zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-11-03 02:53:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

added udp holepunching

Browse Source
This commit is contained in:
afeiszli
2021-07-25 14:22:20 -04:00
parent fd223e3d4a
commit 4a6ebfc108
10 changed files with 2813 additions and 2154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
controllers/common.go
View File

@@ -3,12 +3,16 @@ package controller
import (
"encoding/json"
"fmt"
"log"
"strconv"
"strings"
"time"
"github.com/gravitl/netmaker/database"
"github.com/gravitl/netmaker/functions"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/servercfg"
"github.com/gravitl/netmaker/serverctl"
"golang.org/x/crypto/bcrypt"
)
@@ -16,11 +20,10 @@ func GetPeersList(networkName string) ([]models.PeersResponse, error) {
var peers []models.PeersResponse
collection, err := database.FetchRecords(database.NODES_TABLE_NAME)
if err != nil {
return peers, err
udppeers, errN := serverctl.GetPeers(networkName)
if errN != nil {
log.Println(errN)
}
for _, value := range collection {
var node models.Node
var peer models.PeersResponse
@@ -33,9 +36,23 @@ func GetPeersList(networkName string) ([]models.PeersResponse, error) {
continue
}
if node.Network == networkName && !node.IsPending {
if node.UDPHolePunch == "yes" && errN == nil {
endpointstring := udppeers[peer.PublicKey]
endpointarr := strings.Split(endpointstring, ":")
if len(endpointarr) == 2 {
port, err := strconv.Atoi(endpointarr[1])
if err == nil {
peer.Endpoint = endpointarr[0]
peer.ListenPort = int32(port)
}
}
}
peers = append(peers, peer)
}
}
if err != nil {
return peers, err
}
return peers, err
}

58
controllers/nodeGrpcController.go
View File

@@ -59,63 +59,12 @@ func (s *NodeServiceServer) ReadNode(ctx context.Context, req *nodepb.ReadNodeRe
Islocal: network.IsLocal == "yes",
Isdualstack: network.IsDualStack == "yes",
Localrange: network.LocalRange,
Udpholepunch: node.UDPHolePunch,
},
}
return response, nil
}
/*
func (s *NodeServiceServer) GetConn(ctx context.Context, data *nodepb.Client) (*nodepb.Client, error) {
// Get the protobuf node type from the protobuf request type
// Essentially doing req.Node to access the struct with a nil check
// Now we have to convert this into a NodeItem type to convert into BSON
clientreq := models.IntClient{
// ID: primitive.NilObjectID,
Address: data.GetAddress(),
Address6: data.GetAddress6(),
AccessKey: data.GetAccesskey(),
PublicKey: data.GetPublickey(),
PrivateKey: data.GetPrivatekey(),
ServerPort: data.GetServerport(),
ServerKey: data.GetServerkey(),
ServerWGEndpoint: data.GetServerwgendpoint(),
}
//Check to see if key is valid
//TODO: Triple inefficient!!! This is the third call to the DB we make for networks
if servercfg.IsRegisterKeyRequired() {
validKey := functions.IsKeyValidGlobal(clientreq.AccessKey)
if !validKey {
return nil, status.Errorf(
codes.Internal,
fmt.Sprintf("Invalid key, and server does not allow no-key signups"),
)
}
}
client, err := RegisterIntClient(clientreq)
if err != nil {
// return internal gRPC error to be handled later
return nil, status.Errorf(
codes.Internal,
fmt.Sprintf("Internal error: %v", err),
)
}
// return the node in a CreateNodeRes type
response := &nodepb.Client{
Privatekey: client.PrivateKey,
Publickey: client.PublicKey,
Accesskey: client.AccessKey,
Address: client.Address,
Address6: client.Address6,
Serverwgendpoint: client.ServerWGEndpoint,
Serverport: client.ServerPort,
Serverkey: client.ServerKey,
}
return response, nil
}
*/
func (s *NodeServiceServer) CreateNode(ctx context.Context, req *nodepb.CreateNodeReq) (*nodepb.CreateNodeRes, error) {
// Get the protobuf node type from the protobuf request type
// Essentially doing req.Node to access the struct with a nil check
@@ -137,6 +86,7 @@ func (s *NodeServiceServer) CreateNode(ctx context.Context, req *nodepb.CreateNo
IsPending: data.GetIspending(),
PublicKey: data.GetPublickey(),
ListenPort: data.GetListenport(),
UDPHolePunch: data.GetUdpholepunch(),
}
err := node.Validate(false)
@@ -197,6 +147,7 @@ func (s *NodeServiceServer) CreateNode(ctx context.Context, req *nodepb.CreateNo
Islocal: network.IsLocal == "yes",
Isdualstack: network.IsDualStack == "yes",
Localrange: network.LocalRange,
Udpholepunch: node.UDPHolePunch,
},
}
err = SetNetworkNodesLastModified(node.Network)
@@ -225,6 +176,7 @@ func (s *NodeServiceServer) CheckIn(ctx context.Context, req *nodepb.CheckInReq)
ListenPort: data.GetListenport(),
PersistentKeepalive: data.GetKeepalive(),
PublicKey: data.GetPublickey(),
UDPHolePunch: data.GetUdpholepunch(),
}
checkinresponse, err := NodeCheckIn(node, node.Network)
@@ -274,6 +226,7 @@ func (s *NodeServiceServer) UpdateNode(ctx context.Context, req *nodepb.UpdateNo
IsPending: data.GetIspending(),
PublicKey: data.GetPublickey(),
ListenPort: data.GetListenport(),
UDPHolePunch: data.GetUdpholepunch(),
}
// Convert the Id string to a MongoDB ObjectId
@@ -323,6 +276,7 @@ func (s *NodeServiceServer) UpdateNode(ctx context.Context, req *nodepb.UpdateNo
Islocal: network.IsLocal == "yes",
Isdualstack: network.IsDualStack == "yes",
Localrange: network.LocalRange,
Udpholepunch: newnode.UDPHolePunch,
},
}, nil
}

1
go.mod
View File

@@ -3,6 +3,7 @@ module github.com/gravitl/netmaker
go 1.15
require (
github.com/aws/aws-sdk-go v1.34.28
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/go-playground/validator/v10 v10.5.0

2592
grpc/node.pb.go
View File

File diff suppressed because it is too large Load Diff

3
grpc/node.proto
View File

@@ -36,7 +36,7 @@ message Node {
string postup = 11;
string postdown = 12;
int32 keepalive = 13;
bool saveconfig = 14;
string saveconfig = 14;
string accesskey = 15;
string interface = 16;
string lastcheckin = 17;
@@ -51,6 +51,7 @@ message Node {
bool isdualstack = 27;
bool dnsoff = 24;
string localrange = 25;
string udpholepunch = 30;
}
message CheckInResponse {

702
netclient/config/config.go
View File

@@ -2,166 +2,170 @@ package config
import (
//"github.com/davecgh/go-spew/spew"
"github.com/urfave/cli/v2"
"os"
"encoding/base64"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"log"
"encoding/json"
"gopkg.in/yaml.v3"
"os"
nodepb "github.com/gravitl/netmaker/grpc"
"github.com/gravitl/netmaker/models"
"github.com/urfave/cli/v2"
"gopkg.in/yaml.v3"
)
type GlobalConfig struct {
GRPCWireGuard string `yaml:"grpcwg"`
Client models.IntClient
Client models.IntClient
}
type ClientConfig struct {
Server ServerConfig `yaml:"server"`
Node NodeConfig `yaml:"node"`
Network string `yaml:"network"`
Daemon string `yaml:"daemon"`
OperatingSystem string `yaml:"operatingsystem"`
Server ServerConfig `yaml:"server"`
Node NodeConfig `yaml:"node"`
Network string `yaml:"network"`
Daemon string `yaml:"daemon"`
OperatingSystem string `yaml:"operatingsystem"`
}
type ServerConfig struct {
CoreDNSAddr string `yaml:"corednsaddr"`
GRPCAddress string `yaml:"grpcaddress"`
APIAddress string `yaml:"apiaddress"`
AccessKey string `yaml:"accesskey"`
GRPCSSL string `yaml:"grpcssl"`
GRPCWireGuard string `yaml:"grpcwg"`
CoreDNSAddr string `yaml:"corednsaddr"`
GRPCAddress string `yaml:"grpcaddress"`
APIAddress string `yaml:"apiaddress"`
AccessKey string `yaml:"accesskey"`
GRPCSSL string `yaml:"grpcssl"`
GRPCWireGuard string `yaml:"grpcwg"`
}
type ListConfig struct {
Name string `yaml:"name"`
Interface string `yaml:"interface"`
PrivateIPv4 string `yaml:"wgaddress"`
PrivateIPv6 string `yaml:"wgaddress6"`
PublicEndpoint string `yaml:"endpoint"`
Name string `yaml:"name"`
Interface string `yaml:"interface"`
PrivateIPv4 string `yaml:"wgaddress"`
PrivateIPv6 string `yaml:"wgaddress6"`
PublicEndpoint string `yaml:"endpoint"`
}
type NodeConfig struct {
Name string `yaml:"name"`
Interface string `yaml:"interface"`
Network string `yaml:"network"`
Password string `yaml:"password"`
MacAddress string `yaml:"macaddress"`
LocalAddress string `yaml:"localaddress"`
WGAddress string `yaml:"wgaddress"`
WGAddress6 string `yaml:"wgaddress6"`
Roaming string `yaml:"roaming"`
DNS string `yaml:"dns"`
IsLocal string `yaml:"islocal"`
IsDualStack string `yaml:"isdualstack"`
IsIngressGateway string `yaml:"isingressgateway"`
LocalRange string `yaml:"localrange"`
PostUp string `yaml:"postup"`
PostDown string `yaml:"postdown"`
Port int32 `yaml:"port"`
KeepAlive int32 `yaml:"keepalive"`
PublicKey string `yaml:"publickey"`
ServerPubKey string `yaml:"serverpubkey"`
PrivateKey string `yaml:"privatekey"`
Endpoint string `yaml:"endpoint"`
PostChanges string `yaml:"postchanges"`
StaticIP string `yaml:"staticip"`
StaticPubKey string `yaml:"staticpubkey"`
IPForwarding string `yaml:"ipforwarding"`
Name string `yaml:"name"`
Interface string `yaml:"interface"`
Network string `yaml:"network"`
Password string `yaml:"password"`
MacAddress string `yaml:"macaddress"`
LocalAddress string `yaml:"localaddress"`
WGAddress string `yaml:"wgaddress"`
WGAddress6 string `yaml:"wgaddress6"`
Roaming string `yaml:"roaming"`
DNS string `yaml:"dns"`
IsLocal string `yaml:"islocal"`
IsDualStack string `yaml:"isdualstack"`
IsIngressGateway string `yaml:"isingressgateway"`
LocalRange string `yaml:"localrange"`
PostUp string `yaml:"postup"`
PostDown string `yaml:"postdown"`
Port int32 `yaml:"port"`
KeepAlive int32 `yaml:"keepalive"`
PublicKey string `yaml:"publickey"`
ServerPubKey string `yaml:"serverpubkey"`
PrivateKey string `yaml:"privatekey"`
Endpoint string `yaml:"endpoint"`
PostChanges string `yaml:"postchanges"`
StaticIP string `yaml:"staticip"`
StaticPubKey string `yaml:"staticpubkey"`
IPForwarding string `yaml:"ipforwarding"`
UDPHolePunch string `yaml:"udpholepunch"`
}
//reading in the env file
func Write(config *ClientConfig, network string) error{
func Write(config *ClientConfig, network string) error {
if network == "" {
err := errors.New("No network provided. Exiting.")
return err
}
_, err := os.Stat("/etc/netclient")
_, err := os.Stat("/etc/netclient")
if os.IsNotExist(err) {
os.Mkdir("/etc/netclient", 744)
os.Mkdir("/etc/netclient", 744)
} else if err != nil {
return err
}
return err
}
home := "/etc/netclient"
file := fmt.Sprintf(home + "/netconfig-" + network)
f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
defer f.Close()
file := fmt.Sprintf(home + "/netconfig-" + network)
f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
defer f.Close()
err = yaml.NewEncoder(f).Encode(config)
if err != nil {
return err
}
return err
return err
}
//reading in the env file
func WriteGlobal(config *GlobalConfig) error{
_, err := os.Stat("/etc/netclient")
if os.IsNotExist(err) {
os.Mkdir("/etc/netclient", 744)
} else if err != nil {
return err
}
home := "/etc/netclient"
if err != nil {
log.Fatal(err)
}
file := fmt.Sprintf(home + "/netconfig-global-001")
f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
defer f.Close()
err = yaml.NewEncoder(f).Encode(config)
if err != nil {
return err
}
return err
}
func WriteServer(server string, accesskey string, network string) error{
if network == "" {
err := errors.New("No network provided. Exiting.")
return err
}
nofile := false
//home, err := homedir.Dir()
_, err := os.Stat("/etc/netclient")
func WriteGlobal(config *GlobalConfig) error {
_, err := os.Stat("/etc/netclient")
if os.IsNotExist(err) {
os.Mkdir("/etc/netclient", 744)
} else if err != nil {
os.Mkdir("/etc/netclient", 744)
} else if err != nil {
return err
}
home := "/etc/netclient"
if err != nil {
log.Fatal(err)
}
file := fmt.Sprintf(home + "/netconfig-global-001")
f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
defer f.Close()
err = yaml.NewEncoder(f).Encode(config)
if err != nil {
return err
}
return err
}
func WriteServer(server string, accesskey string, network string) error {
if network == "" {
err := errors.New("No network provided. Exiting.")
return err
}
nofile := false
//home, err := homedir.Dir()
_, err := os.Stat("/etc/netclient")
if os.IsNotExist(err) {
os.Mkdir("/etc/netclient", 744)
} else if err != nil {
fmt.Println("couldnt find or create /etc/netclient")
return err
}
home := "/etc/netclient"
return err
}
home := "/etc/netclient"
file := fmt.Sprintf(home + "/netconfig-" + network)
//f, err := os.Open(file)
f, err := os.OpenFile(file, os.O_CREATE|os.O_RDWR, 0666)
//f, err := os.Open(file)
f, err := os.OpenFile(file, os.O_CREATE|os.O_RDWR, 0666)
//f, err := ioutil.ReadFile(file)
if err != nil {
if err != nil {
fmt.Println("couldnt open netconfig-" + network)
fmt.Println(err)
nofile = true
nofile = true
//err = nil
return err
}
defer f.Close()
}
defer f.Close()
//cfg := &ClientConfig{}
var cfg ClientConfig
if !nofile {
if !nofile {
fmt.Println("Writing to existing config file at " + home + "/netconfig-" + network)
decoder := yaml.NewDecoder(f)
err = decoder.Decode(&cfg)
decoder := yaml.NewDecoder(f)
err = decoder.Decode(&cfg)
//err = yaml.Unmarshal(f, &cfg)
if err != nil {
if err != nil {
//fmt.Println(err)
//return err
}
//return err
}
f.Close()
f, err = os.OpenFile(file, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0666)
if err != nil {
if err != nil {
fmt.Println("couldnt open netconfig")
fmt.Println(err)
nofile = true
@@ -170,10 +174,10 @@ func WriteServer(server string, accesskey string, network string) error{
}
defer f.Close()
if err != nil {
fmt.Println("trouble opening file")
fmt.Println(err)
}
if err != nil {
fmt.Println("trouble opening file")
fmt.Println(err)
}
cfg.Server.GRPCAddress = server
cfg.Server.AccessKey = accesskey
@@ -181,36 +185,34 @@ func WriteServer(server string, accesskey string, network string) error{
err = yaml.NewEncoder(f).Encode(cfg)
//_, err = yaml.Marshal(f, &cfg)
if err != nil {
fmt.Println("trouble encoding file")
return err
}
fmt.Println("trouble encoding file")
return err
}
} else {
fmt.Println("Creating new config file at " + home + "/netconfig-" + network)
fmt.Println("Creating new config file at " + home + "/netconfig-" + network)
cfg.Server.GRPCAddress = server
cfg.Server.AccessKey = accesskey
cfg.Server.GRPCAddress = server
cfg.Server.AccessKey = accesskey
newf, err := os.Create(home + "/netconfig-" + network)
err = yaml.NewEncoder(newf).Encode(cfg)
defer newf.Close()
if err != nil {
return err
}
}
newf, err := os.Create(home + "/netconfig-" + network)
err = yaml.NewEncoder(newf).Encode(cfg)
defer newf.Close()
if err != nil {
return err
}
}
return err
return err
}
func(config *ClientConfig) ReadConfig() {
func (config *ClientConfig) ReadConfig() {
nofile := false
//home, err := homedir.Dir()
home := "/etc/netclient"
file := fmt.Sprintf(home + "/netconfig-" + config.Network)
//f, err := os.Open(file)
f, err := os.OpenFile(file, os.O_RDONLY, 0666)
f, err := os.OpenFile(file, os.O_RDONLY, 0666)
if err != nil {
fmt.Println("trouble opening file")
fmt.Println(err)
@@ -233,153 +235,153 @@ func(config *ClientConfig) ReadConfig() {
}
}
}
func ModGlobalConfig(cfg models.IntClient) error{
var modconfig GlobalConfig
var err error
if FileExists("/etc/netclient/netconfig-global-001") {
useconfig, err := ReadGlobalConfig()
if err != nil {
return err
}
modconfig = *useconfig
}
if cfg.ServerWGPort != ""{
modconfig.Client.ServerWGPort = cfg.ServerWGPort
}
if cfg.ServerGRPCPort != ""{
modconfig.Client.ServerGRPCPort = cfg.ServerGRPCPort
}
if cfg.ServerAPIPort != ""{
modconfig.Client.ServerAPIPort = cfg.ServerAPIPort
}
if cfg.PublicKey != ""{
modconfig.Client.PublicKey = cfg.PublicKey
}
if cfg.PrivateKey != ""{
modconfig.Client.PrivateKey = cfg.PrivateKey
}
if cfg.ServerPublicEndpoint != ""{
modconfig.Client.ServerPublicEndpoint = cfg.ServerPublicEndpoint
}
if cfg.ServerPrivateAddress != ""{
modconfig.Client.ServerPrivateAddress = cfg.ServerPrivateAddress
}
if cfg.Address != ""{
modconfig.Client.Address = cfg.Address
}
if cfg.Address6 != ""{
modconfig.Client.Address6 = cfg.Address6
}
if cfg.Network != ""{
modconfig.Client.Network = cfg.Network
}
if cfg.ServerKey != ""{
modconfig.Client.ServerKey = cfg.ServerKey
}
if cfg.AccessKey != ""{
modconfig.Client.AccessKey = cfg.AccessKey
}
if cfg.ClientID != ""{
modconfig.Client.ClientID = cfg.ClientID
}
err = WriteGlobal(&modconfig)
return err
func ModGlobalConfig(cfg models.IntClient) error {
var modconfig GlobalConfig
var err error
if FileExists("/etc/netclient/netconfig-global-001") {
useconfig, err := ReadGlobalConfig()
if err != nil {
return err
}
modconfig = *useconfig
}
if cfg.ServerWGPort != "" {
modconfig.Client.ServerWGPort = cfg.ServerWGPort
}
if cfg.ServerGRPCPort != "" {
modconfig.Client.ServerGRPCPort = cfg.ServerGRPCPort
}
if cfg.ServerAPIPort != "" {
modconfig.Client.ServerAPIPort = cfg.ServerAPIPort
}
if cfg.PublicKey != "" {
modconfig.Client.PublicKey = cfg.PublicKey
}
if cfg.PrivateKey != "" {
modconfig.Client.PrivateKey = cfg.PrivateKey
}
if cfg.ServerPublicEndpoint != "" {
modconfig.Client.ServerPublicEndpoint = cfg.ServerPublicEndpoint
}
if cfg.ServerPrivateAddress != "" {
modconfig.Client.ServerPrivateAddress = cfg.ServerPrivateAddress
}
if cfg.Address != "" {
modconfig.Client.Address = cfg.Address
}
if cfg.Address6 != "" {
modconfig.Client.Address6 = cfg.Address6
}
if cfg.Network != "" {
modconfig.Client.Network = cfg.Network
}
if cfg.ServerKey != "" {
modconfig.Client.ServerKey = cfg.ServerKey
}
if cfg.AccessKey != "" {
modconfig.Client.AccessKey = cfg.AccessKey
}
if cfg.ClientID != "" {
modconfig.Client.ClientID = cfg.ClientID
}
err = WriteGlobal(&modconfig)
return err
}
func ModConfig(node *nodepb.Node) error{
network := node.Nodenetwork
if network == "" {
return errors.New("No Network Provided")
}
func ModConfig(node *nodepb.Node) error {
network := node.Nodenetwork
if network == "" {
return errors.New("No Network Provided")
}
var modconfig ClientConfig
var err error
if FileExists("/etc/netclient/netconfig-"+network) {
if FileExists("/etc/netclient/netconfig-" + network) {
useconfig, err := ReadConfig(network)
if err != nil {
return err
}
modconfig = *useconfig
}
nodecfg := modconfig.Node
if node.Name != ""{
nodecfg.Name = node.Name
}
if node.Interface != ""{
nodecfg.Interface = node.Interface
}
if node.Nodenetwork != ""{
nodecfg.Network = node.Nodenetwork
}
if node.Macaddress != ""{
nodecfg.MacAddress = node.Macaddress
}
if node.Localaddress != ""{
nodecfg.LocalAddress = node.Localaddress
}
if node.Postup != ""{
nodecfg.PostUp = node.Postup
}
if node.Postdown != ""{
nodecfg.PostDown = node.Postdown
}
if node.Listenport != 0{
nodecfg.Port = node.Listenport
}
if node.Keepalive != 0{
nodecfg.KeepAlive = node.Keepalive
}
if node.Publickey != ""{
nodecfg.PublicKey = node.Publickey
}
if node.Endpoint != ""{
nodecfg.Endpoint = node.Endpoint
}
if node.Password != ""{
nodecfg.Password = node.Password
}
if node.Address != ""{
nodecfg.WGAddress = node.Address
}
if node.Address6 != ""{
nodecfg.WGAddress6 = node.Address6
}
if node.Postchanges != "" {
nodecfg.PostChanges = node.Postchanges
}
if node.Dnsoff == true {
nodecfg := modconfig.Node
if node.Name != "" {
nodecfg.Name = node.Name
}
if node.Interface != "" {
nodecfg.Interface = node.Interface
}
if node.Nodenetwork != "" {
nodecfg.Network = node.Nodenetwork
}
if node.Macaddress != "" {
nodecfg.MacAddress = node.Macaddress
}
if node.Localaddress != "" {
nodecfg.LocalAddress = node.Localaddress
}
if node.Postup != "" {
nodecfg.PostUp = node.Postup
}
if node.Postdown != "" {
nodecfg.PostDown = node.Postdown
}
if node.Listenport != 0 {
nodecfg.Port = node.Listenport
}
if node.Keepalive != 0 {
nodecfg.KeepAlive = node.Keepalive
}
if node.Publickey != "" {
nodecfg.PublicKey = node.Publickey
}
if node.Endpoint != "" {
nodecfg.Endpoint = node.Endpoint
}
if node.Password != "" {
nodecfg.Password = node.Password
}
if node.Address != "" {
nodecfg.WGAddress = node.Address
}
if node.Address6 != "" {
nodecfg.WGAddress6 = node.Address6
}
if node.Postchanges != "" {
nodecfg.PostChanges = node.Postchanges
}
if node.Dnsoff == true {
nodecfg.DNS = "off"
}
if node.Isdualstack == true {
nodecfg.IsDualStack = "yes"
}
}
if node.Isdualstack == true {
nodecfg.IsDualStack = "yes"
}
if node.Udpholepunch != "" {
nodecfg.UDPHolePunch = node.Udpholepunch
}
if node.Isingressgateway {
nodecfg.IsIngressGateway = "yes"
} else {
nodecfg.IsIngressGateway = "no"
nodecfg.IsIngressGateway = "no"
}
if node.Localrange != "" && node.Islocal {
nodecfg.IsLocal = "yes"
nodecfg.LocalRange = node.Localrange
}
modconfig.Node = nodecfg
err = Write(&modconfig, network)
return err
if node.Localrange != "" && node.Islocal {
nodecfg.IsLocal = "yes"
nodecfg.LocalRange = node.Localrange
}
modconfig.Node = nodecfg
err = Write(&modconfig, network)
return err
}
func GetCLIConfig(c *cli.Context) (ClientConfig, error){
func GetCLIConfig(c *cli.Context) (ClientConfig, error) {
var cfg ClientConfig
if c.String("token") != "" {
tokenbytes, err := base64.StdEncoding.DecodeString(c.String("token"))
if err != nil {
tokenbytes, err := base64.StdEncoding.DecodeString(c.String("token"))
if err != nil {
log.Println("error decoding token")
return cfg, err
}
}
var accesstoken models.AccessToken
if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
log.Println("error converting token json to object", tokenbytes )
log.Println("error converting token json to object", tokenbytes)
return cfg, err
}
@@ -391,17 +393,17 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
cfg.Server.APIAddress = cfg.Server.APIAddress + ":" + accesstoken.ServerConfig.APIPort
}
}
if accesstoken.ServerConfig.GRPCConnString != "" {
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCConnString
} else {
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCHost
if accesstoken.ServerConfig.GRPCPort != "" {
cfg.Server.GRPCAddress = cfg.Server.GRPCAddress + ":" + accesstoken.ServerConfig.GRPCPort
}
}
cfg.Network = accesstoken.ClientConfig.Network
cfg.Node.Network = accesstoken.ClientConfig.Network
cfg.Server.AccessKey = accesstoken.ClientConfig.Key
if accesstoken.ServerConfig.GRPCConnString != "" {
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCConnString
} else {
cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCHost
if accesstoken.ServerConfig.GRPCPort != "" {
cfg.Server.GRPCAddress = cfg.Server.GRPCAddress + ":" + accesstoken.ServerConfig.GRPCPort
}
}
cfg.Network = accesstoken.ClientConfig.Network
cfg.Node.Network = accesstoken.ClientConfig.Network
cfg.Server.AccessKey = accesstoken.ClientConfig.Key
cfg.Node.LocalRange = accesstoken.ClientConfig.LocalRange
cfg.Server.GRPCSSL = accesstoken.ServerConfig.GRPCSSL
cfg.Server.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
@@ -409,9 +411,9 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
if c.String("grpcserver") != "" {
cfg.Server.GRPCAddress = c.String("grpcserver")
}
if c.String("apiserver") != "" {
cfg.Server.APIAddress = c.String("apiserver")
}
if c.String("apiserver") != "" {
cfg.Server.APIAddress = c.String("apiserver")
}
if c.String("key") != "" {
cfg.Server.AccessKey = c.String("key")
}
@@ -422,26 +424,26 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
if c.String("localrange") != "" {
cfg.Node.LocalRange = c.String("localrange")
}
if c.String("grpcssl") != "" {
cfg.Server.GRPCSSL = c.String("grpcssl")
}
if c.String("corednsaddr") != "" {
cfg.Server.CoreDNSAddr = c.String("corednsaddr")
}
if c.String("grpcwg") != "" {
cfg.Server.GRPCWireGuard = c.String("grpcwg")
}
if c.String("grpcssl") != "" {
cfg.Server.GRPCSSL = c.String("grpcssl")
}
if c.String("corednsaddr") != "" {
cfg.Server.CoreDNSAddr = c.String("corednsaddr")
}
if c.String("grpcwg") != "" {
cfg.Server.GRPCWireGuard = c.String("grpcwg")
}
} else {
cfg.Server.GRPCAddress = c.String("grpcserver")
cfg.Server.APIAddress = c.String("apiserver")
cfg.Server.AccessKey = c.String("key")
cfg.Network = c.String("network")
cfg.Node.Network = c.String("network")
cfg.Node.LocalRange = c.String("localrange")
cfg.Server.GRPCWireGuard = c.String("grpcwg")
cfg.Server.GRPCSSL = c.String("grpcssl")
cfg.Server.CoreDNSAddr = c.String("corednsaddr")
cfg.Network = c.String("network")
cfg.Node.Network = c.String("network")
cfg.Node.LocalRange = c.String("localrange")
cfg.Server.GRPCWireGuard = c.String("grpcwg")
cfg.Server.GRPCSSL = c.String("grpcssl")
cfg.Server.CoreDNSAddr = c.String("corednsaddr")
}
cfg.Node.Name = c.String("name")
cfg.Node.Interface = c.String("interface")
@@ -464,11 +466,12 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
cfg.Node.IPForwarding = c.String("ipforwarding")
cfg.OperatingSystem = c.String("operatingsystem")
cfg.Daemon = c.String("daemon")
cfg.Node.UDPHolePunch = c.String("udpholepunch")
return cfg, nil
}
func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error) {
var cfg GlobalConfig
if c.String("token") != "" {
tokenbytes, err := base64.StdEncoding.DecodeString(c.String("token"))
@@ -476,11 +479,11 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
log.Println("error decoding token")
return cfg, err
}
var accesstoken models.AccessToken
if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
log.Println("error converting token json to object", tokenbytes )
return cfg, err
}
var accesstoken models.AccessToken
if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
log.Println("error converting token json to object", tokenbytes)
return cfg, err
}
cfg.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress
cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort
@@ -488,54 +491,53 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
log.Println("error decoding token grpcserver")
return cfg, err
}
if err != nil {
log.Println("error decoding token apiserver")
return cfg, err
}
if accesstoken.ServerConfig.APIConnString != "" {
cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIConnString
} else {
cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIHost
if accesstoken.ServerConfig.APIPort != "" {
cfg.Client.ServerAPIPort = accesstoken.ServerConfig.APIPort
}
}
if err != nil {
log.Println("error decoding token apiserver")
return cfg, err
}
if accesstoken.ServerConfig.APIConnString != "" {
cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIConnString
} else {
cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIHost
if accesstoken.ServerConfig.APIPort != "" {
cfg.Client.ServerAPIPort = accesstoken.ServerConfig.APIPort
}
}
cfg.Client.ServerWGPort = accesstoken.WG.GRPCWGPort
cfg.Client.ServerKey = accesstoken.ClientConfig.Key
cfg.Client.ServerKey = accesstoken.WG.GRPCWGPubKey
cfg.Client.ServerKey = accesstoken.WG.GRPCWGPubKey
if c.String("grpcserver") != "" {
cfg.Client.ServerPrivateAddress = c.String("grpcserver")
}
if c.String("apiserver") != "" {
cfg.Client.ServerPublicEndpoint = c.String("apiserver")
}
if c.String("pubkey") != "" {
cfg.Client.ServerKey = c.String("pubkey")
}
if c.String("network") != "all" {
cfg.Client.Network = c.String("network")
}
} else {
cfg.Client.ServerPrivateAddress = c.String("grpcserver")
cfg.Client.ServerPublicEndpoint = c.String("apiserver")
cfg.Client.ServerKey = c.String("key")
cfg.Client.Network = c.String("network")
}
cfg.Client.Address = c.String("address")
cfg.Client.Address6 = c.String("addressIPV6")
cfg.Client.PublicKey = c.String("pubkey")
cfg.Client.PrivateKey = c.String("privkey")
if c.String("grpcserver") != "" {
cfg.Client.ServerPrivateAddress = c.String("grpcserver")
}
if c.String("apiserver") != "" {
cfg.Client.ServerPublicEndpoint = c.String("apiserver")
}
if c.String("pubkey") != "" {
cfg.Client.ServerKey = c.String("pubkey")
}
if c.String("network") != "all" {
cfg.Client.Network = c.String("network")
}
} else {
cfg.Client.ServerPrivateAddress = c.String("grpcserver")
cfg.Client.ServerPublicEndpoint = c.String("apiserver")
cfg.Client.ServerKey = c.String("key")
cfg.Client.Network = c.String("network")
}
cfg.Client.Address = c.String("address")
cfg.Client.Address6 = c.String("addressIPV6")
cfg.Client.PublicKey = c.String("pubkey")
cfg.Client.PrivateKey = c.String("privkey")
return cfg, nil
return cfg, nil
}
func ReadConfig(network string) (*ClientConfig, error) {
if network == "" {
err := errors.New("No network provided. Exiting.")
return nil, err
}
if network == "" {
err := errors.New("No network provided. Exiting.")
return nil, err
}
nofile := false
home := "/etc/netclient"
file := fmt.Sprintf(home + "/netconfig-" + network)
@@ -560,33 +562,33 @@ func ReadConfig(network string) (*ClientConfig, error) {
}
func ReadGlobalConfig() (*GlobalConfig, error) {
nofile := false
home := "/etc/netclient"
file := fmt.Sprintf(home + "/netconfig-global-001")
f, err := os.Open(file)
nofile := false
home := "/etc/netclient"
file := fmt.Sprintf(home + "/netconfig-global-001")
f, err := os.Open(file)
if err != nil {
nofile = true
}
defer f.Close()
if err != nil {
nofile = true
}
defer f.Close()
var cfg GlobalConfig
var cfg GlobalConfig
if !nofile {
decoder := yaml.NewDecoder(f)
err = decoder.Decode(&cfg)
if err != nil {
fmt.Println("trouble decoding file")
return nil, err
}
}
return &cfg, err
if !nofile {
decoder := yaml.NewDecoder(f)
err = decoder.Decode(&cfg)
if err != nil {
fmt.Println("trouble decoding file")
return nil, err
}
}
return &cfg, err
}
func FileExists(f string) bool {
info, err := os.Stat(f)
if os.IsNotExist(err) {
return false
}
return !info.IsDir()
info, err := os.Stat(f)
if os.IsNotExist(err) {
return false
}
return !info.IsDir()
}

254
netclient/functions/join.go
View File

@@ -1,23 +1,24 @@
package functions
import (
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt"
"errors"
"context"
"crypto/tls"
"errors"
"fmt"
"log"
"net"
"math/rand"
"net"
"time"
"github.com/gravitl/netmaker/netclient/config"
"github.com/gravitl/netmaker/netclient/wireguard"
"github.com/gravitl/netmaker/netclient/server"
"github.com/gravitl/netmaker/netclient/local"
nodepb "github.com/gravitl/netmaker/grpc"
nodepb "github.com/gravitl/netmaker/grpc"
"github.com/gravitl/netmaker/netclient/config"
"github.com/gravitl/netmaker/netclient/local"
"github.com/gravitl/netmaker/netclient/server"
"github.com/gravitl/netmaker/netclient/wireguard"
"golang.zx2c4.com/wireguard/wgctrl"
"google.golang.org/grpc"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
//homedir "github.com/mitchellh/go-homedir"
)
@@ -25,7 +26,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
hasnet := local.HasNetwork(cfg.Network)
if hasnet {
err := errors.New("ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg.Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg.Network + "'. Then re-run the install command.")
err := errors.New("ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg.Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg.Network + "'. Then re-run the install command.")
return err
}
log.Println("attempting to join " + cfg.Network + " at " + cfg.Server.GRPCAddress)
@@ -34,73 +35,73 @@ func JoinNetwork(cfg config.ClientConfig) error {
return err
}
wgclient, err := wgctrl.New()
if err != nil {
wgclient, err := wgctrl.New()
if err != nil {
return err
}
defer wgclient.Close()
}
defer wgclient.Close()
if cfg.Node.Network == "" {
return errors.New("no network provided")
}
if cfg.Node.LocalRange != "" {
if cfg.Node.LocalAddress == "" {
log.Println("local vpn, getting local address from range: " + cfg.Node.LocalRange)
ifaces, err := net.Interfaces()
if err != nil {
return err
}
_, localrange, err := net.ParseCIDR(cfg.Node.LocalRange)
if err != nil {
return err
}
var local string
found := false
for _, i := range ifaces {
if i.Flags&net.FlagUp == 0 {
continue // interface down
}
if i.Flags&net.FlagLoopback != 0 {
continue // loopback interface
}
addrs, err := i.Addrs()
if cfg.Node.LocalAddress == "" {
log.Println("local vpn, getting local address from range: " + cfg.Node.LocalRange)
ifaces, err := net.Interfaces()
if err != nil {
return err
}
_, localrange, err := net.ParseCIDR(cfg.Node.LocalRange)
if err != nil {
return err
}
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
if !found {
ip = v.IP
local = ip.String()
if cfg.Node.IsLocal == "yes" {
found = localrange.Contains(ip)
} else {
found = true
}
}
case *net.IPAddr:
if !found {
ip = v.IP
local = ip.String()
if cfg.Node.IsLocal == "yes" {
found = localrange.Contains(ip)
} else {
found = true
var local string
found := false
for _, i := range ifaces {
if i.Flags&net.FlagUp == 0 {
continue // interface down
}
if i.Flags&net.FlagLoopback != 0 {
continue // loopback interface
}
addrs, err := i.Addrs()
if err != nil {
return err
}
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
if !found {
ip = v.IP
local = ip.String()
if cfg.Node.IsLocal == "yes" {
found = localrange.Contains(ip)
} else {
found = true
}
}
case *net.IPAddr:
if !found {
ip = v.IP
local = ip.String()
if cfg.Node.IsLocal == "yes" {
found = localrange.Contains(ip)
} else {
found = true
}
}
}
}
}
cfg.Node.LocalAddress = local
}
cfg.Node.LocalAddress = local
}
}
if cfg.Node.Password == "" {
cfg.Node.Password = GenPass()
}
if cfg.Node.Endpoint == "" {
if cfg.Node.Endpoint == "" {
if cfg.Node.IsLocal == "yes" && cfg.Node.LocalAddress != "" {
cfg.Node.Endpoint = cfg.Node.LocalAddress
} else {
@@ -111,9 +112,9 @@ func JoinNetwork(cfg config.ClientConfig) error {
return err
}
}
} else {
cfg.Node.Endpoint = cfg.Node.Endpoint
}
} else {
cfg.Node.Endpoint = cfg.Node.Endpoint
}
if cfg.Node.PrivateKey == "" {
privatekey, err := wgtypes.GeneratePrivateKey()
if err != nil {
@@ -130,7 +131,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
} else if len(macs) == 0 {
log.Fatal()
} else {
cfg.Node.MacAddress = macs[0]
cfg.Node.MacAddress = macs[0]
}
}
if cfg.Node.Port == 0 {
@@ -148,48 +149,48 @@ func JoinNetwork(cfg config.ClientConfig) error {
}
conn, err := grpc.Dial(cfg.Server.GRPCAddress, requestOpts)
if err != nil {
log.Fatalf("Unable to establish client connection to " + cfg.Server.GRPCAddress + ": %v", err)
}
if err != nil {
log.Fatalf("Unable to establish client connection to "+cfg.Server.GRPCAddress+": %v", err)
}
wcclient = nodepb.NewNodeServiceClient(conn)
wcclient = nodepb.NewNodeServiceClient(conn)
postnode := &nodepb.Node{
Password: cfg.Node.Password,
Macaddress: cfg.Node.MacAddress,
Accesskey: cfg.Server.AccessKey,
Nodenetwork: cfg.Network,
Listenport: cfg.Node.Port,
Postup: cfg.Node.PostUp,
Postdown: cfg.Node.PostDown,
Keepalive: cfg.Node.KeepAlive,
postnode := &nodepb.Node{
Password: cfg.Node.Password,
Macaddress: cfg.Node.MacAddress,
Accesskey: cfg.Server.AccessKey,
Nodenetwork: cfg.Network,
Listenport: cfg.Node.Port,
Postup: cfg.Node.PostUp,
Postdown: cfg.Node.PostDown,
Keepalive: cfg.Node.KeepAlive,
Localaddress: cfg.Node.LocalAddress,
Interface: cfg.Node.Interface,
Publickey: cfg.Node.PublicKey,
Name: cfg.Node.Name,
Endpoint: cfg.Node.Endpoint,
}
err = config.ModConfig(postnode)
if err != nil {
Interface: cfg.Node.Interface,
Publickey: cfg.Node.PublicKey,
Name: cfg.Node.Name,
Endpoint: cfg.Node.Endpoint,
}
err = config.ModConfig(postnode)
if err != nil {
return err
}
}
res, err := wcclient.CreateNode(
context.TODO(),
&nodepb.CreateNodeReq{
Node: postnode,
},
)
if err != nil {
return err
}
res, err := wcclient.CreateNode(
context.TODO(),
&nodepb.CreateNodeReq{
Node: postnode,
},
)
if err != nil {
return err
}
log.Println("node created on remote server...updating configs")
node := res.Node
if err != nil {
return err
}
node := res.Node
if err != nil {
return err
}
if node.Dnsoff==true {
if node.Dnsoff == true {
cfg.Node.DNS = "yes"
}
if !(cfg.Node.IsLocal == "yes") && node.Islocal && node.Localrange != "" {
@@ -199,15 +200,15 @@ func JoinNetwork(cfg config.ClientConfig) error {
}
node.Endpoint = node.Localaddress
}
err = config.ModConfig(node)
if err != nil {
return err
}
err = config.ModConfig(node)
if err != nil {
return err
}
if node.Ispending {
fmt.Println("Node is marked as PENDING.")
fmt.Println("Awaiting approval from Admin before configuring WireGuard.")
if cfg.Daemon != "off" {
if cfg.Daemon != "off" {
err = local.ConfigureSystemD(cfg.Network)
return err
}
@@ -217,23 +218,23 @@ func JoinNetwork(cfg config.ClientConfig) error {
if err != nil {
log.Println("failed to retrieve peers")
return err
}
return err
}
err = wireguard.StorePrivKey(cfg.Node.PrivateKey, cfg.Network)
if err != nil {
return err
}
log.Println("starting wireguard")
if err != nil {
return err
}
log.Println("starting wireguard")
err = wireguard.InitWireguard(node, cfg.Node.PrivateKey, peers, hasGateway, gateways)
if err != nil {
return err
}
if err != nil {
return err
}
if cfg.Daemon != "off" {
err = local.ConfigureSystemD(cfg.Network)
}
if err != nil {
return err
}
if err != nil {
return err
}
return err
}
@@ -241,16 +242,15 @@ func JoinNetwork(cfg config.ClientConfig) error {
//generate an access key value
func GenPass() string {
var seededRand *rand.Rand = rand.New(
rand.NewSource(time.Now().UnixNano()))
var seededRand *rand.Rand = rand.New(
rand.NewSource(time.Now().UnixNano()))
length := 16
charset := "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
length := 16
charset := "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
b := make([]byte, length)
for i := range b {
b[i] = charset[seededRand.Intn(len(charset))]
}
return string(b)
b := make([]byte, length)
for i := range b {
b[i] = charset[seededRand.Intn(len(charset))]
}
return string(b)
}

734
netclient/main.go
View File

@@ -1,379 +1,385 @@
package main
import (
"errors"
"github.com/gravitl/netmaker/netclient/command"
"github.com/gravitl/netmaker/netclient/config"
"github.com/urfave/cli/v2"
"log"
"os"
"os/exec"
"strconv"
"errors"
"log"
"os"
"os/exec"
"strconv"
"github.com/gravitl/netmaker/netclient/command"
"github.com/gravitl/netmaker/netclient/config"
"github.com/urfave/cli/v2"
)
func main() {
app := cli.NewApp()
app.Name = "Netclient CLI"
app.Usage = "Netmaker's netclient agent and CLI. Used to perform interactions with Netmaker server and set local WireGuard config."
app.Version = "v0.5.11"
app := cli.NewApp()
app.Name = "Netclient CLI"
app.Usage = "Netmaker's netclient agent and CLI. Used to perform interactions with Netmaker server and set local WireGuard config."
app.Version = "v0.5.11"
cliFlags := []cli.Flag{
&cli.StringFlag{
Name: "network",
Aliases: []string{"n"},
EnvVars: []string{"NETCLIENT_NETWORK"},
Value: "all",
Usage: "Network to perform specified action against.",
},
&cli.StringFlag{
Name: "password",
Aliases: []string{"p"},
EnvVars: []string{"NETCLIENT_PASSWORD"},
Value: "badpassword",
Usage: "Password for authenticating with netmaker.",
},
&cli.StringFlag{
Name: "endpoint",
Aliases: []string{"e"},
EnvVars: []string{"NETCLIENT_ENDPOINT"},
Value: "",
Usage: "Reachable (usually public) address for WireGuard (not the private WG address).",
},
&cli.StringFlag{
Name: "macaddress",
Aliases: []string{"m"},
EnvVars: []string{"NETCLIENT_MACADDRESS"},
Value: "",
Usage: "Mac Address for this machine. Used as a unique identifier within Netmaker network.",
},
&cli.StringFlag{
Name: "publickey",
Aliases: []string{"pubkey"},
EnvVars: []string{"NETCLIENT_PUBLICKEY"},
Value: "",
Usage: "Public Key for WireGuard Interface.",
},
&cli.StringFlag{
Name: "privatekey",
Aliases: []string{"privkey"},
EnvVars: []string{"NETCLIENT_PRIVATEKEY"},
Value: "",
Usage: "Private Key for WireGuard Interface.",
},
&cli.StringFlag{
Name: "port",
EnvVars: []string{"NETCLIENT_PORT"},
Value: "",
Usage: "Port for WireGuard Interface.",
},
&cli.IntFlag{
Name: "keepalive",
EnvVars: []string{"NETCLIENT_KEEPALIVE"},
Value: 0,
Usage: "Default PersistentKeepAlive for Peers in WireGuard Interface.",
},
&cli.StringFlag{
Name: "operatingsystem",
Aliases: []string{"os"},
EnvVars: []string{"NETCLIENT_OS"},
Value: "",
Usage: "Identifiable name for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "name",
EnvVars: []string{"NETCLIENT_NAME"},
Value: "",
Usage: "Identifiable name for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "localaddress",
EnvVars: []string{"NETCLIENT_LOCALADDRESS"},
Value: "",
Usage: "Local address for machine. Can be used in place of Endpoint for machines on the same LAN.",
},
&cli.StringFlag{
Name: "address",
Aliases: []string{"a"},
EnvVars: []string{"NETCLIENT_ADDRESS"},
Value: "",
Usage: "WireGuard address for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "addressIPv6",
Aliases: []string{"a6"},
EnvVars: []string{"NETCLIENT_ADDRESSIPV6"},
Value: "",
Usage: "WireGuard address for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "interface",
Aliases: []string{"i"},
EnvVars: []string{"NETCLIENT_INTERFACE"},
Value: "",
Usage: "WireGuard local network interface name.",
},
&cli.StringFlag{
Name: "apiserver",
EnvVars: []string{"NETCLIENT_API_SERVER"},
Value: "",
Usage: "Address + GRPC Port (e.g. 1.2.3.4:50051) of Netmaker server.",
},
&cli.StringFlag{
Name: "grpcserver",
EnvVars: []string{"NETCLIENT_GRPC_SERVER"},
Value: "",
Usage: "Address + API Port (e.g. 1.2.3.4:8081) of Netmaker server.",
},
&cli.StringFlag{
Name: "key",
Aliases: []string{"k"},
EnvVars: []string{"NETCLIENT_ACCESSKEY"},
Value: "",
Usage: "Access Key for signing up machine with Netmaker server during initial 'add'.",
},
&cli.StringFlag{
Name: "token",
Aliases: []string{"t"},
EnvVars: []string{"NETCLIENT_ACCESSTOKEN"},
Value: "",
Usage: "Access Token for signing up machine with Netmaker server during initial 'add'.",
},
&cli.StringFlag{
Name: "localrange",
EnvVars: []string{"NETCLIENT_LOCALRANGE"},
Value: "",
Usage: "Local Range if network is local, for instance 192.168.1.0/24.",
},
&cli.StringFlag{
Name: "dns",
EnvVars: []string{"NETCLIENT_DNS"},
Value: "on",
Usage: "Sets private dns if 'on'. Ignores if 'off'. Will retrieve from network if unset.",
},
&cli.StringFlag{
Name: "islocal",
EnvVars: []string{"NETCLIENT_IS_LOCAL"},
Value: "",
Usage: "Sets endpoint to local address if 'yes'. Ignores if 'no'. Will retrieve from network if unset.",
},
&cli.StringFlag{
Name: "isdualstack",
EnvVars: []string{"NETCLIENT_IS_DUALSTACK"},
Value: "",
Usage: "Sets ipv6 address if 'yes'. Ignores if 'no'. Will retrieve from network if unset.",
},
&cli.StringFlag{
Name: "ipforwarding",
EnvVars: []string{"NETCLIENT_IPFORWARDING"},
Value: "on",
Usage: "Sets ip forwarding on if 'on'. Ignores if 'off'. On by default.",
},
&cli.StringFlag{
Name: "postup",
EnvVars: []string{"NETCLIENT_POSTUP"},
Value: "",
Usage: "Sets PostUp command for WireGuard.",
},
&cli.StringFlag{
Name: "postdown",
EnvVars: []string{"NETCLIENT_POSTDOWN"},
Value: "",
Usage: "Sets PostDown command for WireGuard.",
},
&cli.StringFlag{
Name: "daemon",
EnvVars: []string{"NETCLIENT_DAEMON"},
Value: "on",
Usage: "Installs daemon if 'on'. Ignores if 'off'. On by default.",
},
&cli.StringFlag{
Name: "roaming",
EnvVars: []string{"NETCLIENT_ROAMING"},
Value: "on",
Usage: "Checks for IP changes if 'on'. Ignores if 'off'. On by default.",
},
}
cliFlags := []cli.Flag{
&cli.StringFlag{
Name: "network",
Aliases: []string{"n"},
EnvVars: []string{"NETCLIENT_NETWORK"},
Value: "all",
Usage: "Network to perform specified action against.",
},
&cli.StringFlag{
Name: "password",
Aliases: []string{"p"},
EnvVars: []string{"NETCLIENT_PASSWORD"},
Value: "badpassword",
Usage: "Password for authenticating with netmaker.",
},
&cli.StringFlag{
Name: "endpoint",
Aliases: []string{"e"},
EnvVars: []string{"NETCLIENT_ENDPOINT"},
Value: "",
Usage: "Reachable (usually public) address for WireGuard (not the private WG address).",
},
&cli.StringFlag{
Name: "macaddress",
Aliases: []string{"m"},
EnvVars: []string{"NETCLIENT_MACADDRESS"},
Value: "",
Usage: "Mac Address for this machine. Used as a unique identifier within Netmaker network.",
},
&cli.StringFlag{
Name: "publickey",
Aliases: []string{"pubkey"},
EnvVars: []string{"NETCLIENT_PUBLICKEY"},
Value: "",
Usage: "Public Key for WireGuard Interface.",
},
&cli.StringFlag{
Name: "privatekey",
Aliases: []string{"privkey"},
EnvVars: []string{"NETCLIENT_PRIVATEKEY"},
Value: "",
Usage: "Private Key for WireGuard Interface.",
},
&cli.StringFlag{
Name: "port",
EnvVars: []string{"NETCLIENT_PORT"},
Value: "",
Usage: "Port for WireGuard Interface.",
},
&cli.IntFlag{
Name: "keepalive",
EnvVars: []string{"NETCLIENT_KEEPALIVE"},
Value: 0,
Usage: "Default PersistentKeepAlive for Peers in WireGuard Interface.",
},
&cli.StringFlag{
Name: "operatingsystem",
Aliases: []string{"os"},
EnvVars: []string{"NETCLIENT_OS"},
Value: "",
Usage: "Identifiable name for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "name",
EnvVars: []string{"NETCLIENT_NAME"},
Value: "",
Usage: "Identifiable name for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "localaddress",
EnvVars: []string{"NETCLIENT_LOCALADDRESS"},
Value: "",
Usage: "Local address for machine. Can be used in place of Endpoint for machines on the same LAN.",
},
&cli.StringFlag{
Name: "address",
Aliases: []string{"a"},
EnvVars: []string{"NETCLIENT_ADDRESS"},
Value: "",
Usage: "WireGuard address for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "addressIPv6",
Aliases: []string{"a6"},
EnvVars: []string{"NETCLIENT_ADDRESSIPV6"},
Value: "",
Usage: "WireGuard address for machine within Netmaker network.",
},
&cli.StringFlag{
Name: "interface",
Aliases: []string{"i"},
EnvVars: []string{"NETCLIENT_INTERFACE"},
Value: "",
Usage: "WireGuard local network interface name.",
},
&cli.StringFlag{
Name: "apiserver",
EnvVars: []string{"NETCLIENT_API_SERVER"},
Value: "",
Usage: "Address + GRPC Port (e.g. 1.2.3.4:50051) of Netmaker server.",
},
&cli.StringFlag{
Name: "grpcserver",
EnvVars: []string{"NETCLIENT_GRPC_SERVER"},
Value: "",
Usage: "Address + API Port (e.g. 1.2.3.4:8081) of Netmaker server.",
},
&cli.StringFlag{
Name: "key",
Aliases: []string{"k"},
EnvVars: []string{"NETCLIENT_ACCESSKEY"},
Value: "",
Usage: "Access Key for signing up machine with Netmaker server during initial 'add'.",
},
&cli.StringFlag{
Name: "token",
Aliases: []string{"t"},
EnvVars: []string{"NETCLIENT_ACCESSTOKEN"},
Value: "",
Usage: "Access Token for signing up machine with Netmaker server during initial 'add'.",
},
&cli.StringFlag{
Name: "localrange",
EnvVars: []string{"NETCLIENT_LOCALRANGE"},
Value: "",
Usage: "Local Range if network is local, for instance 192.168.1.0/24.",
},
&cli.StringFlag{
Name: "dns",
EnvVars: []string{"NETCLIENT_DNS"},
Value: "on",
Usage: "Sets private dns if 'on'. Ignores if 'off'. Will retrieve from network if unset.",
},
&cli.StringFlag{
Name: "islocal",
EnvVars: []string{"NETCLIENT_IS_LOCAL"},
Value: "",
Usage: "Sets endpoint to local address if 'yes'. Ignores if 'no'. Will retrieve from network if unset.",
},
&cli.StringFlag{
Name: "isdualstack",
EnvVars: []string{"NETCLIENT_IS_DUALSTACK"},
Value: "",
Usage: "Sets ipv6 address if 'yes'. Ignores if 'no'. Will retrieve from network if unset.",
},
&cli.StringFlag{
Name: "udpholepunch",
EnvVars: []string{"NETCLIENT_UDP_HOLEPUNCH"},
Value: "",
Usage: "Turns on udp holepunching if 'yes'. Ignores if 'no'. Will retrieve from network if unset.",
},
&cli.StringFlag{
Name: "ipforwarding",
EnvVars: []string{"NETCLIENT_IPFORWARDING"},
Value: "on",
Usage: "Sets ip forwarding on if 'on'. Ignores if 'off'. On by default.",
},
&cli.StringFlag{
Name: "postup",
EnvVars: []string{"NETCLIENT_POSTUP"},
Value: "",
Usage: "Sets PostUp command for WireGuard.",
},
&cli.StringFlag{
Name: "postdown",
EnvVars: []string{"NETCLIENT_POSTDOWN"},
Value: "",
Usage: "Sets PostDown command for WireGuard.",
},
&cli.StringFlag{
Name: "daemon",
EnvVars: []string{"NETCLIENT_DAEMON"},
Value: "on",
Usage: "Installs daemon if 'on'. Ignores if 'off'. On by default.",
},
&cli.StringFlag{
Name: "roaming",
EnvVars: []string{"NETCLIENT_ROAMING"},
Value: "on",
Usage: "Checks for IP changes if 'on'. Ignores if 'off'. On by default.",
},
}
app.Commands = []*cli.Command{
{
Name: "register",
Usage: "Register with Netmaker Server for secure GRPC communications.",
Flags: cliFlags,
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfigRegister(c)
if err != nil {
return err
}
if cfg.GRPCWireGuard == "off" {
log.Println("Server is not using WireGuard to secure GRPC. Skipping.")
return err
}
if cfg.Client.ServerPrivateAddress == "" {
err = errors.New("No server address provided.")
return err
}
err = command.Register(cfg)
return err
},
},
{
Name: "join",
Usage: "Join a Netmaker network.",
Flags: cliFlags,
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
if cfg.Network == "all" {
err = errors.New("No network provided.")
return err
}
if cfg.Server.GRPCAddress == "" {
err = errors.New("No server address provided.")
return err
}
err = command.Join(cfg)
return err
},
},
{
Name: "leave",
Usage: "Leave a Netmaker network.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.Leave(cfg)
return err
},
},
{
Name: "checkin",
Usage: "Checks for local changes and then checks into the specified Netmaker network to ask about remote changes.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.CheckIn(cfg)
return err
},
},
{
Name: "push",
Usage: "Push configuration changes to server.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.Push(cfg)
return err
},
},
{
Name: "pull",
Usage: "Pull latest configuration and peers from server.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.Pull(cfg)
return err
},
},
{
Name: "list",
Usage: "Get list of networks.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.List(cfg)
return err
},
},
{
Name: "uninstall",
Usage: "Uninstall the netclient system service.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.ReadGlobalConfig()
if err != nil {
return err
}
var gconf config.GlobalConfig
gconf = *cfg
err = command.Uninstall(gconf)
return err
},
},
{
Name: "unregister",
Usage: "Unregister the netclient from secure server GRPC.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.ReadGlobalConfig()
if err != nil {
return err
}
var gconf config.GlobalConfig
gconf = *cfg
err = command.Unregister(gconf)
return err
},
},
}
app.Commands = []*cli.Command{
{
Name: "register",
Usage: "Register with Netmaker Server for secure GRPC communications.",
Flags: cliFlags,
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfigRegister(c)
if err != nil {
return err
}
if cfg.GRPCWireGuard == "off" {
log.Println("Server is not using WireGuard to secure GRPC. Skipping.")
return err
}
if cfg.Client.ServerPrivateAddress == "" {
err = errors.New("No server address provided.")
return err
}
err = command.Register(cfg)
return err
},
},
{
Name: "join",
Usage: "Join a Netmaker network.",
Flags: cliFlags,
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
if cfg.Network == "all" {
err = errors.New("No network provided.")
return err
}
if cfg.Server.GRPCAddress == "" {
err = errors.New("No server address provided.")
return err
}
err = command.Join(cfg)
return err
},
},
{
Name: "leave",
Usage: "Leave a Netmaker network.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.Leave(cfg)
return err
},
},
{
Name: "checkin",
Usage: "Checks for local changes and then checks into the specified Netmaker network to ask about remote changes.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.CheckIn(cfg)
return err
},
},
{
Name: "push",
Usage: "Push configuration changes to server.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.Push(cfg)
return err
},
},
{
Name: "pull",
Usage: "Pull latest configuration and peers from server.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.Pull(cfg)
return err
},
},
{
Name: "list",
Usage: "Get list of networks.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.GetCLIConfig(c)
if err != nil {
return err
}
err = command.List(cfg)
return err
},
},
{
Name: "uninstall",
Usage: "Uninstall the netclient system service.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.ReadGlobalConfig()
if err != nil {
return err
}
var gconf config.GlobalConfig
gconf = *cfg
err = command.Uninstall(gconf)
return err
},
},
{
Name: "unregister",
Usage: "Unregister the netclient from secure server GRPC.",
Flags: cliFlags,
// the action, or code that will be executed when
// we execute our `ns` command
Action: func(c *cli.Context) error {
cfg, err := config.ReadGlobalConfig()
if err != nil {
return err
}
var gconf config.GlobalConfig
gconf = *cfg
err = command.Unregister(gconf)
return err
},
},
}
// start our application
getID := exec.Command("id", "-u")
out, err := getID.Output()
// start our application
getID := exec.Command("id", "-u")
out, err := getID.Output()
if err != nil {
log.Fatal(err)
}
id, err := strconv.Atoi(string(out[:len(out)-1]))
if err != nil {
log.Fatal(err)
}
id, err := strconv.Atoi(string(out[:len(out)-1]))
if err != nil {
log.Fatal(err)
}
if err != nil {
log.Fatal(err)
}
if id != 0 {
log.Fatal("This program must be run with elevated privileges (sudo). This program installs a SystemD service and configures WireGuard and networking rules. Please re-run with sudo/root.")
}
if id != 0 {
log.Fatal("This program must be run with elevated privileges (sudo). This program installs a SystemD service and configures WireGuard and networking rules. Please re-run with sudo/root.")
}
_, err = exec.LookPath("wg")
if err != nil {
log.Println(err)
log.Fatal("WireGuard not installed. Please install WireGuard (wireguard-tools) and try again.")
}
_, err = exec.LookPath("wg")
if err != nil {
log.Println(err)
log.Fatal("WireGuard not installed. Please install WireGuard (wireguard-tools) and try again.")
}
err = app.Run(os.Args)
if err != nil {
log.Fatal(err)
}
err = app.Run(os.Args)
if err != nil {
log.Fatal(err)
}
}

575
netclient/wireguard/kernel.go
View File

@@ -2,185 +2,183 @@ package wireguard
import (
//"github.com/davecgh/go-spew/spew"
"google.golang.org/grpc/credentials"
"crypto/tls"
"fmt"
"strconv"
"errors"
"context"
"io/ioutil"
"strings"
"crypto/tls"
"errors"
"fmt"
"io/ioutil"
"log"
"net"
"os"
"os/exec"
"github.com/gravitl/netmaker/netclient/config"
"github.com/gravitl/netmaker/netclient/local"
"github.com/gravitl/netmaker/netclient/auth"
"github.com/gravitl/netmaker/netclient/server"
nodepb "github.com/gravitl/netmaker/grpc"
"github.com/gravitl/netmaker/models"
"strconv"
"strings"
nodepb "github.com/gravitl/netmaker/grpc"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/netclient/auth"
"github.com/gravitl/netmaker/netclient/config"
"github.com/gravitl/netmaker/netclient/local"
"github.com/gravitl/netmaker/netclient/server"
"golang.zx2c4.com/wireguard/wgctrl"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/metadata"
//homedir "github.com/mitchellh/go-homedir"
)
func InitGRPCWireguard(client models.IntClient) error {
//spew.Dump(client)
//spew.Dump(client)
key, err := wgtypes.ParseKey(client.PrivateKey)
if err != nil {
return err
}
serverkey, err := wgtypes.ParseKey(client.ServerKey)
if err != nil {
return err
}
if err != nil {
return err
}
serverkey, err := wgtypes.ParseKey(client.ServerKey)
if err != nil {
return err
}
serverport, err := strconv.Atoi(client.ServerWGPort)
if err != nil {
return err
}
if err != nil {
return err
}
wgclient, err := wgctrl.New()
if err != nil {
log.Fatalf("failed to open client: %v", err)
}
defer wgclient.Close()
wgclient, err := wgctrl.New()
if err != nil {
log.Fatalf("failed to open client: %v", err)
}
defer wgclient.Close()
ifacename := "grpc-wg-001"
if client.Address6 == "" && client.Address == "" {
return errors.New("no address to configure")
}
cmdIPDevLinkAdd := exec.Command("ip","link", "add", "dev", ifacename, "type", "wireguard" )
ifacename := "grpc-wg-001"
if client.Address6 == "" && client.Address == "" {
return errors.New("no address to configure")
}
cmdIPDevLinkAdd := exec.Command("ip", "link", "add", "dev", ifacename, "type", "wireguard")
cmdIPAddrAdd := exec.Command("ip", "address", "add", "dev", ifacename, client.Address+"/24")
cmdIPAddr6Add := exec.Command("ip", "address", "add", "dev", ifacename, client.Address6+"/64")
currentiface, err := net.InterfaceByName(ifacename)
if err != nil {
err = cmdIPDevLinkAdd.Run()
if err != nil && !strings.Contains(err.Error(), "exists") {
log.Println("Error creating interface")
}
}
match := false
match6 := false
addrs, _ := currentiface.Addrs()
if err != nil {
err = cmdIPDevLinkAdd.Run()
if err != nil && !strings.Contains(err.Error(), "exists") {
log.Println("Error creating interface")
}
}
match := false
match6 := false
addrs, _ := currentiface.Addrs()
//Add IPv4Address (make into separate function)
for _, a := range addrs {
if strings.Contains(a.String(), client.Address){
match = true
}
if strings.Contains(a.String(), client.Address6){
match6 = true
}
}
if !match && client.Address != "" {
for _, a := range addrs {
if strings.Contains(a.String(), client.Address) {
match = true
}
if strings.Contains(a.String(), client.Address6) {
match6 = true
}
}
if !match && client.Address != "" {
err = cmdIPAddrAdd.Run()
if err != nil {
log.Println("Error adding ipv4 address")
fmt.Println(err)
}
}
if !match6 && client.Address6 !=""{
err = cmdIPAddr6Add.Run()
if err != nil {
log.Println("Error adding ipv6 address")
fmt.Println(err)
}
}
if err != nil {
log.Println("Error adding ipv4 address")
fmt.Println(err)
}
}
if !match6 && client.Address6 != "" {
err = cmdIPAddr6Add.Run()
if err != nil {
log.Println("Error adding ipv6 address")
fmt.Println(err)
}
}
var peers []wgtypes.PeerConfig
var peeraddr = net.IPNet{
IP: net.ParseIP(client.ServerPrivateAddress),
Mask: net.CIDRMask(32, 32),
}
var peeraddr = net.IPNet{
IP: net.ParseIP(client.ServerPrivateAddress),
Mask: net.CIDRMask(32, 32),
}
var allowedips []net.IPNet
allowedips = append(allowedips, peeraddr)
allowedips = append(allowedips, peeraddr)
net.ParseIP(client.ServerPublicEndpoint)
peer := wgtypes.PeerConfig{
PublicKey: serverkey,
Endpoint: &net.UDPAddr{
IP: net.ParseIP(client.ServerPublicEndpoint),
Port: serverport,
},
ReplaceAllowedIPs: true,
AllowedIPs: allowedips,
}
PublicKey: serverkey,
Endpoint: &net.UDPAddr{
IP: net.ParseIP(client.ServerPublicEndpoint),
Port: serverport,
},
ReplaceAllowedIPs: true,
AllowedIPs: allowedips,
}
peers = append(peers, peer)
conf := wgtypes.Config{
PrivateKey: &key,
ReplacePeers: true,
Peers: peers,
}
_, err = wgclient.Device(ifacename)
if err != nil {
if os.IsNotExist(err) {
log.Println("Device does not exist: ")
log.Println(err)
} else {
return err
}
}
conf := wgtypes.Config{
PrivateKey: &key,
ReplacePeers: true,
Peers: peers,
}
_, err = wgclient.Device(ifacename)
if err != nil {
if os.IsNotExist(err) {
log.Println("Device does not exist: ")
log.Println(err)
} else {
return err
}
}
//spew.Dump(conf)
err = wgclient.ConfigureDevice(ifacename, conf)
err = wgclient.ConfigureDevice(ifacename, conf)
if err != nil {
if os.IsNotExist(err) {
log.Println("Device does not exist: ")
log.Println(err)
} else {
log.Printf("This is inconvenient: %v", err)
}
}
if err != nil {
if os.IsNotExist(err) {
log.Println("Device does not exist: ")
log.Println(err)
} else {
log.Printf("This is inconvenient: %v", err)
}
}
cmdIPLinkUp := exec.Command("ip", "link", "set", "up", "dev", ifacename)
cmdIPLinkDown := exec.Command("ip", "link", "set", "down", "dev", ifacename)
err = cmdIPLinkDown.Run()
err = cmdIPLinkUp.Run()
if err != nil {
return err
}
cmdIPLinkUp := exec.Command("ip", "link", "set", "up", "dev", ifacename)
cmdIPLinkDown := exec.Command("ip", "link", "set", "down", "dev", ifacename)
err = cmdIPLinkDown.Run()
err = cmdIPLinkUp.Run()
if err != nil {
return err
}
return err
}
func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string) error {
func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string) error {
//spew.Dump(node)
//spew.Dump(peers)
ipExec, err := exec.LookPath("ip")
if err != nil {
if err != nil {
return err
}
key, err := wgtypes.ParseKey(privkey)
if err != nil {
return err
}
if err != nil {
return err
}
wgclient, err := wgctrl.New()
//modcfg := config.Config
//modcfg.ReadConfig()
wgclient, err := wgctrl.New()
if err != nil {
return err
}
modcfg, err := config.ReadConfig(node.Nodenetwork)
if err != nil {
return err
}
return err
}
nodecfg := modcfg.Node
servercfg := modcfg.Server
if err != nil {
log.Fatalf("failed to open client: %v", err)
}
defer wgclient.Close()
if err != nil {
log.Fatalf("failed to open client: %v", err)
}
defer wgclient.Close()
ifacename := node.Interface
if nodecfg.Interface != "" {
ifacename = nodecfg.Interface
} else if node.Interface != "" {
ifacename = node.Interface
} else {
} else {
log.Fatal("no interface to configure")
}
if node.Address == "" {
@@ -188,68 +186,75 @@ func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig
}
nameserver := servercfg.CoreDNSAddr
network := node.Nodenetwork
if nodecfg.Network != "" {
network = nodecfg.Network
} else if node.Nodenetwork != "" {
network = node.Nodenetwork
}
cmdIPDevLinkAdd := &exec.Cmd {
Path: ipExec,
Args: []string{ ipExec, "link", "add", "dev", ifacename, "type", "wireguard" },
Stdout: os.Stdout,
Stderr: os.Stdout,
}
cmdIPAddrAdd := &exec.Cmd {
Path: ipExec,
Args: []string{ ipExec, "address", "add", "dev", ifacename, node.Address+"/24"},
Stdout: os.Stdout,
Stderr: os.Stdout,
}
currentiface, err := net.InterfaceByName(ifacename)
if err != nil {
err = cmdIPDevLinkAdd.Run()
if err != nil && !strings.Contains(err.Error(), "exists") {
fmt.Println("Error creating interface")
//fmt.Println(err.Error())
//return err
if nodecfg.Network != "" {
network = nodecfg.Network
} else if node.Nodenetwork != "" {
network = node.Nodenetwork
}
cmdIPDevLinkAdd := &exec.Cmd{
Path: ipExec,
Args: []string{ipExec, "link", "add", "dev", ifacename, "type", "wireguard"},
Stdout: os.Stdout,
Stderr: os.Stdout,
}
cmdIPAddrAdd := &exec.Cmd{
Path: ipExec,
Args: []string{ipExec, "address", "add", "dev", ifacename, node.Address + "/24"},
Stdout: os.Stdout,
Stderr: os.Stdout,
}
currentiface, err := net.InterfaceByName(ifacename)
if err != nil {
err = cmdIPDevLinkAdd.Run()
if err != nil && !strings.Contains(err.Error(), "exists") {
fmt.Println("Error creating interface")
//fmt.Println(err.Error())
//return err
}
}
match := false
addrs, _ := currentiface.Addrs()
for _, a := range addrs {
if strings.Contains(a.String(), node.Address){
if strings.Contains(a.String(), node.Address) {
match = true
}
}
if !match {
err = cmdIPAddrAdd.Run()
if err != nil {
fmt.Println("Error adding address")
//return err
}
err = cmdIPAddrAdd.Run()
if err != nil {
fmt.Println("Error adding address")
//return err
}
}
var nodeport int
nodeport = int(node.Listenport)
//pubkey := privkey.PublicKey()
conf := wgtypes.Config{
PrivateKey: &key,
ListenPort: &nodeport,
ReplacePeers: true,
Peers: peers,
conf := wgtypes.Config{}
if nodecfg.UDPHolePunch == "yes" {
conf = wgtypes.Config{
PrivateKey: &key,
ReplacePeers: true,
Peers: peers,
}
} else {
conf = wgtypes.Config{
PrivateKey: &key,
ListenPort: &nodeport,
ReplacePeers: true,
Peers: peers,
}
}
_, err = wgclient.Device(ifacename)
if err != nil {
if os.IsNotExist(err) {
fmt.Println("Device does not exist: ")
fmt.Println(err)
} else {
log.Fatalf("Unknown config error: %v", err)
}
}
if err != nil {
if os.IsNotExist(err) {
fmt.Println("Device does not exist: ")
fmt.Println(err)
} else {
log.Fatalf("Unknown config error: %v", err)
}
}
err = wgclient.ConfigureDevice(ifacename, conf)
@@ -265,24 +270,23 @@ func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig
if nodecfg.DNS == "on" {
_ = local.UpdateDNS(ifacename, network, nameserver)
}
//=========End DNS Setup=======\\
//=========End DNS Setup=======\\
cmdIPLinkUp := &exec.Cmd{
Path: ipExec,
Args: []string{ipExec, "link", "set", "up", "dev", ifacename},
Stdout: os.Stdout,
Stderr: os.Stdout,
}
cmdIPLinkUp := &exec.Cmd {
Path: ipExec,
Args: []string{ ipExec, "link", "set", "up", "dev", ifacename},
Stdout: os.Stdout,
Stderr: os.Stdout,
}
cmdIPLinkDown := &exec.Cmd {
Path: ipExec,
Args: []string{ ipExec, "link", "set", "down", "dev", ifacename},
Stdout: os.Stdout,
Stderr: os.Stdout,
}
err = cmdIPLinkDown.Run()
if nodecfg.PostDown != "" {
cmdIPLinkDown := &exec.Cmd{
Path: ipExec,
Args: []string{ipExec, "link", "set", "down", "dev", ifacename},
Stdout: os.Stdout,
Stderr: os.Stdout,
}
err = cmdIPLinkDown.Run()
if nodecfg.PostDown != "" {
runcmds := strings.Split(nodecfg.PostDown, "; ")
err = local.RunCmds(runcmds)
if err != nil {
@@ -291,69 +295,68 @@ func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig
}
err = cmdIPLinkUp.Run()
if err != nil {
return err
}
if err != nil {
return err
}
if nodecfg.PostUp != "" {
runcmds := strings.Split(nodecfg.PostUp, "; ")
err = local.RunCmds(runcmds)
if err != nil {
fmt.Println("Error encountered running PostUp: " + err.Error())
}
}
if (hasGateway) {
for _, gateway := range gateways {
out, err := exec.Command(ipExec,"-4","route","add",gateway,"dev",ifacename).Output()
fmt.Println(string(out))
runcmds := strings.Split(nodecfg.PostUp, "; ")
err = local.RunCmds(runcmds)
if err != nil {
fmt.Println("Error encountered adding gateway: " + err.Error())
}
fmt.Println("Error encountered running PostUp: " + err.Error())
}
}
if (node.Address6 != "" && node.Isdualstack) {
if hasGateway {
for _, gateway := range gateways {
out, err := exec.Command(ipExec, "-4", "route", "add", gateway, "dev", ifacename).Output()
fmt.Println(string(out))
if err != nil {
fmt.Println("Error encountered adding gateway: " + err.Error())
}
}
}
if node.Address6 != "" && node.Isdualstack {
fmt.Println("Adding address: " + node.Address6)
out, err := exec.Command(ipExec, "address", "add", "dev", ifacename, node.Address6+"/64").Output()
if err != nil {
fmt.Println(out)
fmt.Println("Error encountered adding ipv6: " + err.Error())
}
out, err := exec.Command(ipExec, "address", "add", "dev", ifacename, node.Address6+"/64").Output()
if err != nil {
fmt.Println(out)
fmt.Println("Error encountered adding ipv6: " + err.Error())
}
}
return err
}
func SetWGKeyConfig(network string, serveraddr string) error {
ctx := context.Background()
var header metadata.MD
ctx := context.Background()
var header metadata.MD
cfg, err := config.ReadConfig(network)
if err != nil {
return err
}
cfg, err := config.ReadConfig(network)
if err != nil {
return err
}
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(serveraddr, requestOpts)
if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err)
return err
}
wcclient = nodepb.NewNodeServiceClient(conn)
if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err)
return err
}
wcclient = nodepb.NewNodeServiceClient(conn)
ctx, err = auth.SetJWT(wcclient, network)
if err != nil {
fmt.Printf("Failed to authenticate: %v", err)
return err
}
ctx, err = auth.SetJWT(wcclient, network)
if err != nil {
fmt.Printf("Failed to authenticate: %v", err)
return err
}
node := server.GetNode(network)
@@ -367,65 +370,63 @@ func SetWGKeyConfig(network string, serveraddr string) error {
node.Publickey = publickey.String()
err = StorePrivKey(privkeystring, network)
if err != nil {
return err
}
err = config.ModConfig(&node)
if err != nil {
return err
}
if err != nil {
return err
}
err = config.ModConfig(&node)
if err != nil {
return err
}
postnode := server.GetNode(network)
req := &nodepb.UpdateNodeReq{
Node: &postnode,
}
req := &nodepb.UpdateNodeReq{
Node: &postnode,
}
_, err = wcclient.UpdateNode(ctx, req, grpc.Header(&header))
if err != nil {
return err
}
err = SetWGConfig(network)
if err != nil {
return err
log.Fatalf("Error: %v", err)
}
return err
}
func SetWGConfig(network string) error {
cfg, err := config.ReadConfig(network)
if err != nil {
return err
}
servercfg := cfg.Server
nodecfg := cfg.Node
node := server.GetNode(network)
peers, hasGateway, gateways, err := server.GetPeers(node.Macaddress, nodecfg.Network, servercfg.GRPCAddress, node.Isdualstack, node.Isingressgateway)
if err != nil {
return err
}
privkey, err := RetrievePrivKey(network)
if err != nil {
return err
}
err = InitWireguard(&node, privkey, peers, hasGateway, gateways)
if err != nil {
return err
}
_, err = wcclient.UpdateNode(ctx, req, grpc.Header(&header))
if err != nil {
return err
}
err = SetWGConfig(network)
if err != nil {
return err
log.Fatalf("Error: %v", err)
}
return err
}
func StorePrivKey(key string, network string) error{
func SetWGConfig(network string) error {
cfg, err := config.ReadConfig(network)
if err != nil {
return err
}
servercfg := cfg.Server
nodecfg := cfg.Node
node := server.GetNode(network)
peers, hasGateway, gateways, err := server.GetPeers(node.Macaddress, nodecfg.Network, servercfg.GRPCAddress, node.Isdualstack, node.Isingressgateway)
if err != nil {
return err
}
privkey, err := RetrievePrivKey(network)
if err != nil {
return err
}
err = InitWireguard(&node, privkey, peers, hasGateway, gateways)
if err != nil {
return err
}
return err
}
func StorePrivKey(key string, network string) error {
d1 := []byte(key)
err := ioutil.WriteFile("/etc/netclient/wgkey-" + network, d1, 0644)
err := ioutil.WriteFile("/etc/netclient/wgkey-"+network, d1, 0644)
return err
}

23
serverctl/wireguard.go
View File

@@ -183,3 +183,26 @@ func ReconfigureServerWireGuard() error {
}
return nil
}
func GetPeers(networkName string) (map[string]string, error) {
peers := make(map[string]string)
network, err := functions.GetParentNetwork(networkName)
if err != nil {
return peers, err
}
iface := network.DefaultInterface
client, err := wgctrl.New()
if err != nil {
return peers, err
}
device, err := client.Device(iface)
if err != nil {
return nil, err
}
for _, peer := range device.Peers {
peers[peer.PublicKey.String()] = peer.Endpoint.String()
}
return peers, nil
}