mirror of
				https://github.com/kubenetworks/kubevpn.git
				synced 2025-10-26 00:40:33 +08:00 
			
		
		
		
	| @@ -656,7 +656,7 @@ OK: 8 MiB in 19 packages | ||||
| Hello world!/opt/microservices #  | ||||
|  | ||||
| /opt/microservices # curl authors:9080/health -H "foo: bar" | ||||
| >>Received request: GET /health from 223.254.0.109:57930 | ||||
| >>Received request: GET /health from 198.19.0.109:57930 | ||||
|                                                         Hello world!/opt/microservices #  | ||||
| /opt/microservices # curl localhost:9080/health | ||||
| {"status":"Authors is healthy"}/opt/microservices # exit | ||||
|   | ||||
| @@ -580,7 +580,7 @@ OK: 8 MiB in 19 packages | ||||
| Hello world!/opt/microservices #  | ||||
|  | ||||
| /opt/microservices # curl authors:9080/health -H "foo: bar" | ||||
| >>Received request: GET /health from 223.254.0.109:57930 | ||||
| >>Received request: GET /health from 198.19.0.109:57930 | ||||
|                                                         Hello world!/opt/microservices #  | ||||
| /opt/microservices # curl localhost:9080/health | ||||
| {"status":"Authors is healthy"}/opt/microservices # exit | ||||
|   | ||||
| @@ -52,13 +52,13 @@ spec: | ||||
|             - -c | ||||
|           env: | ||||
|             - name: CIDR4 | ||||
|               value: 223.254.0.0/16 | ||||
|               value: 198.19.0.0/16 | ||||
|             - name: CIDR6 | ||||
|               value: efff:ffff:ffff:ffff::/64 | ||||
|               value: 2001:2::/64 | ||||
|             - name: TunIPv4 | ||||
|               value: 223.254.0.100/16 | ||||
|               value: 198.19.0.100/16 | ||||
|             - name: TunIPv6 | ||||
|               value: efff:ffff:ffff:ffff:ffff:ffff:ffff:9999/64 | ||||
|               value: 2001:2::9999/64 | ||||
|           envFrom: | ||||
|             - secretRef: | ||||
|                 name: {{ include "kubevpn.fullname" . }} | ||||
|   | ||||
| @@ -31,7 +31,7 @@ func CmdServe(_ cmdutil.Factory) *cobra.Command { | ||||
| 		`)), | ||||
| 		Example: templates.Examples(i18n.T(` | ||||
|         # serve node | ||||
|         kubevpn serve -L "tcp://:10800" -L "tun://127.0.0.1:8422?net=223.254.0.123/32" | ||||
|         kubevpn serve -L "tcp://:10800" -L "tun://127.0.0.1:8422?net=198.19.0.123/32" | ||||
| 		`)), | ||||
| 		PreRun: func(*cobra.Command, []string) { | ||||
| 			util.InitLoggerForServer(config.Debug) | ||||
|   | ||||
| @@ -26,7 +26,7 @@ import ( | ||||
| ) | ||||
|  | ||||
| // CmdSSH | ||||
| // Remember to use network mask 32, because ssh using unique network CIDR 223.255.0.0/16 | ||||
| // Remember to use network mask 32, because ssh using unique network CIDR 198.18.0.0/16 | ||||
| func CmdSSH(_ cmdutil.Factory) *cobra.Command { | ||||
| 	var sshConf = &pkgssh.SshConfig{} | ||||
| 	var extraCIDR []string | ||||
|   | ||||
| @@ -14,7 +14,7 @@ import ( | ||||
| ) | ||||
|  | ||||
| // CmdSSHDaemon | ||||
| // set local tun ip 223.254.0.1/32, remember to use mask 32 | ||||
| // set local tun ip 198.19.0.1/32, remember to use mask 32 | ||||
| func CmdSSHDaemon(_ cmdutil.Factory) *cobra.Command { | ||||
| 	var clientIP string | ||||
| 	cmd := &cobra.Command{ | ||||
| @@ -24,7 +24,7 @@ func CmdSSHDaemon(_ cmdutil.Factory) *cobra.Command { | ||||
| 		Long:   templates.LongDesc(i18n.T(`Ssh daemon server`)), | ||||
| 		Example: templates.Examples(i18n.T(` | ||||
|         # SSH daemon server | ||||
|         kubevpn ssh-daemon --client-ip 223.254.0.123/32 | ||||
|         kubevpn ssh-daemon --client-ip 198.19.0.123/32 | ||||
| 		`)), | ||||
| 		PreRunE: func(cmd *cobra.Command, args []string) error { | ||||
| 			err := daemon.StartupDaemon(cmd.Context()) | ||||
|   | ||||
| @@ -29,8 +29,8 @@ func TestPrintProxyAndClone(t *testing.T) { | ||||
| 						RuleList: []*rpc.ProxyRule{ | ||||
| 							{ | ||||
| 								Headers:       map[string]string{"user": "naison"}, | ||||
| 								LocalTunIPv4:  "223.254.0.103", | ||||
| 								LocalTunIPv6:  "efff:ffff:ffff:ffff:ffff:ffff:ffff:999d", | ||||
| 								LocalTunIPv4:  "198.19.0.103", | ||||
| 								LocalTunIPv6:  "2001:2::999d", | ||||
| 								CurrentDevice: false, | ||||
| 								PortMap:       map[int32]int32{8910: 8910}, | ||||
| 							}, | ||||
| @@ -98,8 +98,8 @@ func TestPrintProxy(t *testing.T) { | ||||
| 						RuleList: []*rpc.ProxyRule{ | ||||
| 							{ | ||||
| 								Headers:       map[string]string{"user": "naison"}, | ||||
| 								LocalTunIPv4:  "223.254.0.103", | ||||
| 								LocalTunIPv6:  "efff:ffff:ffff:ffff:ffff:ffff:ffff:999d", | ||||
| 								LocalTunIPv4:  "198.19.0.103", | ||||
| 								LocalTunIPv6:  "2001:2::999d", | ||||
| 								CurrentDevice: false, | ||||
| 								PortMap:       map[int32]int32{8910: 8910}, | ||||
| 							}, | ||||
|   | ||||
| @@ -35,7 +35,10 @@ const ( | ||||
| 	VolumeEnvoyConfig = "envoy-config" | ||||
| 	VolumeSyncthing   = "syncthing" | ||||
|  | ||||
| 	innerIPv4Pool = "223.254.0.100/16" | ||||
| 	// innerIPv4Pool is used as tun ip | ||||
| 	// 198.19.0.0/16 network  is part of the 198.18.0.0/15 (reserved for benchmarking). | ||||
| 	// https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml | ||||
| 	innerIPv4Pool = "198.19.0.100/16" | ||||
| 	// 原因:在docker环境中,设置docker的 gateway 和 subnet,不能 inner 的冲突,也不能和 docker的 172.17 冲突 | ||||
| 	// 不然的话,请求会不通的 | ||||
| 	// 解决的问题:在 k8s 中的  名叫 kubernetes 的 service ip 为 | ||||
| @@ -51,10 +54,11 @@ const ( | ||||
| 	//  } | ||||
| 	//] | ||||
| 	// 如果不创建 network,那么是无法请求到 这个 kubernetes 的 service 的 | ||||
| 	dockerInnerIPv4Pool = "223.255.0.100/16" | ||||
| 	dockerInnerIPv4Pool = "198.18.0.100/16" | ||||
|  | ||||
| 	//The IPv6 address prefixes FE80::/10 and FF02::/16 are not routable | ||||
| 	innerIPv6Pool = "efff:ffff:ffff:ffff:ffff:ffff:ffff:9999/64" | ||||
| 	// 2001:2::/64 network is part of the 2001:2::/48 (reserved for benchmarking) | ||||
| 	// https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml | ||||
| 	innerIPv6Pool = "2001:2::9999/64" | ||||
|  | ||||
| 	DefaultNetDir = "/etc/cni/net.d" | ||||
|  | ||||
|   | ||||
| @@ -97,7 +97,7 @@ func (h *gvisorTCPHandler) readFromTCPConnWriteToEndpoint(ctx context.Context, c | ||||
| 		} | ||||
|  | ||||
| 		h.addRoute(src, conn) | ||||
| 		// inner ip like 223.254.0.100/102/103 connect each other | ||||
| 		// inner ip like 198.19.0.100/102/103 connect each other | ||||
| 		if config.CIDR.Contains(dst) || config.CIDR6.Contains(dst) { | ||||
| 			log.Tracef("[TUN-RAW] Forward to TUN device, SRC: %s, DST: %s, Length: %d", src.String(), dst.String(), read) | ||||
| 			util.SafeWrite(h.packetChan, &datagramPacket{ | ||||
|   | ||||
| @@ -27,9 +27,9 @@ type TCPUDPacket struct { | ||||
| } | ||||
|  | ||||
| // Route example: | ||||
| // -L "tcp://:10800" -L "tun://:8422?net=223.254.0.100/16" | ||||
| // -L "tun:/10.233.24.133:8422?net=223.254.0.102/16&route=223.254.0.0/16" | ||||
| // -L "tun:/127.0.0.1:8422?net=223.254.0.102/16&route=223.254.0.0/16,10.233.0.0/16" -F "tcp://127.0.0.1:10800" | ||||
| // -L "tcp://:10800" -L "tun://:8422?net=198.19.0.100/16" | ||||
| // -L "tun:/10.233.24.133:8422?net=198.19.0.102/16&route=198.19.0.0/16" | ||||
| // -L "tun:/127.0.0.1:8422?net=198.19.0.102/16&route=198.19.0.0/16,10.233.0.0/16" -F "tcp://127.0.0.1:10800" | ||||
| type Route struct { | ||||
| 	ServeNodes []string // -L tun | ||||
| 	ChainNode  string   // -F tcp | ||||
|   | ||||
| @@ -99,7 +99,7 @@ func (o *SvrOption) Start(ctx context.Context) error { | ||||
| 	grpc_health_v1.RegisterHealthServer(svr, health.NewServer()) | ||||
| 	defer cleanup() | ||||
| 	reflection.Register(svr) | ||||
| 	// [tun-client] 223.254.0.101 - 127.0.0.1:8422: dial tcp 127.0.0.1:55407: connect: can't assign requested address | ||||
| 	// [tun-client] 198.19.0.101 - 127.0.0.1:8422: dial tcp 127.0.0.1:55407: connect: can't assign requested address | ||||
| 	http.DefaultTransport.(*http.Transport).MaxIdleConnsPerHost = 100 | ||||
| 	// startup a http server | ||||
| 	// With downgrading-capable gRPC server, which can also handle HTTP. | ||||
|   | ||||
| @@ -90,7 +90,7 @@ func RunLogsSinceNow(name string, follow bool) error { | ||||
| } | ||||
|  | ||||
| // CreateNetwork | ||||
| // docker create kubevpn-traffic-manager --labels owner=config.ConfigMapPodTrafficManager --subnet 223.255.0.0/16 --gateway 223.255.0.100 | ||||
| // docker create kubevpn-traffic-manager --labels owner=config.ConfigMapPodTrafficManager --subnet 198.18.0.0/16 --gateway 198.18.0.100 | ||||
| func CreateNetwork(ctx context.Context, name string) (string, error) { | ||||
| 	args := []string{ | ||||
| 		"network", | ||||
|   | ||||
| @@ -79,7 +79,7 @@ func AddContainer(spec *corev1.PodSpec, c util.PodRouteConfig) { | ||||
| 		}, | ||||
| 		Command: []string{"/bin/sh", "-c"}, | ||||
| 		// https://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.2 | ||||
| 		// for curl -g -6 [efff:ffff:ffff:ffff:ffff:ffff:ffff:999a]:9080/health or curl 127.0.0.1:9080/health hit local PC | ||||
| 		// for curl -g -6 [2001:2::999a]:9080/health or curl 127.0.0.1:9080/health hit local PC | ||||
| 		// output chain | ||||
| 		// iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv4} | ||||
| 		// ip6tables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination ${LocalTunIPv6} | ||||
|   | ||||
| @@ -96,7 +96,7 @@ func decode(in []byte) ([]byte, error) { | ||||
| // AddAllowFirewallRule | ||||
| // for ping local tun device ip, if not add this firewall, can not ping local tun IP on windows | ||||
| func AddAllowFirewallRule(ctx context.Context) { | ||||
| 	// netsh advfirewall firewall add rule name=kubevpn-traffic-manager dir=in action=allow enable=yes remoteip=223.254.0.100/16,efff:ffff:ffff:ffff:ffff:ffff:ffff:9999/64,LocalSubnet | ||||
| 	// netsh advfirewall firewall add rule name=kubevpn-traffic-manager dir=in action=allow enable=yes remoteip=198.19.0.100/16,2001:2::9999/64,LocalSubnet | ||||
| 	cmd := exec.CommandContext(ctx, "netsh", []string{ | ||||
| 		"advfirewall", | ||||
| 		"firewall", | ||||
|   | ||||
| @@ -65,8 +65,8 @@ func TestName(t *testing.T) { | ||||
|  | ||||
| func TestPing(t *testing.T) { | ||||
| 	defer util.Run()() | ||||
| 	SrcIP := net.ParseIP("223.254.0.102").To4() | ||||
| 	DstIP := net.ParseIP("223.254.0.100").To4() | ||||
| 	SrcIP := net.ParseIP("198.19.0.102").To4() | ||||
| 	DstIP := net.ParseIP("198.19.0.100").To4() | ||||
|  | ||||
| 	icmpLayer := layers.ICMPv4{ | ||||
| 		TypeCode: layers.CreateICMPv4TypeCode(layers.ICMPv4TypeEchoRequest, 0), | ||||
|   | ||||
| @@ -72,7 +72,7 @@ func (h *admissionReviewHandler) handleCreate(ar v1.AdmissionReview) *v1.Admissi | ||||
| 		return &v1.AdmissionResponse{UID: ar.Request.UID, Allowed: true} | ||||
| 	} | ||||
| 	// if create pod kubevpn-traffic-manager, just ignore it | ||||
| 	// because 223.254.0.100 is reserved | ||||
| 	// because 198.19.0.100 is reserved | ||||
| 	if x, _, _ := net.ParseCIDR(value); config.RouterIP.Equal(x) { | ||||
| 		return &v1.AdmissionResponse{UID: ar.Request.UID, Allowed: true} | ||||
| 	} | ||||
| @@ -163,7 +163,7 @@ func (h *admissionReviewHandler) handleDelete(ar v1.AdmissionReview) *v1.Admissi | ||||
| 		return &v1.AdmissionResponse{Allowed: true} | ||||
| 	} | ||||
| 	// if delete pod kubevpn-traffic-manager, just ignore it | ||||
| 	// because 223.254.0.100 is reserved | ||||
| 	// because 198.19.0.100 is reserved | ||||
| 	if x, _, _ := net.ParseCIDR(value); config.RouterIP.Equal(x) { | ||||
| 		return &v1.AdmissionResponse{Allowed: true} | ||||
| 	} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 yuyicai
					yuyicai