The on-chain session identifier (uint64), obtained after
broadcasting a MsgStartSessionRequest transaction
The session data to send to the node:
{ pub_key: "<wg_public_key_base64>" }{ uid: "<random_16_bytes_base64>" }The 32-byte secp256k1 private key of the Cosmos wallet that owns the session on-chain
The node's remote URL as stored on-chain (e.g. https://1.2.3.4:port)
A NodeHandshakeResult containing:
result.addrs — list of node endpoints to connect to (e.g. ["1.2.3.4:51820"])result.data — VPN configuration returned by the node (WireGuard config or v2ray inbound)Will throw if the HTTP request fails, the session is not active on-chain, or the signature verification fails on the node side (HTTP 401)
// WireGuard
const wgKeys = generateKeypair();
const result = await handshake(
sessionId,
{ pub_key: wgKeys.publicKey },
cosmosPrivKeyBytes,
node.remoteUrl,
);
// result.result.addrs → ["1.2.3.4:51820"]
// result.result.data → WireGuard peer config
// v2ray
const uid = Buffer.from(crypto.randomBytes(16)).toString('base64');
const result = await handshake(
sessionId,
{ uid },
cosmosPrivKeyBytes,
node.remoteUrl,
);
Generated using TypeDoc
Performs the handshake with a Sentinel dVPN node to initiate a VPN session.
Replicates the
InitHandshakemethod of the Sentinel Go SDK client. The process is:data(WireGuard pubkey or v2ray uid)bigEndian(sessionId) || JSON(data){ data, id, pub_key, signature }to the node's root endpoint (/)The node verifies the signature, derives the account address from
pub_key, and checks it matches the on-chain session's account address before adding the peer to the active VPN service.SSL certificate verification is intentionally disabled since node daemons use self-signed certificates.