A fixed, public marker anchored out in the water — ships rely on it.
node is the PharosVPN node agent. It runs on every public VPN node, runs
the data plane (AmneziaWG + XRay/REALITY, including multi-hop cascades), and
applies only the configuration the controller pushes to it over mTLS. It is
deliberately dumb: a compromised node cannot compromise the fleet.
Part of the PharosVPN platform — see
docs/DESIGN.md.
- Public IP. Terminates end-user tunnels on UDP 443 (AmneziaWG) and TCP 443 (XRay / VLESS+REALITY).
- Stateless except for what
coxswaingave it. All config is written to disk only after the controller pushes it over a validated mTLS connection. - Control port. Listens for the controller's mTLS/gRPC connection: status, metrics, config push, live peer add/remove, service restart — and streams live events back (client connect/disconnect + handshake liveness over the WatchEvents stream).
- Cascades. For multi-hop profiles it routes entry → [mid] → exit server-side, sizing MTU to the path; the client dials only the entry.
- SSH is install-only.
coxswainreaches a node over SSH solely to install and update the agent (DESIGN §5); every operational instruction is gRPC. - Cold-start resilient. Comes up from disk every boot; controller offline ⇒ existing tunnels keep working.
Go · gRPC server over mTLS · manages awg-quick@awg0 and xray.service.
Pre-alpha. The data plane (AmneziaWG + XRay/REALITY), config push, live peer add/remove, the WatchEvents stream, and multi-hop cascades are built and proven live on a real fleet (single-hop and 2/3-hop). See BUILD.md.
Apache-2.0. Contributions under the DCO (git commit -s).