extclients internal ips

2025-10-05 08:47:35 +08:00 · 2022-12-12 22:49:35 +05:30
parent 83dfa1f920
commit 07dd20734d
5 changed files with 61 additions and 31 deletions
--- a/controllers/ext_client.go
+++ b/controllers/ext_client.go
@@ -284,9 +284,6 @@ Endpoint = %s
 	w.WriteHeader(http.StatusOK)
 	json.NewEncoder(w).Encode(client)
 }
 func getFreeIpFromIngressExtCIDR() string {
 	return "10.235.166.20"
 }
 // swagger:route POST /api/extclients/{network}/{nodeid} ext_client createExtClient
 //
@@ -323,7 +320,6 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 	extclient.Network = networkName
 	extclient.IngressGatewayID = nodeid
 	extclient.InternalIP = getFreeIpFromIngressExtCIDR()
 	node, err := logic.GetNodeByID(nodeid)
 	if err != nil {
 		logger.Log(0, r.Header.Get("user"),
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -138,6 +138,12 @@ func CreateExtClient(extclient *models.ExtClient) error {
 				return err
 			}
 			extclient.Address = newAddress
 			extclientInternalAddr, err := UniqueAddress(extclient.Network, true)
 			if err != nil {
 				return err
 			}
 			extclient.InternalIPAddr = extclientInternalAddr
 		}
 	}
@@ -148,6 +154,11 @@ func CreateExtClient(extclient *models.ExtClient) error {
 				return err
 			}
 			extclient.Address6 = addr6
 			extclientInternalAddr6, err := UniqueAddress6(extclient.Network, true)
 			if err != nil {
 				return err
 			}
 			extclient.InternalIPAddr6 = extclientInternalAddr6
 		}
 	}
--- a/logic/gateway.go
+++ b/logic/gateway.go
@@ -185,12 +185,12 @@ func CreateIngressGateway(netid string, nodeid string, failover bool) (models.No
 	var postUpCmd, postDownCmd string
 	node, err := GetNodeByID(nodeid)
-	if node.OS != "linux" { // add in darwin later
+	// if node.OS != "linux" { // add in darwin later
-		return models.Node{}, errors.New(node.OS + " is unsupported for ingress gateways")
+	// 	return models.Node{}, errors.New(node.OS + " is unsupported for ingress gateways")
-	}
+	// }
-	if node.OS == "linux" && node.FirewallInUse == models.FIREWALL_NONE {
+	// if node.OS == "linux" && node.FirewallInUse == models.FIREWALL_NONE {
-		return models.Node{}, errors.New("firewall is not supported for ingress gateways")
+	// 	return models.Node{}, errors.New("firewall is not supported for ingress gateways")
-	}
+	// }
 	if err != nil {
 		return models.Node{}, err
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -84,10 +84,18 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			logger.Log(1, "failed to parse node pub key: ", peer.ID)
 			continue
 		}
 		proxyStatus := peer.Proxy
 		listenPort := peer.LocalListenPort
-		if listenPort == 0 {
+		if proxyStatus {
 			listenPort = peer.ProxyListenPort
 			if listenPort == 0 {
 				listenPort = proxy_models.NmProxyPort
 			}
 		} else if listenPort == 0 {
 			listenPort = peer.ListenPort
 		}
 		endpoint, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", peer.Endpoint, listenPort))
 		if err != nil {
 			logger.Log(1, "failed to resolve udp addr for node: ", peer.ID, peer.Endpoint, err.Error())
@@ -99,7 +107,6 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			// set_keepalive
 			keepalive, _ = time.ParseDuration(strconv.FormatInt(int64(node.PersistentKeepalive), 10) + "s")
 		}
 		proxyStatus := peer.Proxy
 		if peer.IsServer == "yes" {
 			proxyStatus = servercfg.IsProxyEnabled()
 		}
@@ -111,9 +118,9 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			ReplaceAllowedIPs:           true,
 		})
 		peerConfMap[peer.PublicKey] = proxy_models.PeerConf{
-			Address:         net.ParseIP(peer.PrimaryAddress()),
+			Address:          net.ParseIP(peer.PrimaryAddress()),
-			Proxy:           proxyStatus,
+			Proxy:            proxyStatus,
-			ProxyListenPort: peer.ProxyListenPort,
+			PublicListenPort: listenPort,
 		}
 		if !onlyPeers && peer.IsRelayed == "yes" {
@@ -123,11 +130,11 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 				if err == nil {
 					peerConfMap[peer.PublicKey] = proxy_models.PeerConf{
-						IsRelayed:       true,
+						IsRelayed:        true,
-						RelayedTo:       relayTo,
+						RelayedTo:        relayTo,
-						Address:         net.ParseIP(peer.PrimaryAddress()),
+						Address:          net.ParseIP(peer.PrimaryAddress()),
-						Proxy:           proxyStatus,
+						Proxy:            proxyStatus,
-						ProxyListenPort: peer.ProxyListenPort,
+						PublicListenPort: listenPort,
 					}
 				}
@@ -362,7 +369,7 @@ func getExtPeers(node *models.Node, forIngressNode bool) ([]wgtypes.PeerConfig,
 		var allowedips []net.IPNet
 		var peer wgtypes.PeerConfig
-		if extPeer.Address != "" {
+		if forIngressNode && extPeer.Address != "" {
 			var peeraddr = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address),
 				Mask: net.CIDRMask(32, 32),
@@ -372,7 +379,7 @@ func getExtPeers(node *models.Node, forIngressNode bool) ([]wgtypes.PeerConfig,
 			}
 		}
-		if extPeer.Address6 != "" {
+		if forIngressNode && extPeer.Address6 != "" {
 			var addr6 = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address6),
 				Mask: net.CIDRMask(128, 128),
@@ -381,19 +388,31 @@ func getExtPeers(node *models.Node, forIngressNode bool) ([]wgtypes.PeerConfig,
 				allowedips = append(allowedips, addr6)
 			}
 		}
-		if !forIngressNode && extPeer.InternalIP != "" {
+		if !forIngressNode {
-			peerInternalAddr := net.IPNet{
+			if extPeer.InternalIPAddr != "" {
-				IP:   net.ParseIP(extPeer.InternalIP),
+				peerInternalAddr := net.IPNet{
-				Mask: net.CIDRMask(32, 32),
+					IP:   net.ParseIP(extPeer.InternalIPAddr),
 					Mask: net.CIDRMask(32, 32),
 				}
 				if peerInternalAddr.IP != nil && peerInternalAddr.Mask != nil {
 					allowedips = append(allowedips, peerInternalAddr)
 				}
 			}
 			if extPeer.InternalIPAddr6 != "" {
 				peerInternalAddr6 := net.IPNet{
 					IP:   net.ParseIP(extPeer.InternalIPAddr6),
 					Mask: net.CIDRMask(32, 32),
 				}
 				if peerInternalAddr6.IP != nil && peerInternalAddr6.Mask != nil {
 					allowedips = append(allowedips, peerInternalAddr6)
 				}
 			}
 			allowedips = append(allowedips, peerInternalAddr)
 		}
 		primaryAddr := extPeer.Address
 		if primaryAddr == "" {
 			primaryAddr = extPeer.Address6
 		}
 		peer = wgtypes.PeerConfig{
 			PublicKey:         pubkey,
 			ReplaceAllowedIPs: true,
@@ -454,11 +473,14 @@ func getExtPeersForProxy(node *models.Node, proxyPeerConf map[string]proxy_model
 			ReplaceAllowedIPs: true,
 			AllowedIPs:        allowedips,
 		}
-
+		extInternalPrimaryAddr := extPeer.InternalIPAddr
 		if extInternalPrimaryAddr == "" {
 			extInternalPrimaryAddr = extPeer.InternalIPAddr6
 		}
 		extConf := proxy_models.PeerConf{
 			IsExtClient:   true,
 			Address:       net.ParseIP(extPeer.Address),
-			ExtInternalIp: net.ParseIP(extPeer.InternalIP),
+			ExtInternalIp: net.ParseIP(extInternalPrimaryAddr),
 		}
 		if extPeer.IngressGatewayID == node.ID {
 			extConf.IsAttachedExtClient = true
--- a/models/extclient.go
+++ b/models/extclient.go
@@ -14,5 +14,6 @@ type ExtClient struct {
 	LastModified           int64  `json:"lastmodified" bson:"lastmodified"`
 	Enabled                bool   `json:"enabled" bson:"enabled"`
 	OwnerID                string `json:"ownerid" bson:"ownerid"`
-	InternalIP             string `json:"internal_ip" bson:"internal_ip"`
+	InternalIPAddr         string `json:"internal_ip_addr" bson:"internal_ip_addr"`
 	InternalIPAddr6        string `json:"internal_ip_addr6" bson:"internal_ip_addr6"`
 }