diff --git a/logic/wireguard.go b/logic/wireguard.go index 179f02c1..e207d839 100644 --- a/logic/wireguard.go +++ b/logic/wireguard.go @@ -45,30 +45,7 @@ func RemoveConf(iface string, printlog bool) error { return err } -// == Private Methods == - -func setWGConfig(node models.Node, network string, peerupdate bool) error { - - node.SetID() - peers, hasGateway, gateways, err := GetServerPeers(node.MacAddress, node.Network, node.IsDualStack == "yes", node.IsIngressGateway == "yes") - if err != nil { - return err - } - privkey, err := FetchPrivKey(node.ID) - if err != nil { - return err - } - if peerupdate { - var iface string - iface = node.Interface - err = setServerPeers(iface, node.PersistentKeepalive, peers) - Log("updated peers on server "+node.Name, 2) - } else { - err = initWireguard(&node, privkey, peers, hasGateway, gateways) - Log("finished setting wg config on server "+node.Name, 3) - } - return err -} +// Private Functions func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string, fwmark int32) error { @@ -290,7 +267,29 @@ func setServerPeers(iface string, keepalive int32, peers []wgtypes.PeerConfig) e return nil } -func setWGConfig(node models.Node) error { +func setWGConfig(node models.Node, network string, peerupdate bool) error { + + node.SetID() + peers, hasGateway, gateways, err := GetServerPeers(node.MacAddress, node.Network, node.IsDualStack == "yes", node.IsIngressGateway == "yes") + if err != nil { + return err + } + privkey, err := FetchPrivKey(node.ID) + if err != nil { + return err + } + if peerupdate { + var iface string = node.Interface + err = setServerPeers(iface, node.PersistentKeepalive, peers) + Log("updated peers on server "+node.Name, 2) + } else { + err = initWireguard(&node, privkey, peers, hasGateway, gateways, 0) + Log("finished setting wg config on server "+node.Name, 3) + } + return err +} + +func setWGKeyConfig(node models.Node) error { node.SetID() privatekey, err := wgtypes.GeneratePrivateKey() diff --git a/netclient/functions/join.go b/netclient/functions/join.go index 2577c2e6..f78880f6 100644 --- a/netclient/functions/join.go +++ b/netclient/functions/join.go @@ -220,7 +220,7 @@ func JoinNetwork(cfg config.ClientConfig, privateKey string) error { } ncutils.Log("starting wireguard") - err = wireguard.InitWireguard(&node, privateKey, peers, hasGateway, gateways) + err = wireguard.InitWireguard(&node, privateKey, peers, hasGateway, gateways, false) if err != nil { return err } diff --git a/netclient/wireguard/common.go b/netclient/wireguard/common.go index a91f4043..bffe9bb3 100644 --- a/netclient/wireguard/common.go +++ b/netclient/wireguard/common.go @@ -6,7 +6,6 @@ import ( "log" "os" "os/exec" - "reflect" "runtime" "strconv" "strings" @@ -47,7 +46,6 @@ func SetPeers(iface string, keepalive int32, peers []wgtypes.PeerConfig) error { ncutils.PrintLog("no peers pulled", 1) return err } -PEERS: for _, peer := range peers { for _, currentPeer := range devicePeers { @@ -57,13 +55,7 @@ PEERS: if err != nil { log.Println("error removing peer", peer.Endpoint.String()) } - } else if currentPeer.PublicKey.String() == peer.PublicKey.String() && - currentPeer.Endpoint.String() == peer.Endpoint.String() && - reflect.DeepEqual(currentPeer.AllowedIPs, peer.AllowedIPs) { - - continue PEERS } - } udpendpoint := peer.Endpoint.String() var allowedips string @@ -110,7 +102,7 @@ PEERS: } // Initializes a WireGuard interface -func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string) error { +func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string, syncconf bool) error { key, err := wgtypes.ParseKey(privkey) if err != nil { @@ -126,7 +118,8 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig if err != nil { return err } - fwmark := modcfg.FWMark + fwmarkint32 := modcfg.FWMark + fwmarkint := int(fwmarkint32) nodecfg := modcfg.Node servercfg := modcfg.Server @@ -174,6 +167,7 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig conf = wgtypes.Config{ PrivateKey: &key, ListenPort: &nodeport, + FirewallMark: &fwmarkint, ReplacePeers: true, Peers: peers, } @@ -181,9 +175,9 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig if !ncutils.IsKernel() { var newConf string if node.UDPHolePunch != "yes" { - newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), strconv.FormatInt(int64(node.ListenPort), 10), node.MTU, fwmark, node.PersistentKeepalive, peers) + newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), strconv.FormatInt(int64(node.ListenPort), 10), node.MTU, fwmarkint32, node.PersistentKeepalive, peers) } else { - newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), "", node.MTU, fwmark, node.PersistentKeepalive, peers) + newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), "", node.MTU, fwmarkint32, node.PersistentKeepalive, peers) } confPath := ncutils.GetNetclientPathSpecific() + ifacename + ".conf" ncutils.PrintLog("writing wg conf file to: "+confPath, 1) @@ -200,16 +194,20 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig deviceiface = ifacename } } - d, _ := wgclient.Device(deviceiface) - for d != nil && d.Name == deviceiface { - _ = RemoveConf(ifacename, false) // remove interface first - time.Sleep(time.Second >> 2) - d, _ = wgclient.Device(deviceiface) - } - err = ApplyConf(confPath) - if err != nil { - ncutils.PrintLog("failed to create wireguard interface", 1) - return err + if syncconf { + err = wgclient.ConfigureDevice(deviceiface, conf) + } else { + d, _ := wgclient.Device(deviceiface) + for d != nil && d.Name == deviceiface { + _ = RemoveConf(ifacename, false) // remove interface first + time.Sleep(time.Second >> 2) + d, _ = wgclient.Device(deviceiface) + } + err = ApplyConf(confPath) + if err != nil { + ncutils.PrintLog("failed to create wireguard interface", 1) + return err + } } } else { ipExec, err := exec.LookPath("ip") @@ -293,7 +291,7 @@ func SetWGConfig(network string, peerupdate bool) error { if err != nil { return err } - if peerupdate { + if peerupdate && !ncutils.IsFreeBSD() { var iface string iface = nodecfg.Interface if ncutils.IsMac() { @@ -303,8 +301,10 @@ func SetWGConfig(network string, peerupdate bool) error { } } err = SetPeers(iface, nodecfg.PersistentKeepalive, peers) + } else if peerupdate { + err = InitWireguard(&nodecfg, privkey, peers, hasGateway, gateways, true) } else { - err = InitWireguard(&nodecfg, privkey, peers, hasGateway, gateways) + err = InitWireguard(&nodecfg, privkey, peers, hasGateway, gateways, false) } return err } @@ -335,3 +335,18 @@ func ApplyConf(confPath string) error { } return err } + +// ApplyConf - applys a conf on disk to WireGuard interface +func SyncConf(confPath string) error { + os := runtime.GOOS + var err error + switch os { + /* + case "windows": + _ = SyncWindowsConf(confPath) + */ + default: + err = SyncWGQuickConf(confPath) + } + return err +} diff --git a/netclient/wireguard/unix.go b/netclient/wireguard/unix.go index 6f685896..f304ca64 100644 --- a/netclient/wireguard/unix.go +++ b/netclient/wireguard/unix.go @@ -2,6 +2,7 @@ package wireguard import ( "io/ioutil" + "github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/netclient/config" "github.com/gravitl/netmaker/netclient/ncutils" @@ -50,18 +51,20 @@ func SetWGKeyConfig(network string, serveraddr string) error { // ApplyWGQuickConf - applies wg-quick commands if os supports func ApplyWGQuickConf(confPath string) error { _, _ = ncutils.RunCmd("wg-quick down "+confPath, false) - if _, err := ncutils.RunCmd("wg-quick up "+confPath, false); err != nil { - return err - } - return nil + _, err := ncutils.RunCmd("wg-quick up "+confPath, false) + return err +} + +// ApplyWGQuickConf - applies wg-quick commands if os supports +func SyncWGQuickConf(confPath string) error { + _, err := ncutils.RunCmd("wg-quick down "+confPath, false) + return err } // RemoveWGQuickConf - calls wg-quick down func RemoveWGQuickConf(confPath string, printlog bool) error { - if _, err := ncutils.RunCmd("wg-quick down "+confPath, printlog); err != nil { - return err - } - return nil + _, err := ncutils.RunCmd("wg-quick down "+confPath, printlog) + return err } // StorePrivKey - stores wg priv key on disk locally