libvine is the repo behind vine, a Linux overlay VPN binary built in Zig on top of the libzig stack.
The primary product is now:
- one
vinebinary you can copy to multiple Linux PCs - one
libselfidentity per machine - one TOML config per machine
- one overlay network with explicit prefix ownership
- direct sessions when possible, relay fallback when necessary
The library remains important, but the intended operator experience is:
- build
vine - copy the same binary to each Linux host
- generate one identity per host
- install one host-specific config per host
- start the daemon
- inspect peers, routes, sessions, counters, and snapshots
nix develop -c make build
This produces the vine binary through zig build vine.
Use the multi-PC showcase under examples/multi-pc/ as the reference deployment:
alphabetagammarelay
Typical first steps on a host:
vine identity init
vine config validate -c /etc/libvine/vine.toml
vine doctor -c /etc/libvine/vine.toml
vine daemon run -c /etc/libvine/vine.toml
vine does not treat overlay IP addresses as peer identity.
libselfidentity answers who a node isNetworkIdanswers which overlay network the node belongs toVinePrefixanswers which overlay IP range the node advertiseslibmeshanswers which current path should be used to reach that node
Peer trust and allowlisting must bind to libself identity first, and only then to overlay addressing policy.
libself: identity and authenticated peer metadatalibmesh: discovery, signaling, path selection, and relay fallbacklibdice: NAT traversal assistance when direct paths need setup exchangelibfast: encrypted transport for control and packet carriagelibvine: overlay network semantics and Linux host integration
libvine is not a replacement control plane. It uses libmesh for discovery, signaling, route selection,
session setup, and relay fallback. libvine owns overlay membership policy, virtual addressing, packet
forwarding, and Linux TUN integration.
The project documentation lives in the mdBook under book/.
Useful entry points: