diff --git a/README.md b/README.md index bff0a76a..653c19e2 100644 --- a/README.md +++ b/README.md @@ -656,7 +656,7 @@ OK: 8 MiB in 19 packages Hello world!/opt/microservices # /opt/microservices # curl authors:9080/health -H "foo: bar" ->>Received request: GET /health from 223.254.0.109:57930 +>>Received request: GET /health from 198.19.0.109:57930 Hello world!/opt/microservices # /opt/microservices # curl localhost:9080/health {"status":"Authors is healthy"}/opt/microservices # exit diff --git a/README_ZH.md b/README_ZH.md index 352d956c..fc7e9aff 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -580,7 +580,7 @@ OK: 8 MiB in 19 packages Hello world!/opt/microservices # /opt/microservices # curl authors:9080/health -H "foo: bar" ->>Received request: GET /health from 223.254.0.109:57930 +>>Received request: GET /health from 198.19.0.109:57930 Hello world!/opt/microservices # /opt/microservices # curl localhost:9080/health {"status":"Authors is healthy"}/opt/microservices # exit diff --git a/charts/kubevpn/templates/deployment.yaml b/charts/kubevpn/templates/deployment.yaml index 20c7a752..5637730d 100644 --- a/charts/kubevpn/templates/deployment.yaml +++ b/charts/kubevpn/templates/deployment.yaml @@ -52,13 +52,13 @@ spec: - -c env: - name: CIDR4 - value: 223.254.0.0/16 + value: 198.19.0.0/16 - name: CIDR6 - value: efff:ffff:ffff:ffff::/64 + value: 2001:2::/64 - name: TunIPv4 - value: 223.254.0.100/16 + value: 198.19.0.100/16 - name: TunIPv6 - value: efff:ffff:ffff:ffff:ffff:ffff:ffff:9999/64 + value: 2001:2::9999/64 envFrom: - secretRef: name: {{ include "kubevpn.fullname" . }} diff --git a/cmd/kubevpn/cmds/serve.go b/cmd/kubevpn/cmds/serve.go index f2d692f9..9db18d58 100644 --- a/cmd/kubevpn/cmds/serve.go +++ b/cmd/kubevpn/cmds/serve.go @@ -31,7 +31,7 @@ func CmdServe(_ cmdutil.Factory) *cobra.Command { `)), Example: templates.Examples(i18n.T(` # serve node - kubevpn serve -L "tcp://:10800" -L "tun://127.0.0.1:8422?net=223.254.0.123/32" + kubevpn serve -L "tcp://:10800" -L "tun://127.0.0.1:8422?net=198.19.0.123/32" `)), PreRun: func(*cobra.Command, []string) { util.InitLoggerForServer(config.Debug) diff --git a/cmd/kubevpn/cmds/ssh.go b/cmd/kubevpn/cmds/ssh.go index 1c2cd081..985cfe81 100644 --- a/cmd/kubevpn/cmds/ssh.go +++ b/cmd/kubevpn/cmds/ssh.go @@ -26,7 +26,7 @@ import ( ) // CmdSSH -// Remember to use network mask 32, because ssh using unique network CIDR 223.255.0.0/16 +// Remember to use network mask 32, because ssh using unique network CIDR 198.18.0.0/16 func CmdSSH(_ cmdutil.Factory) *cobra.Command { var sshConf = &pkgssh.SshConfig{} var extraCIDR []string diff --git a/cmd/kubevpn/cmds/sshdaemon.go b/cmd/kubevpn/cmds/sshdaemon.go index 9ce99226..7ddac1ba 100644 --- a/cmd/kubevpn/cmds/sshdaemon.go +++ b/cmd/kubevpn/cmds/sshdaemon.go @@ -14,7 +14,7 @@ import ( ) // CmdSSHDaemon -// set local tun ip 223.254.0.1/32, remember to use mask 32 +// set local tun ip 198.19.0.1/32, remember to use mask 32 func CmdSSHDaemon(_ cmdutil.Factory) *cobra.Command { var clientIP string cmd := &cobra.Command{ @@ -24,7 +24,7 @@ func CmdSSHDaemon(_ cmdutil.Factory) *cobra.Command { Long: templates.LongDesc(i18n.T(`Ssh daemon server`)), Example: templates.Examples(i18n.T(` # SSH daemon server - kubevpn ssh-daemon --client-ip 223.254.0.123/32 + kubevpn ssh-daemon --client-ip 198.19.0.123/32 `)), PreRunE: func(cmd *cobra.Command, args []string) error { err := daemon.StartupDaemon(cmd.Context()) diff --git a/cmd/kubevpn/cmds/status_test.go b/cmd/kubevpn/cmds/status_test.go index a9a7a4bc..446e8931 100644 --- a/cmd/kubevpn/cmds/status_test.go +++ b/cmd/kubevpn/cmds/status_test.go @@ -29,8 +29,8 @@ func TestPrintProxyAndClone(t *testing.T) { RuleList: []*rpc.ProxyRule{ { Headers: map[string]string{"user": "naison"}, - LocalTunIPv4: "223.254.0.103", - LocalTunIPv6: "efff:ffff:ffff:ffff:ffff:ffff:ffff:999d", + LocalTunIPv4: "198.19.0.103", + LocalTunIPv6: "2001:2::999d", CurrentDevice: false, PortMap: map[int32]int32{8910: 8910}, }, @@ -98,8 +98,8 @@ func TestPrintProxy(t *testing.T) { RuleList: []*rpc.ProxyRule{ { Headers: map[string]string{"user": "naison"}, - LocalTunIPv4: "223.254.0.103", - LocalTunIPv6: "efff:ffff:ffff:ffff:ffff:ffff:ffff:999d", + LocalTunIPv4: "198.19.0.103", + LocalTunIPv6: "2001:2::999d", CurrentDevice: false, PortMap: map[int32]int32{8910: 8910}, }, diff --git a/pkg/config/config.go b/pkg/config/config.go index e379d034..720cd0f4 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,7 +35,10 @@ const ( VolumeEnvoyConfig = "envoy-config" VolumeSyncthing = "syncthing" - innerIPv4Pool = "223.254.0.100/16" + // innerIPv4Pool is used as tun ip + // 198.19.0.0/16 network is part of the 198.18.0.0/15 (reserved for benchmarking). + // https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml + innerIPv4Pool = "198.19.0.100/16" // 原因:在docker环境中,设置docker的 gateway 和 subnet,不能 inner 的冲突,也不能和 docker的 172.17 冲突 // 不然的话,请求会不通的 // 解决的问题:在 k8s 中的 名叫 kubernetes 的 service ip 为 @@ -51,10 +54,11 @@ const ( // } //] // 如果不创建 network,那么是无法请求到 这个 kubernetes 的 service 的 - dockerInnerIPv4Pool = "223.255.0.100/16" + dockerInnerIPv4Pool = "198.18.0.100/16" - //The IPv6 address prefixes FE80::/10 and FF02::/16 are not routable - innerIPv6Pool = "efff:ffff:ffff:ffff:ffff:ffff:ffff:9999/64" + // 2001:2::/64 network is part of the 2001:2::/48 (reserved for benchmarking) + // https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml + innerIPv6Pool = "2001:2::9999/64" DefaultNetDir = "/etc/cni/net.d" diff --git a/pkg/core/gvisortunendpoint.go b/pkg/core/gvisortunendpoint.go index 3b0b5ce9..b29e1188 100755 --- a/pkg/core/gvisortunendpoint.go +++ b/pkg/core/gvisortunendpoint.go @@ -97,7 +97,7 @@ func (h *gvisorTCPHandler) readFromTCPConnWriteToEndpoint(ctx context.Context, c } h.addRoute(src, conn) - // inner ip like 223.254.0.100/102/103 connect each other + // inner ip like 198.19.0.100/102/103 connect each other if config.CIDR.Contains(dst) || config.CIDR6.Contains(dst) { log.Tracef("[TUN-RAW] Forward to TUN device, SRC: %s, DST: %s, Length: %d", src.String(), dst.String(), read) util.SafeWrite(h.packetChan, &datagramPacket{ diff --git a/pkg/core/route.go b/pkg/core/route.go index 87e4d325..0e7de64c 100644 --- a/pkg/core/route.go +++ b/pkg/core/route.go @@ -27,9 +27,9 @@ type TCPUDPacket struct { } // Route example: -// -L "tcp://:10800" -L "tun://:8422?net=223.254.0.100/16" -// -L "tun:/10.233.24.133:8422?net=223.254.0.102/16&route=223.254.0.0/16" -// -L "tun:/127.0.0.1:8422?net=223.254.0.102/16&route=223.254.0.0/16,10.233.0.0/16" -F "tcp://127.0.0.1:10800" +// -L "tcp://:10800" -L "tun://:8422?net=198.19.0.100/16" +// -L "tun:/10.233.24.133:8422?net=198.19.0.102/16&route=198.19.0.0/16" +// -L "tun:/127.0.0.1:8422?net=198.19.0.102/16&route=198.19.0.0/16,10.233.0.0/16" -F "tcp://127.0.0.1:10800" type Route struct { ServeNodes []string // -L tun ChainNode string // -F tcp diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go index c75f93d2..bd4ff272 100644 --- a/pkg/daemon/daemon.go +++ b/pkg/daemon/daemon.go @@ -99,7 +99,7 @@ func (o *SvrOption) Start(ctx context.Context) error { grpc_health_v1.RegisterHealthServer(svr, health.NewServer()) defer cleanup() reflection.Register(svr) - // [tun-client] 223.254.0.101 - 127.0.0.1:8422: dial tcp 127.0.0.1:55407: connect: can't assign requested address + // [tun-client] 198.19.0.101 - 127.0.0.1:8422: dial tcp 127.0.0.1:55407: connect: can't assign requested address http.DefaultTransport.(*http.Transport).MaxIdleConnsPerHost = 100 // startup a http server // With downgrading-capable gRPC server, which can also handle HTTP. diff --git a/pkg/dev/docker_utils.go b/pkg/dev/docker_utils.go index 84d91d59..382ea1ca 100644 --- a/pkg/dev/docker_utils.go +++ b/pkg/dev/docker_utils.go @@ -90,7 +90,7 @@ func RunLogsSinceNow(name string, follow bool) error { } // CreateNetwork -// docker create kubevpn-traffic-manager --labels owner=config.ConfigMapPodTrafficManager --subnet 223.255.0.0/16 --gateway 223.255.0.100 +// docker create kubevpn-traffic-manager --labels owner=config.ConfigMapPodTrafficManager --subnet 198.18.0.0/16 --gateway 198.18.0.100 func CreateNetwork(ctx context.Context, name string) (string, error) { args := []string{ "network", diff --git a/pkg/inject/exchange.go b/pkg/inject/exchange.go index ffdbedde..23cbbcfb 100644 --- a/pkg/inject/exchange.go +++ b/pkg/inject/exchange.go @@ -79,7 +79,7 @@ func AddContainer(spec *corev1.PodSpec, c util.PodRouteConfig) { }, Command: []string{"/bin/sh", "-c"}, // https://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.2 - // for curl -g -6 [efff:ffff:ffff:ffff:ffff:ffff:ffff:999a]:9080/health or curl 127.0.0.1:9080/health hit local PC + // for curl -g -6 [2001:2::999a]:9080/health or curl 127.0.0.1:9080/health hit local PC // output chain // iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv4} // ip6tables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv6} diff --git a/pkg/util/networkpolicy_windows.go b/pkg/util/networkpolicy_windows.go index 40a41e0b..ab9a870d 100644 --- a/pkg/util/networkpolicy_windows.go +++ b/pkg/util/networkpolicy_windows.go @@ -96,7 +96,7 @@ func decode(in []byte) ([]byte, error) { // AddAllowFirewallRule // for ping local tun device ip, if not add this firewall, can not ping local tun IP on windows func AddAllowFirewallRule(ctx context.Context) { - // netsh advfirewall firewall add rule name=kubevpn-traffic-manager dir=in action=allow enable=yes remoteip=223.254.0.100/16,efff:ffff:ffff:ffff:ffff:ffff:ffff:9999/64,LocalSubnet + // netsh advfirewall firewall add rule name=kubevpn-traffic-manager dir=in action=allow enable=yes remoteip=198.19.0.100/16,2001:2::9999/64,LocalSubnet cmd := exec.CommandContext(ctx, "netsh", []string{ "advfirewall", "firewall", diff --git a/pkg/util/util_test.go b/pkg/util/util_test.go index 55d27d97..4686439e 100644 --- a/pkg/util/util_test.go +++ b/pkg/util/util_test.go @@ -65,8 +65,8 @@ func TestName(t *testing.T) { func TestPing(t *testing.T) { defer util.Run()() - SrcIP := net.ParseIP("223.254.0.102").To4() - DstIP := net.ParseIP("223.254.0.100").To4() + SrcIP := net.ParseIP("198.19.0.102").To4() + DstIP := net.ParseIP("198.19.0.100").To4() icmpLayer := layers.ICMPv4{ TypeCode: layers.CreateICMPv4TypeCode(layers.ICMPv4TypeEchoRequest, 0), diff --git a/pkg/webhook/pods.go b/pkg/webhook/pods.go index 22a46fdb..3b3dc029 100644 --- a/pkg/webhook/pods.go +++ b/pkg/webhook/pods.go @@ -72,7 +72,7 @@ func (h *admissionReviewHandler) handleCreate(ar v1.AdmissionReview) *v1.Admissi return &v1.AdmissionResponse{UID: ar.Request.UID, Allowed: true} } // if create pod kubevpn-traffic-manager, just ignore it - // because 223.254.0.100 is reserved + // because 198.19.0.100 is reserved if x, _, _ := net.ParseCIDR(value); config.RouterIP.Equal(x) { return &v1.AdmissionResponse{UID: ar.Request.UID, Allowed: true} } @@ -163,7 +163,7 @@ func (h *admissionReviewHandler) handleDelete(ar v1.AdmissionReview) *v1.Admissi return &v1.AdmissionResponse{Allowed: true} } // if delete pod kubevpn-traffic-manager, just ignore it - // because 223.254.0.100 is reserved + // because 198.19.0.100 is reserved if x, _, _ := net.ParseCIDR(value); config.RouterIP.Equal(x) { return &v1.AdmissionResponse{Allowed: true} }