@SYNTHETISM:~$
/docs
/synet-dev
/synet-gateway
Documents

Title: Synet Gateway

Last Update: 02.05.25

:: synet-gateway

Synet Gateway

Introduction

The Synet Gateway is a secure bridge between external agents and Synet's decentralized IPv6 network. It handles secure WireGuard tunnels, dynamic/static IP allocation, and optional service registration assistance.

Its primary role:

  • Manage WireGuard connections for agents.
  • Issue dynamic or static IP addresses.
  • Act as an entry point and traffic router.
  • Optionally enforce authentication, IP leases, and metrics tracking.

Each Gateway ensures agents can join Synet safely, predictably, and independently.

Gateways are approved nodes — only trusted gateways can issue real Synet IPs (with root server cross-verification).

Core Responsibilities

Area Description
WireGuard Management Create secure tunnels for connecting agents.
Dynamic IP Assignment Issue temporary IP addresses on connect.
Static IP Reservation Issue fixed IPs for registered services (via Synet Root Authority).
Authentication Validate agents before allowing network access (optional).
Gateway Metrics Monitor active clients, issued IPs, bandwidth (optional future feature).

Technology Stack

  • Python 3.11+
  • FastAPI — lightweight, async API server for management operations.
  • WireGuard Tools (wg, wg-quick) — low-level tunnel management.
  • Redis — optional in-memory store for live sessions.
  • SQLite — local lightweight storage for assigned IPs (backup + reboot resilience).
  • Systemd Services — production deployment.
  • Docker Support — for quick container deployment.

Architecture Overview

flowchart TB
    A[External Agent] --> B[WireGuard Tunnel Request]
    B --> C[Synet Gateway]
    C --> D[Issue Dynamic IP] 
    C --> E[Lookup Static IP from Synet Root] 
    D --> F[WireGuard Network]
    E --> F
  • Agents install a WireGuard config provided by the gateway.
  • Gateway assigns IPs, routes traffic into Synet.

Core APIs (FastAPI)

Endpoint Method Purpose
/connect POST Request new WireGuard config and dynamic IP.
/request-static-ip POST Request pre-approved static IP (requires signed proof).
/status GET Retrieve session details (assigned IP, uptime).
/disconnect POST Disconnect and remove session.

WireGuard Flow

  1. Agent sends a public key to /connect.
  2. Gateway assigns a dynamic IP and generates a WireGuard config.
  3. Agent installs config, joins Synet.

Example dynamic assignment:

fd00:1::2000/112

Static IP example:

fd00:1::100/112

Example Connection Flow

Agent calls:

POST /connect
{
  "agent_pubkey": "base64..."
}

Gateway responds:

{
  "private_key": "private_key_here",
  "public_key": "gateway_public_key",
  "client_ip": "fd00:1::2000/112",
  "endpoint": "gateway.synet.network:51820"
}

Agent installs configuration and joins.

Future Extensions

  • Rate Limiting and Abuse Prevention.
  • Billing (Premium or private gateways).
  • Multi-Region Gateways with HAProxy/Routing.

Join Dev

Repo
Dev Portal
Working Groups

Synthetism Foundation
No cookies, no ads, no traps.
Join