← Back to Skills Marketplace
85
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install vpn-mesh
Description
Turn your OpenClaw agent into a secure VPN exit node. Mesh network for agents to route traffic through peer nodes worldwide.
README (SKILL.md)
VPN Mesh 🌐
Decentralized VPN network for AI agents. Turn your OpenClaw agent into a secure VPN exit node. Route traffic through peer nodes worldwide with one command.
Install: clawhub install vpn-mesh
Setup: python3 ~/.openclaw/skills/vpn-mesh/scripts/setup.sh
Map: python3 ~/.openclaw/skills/vpn-mesh/scripts/mesh_map.py --html
Quick Start
# 1. Install the skill
clawhub install vpn-mesh
# 2. Setup your node (generates keys, creates config)
python3 ~/.openclaw/skills/vpn-mesh/scripts/setup.sh
# 3. Start the VPN interface (requires WireGuard installed)
sudo wg-quick up ~/.openclaw/vpn-mesh/wg0.conf
# 4. See your node on the map
python3 ~/.openclaw/skills/vpn-mesh/scripts/mesh_map.py --html
Commands
setup — Configure this node
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py setup
Creates WireGuard keypair, detects your location, creates VPN config.
status — Show node info and connection state
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py status
Shows:
- Node ID, country, city
- Public key (share this with others)
- Connection status
- Available peers in the mesh
list — Show all mesh nodes
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py list
Displays all nodes in the network with:
- 🇪🇸 Country flags
- 📍 City and endpoint
- 🔑 Public key (first 30 chars)
connect \x3Cnode_id> — Connect to a specific node
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py connect node-id
Routes your agent's traffic through the specified peer node.
connect-country \x3CCC> — Connect to a country
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py connect-country ES
Finds the best available node in the specified country and connects automatically.
Supported countries: ES, GB, US, DE, FR, NL, SE, NO, FI, DK, PL, IT, PT, IE, BE, AT, CH, AU, CA, JP, KR, SG, IN, BR
disconnect — Revert to local routing
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py disconnect
Stops routing through mesh, returns to normal internet.
pair — Generate/share pairing code
# Generate your pairing code
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py pair
# Connect using a code (from another node)
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py pair SPAIN-ABC123
Visual Map
Generate an interactive world map showing all mesh nodes:
# ASCII art map (terminal)
python3 ~/.openclaw/skills/vpn-mesh/scripts/mesh_map.py
# HTML map (open in browser)
python3 ~/.openclaw/skills/vpn-mesh/scripts/mesh_map.py --html
# With demo nodes
python3 ~/.openclaw/skills/vpn-mesh/scripts/mesh_map.py --demo --html
The HTML map shows:
- 🗺️ Interactive world map with node markers
- 📊 Stats: total nodes, countries, avg uptime
- 🔴 Live network status indicator
- 🖧 Node cards with connect buttons
- ✨ Dark theme, smooth animations
Security
Built on WireGuard — the gold standard of VPN security.
Private Key Protection
- Private key generated LOCALLY on your server
- Never transmitted over the network
- Stored with 600 permissions (root only)
- Each node has unique keypair
Peer Authentication
- Only public keys exchanged between peers
- WireGuard handshake usesCurve25519
- Forward secrecy — compromised keys can't decrypt old traffic
- No passwords to brute-force
Network Isolation
- Peers can only access VPN interface, not your local network
- iptables firewall locks down exposed services
- All traffic is encrypted end-to-end
- Compromised peer = revoke their public key, instant lockout
Privacy by Design
- No central server to hack
- No user accounts or auth tokens
- Registry only contains public keys + endpoints
- Even if registry is compromised, attackers get nothing useful
Architecture
┌─────────────────────────────────────────────────────────┐
│ VPN Mesh Network │
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ Node ES │◄────────►│ Node DE │◄────────►│ Node UK │ │
│ │(Spain) │ │(Germany)│ │(London) │ │
│ └─────────┘ └─────────┘ └─────────┘ │
│ ▲ ▲ ▲ │
│ │ │ │ │
│ ┌────┴────┐ ┌────┴────┐ ┌────┴────┐ │
│ │ Your │ │ Peer │ │ Peer │ │
│ │ Agent │ │ Agent │ │ Agent │ │
│ └─────────┘ └─────────┘ └─────────┘ │
│ │
│ Connect to any country with: │
│ vpn_mesh connect-country ES → Routes through Spain │
│ vpn_mesh connect-country DE → Routes through Germany │
│ vpn_mesh connect-country UK → Routes through UK │
└─────────────────────────────────────────────────────────┘
Use Cases
1. Bypass geo-restrictions
Spain blocks Polymarket → vpn_mesh connect-country GB → Access from UK
2. Route AI agent through specific country
Your agent in Spain → connects to German node → appears in Germany
3. Decentralized privacy
No single company controls the network. Each node is independent.
Traffic routes through peer nodes, not through a corporate VPN.
4. Prediction market access
Access prediction markets blocked in your country by connecting
through a node in a country where they're available.
Registry
Nodes announce themselves to a shared registry (GitHub Gist by default).
Registry format:
{
"node_id": "stigs-umbrel",
"public_key": "abc123...",
"endpoint": "79.116.132.72:51820",
"country": "ES",
"city": "Lanzarote",
"version": "0.3.0",
"uptime": "99%",
"updated": "2026-06-01T20:00:00Z"
}
To use a custom registry:
export VPN_MESH_REGISTRY=https://your-gist/raw/nodes.json
python3 ~/.openclaw/skills/vpn-mesh/scripts/vpn_mesh.py list
Troubleshooting
WireGuard not installed:
sudo apt update && sudo apt install wireguard
Can't connect to peer:
- Verify peer's public key matches
- Check endpoint IP:port is accessible
- Ensure both nodes have WireGuard running
Node not showing on map:
- Check registry.json exists at ~/.openclaw/vpn-mesh/
- Verify public_key is present
- Check last_updated timestamp
Permission denied:
sudo wg-quick up ~/.openclaw/vpn-mesh/wg0.conf
Demo Mode
The skill includes demo nodes to showcase the visualization:
python3 ~/.openclaw/skills/vpn-mesh/scripts/mesh_map.py --demo --html
Shows 6 sample nodes across: Spain, Germany, UK, Netherlands, US, Japan
Files
~/.openclaw/vpn-mesh/
├── registry.json # Your node info
├── private.key # Your private key (KEEP SECRET)
├── public.key # Your public key (share this)
├── wg0.conf # WireGuard config
├── demo_nodes.json # Demo nodes for visualization
└── mesh-map.html # Interactive world map
License
MIT — Free to use, modify, and redistribute. No attribution required.
Usage Guidance
Install only if you are prepared to audit and modify it first. Do not publish or share registry.json produced by the Python setup path unless private_key is removed and existing keys are rotated. Expect setup to reveal your public IP/location to ipapi.co, expect registry/map features to contact external services, and review wg0.conf before running sudo wg-quick because it changes firewall and traffic-routing behavior.
Capability Tags
Capability Assessment
Purpose & Capability
The VPN exit-node purpose explains WireGuard keys, peer registries, routing, and sudo use, but the Python setup path writes the WireGuard private key into registry.json while the documentation says the registry contains only public keys and endpoints.
Instruction Scope
The documentation encourages routing through other countries to bypass restrictions, and registry-selected peers can influence traffic routing without strong trust validation or clear warnings.
Install Mechanism
The declared install mechanism is coherent for WireGuard tooling and no hidden package installation was found, but setup and map generation contact external services and load third-party web assets.
Credentials
External IP and location lookups, public registry fetching, generated NAT/forwarding rules, and VPN traffic routing are plausible for the purpose but not disclosed with enough consent and risk detail for this security-sensitive context.
Persistence & Privilege
The skill creates persistent VPN keys, config, registry, and state under ~/.openclaw/vpn-mesh; private.key and wg0.conf are chmod 600, but registry.json can contain the private key in one setup path and is not similarly protected. The generated config also changes firewall/routing state when activated with wg-quick.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vpn-mesh - After installation, invoke the skill by name or use
/vpn-mesh - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
Major upgrade: Stunning HTML map, connect-country command, country-based routing, demo nodes, comprehensive docs, security hardening
v0.2.0
Added mesh_map.py with ASCII and HTML visualization. Shows all nodes on world map with country flags and uptime stats.
v0.1.0
Initial release - WireGuard VPN mesh for OpenClaw agents
Metadata
Frequently Asked Questions
What is Vpn Mesh?
Turn your OpenClaw agent into a secure VPN exit node. Mesh network for agents to route traffic through peer nodes worldwide. It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.
How do I install Vpn Mesh?
Run "/install vpn-mesh" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vpn Mesh free?
Yes, Vpn Mesh is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Vpn Mesh support?
Vpn Mesh is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vpn Mesh?
It is built and maintained by stigg86 (@stigg86); the current version is v0.3.0.
More Skills