Home/stef-openclaw-skills
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
12838f744961aa36cffa6f94111d160ba5f4f4bf
stef-openclaw-skills/docs/plans/2026-03-11-nordvpn-wireguard-macos-design.md
Stefano Fiorini 4a539a33c9 feat: add mac wireguard nordvpn backend
2026-03-11 23:44:22 -05:00

1.5 KiB
Raw Blame History

NordVPN macOS WireGuard Backend Design

Goal

Replace the current macOS app-manual fallback in nordvpn-client with a scripted WireGuard/NordLynx backend inspired by wg-nord and wgnord, while preserving the official Linux nordvpn CLI backend.

Key decisions

  • Keep Linux on the official nordvpn CLI.
  • Prefer a native macOS WireGuard backend over the GUI app.
  • Do not vendor third-party scripts directly; reimplement the needed logic in our own JSON-based Node skill.
  • Do not require uninstalling the Homebrew nordvpn app. The new backend can coexist with it.

macOS backend model

  • Bootstrap via Homebrew:
    • wireguard-tools
    • wireguard-go
  • Read NordVPN token from existing env/file inputs.
  • Discover a WireGuard-capable NordVPN server via the public Nord API.
  • Generate a private key locally.
  • Exchange the private key for Nord-provided interface credentials using the token.
  • Materialize a temporary WireGuard config under a skill-owned state directory.
  • Connect and disconnect via wg-quick.
  • Verify with public IP/geolocation after connect.

Data/state

  • Keep state under a skill-owned directory in the user's home, not /etc.
  • Persist only what is needed for reconnect/disconnect/status.
  • Never store secrets in docs.

Rollout

  1. Implement the macOS WireGuard backend in the skill.
  2. Update status output so backend selection is explicit.
  3. Update skill docs and repo docs.
  4. Verify non-destructive flows on this host.
  5. Commit, push, and then decide whether to run a live connect test.
Reference in New Issue View Git Blame Copy Permalink