||||
./deploy/scripts/generate-gateway-keypair.sh
|
||||
./deploy/scripts/get-admin-token.sh http://localhost admin your-password
|
||||
```
|
||||
|
||||
## Local Test Flow
|
||||
|
||||
@@ -56,5 +78,15 @@ Then:
|
||||
|
||||
1. Visit `http://localhost`
|
||||
2. Bootstrap the first admin account
|
||||
3. Create a user or use the desktop client against `http://localhost`
|
||||
4. Sign in from the NexaVPN desktop app with that user
|
||||
3. Create a standard user in the `Users` page
|
||||
4. Create a user policy in the `Policies` page
|
||||
5. Enroll a device from the NexaVPN desktop app against `http://localhost`
|
||||
6. Inspect the generated device profile in the `Devices` page
|
||||
|
||||
## Realistic MVP Usage
|
||||
|
||||
The current repository can act as a real WireGuard control plane and issue per-device peer state, but these platform pieces are still at MVP level:
|
||||
|
||||
- the desktop app now targets an embedded NexaVPN tunnel backend model, and the helper source is in-repo, but final platform builds and signing still need to happen per target OS
|
||||
- the gateway helper now applies WireGuard and nftables state in-container, but you still need to provide the gateway private key and correct uplink interface settings
|
||||
- admin debug profiles intentionally use a private-key placeholder because the client private key stays local
|
||||
|
||||
Reference in New Issue
Block a user