[PR #1153] Integrate Rosenpass #3020

Open
opened 2025-11-20 08:04:42 -05:00 by saavagebueno · 0 comments
Owner

Original Pull Request: https://github.com/netbirdio/netbird/pull/1153

State: closed
Merged: Yes


Describe your changes

This PR aims to integrate Rosenpass with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the cunicu/go-rosenpass implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection.

The Feature can be enabled by setting a flag during the netbird up --enable-rosenpass command.

If both peers support and enable the Rosenpass feature, they will establish a post-quantum secure connection. If only one peer has rosenpass enabled no communication is possible.

Note


Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration.

Info for testing:

Warning


Make sure the additional code does not interfere with the current production code (with the feature enabled)

Note


Skipped to test Android as the UI does not support it yet anyway

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary
**Original Pull Request:** https://github.com/netbirdio/netbird/pull/1153 **State:** closed **Merged:** Yes --- ## Describe your changes This PR aims to integrate [Rosenpass](https://rosenpass.eu) with NetBird. It adds a manager for Rosenpass that starts a Rosenpass server and handles the managed peers. It uses the [cunicu/go-rosenpass](https://github.com/cunicu/go-rosenpass) implementation. Rosenpass will then negotiate a pre-shared key every 2 minutes and apply it to the wireguard connection. The Feature can be enabled by setting a flag during the `netbird up --enable-rosenpass` command. If both peers support and enable the Rosenpass feature, they will establish a post-quantum secure connection. If only one peer has rosenpass enabled no communication is possible. > **Note** > Additionally, this PR includes an update of all Github Actions workflows to use go version 1.21.0 as this is a requirement for the integration. **Info for testing:** > **Warning** > Make sure the additional code does not interfere with the current production code (with the feature enabled) > **Note** > Skipped to test Android as the UI does not support it yet anyway ## Issue ticket number and link ### Checklist - [ ] Is it a bug fix - [ ] Is a typo/documentation fix - [x] Is a feature enhancement - [ ] It is a refactor - [ ] Created tests that fail without the change (if possible) - [ ] Extended the README / documentation, if necessary
saavagebueno added the pull-request label 2025-11-20 08:04:42 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#3020