Merge branch 'develop' of https://github.com/gravitl/netmaker into GRA-1011/remove_mq_dyn_sec

2025-09-06 13:14:24 +08:00 · 2023-02-07 20:46:57 +04:00 · 2023-02-07 20:46:57 +04:00 · cb308e11f4
commit cb308e11f4
parent 451d490800 35455ba7b3
18 changed files with 129 additions and 142 deletions
--- a/cli/cmd/node/create_egress.go
+++ b/cli/cmd/node/create_egress.go
@ -15,10 +15,9 @@ var nodeCreateEgressCmd = &cobra.Command{
 	Long:  `Turn a Node into a Egress`,
 	Run: func(cmd *cobra.Command, args []string) {
 		egress := &models.EgressGatewayRequest{
-			NetID:     args[0],
-			NodeID:    args[1],
-			Interface: networkInterface,
-			Ranges:    strings.Split(args[2], ","),
+			NetID:  args[0],
+			NodeID: args[1],
+			Ranges: strings.Split(args[2], ","),
 		}
 		if natEnabled {
 			egress.NatEnabled = "yes"
@ -28,7 +27,6 @@ var nodeCreateEgressCmd = &cobra.Command{
 }

 func init() {
-	nodeCreateEgressCmd.Flags().StringVar(&networkInterface, "interface", "", "Network interface name (ex:- eth0)")
 	nodeCreateEgressCmd.Flags().BoolVar(&natEnabled, "nat", false, "Enable NAT for Egress Traffic ?")
 	rootCmd.AddCommand(nodeCreateEgressCmd)
 }
--- a/cli/cmd/node/flags.go
+++ b/cli/cmd/node/flags.go
@ -1,7 +1,6 @@
 package node

 var (
-	networkInterface       string
 	natEnabled             bool
 	failover               bool
 	networkName            string
--- a/compose/docker-compose.ee.yml
+++ b/compose/docker-compose.ee.yml
@ -17,7 +17,6 @@ services:
      DNS_MODE: "on"
      SERVER_HTTP_HOST: "api.NETMAKER_BASE_DOMAIN"
      API_PORT: "8081"
-      CLIENT_MODE: "on"
      MASTER_KEY: "REPLACE_MASTER_KEY"
      CORS_ALLOWED_ORIGIN: "*"
      DISPLAY_KEYS: "on"
--- a/config/config.go
+++ b/config/config.go
@ -44,7 +44,6 @@ type ServerConfig struct {
 	RestBackend           string `yaml:"restbackend"`
 	AgentBackend          string `yaml:"agentbackend"`
 	MessageQueueBackend   string `yaml:"messagequeuebackend"`
-	ClientMode            string `yaml:"clientmode"`
 	DNSMode               string `yaml:"dnsmode"`
 	DisableRemoteIPCheck  string `yaml:"disableremoteipcheck"`
 	Version               string `yaml:"version"`
--- a/config/environments/dev.yaml
+++ b/config/environments/dev.yaml
@ -5,7 +5,6 @@ server:
  allowedorigin: "" # defaults to '*' or CORS_ALLOWED_ORIGIN (if set)
  restbackend: "" # defaults to "on" or REST_BACKEND (if set)
  agentbackend: "" # defaults to "on" or AGENT_BACKEND (if set)
-  clientmode: "" # defaults to "on" or CLIENT_MODE (if set)
  dnsmode: "" # defaults to "on" or DNS_MODE (if set)
  sqlconn: "" # defaults to "http://" or SQL_CONN (if set)
  disableremoteipcheck: "" # defaults to "false" or DISABLE_REMOTE_IP_CHECK (if set)
--- a/controllers/node.go
+++ b/controllers/node.go
@ -673,33 +673,34 @@ func createNode(w http.ResponseWriter, r *http.Request) {
 //			Responses:
 //				200: nodeResponse
 func createEgressGateway(w http.ResponseWriter, r *http.Request) {
-	logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("currently unimplemented"), "internal"))
-	// var gateway models.EgressGatewayRequest
-	// var params = mux.Vars(r)
-	// w.Header().Set("Content-Type", "application/json")
-	// err := json.NewDecoder(r.Body).Decode(&gateway)
-	//	if err != nil {
-	//		logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
-	//		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
-	//		return
-	//	}
-	// gateway.NetID = params["network"]
-	// gateway.NodeID = params["nodeid"]
-	// node, err := logic.CreateEgressGateway(gateway)
-	//	if err != nil {
-	//		logger.Log(0, r.Header.Get("user"),
-	//			fmt.Sprintf("failed to create egress gateway on node [%s] on network [%s]: %v",
-	//				gateway.NodeID, gateway.NetID, err))
-	//		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-	//		return
-	//	}
-	//
-	// apiNode := node.ConvertToAPINode()
-	// logger.Log(1, r.Header.Get("user"), "created egress gateway on node", gateway.NodeID, "on network", gateway.NetID)
-	// w.WriteHeader(http.StatusOK)
-	// json.NewEncoder(w).Encode(apiNode)
-	//
-	// runUpdates(&node, true)
+	var gateway models.EgressGatewayRequest
+	var params = mux.Vars(r)
+	w.Header().Set("Content-Type", "application/json")
+	err := json.NewDecoder(r.Body).Decode(&gateway)
+	if err != nil {
+		logger.Log(0, r.Header.Get("user"), "error decoding request body: ", err.Error())
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
+		return
+	}
+	gateway.NetID = params["network"]
+	gateway.NodeID = params["nodeid"]
+	node, err := logic.CreateEgressGateway(gateway)
+	if err != nil {
+		logger.Log(0, r.Header.Get("user"),
+			fmt.Sprintf("failed to create egress gateway on node [%s] on network [%s]: %v",
+				gateway.NodeID, gateway.NetID, err))
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
+		return
+	}
+
+	apiNode := node.ConvertToAPINode()
+	logger.Log(1, r.Header.Get("user"), "created egress gateway on node", gateway.NodeID, "on network", gateway.NetID)
+	w.WriteHeader(http.StatusOK)
+	json.NewEncoder(w).Encode(apiNode)
+	go func() {
+		mq.PublishPeerUpdate()
+	}()
+	runUpdates(&node, true)
 }

 // swagger:route DELETE /api/nodes/{network}/{nodeid}/deletegateway nodes deleteEgressGateway
@ -714,26 +715,28 @@ func createEgressGateway(w http.ResponseWriter, r *http.Request) {
 //			Responses:
 //				200: nodeResponse
 func deleteEgressGateway(w http.ResponseWriter, r *http.Request) {
-	logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("currently unimplemented"), "internal"))
-	//w.Header().Set("Content-Type", "application/json")
-	// var params = mux.Vars(r)
-	// nodeid := params["nodeid"]
-	// netid := params["network"]
-	// node, err := logic.DeleteEgressGateway(netid, nodeid)
-	//	if err != nil {
-	//		logger.Log(0, r.Header.Get("user"),
-	//			fmt.Sprintf("failed to delete egress gateway on node [%s] on network [%s]: %v",
-	//				nodeid, netid, err))
-	//		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-	//		return
-	//	}
-	//
-	// apiNode := node.ConvertToAPINode()
-	// logger.Log(1, r.Header.Get("user"), "deleted egress gateway on node", nodeid, "on network", netid)
-	// w.WriteHeader(http.StatusOK)
-	// json.NewEncoder(w).Encode(apiNode)
-	//
-	// runUpdates(&node, true)
+
+	w.Header().Set("Content-Type", "application/json")
+	var params = mux.Vars(r)
+	nodeid := params["nodeid"]
+	netid := params["network"]
+	node, err := logic.DeleteEgressGateway(netid, nodeid)
+	if err != nil {
+		logger.Log(0, r.Header.Get("user"),
+			fmt.Sprintf("failed to delete egress gateway on node [%s] on network [%s]: %v",
+				nodeid, netid, err))
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
+		return
+	}
+
+	apiNode := node.ConvertToAPINode()
+	logger.Log(1, r.Header.Get("user"), "deleted egress gateway on node", nodeid, "on network", netid)
+	w.WriteHeader(http.StatusOK)
+	json.NewEncoder(w).Encode(apiNode)
+	go func() {
+		mq.PublishPeerUpdate()
+	}()
+	runUpdates(&node, true)
 }

 // == INGRESS ==
--- a/controllers/node_test.go
+++ b/controllers/node_test.go
@ -19,7 +19,6 @@ var linuxHost models.Host

 func TestCreateEgressGateway(t *testing.T) {
 	var gateway models.EgressGatewayRequest
-	gateway.Interface = "eth0"
 	gateway.Ranges = []string{"10.100.100.0/24"}
 	gateway.NetID = "skynet"
 	database.InitializeDatabase()
@ -63,7 +62,6 @@ func TestCreateEgressGateway(t *testing.T) {
 	})
 	t.Run("Success", func(t *testing.T) {
 		var gateway models.EgressGatewayRequest
-		gateway.Interface = "eth0"
 		gateway.Ranges = []string{"10.100.100.0/24"}
 		gateway.NetID = "skynet"
 		deleteAllNodes()
@ -84,7 +82,6 @@ func TestDeleteEgressGateway(t *testing.T) {
 	deleteAllNetworks()
 	createNet()
 	testnode := createTestNode()
-	gateway.Interface = "eth0"
 	gateway.Ranges = []string{"10.100.100.0/24"}
 	gateway.NetID = "skynet"
 	gateway.NodeID = testnode.ID.String()
@ -138,19 +135,11 @@ func TestGetNetworkNodes(t *testing.T) {
 func TestValidateEgressGateway(t *testing.T) {
 	var gateway models.EgressGatewayRequest
 	t.Run("EmptyRange", func(t *testing.T) {
-		gateway.Interface = "eth0"
 		gateway.Ranges = []string{}
 		err := logic.ValidateEgressGateway(gateway)
 		assert.EqualError(t, err, "IP Ranges Cannot Be Empty")
 	})
-	t.Run("EmptyInterface", func(t *testing.T) {
-		gateway.Interface = ""
-		err := logic.ValidateEgressGateway(gateway)
-		assert.NotNil(t, err)
-		assert.Equal(t, "interface cannot be empty", err.Error())
-	})
 	t.Run("Success", func(t *testing.T) {
-		gateway.Interface = "eth0"
 		gateway.Ranges = []string{"10.100.100.0/24"}
 		err := logic.ValidateEgressGateway(gateway)
 		assert.Nil(t, err)
--- a/dev.yaml
+++ b/dev.yaml
@ -15,7 +15,6 @@ server:
  restbackend: "on"
  agentbackend: "on"
  messagequeuebackend: "on"
-  clientmode: "on"
  dnsmode: "on"
  disableremoteipcheck: ""
  grpcssl: "on"
--- a/k8s/server/netmaker-server.yaml
+++ b/k8s/server/netmaker-server.yaml
@ -53,8 +53,6 @@ spec:
          value: wireguard-go
        - name: DNS_MODE
          value: "off"
-        - name: CLIENT_MODE
-          value: "on"
        - name: DISPLAY_KEYS
          value: "on"
        - name: DATABASE
--- a/logic/gateway.go
+++ b/logic/gateway.go
@ -22,20 +22,22 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
 	if err != nil {
 		return models.Node{}, err
 	}
-	for i, cidr := range gateway.Ranges {
-		normalized, err := NormalizeCIDR(cidr)
+	if host.OS != "linux" { // support for other OS to be added
+		return models.Node{}, errors.New(host.OS + " is unsupported for egress gateways")
+	}
+	for i := len(gateway.Ranges) - 1; i >= 0; i-- {
+		if gateway.Ranges[i] == "0.0.0.0/0" || gateway.Ranges[i] == "::/0" {
+			logger.Log(0, "currently internet gateways are not supported", gateway.Ranges[i])
+			gateway.Ranges = append(gateway.Ranges[:i], gateway.Ranges[i+1:]...)
+			continue
+		}
+		normalized, err := NormalizeCIDR(gateway.Ranges[i])
 		if err != nil {
 			return models.Node{}, err
 		}
 		gateway.Ranges[i] = normalized

 	}
-	if host.OS != "linux" && host.OS != "freebsd" { // add in darwin later
-		return models.Node{}, errors.New(host.OS + " is unsupported for egress gateways")
-	}
-	if host.OS == "linux" && host.FirewallInUse == models.FIREWALL_NONE {
-		return models.Node{}, errors.New("firewall is not supported for egress gateways")
-	}
 	if gateway.NatEnabled == "" {
 		gateway.NatEnabled = "yes"
 	}
@ -66,10 +68,6 @@ func ValidateEgressGateway(gateway models.EgressGatewayRequest) error {
 	if empty {
 		err = errors.New("IP Ranges Cannot Be Empty")
 	}
-	empty = gateway.Interface == ""
-	if empty {
-		err = errors.New("interface cannot be empty")
-	}
 	return err
 }

--- a/logic/peers.go
+++ b/logic/peers.go
@ -308,6 +308,7 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 		IngressInfo: models.IngressInfo{
 			ExtPeers: make(map[string]models.ExtClientInfo),
 		},
+		EgressInfo: make(map[string]models.EgressInfo),
 	}
 	logger.Log(1, "peer update for host ", host.ID.String())
 	peerIndexMap := make(map[string]int)
@ -328,9 +329,9 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 			log.Println("no network nodes")
 			return models.HostPeerUpdate{}, err
 		}
-		var extClientPeerMap map[string]models.PeerExtInfo
-		if node.IsIngressGateway {
-			extClientPeerMap = make(map[string]models.PeerExtInfo)
+		var nodePeerMap map[string]models.PeerRouteInfo
+		if node.IsIngressGateway || node.IsEgressGateway {
+			nodePeerMap = make(map[string]models.PeerRouteInfo)
 		}
 		for _, peer := range currentPeers {
 			if peer.ID == node.ID {
@ -393,9 +394,9 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 				allowedips = append(allowedips, getEgressIPs(&node, &peer)...)
 			}
 			peerConfig.AllowedIPs = allowedips
-			if node.IsIngressGateway {
+			if node.IsIngressGateway || node.IsEgressGateway {

-				extClientPeerMap[peerHost.PublicKey.String()] = models.PeerExtInfo{
+				nodePeerMap[peerHost.PublicKey.String()] = models.PeerRouteInfo{
 					PeerAddr: net.IPNet{
 						IP:   net.ParseIP(peer.PrimaryAddress()),
 						Mask: getCIDRMaskFromAddr(peer.PrimaryAddress()),
@ -428,8 +429,10 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 			}

 		}
+		var extPeers []wgtypes.PeerConfig
+		var extPeerIDAndAddrs []models.IDandAddr
 		if node.IsIngressGateway {
-			extPeers, extPeerIDAndAddrs, err := getExtPeers(&node)
+			extPeers, extPeerIDAndAddrs, err = getExtPeers(&node)
 			if err == nil {
 				hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...)
 				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
@ -446,12 +449,13 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 							IP:   net.ParseIP(node.PrimaryAddress()),
 							Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
 						},
+						Network: node.PrimaryNetworkRange(),
 						ExtPeerAddr: net.IPNet{
 							IP:   net.ParseIP(extPeerIdAndAddr.Address),
 							Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
 						},
 						ExtPeerKey: extPeerIdAndAddr.ID,
-						Peers:      extClientPeerMap,
+						Peers:      nodePeerMap,
 					}
 				}

@ -459,6 +463,31 @@ func GetPeerUpdateForHost(host *models.Host) (models.HostPeerUpdate, error) {
 				logger.Log(1, "error retrieving external clients:", err.Error())
 			}
 		}
+		if node.IsEgressGateway {
+			if node.IsIngressGateway {
+				for _, extPeerIdAndAddr := range extPeerIDAndAddrs {
+					nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{
+						PeerAddr: net.IPNet{
+							IP:   net.ParseIP(extPeerIdAndAddr.Address),
+							Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address),
+						},
+						PeerKey: extPeerIdAndAddr.ID,
+						Allow:   true,
+					}
+				}
+
+			}
+			hostPeerUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{
+				EgressID: node.ID.String(),
+				Network:  node.PrimaryNetworkRange(),
+				EgressGwAddr: net.IPNet{
+					IP:   net.ParseIP(node.PrimaryAddress()),
+					Mask: getCIDRMaskFromAddr(node.PrimaryAddress()),
+				},
+				GwPeers:     nodePeerMap,
+				EgressGWCfg: node.EgressGatewayRequest,
+			}
+		}
 	}

 	return hostPeerUpdate, nil
@ -1108,13 +1137,13 @@ func getEgressIPs(node, peer *models.Node) []net.IPNet {
 			logger.Log(1, "could not parse gateway IP range. Not adding ", iprange)
 			continue // if can't parse CIDR
 		}
-		nodeEndpointArr := strings.Split(peerHost.EndpointIP.String(), ":")      // getting the public ip of node
-		if ipnet.Contains(net.ParseIP(nodeEndpointArr[0])) && !internetGateway { // ensuring egress gateway range does not contain endpoint of node
+		// getting the public ip of node
+		if ipnet.Contains(peerHost.EndpointIP) && !internetGateway { // ensuring egress gateway range does not contain endpoint of node
 			logger.Log(2, "egress IP range of ", iprange, " overlaps with ", host.EndpointIP.String(), ", omitting")
 			continue // skip adding egress range if overlaps with node's ip
 		}
 		// TODO: Could put in a lot of great logic to avoid conflicts / bad routes
-		if ipnet.Contains(net.ParseIP(node.LocalAddress.String())) && !internetGateway { // ensuring egress gateway range does not contain public ip of node
+		if ipnet.Contains(node.LocalAddress.IP) && !internetGateway { // ensuring egress gateway range does not contain public ip of node
 			logger.Log(2, "egress IP range of ", iprange, " overlaps with ", node.LocalAddress.String(), ", omitting")
 			continue // skip adding egress range if overlaps with node's local ip
 		}
--- a/main.go
+++ b/main.go
@ -8,7 +8,6 @@ import (
 	"os"
 	"os/signal"
 	"runtime/debug"
-	"strconv"
 	"sync"
 	"syscall"

@ -97,20 +96,6 @@ func initialize() { // Client Mode Prereq Check
 		logger.FatalLog("error setting defaults: ", err.Error())
 	}

-	if servercfg.IsClientMode() != "off" {
-		output, err := ncutils.RunCmd("id -u", true)
-		if err != nil {
-			logger.FatalLog("Error running 'id -u' for prereq check. Please investigate or disable client mode.", output, err.Error())
-		}
-		uid, err := strconv.Atoi(string(output[:len(output)-1]))
-		if err != nil {
-			logger.FatalLog("Error retrieving uid from 'id -u' for prereq check. Please investigate or disable client mode.", err.Error())
-		}
-		if uid != 0 {
-			logger.FatalLog("To run in client mode requires root privileges. Either disable client mode or run with sudo.")
-		}
-	}
-
 	if servercfg.IsDNSMode() {
 		err := functions.SetDNSDir()
 		if err != nil {
--- a/models/mqtt.go
+++ b/models/mqtt.go
@ -27,6 +27,7 @@ type HostPeerUpdate struct {
 	Peers         []wgtypes.PeerConfig   `json:"peers" bson:"peers" yaml:"peers"`
 	PeerIDs       HostPeerMap            `json:"peerids" bson:"peerids" yaml:"peerids"`
 	ProxyUpdate   ProxyManagerPayload    `json:"proxy_update" bson:"proxy_update" yaml:"proxy_update"`
+	EgressInfo    map[string]EgressInfo  `json:"egress_info" bson:"egress_info" yaml:"egress_info"` // map key is node ID
 	IngressInfo   IngressInfo            `json:"ingress_info" bson:"ext_peers" yaml:"ext_peers"`
 }

@ -35,8 +36,17 @@ type IngressInfo struct {
 	ExtPeers map[string]ExtClientInfo `json:"ext_peers" yaml:"ext_peers"`
 }

-// PeerExtInfo - struct for peer info for an ext. client
-type PeerExtInfo struct {
+// EgressInfo - struct for egress info
+type EgressInfo struct {
+	EgressID     string                   `json:"egress_id" yaml:"egress_id"`
+	Network      net.IPNet                `json:"network" yaml:"network"`
+	EgressGwAddr net.IPNet                `json:"egress_gw_addr" yaml:"egress_gw_addr"`
+	GwPeers      map[string]PeerRouteInfo `json:"gateway_peers" yaml:"gateway_peers"`
+	EgressGWCfg  EgressGatewayRequest     `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"`
+}
+
+// PeerRouteInfo - struct for peer info for an ext. client
+type PeerRouteInfo struct {
 	PeerAddr net.IPNet `json:"peer_addr" yaml:"peer_addr"`
 	PeerKey  string    `json:"peer_key" yaml:"peer_key"`
 	Allow    bool      `json:"allow" yaml:"allow"`
@ -44,11 +54,12 @@ type PeerExtInfo struct {

 // ExtClientInfo - struct for ext. client and it's peers
 type ExtClientInfo struct {
-	IngGwAddr   net.IPNet              `json:"ingress_gw_addr" yaml:"ingress_gw_addr"`
-	Masquerade  bool                   `json:"masquerade" yaml:"masquerade"`
-	ExtPeerAddr net.IPNet              `json:"ext_peer_addr" yaml:"ext_peer_addr"`
-	ExtPeerKey  string                 `json:"ext_peer_key" yaml:"ext_peer_key"`
-	Peers       map[string]PeerExtInfo `json:"peers" yaml:"peers"`
+	IngGwAddr   net.IPNet                `json:"ingress_gw_addr" yaml:"ingress_gw_addr"`
+	Network     net.IPNet                `json:"network" yaml:"network"`
+	Masquerade  bool                     `json:"masquerade" yaml:"masquerade"`
+	ExtPeerAddr net.IPNet                `json:"ext_peer_addr" yaml:"ext_peer_addr"`
+	ExtPeerKey  string                   `json:"ext_peer_key" yaml:"ext_peer_key"`
+	Peers       map[string]PeerRouteInfo `json:"peers" yaml:"peers"`
 }

 // NetworkInfo - struct for network info
--- a/models/node.go
+++ b/models/node.go
@ -70,6 +70,7 @@ type CommonNode struct {
 	LocalAddress        net.IPNet     `json:"localaddress" yaml:"localaddress"`
 	IsLocal             bool          `json:"islocal" yaml:"islocal"`
 	IsEgressGateway     bool          `json:"isegressgateway" yaml:"isegressgateway"`
+	EgressGatewayRanges []string      `json:"egressgatewayranges" bson:"egressgatewayranges" yaml:"egressgatewayranges"`
 	IsIngressGateway    bool          `json:"isingressgateway" yaml:"isingressgateway"`
 	DNSOn               bool          `json:"dnson" yaml:"dnson"`
 	PersistentKeepalive time.Duration `json:"persistentkeepalive" yaml:"persistentkeepalive"`
@ -83,7 +84,6 @@ type Node struct {
 	LastCheckIn             time.Time            `json:"lastcheckin" bson:"lastcheckin" yaml:"lastcheckin"`
 	LastPeerUpdate          time.Time            `json:"lastpeerupdate" bson:"lastpeerupdate" yaml:"lastpeerupdate"`
 	ExpirationDateTime      time.Time            `json:"expdatetime" bson:"expdatetime" yaml:"expdatetime"`
-	EgressGatewayRanges     []string             `json:"egressgatewayranges" bson:"egressgatewayranges" yaml:"egressgatewayranges"`
 	EgressGatewayNatEnabled bool                 `json:"egressgatewaynatenabled" bson:"egressgatewaynatenabled" yaml:"egressgatewaynatenabled"`
 	EgressGatewayRequest    EgressGatewayRequest `json:"egressgatewayrequest" bson:"egressgatewayrequest" yaml:"egressgatewayrequest"`
 	IngressGatewayRange     string               `json:"ingressgatewayrange" bson:"ingressgatewayrange" yaml:"ingressgatewayrange"`
@ -191,6 +191,14 @@ func (node *Node) PrimaryAddress() string {
 	return node.Address6.IP.String()
 }

+// Node.PrimaryNetworkRange - returns node's parent network, returns ipv4 address if present, else return ipv6
+func (node *Node) PrimaryNetworkRange() net.IPNet {
+	if node.NetworkRange.IP != nil {
+		return node.NetworkRange
+	}
+	return node.NetworkRange6
+}
+
 // Node.SetDefaultConnected
 func (node *Node) SetDefaultConnected() {
 	node.Connected = true
--- a/models/structs.go
+++ b/models/structs.go
@ -160,7 +160,6 @@ type EgressGatewayRequest struct {
 	NetID      string   `json:"netid" bson:"netid"`
 	NatEnabled string   `json:"natenabled" bson:"natenabled"`
 	Ranges     []string `json:"ranges" bson:"ranges"`
-	Interface  string   `json:"interface" bson:"interface"`
 }

 // RelayRequest - relay request struct
@ -227,7 +226,6 @@ type ServerConfig struct {
 	CoreDNSAddr string `yaml:"corednsaddr"`
 	API         string `yaml:"api"`
 	APIPort     string `yaml:"apiport"`
-	ClientMode  string `yaml:"clientmode"`
 	DNSMode     string `yaml:"dnsmode"`
 	Version     string `yaml:"version"`
 	MQPort      string `yaml:"mqport"`
--- a/netclient/ncutils/netclientutils.go
+++ b/netclient/ncutils/netclientutils.go
@ -61,13 +61,6 @@ const DEFAULT_GC_PERCENT = 10
 // KEY_SIZE = ideal length for keys
 const KEY_SIZE = 2048

-// constants for random strings
-const (
-	letterIdxBits = 6                    // 6 bits to represent a letter index
-	letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
-	letterIdxMax  = 63 / letterIdxBits   // # of letter indices fitting in 63 bits
-)
-
 // SetVersion -- set netclient version for use by other packages
 func SetVersion(ver string) {
 	Version = ver
--- a/servercfg/serverconf.go
+++ b/servercfg/serverconf.go
@ -50,10 +50,6 @@ func GetServerConfig() config.ServerConfig {
 	if IsAgentBackend() {
 		cfg.AgentBackend = "on"
 	}
-	cfg.ClientMode = "off"
-	if IsClientMode() != "off" {
-		cfg.ClientMode = IsClientMode()
-	}
 	cfg.DNSMode = "off"
 	if IsDNSMode() {
 		cfg.DNSMode = "on"
@ -347,18 +343,6 @@ func IsMessageQueueBackend() bool {
 	return ismessagequeue
 }

-// IsClientMode - checks if it should run in client mode
-func IsClientMode() string {
-	isclient := "on"
-	if os.Getenv("CLIENT_MODE") == "off" {
-		isclient = "off"
-	}
-	if config.Config.Server.ClientMode == "off" {
-		isclient = "off"
-	}
-	return isclient
-}
-
 // Telemetry - checks if telemetry data should be sent
 func Telemetry() string {
 	telemetry := "on"
--- a/swagger.yaml
+++ b/swagger.yaml
@ -575,8 +575,6 @@ definitions:
                type: string
            ClientID:
                type: string
-            ClientMode:
-                type: string
            ClientSecret:
                type: string
            CoreDNSAddr: