compiling with changes pushed for json token. Have NOT TESTED. Will probably run into issues. Need to test multiple egress ranges, AllowedIPs, and overriding connection strings.

2024-09-20 23:36:18 +08:00 · 2021-07-11 00:49:31 -04:00 · 2021-07-11 00:49:31 -04:00 · 977da6b129
parent e11a15dfff
commit 977da6b129
13 changed files with 243 additions and 61 deletions
--- a/config/config.go
+++ b/config/config.go
@ -36,10 +36,13 @@ type EnvironmentConfig struct {

 // ServerConfig :
 type ServerConfig struct {
+  APIConnString string `yaml:"apiconn"`
  APIHost   string  `yaml:"apihost"`
  APIPort   string `yaml:"apiport"`
+  GRPCConnString string `yaml:"grpcconn"`
  GRPCHost   string `yaml:"grpchost"`
  GRPCPort   string `yaml:"grpcport"`
+  GRPCSecure   string `yaml:"grpcsecure"`
  DefaultNodeLimit   int32 `yaml:"defaultnodelimit"`
  MasterKey	string `yaml:"masterkey"`
  AllowedOrigin	string `yaml:"allowedorigin"`
@ -48,6 +51,8 @@ type ServerConfig struct {
  ClientMode string `yaml:"clientmode"`
  DNSMode string `yaml:"dnsmode"`
  DisableRemoteIPCheck string `yaml:"disableremoteipcheck"`
+  DisableDefaultNet string `yaml:"disabledefaultnet"`
+  GRPCSSL   string `yaml:"grpcssl"`
 }

 type WG struct {
--- a/controllers/authGrpc.go
+++ b/controllers/authGrpc.go
@ -84,7 +84,7 @@ func grpcAuthorize(ctx context.Context) error {
 		}
 		emptynode := models.Node{}
 		node, err := functions.GetNodeByMacAddress(network, mac)
-		if err != nil || node == emptynode {
+		if err != nil || node.MacAddress == emptynode.MacAddress {
                        return status.Errorf(codes.Unauthenticated, "Node does not exist.")
 		}

--- a/controllers/networkHttpController.go
+++ b/controllers/networkHttpController.go
@ -6,11 +6,10 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"net"
 	"net/http"
 	"strings"
 	"time"
-
+	"github.com/jinzhu/copier"
 	"github.com/go-playground/validator/v10"
 	"github.com/gorilla/mux"
 	"github.com/gravitl/netmaker/functions"
@ -194,13 +193,14 @@ func ValidateNetworkCreate(network models.Network) error {
 	//
 	_ = v.RegisterValidation("netid_valid", func(fl validator.FieldLevel) bool {
 		isFieldUnique, _ := functions.IsNetworkNameUnique(fl.Field().String())
-		//		inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
-		return isFieldUnique
+		inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
+		return isFieldUnique && inCharSet
 	})
 	//
-	_ = v.RegisterValidation("displayname_unique", func(fl validator.FieldLevel) bool {
+	_ = v.RegisterValidation("displayname_valid", func(fl validator.FieldLevel) bool {
 		isFieldUnique, _ := functions.IsNetworkDisplayNameUnique(fl.Field().String())
-		return isFieldUnique
+		inCharSet := functions.NameInNetworkCharSet(fl.Field().String())
+		return isFieldUnique && inCharSet
 	})

 	err := v.Struct(network)
@ -677,12 +677,28 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
 	}

 	netID := network.NetID
-	grpcaddress := net.JoinHostPort(servercfg.GetGRPCHost(), servercfg.GetGRPCPort())
-	apiaddress := net.JoinHostPort(servercfg.GetAPIHost(), servercfg.GetAPIPort())
-	wgport := servercfg.GetGRPCWGPort()

-	accessstringdec := wgport + "|" +grpcaddress + "|" + apiaddress + "|" + netID + "|" + accesskey.Value + "|" + privAddr
-	accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec))
+        var accessToken models.AccessToken
+        var tokensrvcfg models.ServerConfig
+        var tokenwgcfg models.WG
+        srvcfg := servercfg.GetServerConfig()
+        wgcfg := servercfg.GetWGConfig()
+        copier.Copy(tokensrvcfg, srvcfg)
+        copier.Copy(tokenwgcfg, wgcfg)
+
+        accessToken.ServerConfig = tokensrvcfg
+        accessToken.WG = tokenwgcfg
+	accessToken.ClientConfig.Network = netID
+	accessToken.ClientConfig.Key = accesskey.Value
+	accessToken.ClientConfig.LocalRange = privAddr
+
+        tokenjson, err := json.Marshal(accessToken)
+        if err != nil {
+                return accesskey, err
+        }
+
+        accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
+
 	//validate accesskey
 	v := validator.New()
 	err = v.Struct(accesskey)
@ -716,10 +732,23 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
 func GetSignupToken(netID string) (models.AccessKey, error) {

 	var accesskey models.AccessKey
-	address := net.JoinHostPort(servercfg.GetGRPCHost(), servercfg.GetGRPCPort())
+	var accessToken models.AccessToken
+	var tokensrvcfg models.ServerConfig
+	var tokenwgcfg models.WG
+        srvcfg := servercfg.GetServerConfig()
+        wgcfg := servercfg.GetWGConfig()
+	copier.Copy(tokensrvcfg, srvcfg)
+	copier.Copy(tokenwgcfg, wgcfg)

-        accessstringdec := address + "|" + netID + "|" + "" + "|"
-        accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec))
+	accessToken.ServerConfig = tokensrvcfg
+	accessToken.WG = tokenwgcfg
+
+	tokenjson, err := json.Marshal(accessToken)
+        if err != nil {
+                return accesskey, err
+        }
+
+        accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(tokenjson))
        return accesskey, nil
 }
 func getSignupToken(w http.ResponseWriter, r *http.Request) {
--- a/controllers/nodeHttpController.go
+++ b/controllers/nodeHttpController.go
@ -612,7 +612,7 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
 			{"postup", nodechange.PostUp},
 			{"postdown", nodechange.PostDown},
 			{"isegressgateway", nodechange.IsEgressGateway},
-			{"egressgatewayrange", nodechange.EgressGatewayRange},
+			{"egressgatewayranges", nodechange.EgressGatewayRanges},
 			{"lastmodified", nodechange.LastModified},
 		}},
 	}
@ -636,10 +636,10 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro

 func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
 	var err error
-	isIp := functions.IsIpCIDR(gateway.RangeString)
-	empty := gateway.RangeString == ""
-	if empty || !isIp {
-		err = errors.New("IP Range Not Valid")
+	//isIp := functions.IsIpCIDR(gateway.RangeString)
+	empty := len(gateway.Ranges)==0
+	if empty {
+		err = errors.New("IP Ranges Cannot Be Empty")
 	}
 	empty = gateway.Interface == ""
 	if empty {
@ -670,7 +670,7 @@ func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
 	}

 	nodechange.IsEgressGateway = false
-	nodechange.EgressGatewayRange = ""
+	nodechange.EgressGatewayRanges = []string{}
 	nodechange.PostUp = ""
 	nodechange.PostDown = ""

@ -685,7 +685,7 @@ func DeleteEgressGateway(network, macaddress string) (models.Node, error) {
 			{"postup", nodechange.PostUp},
 			{"postdown", nodechange.PostDown},
 			{"isegressgateway", nodechange.IsEgressGateway},
-			{"egressgatewayrange", nodechange.EgressGatewayRange},
+			{"egressgatewayranges", nodechange.EgressGatewayRanges},
 			{"lastmodified", nodechange.LastModified},
 		}},
 	}
--- a/functions/helpers.go
+++ b/functions/helpers.go
@ -555,7 +555,7 @@ func GetNodeObj(id primitive.ObjectID) models.Node {
 //Switch to REGEX?
 func NameInNetworkCharSet(name string) bool {

-	charset := "abcdefghijklmnopqrstuvwxyz1234567890-_"
+	charset := "abcdefghijklmnopqrstuvwxyz1234567890-_."

 	for _, char := range name {
 		if !strings.Contains(charset, strings.ToLower(string(char))) {
--- a/go.mod
+++ b/go.mod
@ -9,6 +9,7 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/gorilla/handlers v1.5.1
 	github.com/gorilla/mux v1.8.0
+	github.com/jinzhu/copier v0.3.2 // indirect
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect
 	github.com/stretchr/testify v1.6.1
 	github.com/txn2/txeh v1.3.0
--- a/go.sum
+++ b/go.sum
@ -93,6 +93,8 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jinzhu/copier v0.3.2 h1:QdBOCbaouLDYaIPFfi1bKv5F5tPpeTwXe4sD0jqtz5w=
+github.com/jinzhu/copier v0.3.2/go.mod h1:24xnZezI2Yqac9J61UC6/dG/k76ttpq0DdJI3QmUvro=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
--- a/main.go
+++ b/main.go
@ -146,8 +146,11 @@ func runGRPC(wg *sync.WaitGroup, installserver bool) {
        log.Println("Agent Server succesfully started on port " + grpcport + " (gRPC)")

 	if installserver {
+			success := true
+			if !servercfg.DisableDefaultNet() {
 	                        log.Println("Adding server to default network")
-                        success, err := serverctl.AddNetwork("default")
+				success, err = serverctl.AddNetwork("default")
+			}
 			if err != nil {
                                log.Printf("Error adding to default network: %v", err)
 				log.Println("Unable to add server to network. Continuing.")
--- a/models/accessToken.go
+++ b/models/accessToken.go
@ -0,0 +1,31 @@
+package models
+
+type AccessToken struct {
+	ServerConfig
+	ClientConfig
+	WG
+}
+
+type ClientConfig struct {
+  Network string `json:"network"`
+  Key string `json:"key"`
+  LocalRange string `json:"localrange"`
+}
+
+type ServerConfig struct {
+  APIConnString string `json:"apiconn"`
+  APIHost   string  `json:"apihost"`
+  APIPort   string `json:"apiport"`
+  GRPCConnString string `json:"grpcconn"`
+  GRPCHost   string `json:"grpchost"`
+  GRPCPort   string `json:"grpcport"`
+  GRPCSSL   string `json:"grpcssl"`
+}
+
+type WG struct {
+  GRPCWireGuard  string  `json:"grpcwg"`
+  GRPCWGAddress  string `json:"grpcaddr"`
+  GRPCWGPort  string  `json:"grpcport"`
+  GRPCWGPubKey  string  `json:"pubkey"`
+  GRPCWGEndpoint  string  `json:"endpoint"`
+}
--- a/models/network.go
+++ b/models/network.go
@ -16,8 +16,8 @@ type Network struct {
 	//	AddressRange6          string             `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
 	AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"addressrange6_valid"`
 	//can't have min=1 with omitempty
-	DisplayName         string      `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,alphanum,min=2,max=20,displayname_unique"`
-	NetID               string      `json:"netid" bson:"netid" validate:"required,alphanum,min=1,max=12,netid_valid"`
+	DisplayName         string      `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,min=1,max=20,displayname_valid"`
+	NetID               string      `json:"netid" bson:"netid" validate:"required,min=1,max=12,netid_valid"`
 	NodesLastModified   int64       `json:"nodeslastmodified" bson:"nodeslastmodified"`
 	NetworkLastModified int64       `json:"networklastmodified" bson:"networklastmodified"`
 	DefaultInterface    string      `json:"defaultinterface" bson:"defaultinterface"`
@ -47,8 +47,8 @@ type NetworkUpdate struct {
 	//	AddressRange6          string             `json:"addressrange6" bson:"addressrange6" validate:"required_with=isdualstack true,cidrv6"`
 	AddressRange6 string `json:"addressrange6" bson:"addressrange6" validate:"omitempty,cidr"`
 	//can't have min=1 with omitempty
-	DisplayName         string      `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,alphanum,min=2,max=20"`
-	NetID               string      `json:"netid" bson:"netid" validate:"omitempty,alphanum,min=1,max=12"`
+	DisplayName         string      `json:"displayname,omitempty" bson:"displayname,omitempty" validate:"omitempty,validnetid,min=1,max=20"`
+	NetID               string      `json:"netid" bson:"netid" validate:"omitempty,validnetid,min=1,max=15"`
 	NodesLastModified   int64       `json:"nodeslastmodified" bson:"nodeslastmodified"`
 	NetworkLastModified int64       `json:"networklastmodified" bson:"networklastmodified"`
 	DefaultInterface    string      `json:"defaultinterface" bson:"defaultinterface"`
@ -86,7 +86,11 @@ func (network *Network) SetDefaults() {
 		network.DisplayName = network.NetID
 	}
 	if network.DefaultInterface == "" {
+		if len(network.NetID) < 13 {
 			network.DefaultInterface = "nm-" + network.NetID
+		} else {
+			network.DefaultInterface = network.NetID
+		}
 	}
 	if network.DefaultListenPort == 0 {
 		network.DefaultListenPort = 51821
--- a/models/node.go
+++ b/models/node.go
@ -28,7 +28,7 @@ type Node struct {
 	Endpoint            string             `json:"endpoint" bson:"endpoint" validate:"required,ip"`
 	PostUp              string             `json:"postup" bson:"postup"`
 	PostDown            string             `json:"postdown" bson:"postdown"`
-	AllowedIPs          string             `json:"allowedips" bson:"allowedips"`
+	AllowedIPs          []string             `json:"allowedips" bson:"allowedips"`
 	PersistentKeepalive int32              `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
 	SaveConfig          *bool              `json:"saveconfig" bson:"saveconfig"`
 	AccessKey           string             `json:"accesskey" bson:"accesskey"`
@ -48,6 +48,8 @@ type Node struct {
 	EgressGatewayRanges        []string             `json:"egressgatewayranges" bson:"egressgatewayranges"`
 	IngressGatewayRange        string             `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
 	PostChanges         string             `json:"postchanges" bson:"postchanges"`
+        StaticIP         string             `json:"staticip" bson:"staticip"`
+        StaticPubKey         string             `json:"staticpubkey" bson:"staticpubkey"`
 }

 //node update struct --- only validations are different
@ -62,7 +64,7 @@ type NodeUpdate struct {
 	Endpoint            string             `json:"endpoint" bson:"endpoint" validate:"omitempty,ip"`
 	PostUp              string             `json:"postup" bson:"postup"`
 	PostDown            string             `json:"postdown" bson:"postdown"`
-	AllowedIPs          string             `json:"allowedips" bson:"allowedips"`
+	AllowedIPs          []string             `json:"allowedips" bson:"allowedips"`
 	PersistentKeepalive int32              `json:"persistentkeepalive" bson:"persistentkeepalive" validate:"omitempty,numeric,max=1000"`
 	SaveConfig          *bool              `json:"saveconfig" bson:"saveconfig"`
 	AccessKey           string             `json:"accesskey" bson:"accesskey"`
@ -80,8 +82,10 @@ type NodeUpdate struct {
 	IsIngressGateway           bool               `json:"isingressgateway" bson:"isingressgateway"`
 	IsEgressGateway           bool               `json:"isegressgateway" bson:"isegressgateway"`
        IngressGatewayRange        string             `json:"ingressgatewayrange" bson:"ingressgatewayrange"`
-	EgressGatewayRange        string             `json:"gatewayrange" bson:"gatewayrange"`
+	EgressGatewayRanges        []string             `json:"egressgatewayranges" bson:"egressgatewayranges"`
 	PostChanges         string             `json:"postchanges" bson:"postchanges"`
+	StaticIP         string             `json:"staticip" bson:"staticip"`
+	StaticPubKey         string             `json:"staticpubkey" bson:"staticpubkey"`
 }

 //Duplicated function for NodeUpdates
@ -191,6 +195,13 @@ func (node *Node) SetDefaults() {
 		postup := parentNetwork.DefaultPostUp
 		node.PostUp = postup
 	}
+	if node.StaticIP == "" {
+		node.StaticIP = "no"
+	}
+        if node.StaticPubKey == "" {
+                node.StaticPubKey = "no"
+        }
+
 	node.CheckInInterval = parentNetwork.DefaultCheckInInterval

 }
--- a/netclient/config/config.go
+++ b/netclient/config/config.go
@ -6,10 +6,9 @@ import (
 	"os"
        "encoding/base64"
 	"errors"
-	"strings"
 	"fmt"
-	"net"
 	"log"
+        "encoding/json"
 	"gopkg.in/yaml.v3"
 	nodepb "github.com/gravitl/netmaker/grpc"
 	"github.com/gravitl/netmaker/models"
@ -29,6 +28,8 @@ type ServerConfig struct {
        GRPCAddress string `yaml:"grpcaddress"`
        APIAddress string `yaml:"apiaddress"`
        AccessKey string `yaml:"accesskey"`
+        GRPCSSL string `yaml:"grpcssl"`
+        GRPCWireGuard string `yaml:"grpcwg"`
 }

 type ListConfig struct {
@ -53,16 +54,19 @@ type NodeConfig struct {
        IsLocal string `yaml:"islocal"`
        IsDualStack string `yaml:"isdualstack"`
        IsIngressGateway string `yaml:"isingressgateway"`
-        AllowedIPs string `yaml:"allowedips"`
+        AllowedIPs []string `yaml:"allowedips"`
        LocalRange string `yaml:"localrange"`
        PostUp string `yaml:"postup"`
        PostDown string `yaml:"postdown"`
        Port int32 `yaml:"port"`
        KeepAlive int32 `yaml:"keepalive"`
        PublicKey string `yaml:"publickey"`
+        ServerPubKey string `yaml:"serverpubkey"`
        PrivateKey string `yaml:"privatekey"`
        Endpoint string `yaml:"endpoint"`
        PostChanges string `yaml:"postchanges"`
+        StaticIP string `yaml:"staticip"`
+        StaticPubKey string `yaml:"staticpubkey"`
        IPForwarding string `yaml:"ipforwarding"`
 }

@ -375,16 +379,34 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
 			log.Println("error decoding token")
 			return cfg, err
                }
-                token := string(tokenbytes)
-                tokenvals := strings.Split(token, "|")
-
-		cfg.Server.GRPCAddress = tokenvals[1]
-                cfg.Network = tokenvals[3]
-                cfg.Node.Network = tokenvals[3]
-                cfg.Server.AccessKey = tokenvals[4]
-                if len(tokenvals) > 4 {
-			cfg.Node.LocalRange = tokenvals[5]
+		var accesstoken models.AccessToken
+		if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
+			log.Println("error converting token json to object", tokenbytes )
+			return cfg, err
 		}
+
+		if accesstoken.ServerConfig.APIConnString != "" {
+			cfg.Server.APIAddress = accesstoken.ServerConfig.APIConnString
+		} else {
+			cfg.Server.APIAddress = accesstoken.ServerConfig.APIHost
+			if accesstoken.ServerConfig.APIPort != "" {
+				cfg.Server.APIAddress = cfg.Server.APIAddress + ":" + accesstoken.ServerConfig.APIPort
+			}
+		}
+                if accesstoken.ServerConfig.GRPCConnString != "" {
+                        cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCConnString
+                } else {
+                        cfg.Server.GRPCAddress = accesstoken.ServerConfig.GRPCHost
+                        if accesstoken.ServerConfig.GRPCPort != "" {
+                                cfg.Server.GRPCAddress = cfg.Server.GRPCAddress + ":" + accesstoken.ServerConfig.GRPCPort
+                        }
+                }
+                cfg.Network = accesstoken.ClientConfig.Network
+                cfg.Node.Network = accesstoken.ClientConfig.Network
+                cfg.Server.AccessKey = accesstoken.ClientConfig.Key
+		cfg.Node.LocalRange = accesstoken.ClientConfig.LocalRange
+		cfg.Server.GRPCSSL = accesstoken.ServerConfig.GRPCSSL
+		cfg.Server.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
 		if c.String("grpcserver") != "" {
 			cfg.Server.GRPCAddress = c.String("grpcserver")
 		}
@ -401,6 +423,13 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
 		if c.String("localrange") != "" {
 			cfg.Node.LocalRange = c.String("localrange")
 		}
+                if c.String("grpcssl") != "" {
+                        cfg.Server.GRPCSSL = c.String("grpcssl")
+                }
+                if c.String("grpcwg") != "" {
+                        cfg.Server.GRPCWireGuard = c.String("grpcwg")
+                }
+
 	} else {
 		cfg.Server.GRPCAddress = c.String("grpcserver")
 		cfg.Server.APIAddress = c.String("apiserver")
@ -408,6 +437,8 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
                cfg.Network = c.String("network")
                cfg.Node.Network = c.String("network")
                cfg.Node.LocalRange = c.String("localrange")
+                cfg.Server.GRPCWireGuard = c.String("grpcwg")
+                cfg.Server.GRPCSSL = c.String("grpcssl")
 	}
 	cfg.Node.Name = c.String("name")
 	cfg.Node.Interface = c.String("interface")
@ -442,22 +473,32 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
 			log.Println("error decoding token")
 			return cfg, err
 		}
-		token := string(tokenbytes)
-		tokenvals := strings.Split(token, "|")
-
-		cfg.Client.ServerPrivateAddress, cfg.Client.ServerGRPCPort, err = net.SplitHostPort(tokenvals[1])
+                var accesstoken models.AccessToken
+                if err := json.Unmarshal(tokenbytes, &accesstoken); err != nil {
+                        log.Println("error converting token json to object", tokenbytes )
+                        return cfg, err
+                }
+		cfg.Client.ServerPrivateAddress = accesstoken.WG.GRPCWGAddress
+		cfg.Client.ServerGRPCPort = accesstoken.WG.GRPCWGPort
 		if err != nil {
 			log.Println("error decoding token grpcserver")
 			return cfg, err
 		}
-		cfg.Client.ServerPublicEndpoint, cfg.Client.ServerAPIPort, err = net.SplitHostPort(tokenvals[2])
                if err != nil {
                        log.Println("error decoding token apiserver")
                        return cfg, err
                }
-
-		cfg.Client.ServerWGPort = tokenvals[0]
-		cfg.Client.ServerKey = tokenvals[4]
+                if accesstoken.ServerConfig.APIConnString != "" {
+                        cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIConnString
+                } else {
+                        cfg.Client.ServerPublicEndpoint = accesstoken.ServerConfig.APIHost
+                        if accesstoken.ServerConfig.APIPort != "" {
+                                cfg.Client.ServerAPIPort = accesstoken.ServerConfig.APIPort
+                        }
+                }
+		cfg.Client.ServerWGPort = accesstoken.WG.GRPCWGPort
+		cfg.Client.ServerKey = accesstoken.ClientConfig.Key
+                cfg.Client.ServerKey = accesstoken.WG.GRPCWGPubKey

                if c.String("grpcserver") != "" {
                        cfg.Client.ServerPrivateAddress = c.String("grpcserver")
@ -465,8 +506,8 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
                if c.String("apiserver") != "" {
                        cfg.Client.ServerPublicEndpoint = c.String("apiserver")
                }
-                if c.String("key") != "" {
-                        cfg.Client.ServerKey = c.String("key")
+                if c.String("pubkey") != "" {
+                        cfg.Client.ServerKey = c.String("pubkey")
                }
                if c.String("network") != "all" {
                        cfg.Client.Network = c.String("network")
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@ -19,8 +19,10 @@ func SetHost() error {
 }
 func GetServerConfig() config.ServerConfig {
 	var cfg config.ServerConfig
+	cfg.APIConnString = GetAPIConnString()
 	cfg.APIHost = GetAPIHost()
 	cfg.APIPort = GetAPIPort()
+	cfg.GRPCConnString = GetGRPCConnString()
 	cfg.GRPCHost = GetGRPCHost()
 	cfg.GRPCPort = GetGRPCPort()
 	cfg.MasterKey = "(hidden)"
@ -41,10 +43,18 @@ func GetServerConfig() config.ServerConfig {
 	if IsDNSMode() {
 	        cfg.DNSMode = "on"
 	}
+        cfg.GRPCSSL = "off"
+        if IsGRPCSSL() {
+                cfg.GRPCSSL = "on"
+        }
 	cfg.DisableRemoteIPCheck = "off"
 	if DisableRemoteIPCheck() {
 		cfg.DisableRemoteIPCheck = "on"
 	}
+        cfg.DisableDefaultNet = "off"
+        if DisableDefaultNet() {
+                cfg.DisableRemoteIPCheck = "on"
+        }
 	return cfg
 }

@ -63,7 +73,15 @@ func GetWGConfig() config.WG{
 	cfg.GRPCWGPrivKey =  GetGRPCWGPrivKey()
 	return cfg
 }
-
+func GetAPIConnString() string {
+        conn := ""
+        if os.Getenv("SERVER_API_CONN_STRING") != ""  {
+                conn = os.Getenv("SERVER_API_CONN_STRING")
+        } else if config.Config.Server.APIConnString != "" {
+                conn = config.Config.Server.APIConnString
+        }
+        return conn
+}
 func GetAPIHost() string {
        serverhost := "127.0.0.1"
        if os.Getenv("SERVER_HTTP_HOST") != ""  {
@ -101,6 +119,15 @@ func GetDefaultNodeLimit() int32 {
        }
        return limit
 }
+func GetGRPCConnString() string {
+        conn := ""
+        if os.Getenv("SERVER_GRPC_CONN_STRING") != ""  {
+                conn = os.Getenv("SERVER_GRPC_CONN_STRING")
+        } else if config.Config.Server.GRPCConnString != "" {
+                conn = config.Config.Server.GRPCConnString
+        }
+        return conn
+}

 func GetGRPCHost() string {
 	serverhost := "127.0.0.1"
@ -201,6 +228,21 @@ func IsDNSMode() bool {
       }
       return isdns
 }
+
+func IsGRPCSSL() bool {
+        isssl := false
+        if os.Getenv("GRPC_SSL") != "" {
+                if os.Getenv("GRPC_SSL") == "on" {
+                        isssl = true
+                }
+        } else if config.Config.Server.DNSMode != "" {
+                if config.Config.Server.DNSMode == "on" {
+                        isssl = true
+                }
+       }
+       return isssl
+}
+
 func DisableRemoteIPCheck() bool {
        disabled := false
        if os.Getenv("DISABLE_REMOTE_IP_CHECK") != "" {
@ -214,6 +256,19 @@ func DisableRemoteIPCheck() bool {
       }
       return disabled
 }
+func DisableDefaultNet() bool {
+        disabled := false
+        if os.Getenv("DISABLE_DEFAULT_NET") != "" {
+                if os.Getenv("DISABLE_DEFAULT_NET") == "on" {
+                        disabled = true
+                }
+        } else if config.Config.Server.DisableDefaultNet != "" {
+                if config.Config.Server.DisableDefaultNet == "on" {
+                        disabled= true
+                }
+       }
+       return disabled
+}
 func GetPublicIP() (string, error) {

        endpoint := ""