diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index 1448c4cb..603edcca 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -31,6 +31,7 @@ body: label: Version description: What version are you running? options: + - v0.14.1 - v0.14.0 - v0.13.1 - v0.13.0 diff --git a/.github/workflows/publish-netclient-docker-go.yml b/.github/workflows/publish-netclient-docker-go.yml new file mode 100644 index 00000000..e626928e --- /dev/null +++ b/.github/workflows/publish-netclient-docker-go.yml @@ -0,0 +1,61 @@ +name: Publish Netclient-go Docker + +on: + workflow_dispatch: + inputs: + tag: + description: 'docker tag' + required: true + release: + types: [published] + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Set tag + run: | + if [[ -n "${{ github.event.inputs.tag }}" ]]; then + TAG=${{ github.event.inputs.tag }} + elif [[ "${{ github.ref_name }}" == 'master' ]]; then + TAG="latest" + else + TAG="${{ github.ref_name }}" + fi + echo "TAG=${TAG}" >> $GITHUB_ENV + - + name: Checkout + uses: actions/checkout@v2 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build x86 and export to Docker + uses: docker/build-push-action@v2 + with: + context: . + load: true + platforms: linux/amd64 + file: ./docker/Dockerfile-netclient-multiarch-go + tags: ${{ env.TAG }} + build-args: version=${{ env.TAG }} + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64 + file: ./docker/Dockerfile-netclient-multiarch-go + push: true + tags: gravitl/netclient-go:${{ env.TAG }}, gravitl/netclient-go:latest + build-args: version=${{ env.TAG }} diff --git a/README.md b/README.md index 8fb85480..dc635b3d 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ a platform for modern, blazing fast virtual networks

- + @@ -21,8 +21,8 @@ a platform for modern, blazing fast virtual networks - - + + @@ -48,7 +48,9 @@ a platform for modern, blazing fast virtual networks `wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | sudo bash` - +

+ +

Upon completion, the logs will display the instructions to connect various devices. These can also be retrieved from the UI under "Access Keys." @@ -106,6 +108,9 @@ After installing Netmaker, check out the [Walkthrough](https://itnext.io/getting - [Terraform Provider](https://github.com/madacluster/netmaker-terraform-provider) +- [VyOS Integration](https://github.com/kylechase/vyos-netmaker) + +- [Netmaker K3S](https://github.com/geragcp/netmaker-k3s) ## Disclaimer [WireGuard](https://wireguard.com/) is a registered trademark of Jason A. Donenfeld. diff --git a/compose/docker-compose.contained.yml b/compose/docker-compose.contained.yml index 60c7d32f..eb97fd19 100644 --- a/compose/docker-compose.contained.yml +++ b/compose/docker-compose.contained.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.14.0 + image: gravitl/netmaker:v0.14.1 volumes: - dnsconfig:/root/config/dnsconfig - sqldata:/root/data @@ -43,7 +43,7 @@ services: container_name: netmaker-ui depends_on: - netmaker - image: gravitl/netmaker-ui:v0.14.0 + image: gravitl/netmaker-ui:v0.14.1 links: - "netmaker:api" environment: diff --git a/compose/docker-compose.hostnetwork.yml b/compose/docker-compose.hostnetwork.yml index 817356f4..17a4fea9 100644 --- a/compose/docker-compose.hostnetwork.yml +++ b/compose/docker-compose.hostnetwork.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.13.1 + image: gravitl/netmaker:v0.14.1 volumes: - dnsconfig:/root/config/dnsconfig - /usr/bin/wg:/usr/bin/wg @@ -38,7 +38,7 @@ services: container_name: netmaker-ui depends_on: - netmaker - image: gravitl/netmaker-ui:v0.13.1 + image: gravitl/netmaker-ui:v0.14.1 links: - "netmaker:api" ports: diff --git a/compose/docker-compose.nocaddy.yml b/compose/docker-compose.nocaddy.yml index d4ce1e11..4f2078ea 100644 --- a/compose/docker-compose.nocaddy.yml +++ b/compose/docker-compose.nocaddy.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.14.0 + image: gravitl/netmaker:v0.14.1 volumes: - dnsconfig:/root/config/dnsconfig - sqldata:/root/data @@ -44,7 +44,7 @@ services: container_name: netmaker-ui depends_on: - netmaker - image: gravitl/netmaker-ui:v0.14.0 + image: gravitl/netmaker-ui:v0.14.1 links: - "netmaker:api" ports: @@ -73,6 +73,7 @@ services: - "8883:8883" volumes: - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf + - /root/certs/:/mosquitto/certs/ - mosquitto_data:/mosquitto/data - mosquitto_logs:/mosquitto/log volumes: diff --git a/compose/docker-compose.nodns.yml b/compose/docker-compose.nodns.yml index 265ee4be..61cf8256 100644 --- a/compose/docker-compose.nodns.yml +++ b/compose/docker-compose.nodns.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.14.0 + image: gravitl/netmaker:v0.14.1 volumes: - dnsconfig:/root/config/dnsconfig - sqldata:/root/data @@ -45,7 +45,7 @@ services: container_name: netmaker-ui depends_on: - netmaker - image: gravitl/netmaker-ui:v0.13.1 + image: gravitl/netmaker-ui:v0.14.1 links: - "netmaker:api" ports: diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml index 9b895b50..83a36f66 100644 --- a/compose/docker-compose.reference.yml +++ b/compose/docker-compose.reference.yml @@ -2,7 +2,7 @@ services: netmaker: # The Primary Server for running Netmaker privileged: true # Necessary to run sudo/root level commands on host system. Likely using this if running with host networking on. container_name: netmaker - image: gravitl/netmaker:v0.14.0 + image: gravitl/netmaker:v0.14.1 volumes: # Volume mounts necessary for CLIENT_MODE to control wireguard networking on host (except dnsconfig, which is where dns config files are stored for use by CoreDNS) - dnsconfig:/root/config/dnsconfig # Netmaker writes Corefile to this location, which gets mounted by CoreDNS for DNS configuration. - sqldata:/root/data @@ -46,7 +46,7 @@ services: container_name: netmaker-ui depends_on: - netmaker - image: gravitl/netmaker-ui:v0.14.0 + image: gravitl/netmaker-ui:v0.14.1 links: - "netmaker:api" ports: diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 1cc17f90..eb97fd19 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.14.0 + image: gravitl/netmaker:v0.14.1 volumes: - dnsconfig:/root/config/dnsconfig - sqldata:/root/data @@ -35,20 +35,17 @@ services: MQ_HOST: "mq" HOST_NETWORK: "off" VERBOSITY: "1" - PORT_FORWARD_SERVICES: "dns" MANAGE_IPTABLES: "on" + PORT_FORWARD_SERVICES: "dns" ports: - "51821-51830:51821-51830/udp" - - "8081:8081" netmaker-ui: container_name: netmaker-ui depends_on: - netmaker - image: gravitl/netmaker-ui:v0.14.0 + image: gravitl/netmaker-ui:v0.14.1 links: - "netmaker:api" - ports: - - "8082:80" environment: BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN" restart: always @@ -65,7 +62,9 @@ services: image: caddy:latest container_name: caddy restart: unless-stopped - network_mode: host # Wants ports 80 and 443! + ports: + - "80:80" + - "443:443" volumes: - /root/Caddyfile:/etc/caddy/Caddyfile # - $PWD/site:/srv # you could also serve a static site in site folder @@ -78,7 +77,6 @@ services: container_name: mq restart: unless-stopped ports: - - "127.0.0.1:1883:1883" - "8883:8883" volumes: - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf diff --git a/controllers/node.go b/controllers/node.go index 249e3ae0..ac1ce0d5 100644 --- a/controllers/node.go +++ b/controllers/node.go @@ -38,9 +38,6 @@ func nodeHandlers(r *mux.Router) { func authenticate(response http.ResponseWriter, request *http.Request) { - var params = mux.Vars(request) - networkname := params["network"] - var authRequest models.AuthParams var result models.Node var errorResponse = models.ErrorResponse{ @@ -58,8 +55,8 @@ func authenticate(response http.ResponseWriter, request *http.Request) { return } else { errorResponse.Code = http.StatusBadRequest - if authRequest.MacAddress == "" { - errorResponse.Message = "W1R3: MacAddress can't be empty" + if authRequest.ID == "" { + errorResponse.Message = "W1R3: ID can't be empty" returnErrorResponse(response, request, errorResponse) return } else if authRequest.Password == "" { @@ -67,22 +64,8 @@ func authenticate(response http.ResponseWriter, request *http.Request) { returnErrorResponse(response, request, errorResponse) return } else { - - collection, err := database.FetchRecords(database.NODES_TABLE_NAME) - if err != nil { - errorResponse.Code = http.StatusBadRequest - errorResponse.Message = err.Error() - returnErrorResponse(response, request, errorResponse) - return - } - for _, value := range collection { - if err := json.Unmarshal([]byte(value), &result); err != nil { - continue - } - if (result.ID == authRequest.ID || result.MacAddress == authRequest.MacAddress) && result.IsPending != "yes" && result.Network == networkname { - break - } - } + var err error + result, err = logic.GetNodeByID(authRequest.ID) if err != nil { errorResponse.Code = http.StatusBadRequest @@ -109,10 +92,10 @@ func authenticate(response http.ResponseWriter, request *http.Request) { var successResponse = models.SuccessResponse{ Code: http.StatusOK, - Message: "W1R3: Device " + authRequest.MacAddress + " Authorized", + Message: "W1R3: Device " + authRequest.ID + " Authorized", Response: models.SuccessfulLoginResponse{ - AuthToken: tokenString, - MacAddress: authRequest.MacAddress, + AuthToken: tokenString, + ID: authRequest.ID, }, } successJSONResponse, jsonError := json.Marshal(successResponse) diff --git a/docker/Dockerfile-netclient-multiarch-go b/docker/Dockerfile-netclient-multiarch-go new file mode 100644 index 00000000..6e3a50b0 --- /dev/null +++ b/docker/Dockerfile-netclient-multiarch-go @@ -0,0 +1,39 @@ +FROM gravitl/go-builder:latest as builder +# add glib support daemon manager +WORKDIR /app + +COPY . . + +ENV GO111MODULE=auto + +RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 /usr/local/go/bin/go build -ldflags="-w -s" -o netclient-app netclient/main.go + +WORKDIR /root/ + +RUN apk add --update git build-base libmnl-dev iptables + +RUN git clone https://git.zx2c4.com/wireguard-go && \ + cd wireguard-go && \ + make && \ + make install + +ENV WITH_WGQUICK=yes +RUN git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + cd src && \ + make && \ + make install + +FROM alpine:3.13.6 + +WORKDIR /root/ + +RUN apk add --no-cache --update bash libmnl gcompat iptables openresolv iproute2 +COPY --from=builder /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/ +COPY --from=builder /app/netclient-app ./netclient +COPY --from=builder /app/scripts/netclient.sh . +RUN chmod 0755 netclient && chmod 0755 netclient.sh + +ENV WG_QUICK_USERSPACE_IMPLEMENTATION=wireguard-go + +ENTRYPOINT ["/bin/sh", "./netclient.sh"] diff --git a/go.mod b/go.mod index 82ee07eb..ca669c9d 100644 --- a/go.mod +++ b/go.mod @@ -10,13 +10,13 @@ require ( github.com/google/uuid v1.3.0 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 - github.com/lib/pq v1.10.5 + github.com/lib/pq v1.10.6 github.com/mattn/go-sqlite3 v1.14.10 github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.7.1 github.com/txn2/txeh v1.3.0 - github.com/urfave/cli/v2 v2.6.0 + github.com/urfave/cli/v2 v2.8.0 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d @@ -32,6 +32,7 @@ require ( require ( filippo.io/edwards25519 v1.0.0-rc.1 fyne.io/fyne/v2 v2.1.4 + github.com/cloverstd/tcping v0.1.1 github.com/guumaster/hostctl v1.1.2 github.com/kr/pretty v0.3.0 github.com/posthog/posthog-go v0.0.0-20211028072449-93c17c49e2b0 @@ -41,6 +42,7 @@ require ( require ( cloud.google.com/go v0.34.0 // indirect github.com/Microsoft/go-winio v0.4.14 // indirect + github.com/antzucaro/matchr v0.0.0-20210222213004-b04723ef80f0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/distribution v2.7.1+incompatible // indirect diff --git a/go.sum b/go.sum index b5ce31d9..1f14d235 100644 --- a/go.sum +++ b/go.sum @@ -14,11 +14,15 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/antzucaro/matchr v0.0.0-20210222213004-b04723ef80f0 h1:R/qAiUxFT3mNgQaNqJe0IVznjKRNm23ohAIh9lgtlzc= +github.com/antzucaro/matchr v0.0.0-20210222213004-b04723ef80f0/go.mod h1:v3ZDlfVAL1OrkKHbGSFFK60k0/7hruHPDq2XMs9Gu6U= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloverstd/tcping v0.1.1 h1:3Yp9nvSDI7Z63zoVQDJzVk1PUczrF9tJoOrKGV30iOk= +github.com/cloverstd/tcping v0.1.1/go.mod h1:NYXTrTDwlwuOKQ0vwksUVUbIr0sxDDsf1J6aFpScCBo= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= @@ -137,8 +141,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= -github.com/lib/pq v1.10.5 h1:J+gdV2cUmX7ZqL2B0lFcW0m+egaHC2V3lpO8nWxyYiQ= -github.com/lib/pq v1.10.5/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs= +github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lucor/goinfo v0.0.0-20210802170112-c078a2b0f08b/go.mod h1:PRq09yoB+Q2OJReAmwzKivcYyremnibWGbK7WfftHzc= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -238,8 +242,8 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= -github.com/urfave/cli/v2 v2.6.0 h1:yj2Drkflh8X/zUrkWlWlUjZYHyWN7WMmpVxyxXIUyv8= -github.com/urfave/cli/v2 v2.6.0/go.mod h1:oDzoM7pVwz6wHn5ogWgFUU1s4VJayeQS+aEZDqXIEJs= +github.com/urfave/cli/v2 v2.8.0 h1:EZsAB20oRW4nHcB99TTL6PrXpBGIEujMEKdjwruY9KQ= +github.com/urfave/cli/v2 v2.8.0/go.mod h1:TYFbtzt/azQoJOrGH5mDfZtS0jIkl/OeFwlRWPR9KRM= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g= diff --git a/img/readme.gif b/img/readme.gif new file mode 100644 index 00000000..650b9034 Binary files /dev/null and b/img/readme.gif differ diff --git a/logic/networks.go b/logic/networks.go index c3b1c6bb..278548a1 100644 --- a/logic/networks.go +++ b/logic/networks.go @@ -680,7 +680,7 @@ func networkNodesUpdateAction(networkName string, action string) error { fmt.Println("error in node address assignment!") return err } - if action == models.NODE_UPDATE_KEY && node.IsStatic == "yes" { + if action == models.NODE_UPDATE_KEY { continue } if node.Network == networkName { diff --git a/logic/peers.go b/logic/peers.go index bebcfdd4..af3c9197 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -80,7 +80,9 @@ func GetNodePeers(network *models.Network, nodeid string, excludeRelayed bool, i } } // if udp hole punching is on, but port is still set to default (e.g. 51821), use the LocalListenPort - if node.UDPHolePunch == "yes" && node.IsStatic != "yes" && peer.ListenPort == node.ListenPort { + // removing IsStatic check. IsStatic will now ONLY refer to endpoint. + //if node.UDPHolePunch == "yes" && node.IsStatic != "yes" && peer.ListenPort == node.ListenPort { + if node.UDPHolePunch == "yes" && peer.ListenPort == node.ListenPort { peer.ListenPort = node.LocalListenPort } if node.IsRelay == "yes" { // TODO, check if addressrange6 needs to be appended diff --git a/logic/server.go b/logic/server.go index 7a61a225..ade7404d 100644 --- a/logic/server.go +++ b/logic/server.go @@ -406,8 +406,7 @@ func isDeleteError(err error) bool { } func checkNodeActions(node *models.Node) string { - if (node.Action == models.NODE_UPDATE_KEY) && - node.IsStatic != "yes" { + if node.Action == models.NODE_UPDATE_KEY { err := setWGKeyConfig(node) if err != nil { logger.Log(1, "unable to process reset keys request:", err.Error()) diff --git a/models/node.go b/models/node.go index ca1e7c3a..960d9b30 100644 --- a/models/node.go +++ b/models/node.go @@ -35,53 +35,54 @@ var seededRand *rand.Rand = rand.New( // Node - struct for node model type Node struct { - ID string `json:"id,omitempty" bson:"id,omitempty" yaml:"id,omitempty" validate:"required,min=5"` - Address string `json:"address" bson:"address" yaml:"address" validate:"omitempty,ipv4"` - Address6 string `json:"address6" bson:"address6" yaml:"address6" validate:"omitempty,ipv6"` - LocalAddress string `json:"localaddress" bson:"localaddress" yaml:"localaddress" validate:"omitempty,ip"` - Name string `json:"name" bson:"name" yaml:"name" validate:"omitempty,max=62,in_charset"` - NetworkSettings Network `json:"networksettings" bson:"networksettings" yaml:"networksettings" validate:"-"` - ListenPort int32 `json:"listenport" bson:"listenport" yaml:"listenport" validate:"omitempty,numeric,min=1024,max=65535"` - LocalListenPort int32 `json:"locallistenport" bson:"locallistenport" yaml:"locallistenport" validate:"numeric,min=0,max=65535"` - PublicKey string `json:"publickey" bson:"publickey" yaml:"publickey" validate:"required,base64"` - Endpoint string `json:"endpoint" bson:"endpoint" yaml:"endpoint" validate:"required,ip"` - PostUp string `json:"postup" bson:"postup" yaml:"postup"` - PostDown string `json:"postdown" bson:"postdown" yaml:"postdown"` - AllowedIPs []string `json:"allowedips" bson:"allowedips" yaml:"allowedips"` - PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" yaml:"persistentkeepalive" validate:"omitempty,numeric,max=1000"` - IsHub string `json:"ishub" bson:"ishub" yaml:"ishub" validate:"checkyesorno"` - AccessKey string `json:"accesskey" bson:"accesskey" yaml:"accesskey"` - Interface string `json:"interface" bson:"interface" yaml:"interface"` - LastModified int64 `json:"lastmodified" bson:"lastmodified" yaml:"lastmodified"` - ExpirationDateTime int64 `json:"expdatetime" bson:"expdatetime" yaml:"expdatetime"` - LastPeerUpdate int64 `json:"lastpeerupdate" bson:"lastpeerupdate" yaml:"lastpeerupdate"` - LastCheckIn int64 `json:"lastcheckin" bson:"lastcheckin" yaml:"lastcheckin"` - MacAddress string `json:"macaddress" bson:"macaddress" yaml:"macaddress" validate:"macaddress_unique"` - Password string `json:"password" bson:"password" yaml:"password" validate:"required,min=6"` - Network string `json:"network" bson:"network" yaml:"network" validate:"network_exists"` - IsRelayed string `json:"isrelayed" bson:"isrelayed" yaml:"isrelayed"` - IsPending string `json:"ispending" bson:"ispending" yaml:"ispending"` - IsRelay string `json:"isrelay" bson:"isrelay" yaml:"isrelay" validate:"checkyesorno"` - IsDocker string `json:"isdocker" bson:"isdocker" yaml:"isdocker" validate:"checkyesorno"` - IsK8S string `json:"isk8s" bson:"isk8s" yaml:"isk8s" validate:"checkyesorno"` - IsEgressGateway string `json:"isegressgateway" bson:"isegressgateway" yaml:"isegressgateway"` - IsIngressGateway string `json:"isingressgateway" bson:"isingressgateway" yaml:"isingressgateway"` - EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges" yaml:"egressgatewayranges"` - RelayAddrs []string `json:"relayaddrs" bson:"relayaddrs" yaml:"relayaddrs"` - IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange" yaml:"ingressgatewayrange"` - IsStatic string `json:"isstatic" bson:"isstatic" yaml:"isstatic" validate:"checkyesorno"` - UDPHolePunch string `json:"udpholepunch" bson:"udpholepunch" yaml:"udpholepunch" validate:"checkyesorno"` - DNSOn string `json:"dnson" bson:"dnson" yaml:"dnson" validate:"checkyesorno"` - IsServer string `json:"isserver" bson:"isserver" yaml:"isserver" validate:"checkyesorno"` - Action string `json:"action" bson:"action" yaml:"action"` - IsLocal string `json:"islocal" bson:"islocal" yaml:"islocal" validate:"checkyesorno"` - LocalRange string `json:"localrange" bson:"localrange" yaml:"localrange"` - IPForwarding string `json:"ipforwarding" bson:"ipforwarding" yaml:"ipforwarding" validate:"checkyesorno"` - OS string `json:"os" bson:"os" yaml:"os"` - MTU int32 `json:"mtu" bson:"mtu" yaml:"mtu"` - Version string `json:"version" bson:"version" yaml:"version"` - Server string `json:"server" bson:"server" yaml:"server"` - TrafficKeys TrafficKeys `json:"traffickeys" bson:"traffickeys" yaml:"traffickeys"` + ID string `json:"id,omitempty" bson:"id,omitempty" yaml:"id,omitempty" validate:"required,min=5"` + Address string `json:"address" bson:"address" yaml:"address" validate:"omitempty,ipv4"` + Address6 string `json:"address6" bson:"address6" yaml:"address6" validate:"omitempty,ipv6"` + LocalAddress string `json:"localaddress" bson:"localaddress" yaml:"localaddress" validate:"omitempty,ip"` + Name string `json:"name" bson:"name" yaml:"name" validate:"omitempty,max=62,in_charset"` + NetworkSettings Network `json:"networksettings" bson:"networksettings" yaml:"networksettings" validate:"-"` + ListenPort int32 `json:"listenport" bson:"listenport" yaml:"listenport" validate:"omitempty,numeric,min=1024,max=65535"` + LocalListenPort int32 `json:"locallistenport" bson:"locallistenport" yaml:"locallistenport" validate:"numeric,min=0,max=65535"` + PublicKey string `json:"publickey" bson:"publickey" yaml:"publickey" validate:"required,base64"` + Endpoint string `json:"endpoint" bson:"endpoint" yaml:"endpoint" validate:"required,ip"` + PostUp string `json:"postup" bson:"postup" yaml:"postup"` + PostDown string `json:"postdown" bson:"postdown" yaml:"postdown"` + AllowedIPs []string `json:"allowedips" bson:"allowedips" yaml:"allowedips"` + PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" yaml:"persistentkeepalive" validate:"omitempty,numeric,max=1000"` + IsHub string `json:"ishub" bson:"ishub" yaml:"ishub" validate:"checkyesorno"` + AccessKey string `json:"accesskey" bson:"accesskey" yaml:"accesskey"` + Interface string `json:"interface" bson:"interface" yaml:"interface"` + LastModified int64 `json:"lastmodified" bson:"lastmodified" yaml:"lastmodified"` + ExpirationDateTime int64 `json:"expdatetime" bson:"expdatetime" yaml:"expdatetime"` + LastPeerUpdate int64 `json:"lastpeerupdate" bson:"lastpeerupdate" yaml:"lastpeerupdate"` + LastCheckIn int64 `json:"lastcheckin" bson:"lastcheckin" yaml:"lastcheckin"` + MacAddress string `json:"macaddress" bson:"macaddress" yaml:"macaddress" validate:"macaddress_unique"` + Password string `json:"password" bson:"password" yaml:"password" validate:"required,min=6"` + Network string `json:"network" bson:"network" yaml:"network" validate:"network_exists"` + IsRelayed string `json:"isrelayed" bson:"isrelayed" yaml:"isrelayed"` + IsPending string `json:"ispending" bson:"ispending" yaml:"ispending"` + IsRelay string `json:"isrelay" bson:"isrelay" yaml:"isrelay" validate:"checkyesorno"` + IsDocker string `json:"isdocker" bson:"isdocker" yaml:"isdocker" validate:"checkyesorno"` + IsK8S string `json:"isk8s" bson:"isk8s" yaml:"isk8s" validate:"checkyesorno"` + IsEgressGateway string `json:"isegressgateway" bson:"isegressgateway" yaml:"isegressgateway"` + IsIngressGateway string `json:"isingressgateway" bson:"isingressgateway" yaml:"isingressgateway"` + EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges" yaml:"egressgatewayranges"` + RelayAddrs []string `json:"relayaddrs" bson:"relayaddrs" yaml:"relayaddrs"` + IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange" yaml:"ingressgatewayrange"` + // IsStatic - refers to if the Endpoint is set manually or dynamically + IsStatic string `json:"isstatic" bson:"isstatic" yaml:"isstatic" validate:"checkyesorno"` + UDPHolePunch string `json:"udpholepunch" bson:"udpholepunch" yaml:"udpholepunch" validate:"checkyesorno"` + DNSOn string `json:"dnson" bson:"dnson" yaml:"dnson" validate:"checkyesorno"` + IsServer string `json:"isserver" bson:"isserver" yaml:"isserver" validate:"checkyesorno"` + Action string `json:"action" bson:"action" yaml:"action"` + IsLocal string `json:"islocal" bson:"islocal" yaml:"islocal" validate:"checkyesorno"` + LocalRange string `json:"localrange" bson:"localrange" yaml:"localrange"` + IPForwarding string `json:"ipforwarding" bson:"ipforwarding" yaml:"ipforwarding" validate:"checkyesorno"` + OS string `json:"os" bson:"os" yaml:"os"` + MTU int32 `json:"mtu" bson:"mtu" yaml:"mtu"` + Version string `json:"version" bson:"version" yaml:"version"` + Server string `json:"server" bson:"server" yaml:"server"` + TrafficKeys TrafficKeys `json:"traffickeys" bson:"traffickeys" yaml:"traffickeys"` } // NodesArray - used for node sorting @@ -255,10 +256,10 @@ func (node *Node) SetDefaultName() { func (newNode *Node) Fill(currentNode *Node) { newNode.ID = currentNode.ID - if newNode.Address == "" && newNode.IsStatic != "yes" { + if newNode.Address == "" { newNode.Address = currentNode.Address } - if newNode.Address6 == "" && newNode.IsStatic != "yes" { + if newNode.Address6 == "" { newNode.Address6 = currentNode.Address6 } if newNode.LocalAddress == "" { @@ -267,16 +268,16 @@ func (newNode *Node) Fill(currentNode *Node) { if newNode.Name == "" { newNode.Name = currentNode.Name } - if newNode.ListenPort == 0 && newNode.IsStatic != "yes" { + if newNode.ListenPort == 0 { newNode.ListenPort = currentNode.ListenPort } - if newNode.LocalListenPort == 0 && newNode.IsStatic != "yes" { + if newNode.LocalListenPort == 0 { newNode.LocalListenPort = currentNode.LocalListenPort } - if newNode.PublicKey == "" && newNode.IsStatic != "yes" { + if newNode.PublicKey == "" { newNode.PublicKey = currentNode.PublicKey } - if newNode.Endpoint == "" && newNode.IsStatic != "yes" { + if newNode.Endpoint == "" { newNode.Endpoint = currentNode.Endpoint } if newNode.PostUp == "" { diff --git a/models/structs.go b/models/structs.go index 5ddb6133..63cd3f31 100644 --- a/models/structs.go +++ b/models/structs.go @@ -61,8 +61,8 @@ type Claims struct { // SuccessfulLoginResponse is struct to send the request response type SuccessfulLoginResponse struct { - MacAddress string - AuthToken string + ID string + AuthToken string } // ErrorResponse is struct for error diff --git a/netclient/cli_options/cmds.go b/netclient/cli_options/cmds.go index 8af7efba..568aa320 100644 --- a/netclient/cli_options/cmds.go +++ b/netclient/cli_options/cmds.go @@ -1,8 +1,6 @@ package cli_options import ( - "errors" - "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/netclient/command" "github.com/gravitl/netmaker/netclient/config" @@ -22,10 +20,6 @@ func GetCommands(cliFlags []cli.Flag) []*cli.Command { if err != nil { return err } - if cfg.Network == "all" { - err = errors.New("no network provided") - return err - } err = command.Join(&cfg, pvtKey) return err }, diff --git a/netclient/config/config.go b/netclient/config/config.go index f8317705..f6d6c4cf 100644 --- a/netclient/config/config.go +++ b/netclient/config/config.go @@ -10,6 +10,7 @@ import ( "fmt" "log" "os" + "sync" "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/models" @@ -18,6 +19,10 @@ import ( "gopkg.in/yaml.v3" ) +var ( + configLock sync.Mutex +) + // ClientConfig - struct for dealing with client configuration type ClientConfig struct { Server ServerConfig `yaml:"server"` @@ -52,6 +57,8 @@ type RegisterResponse struct { // Write - writes the config of a client to disk func Write(config *ClientConfig, network string) error { + configLock.Lock() + defer configLock.Unlock() if network == "" { err := errors.New("no network provided - exiting") return err @@ -140,7 +147,7 @@ func ModConfig(node *models.Node) error { return Write(&modconfig, network) } -// ModConfig - overwrites the node inside client config on disk +// SaveBackup - saves a backup file of a given network func SaveBackup(network string) error { var configPath = ncutils.GetNetclientPathSpecific() + "netconfig-" + network diff --git a/netclient/functions/daemon.go b/netclient/functions/daemon.go index 02558fab..a71bb157 100644 --- a/netclient/functions/daemon.go +++ b/netclient/functions/daemon.go @@ -42,35 +42,36 @@ type cachedMessage struct { // Daemon runs netclient daemon from command line func Daemon() error { - serverSet := make(map[string]config.ClientConfig) + serverSet := make(map[string]bool) // == initial pull of all networks == networks, _ := ncutils.GetSystemNetworks() if len(networks) == 0 { return errors.New("no networks") } - for _, network := range networks { - logger.Log(3, "initializing network", network) - cfg := config.ClientConfig{} - cfg.Network = network - cfg.ReadConfig() - serverSet[cfg.Server.Server] = cfg - if err := wireguard.ApplyConf(&cfg.Node, cfg.Node.Interface, ncutils.GetNetclientPathSpecific()+cfg.Node.Interface+".conf"); err != nil { - logger.Log(0, "failed to start ", cfg.Node.Interface, "wg interface", err.Error()) - } - //initialPull(cfg.Network) - } + pubNetworks = append(pubNetworks, networks...) // set ipforwarding on startup err := local.SetIPForwarding() if err != nil { logger.Log(0, err.Error()) } - // == subscribe to all nodes for each on machine == - for server, config := range serverSet { - logger.Log(1, "started daemon for server ", server) - ctx, cancel := context.WithCancel(context.Background()) - networkcontext.Store(server, cancel) - go messageQueue(ctx, &config) + for _, network := range networks { + logger.Log(3, "initializing network", network) + cfg := config.ClientConfig{} + cfg.Network = network + cfg.ReadConfig() + if err := wireguard.ApplyConf(&cfg.Node, cfg.Node.Interface, ncutils.GetNetclientPathSpecific()+cfg.Node.Interface+".conf"); err != nil { + logger.Log(0, "failed to start ", cfg.Node.Interface, "wg interface", err.Error()) + } + server := cfg.Server.Server + if !serverSet[server] { + // == subscribe to all nodes for each on machine == + serverSet[server] = true + logger.Log(1, "started daemon for server ", server) + ctx, cancel := context.WithCancel(context.Background()) + networkcontext.Store(server, cancel) + go messageQueue(ctx, &cfg) + } } // == add waitgroup and cancel for checkin routine == @@ -167,7 +168,11 @@ func unsubscribeNode(client mqtt.Client, nodeCfg *config.ClientConfig) { // the client should subscribe to ALL nodes that exist on server locally func messageQueue(ctx context.Context, cfg *config.ClientConfig) { logger.Log(0, "netclient daemon started for server: ", cfg.Server.Server) - client := setupMQTT(cfg, false) + client, err := setupMQTT(cfg, false) + if err != nil { + logger.Log(0, "unable to connect to broker", err.Error()) + return + } defer client.Disconnect(250) <-ctx.Done() logger.Log(0, "shutting down daemon for server ", cfg.Server.Server) @@ -201,7 +206,7 @@ func NewTLSConfig(server string) *tls.Config { // setupMQTT creates a connection to broker and returns client // this function is primarily used to create a connection to publish to the broker -func setupMQTT(cfg *config.ClientConfig, publish bool) mqtt.Client { +func setupMQTT(cfg *config.ClientConfig, publish bool) (mqtt.Client, error) { opts := mqtt.NewClientOptions() server := cfg.Server.Server opts.AddBroker("ssl://" + server + ":8883") // TODO get the appropriate port of the comms mq server @@ -242,6 +247,9 @@ func setupMQTT(cfg *config.ClientConfig, publish bool) mqtt.Client { } else { err = token.Error() } + if err := checkBroker(cfg.Server.Server); err != nil { + return nil, err + } logger.Log(0, "could not connect to broker", cfg.Server.Server, err.Error()) if strings.Contains(err.Error(), "connectex") || strings.Contains(err.Error(), "connect timeout") { logger.Log(0, "connection issue detected.. attempt connection with new certs") @@ -256,7 +264,7 @@ func setupMQTT(cfg *config.ClientConfig, publish bool) mqtt.Client { daemon.Restart() } } - return client + return client, nil } // publishes a message to server to update peers on this peer's behalf diff --git a/netclient/functions/join.go b/netclient/functions/join.go index bfaf14c3..ac2afde4 100644 --- a/netclient/functions/join.go +++ b/netclient/functions/join.go @@ -42,6 +42,11 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error { if cfg.Node.Password == "" { cfg.Node.Password = logic.GenKey() } + manualPort := false + if cfg.Node.ListenPort != 0 { + cfg.Node.UDPHolePunch = "no" + manualPort = true + } var trafficPubKey, trafficPrivKey, errT = box.GenerateKey(rand.Reader) // generate traffic keys if errT != nil { return errT @@ -164,10 +169,11 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error { } } logger.Log(1, "node created on remote server...updating configs") - // keep track of the old listenport value - oldListenPort := node.ListenPort cfg.Node = node - setListenPort(oldListenPort, cfg) + logger.Log(1, "turn on UDP hole punching (dynamic port setting)? "+cfg.Node.UDPHolePunch) + if !manualPort && (cfg.Node.UDPHolePunch == "no") { + setListenPort(cfg) + } err = config.ModConfig(&cfg.Node) if err != nil { return err @@ -215,22 +221,19 @@ func formatName(node models.Node) string { return node.Name } -func setListenPort(oldListenPort int32, cfg *config.ClientConfig) { +func setListenPort(cfg *config.ClientConfig) { // keep track of the returned listenport value newListenPort := cfg.Node.ListenPort + var errN error + // get free port based on returned default listen port + cfg.Node.ListenPort, errN = ncutils.GetFreePort(cfg.Node.ListenPort) + if errN != nil { + cfg.Node.ListenPort = newListenPort + logger.Log(1, "Error retrieving port: ", errN.Error()) + } - if newListenPort != oldListenPort { - var errN error - // get free port based on returned default listen port - cfg.Node.ListenPort, errN = ncutils.GetFreePort(cfg.Node.ListenPort) - if errN != nil { - cfg.Node.ListenPort = newListenPort - logger.Log(1, "Error retrieving port: ", errN.Error()) - } - - // if newListenPort has been modified to find an available port, publish to server - if cfg.Node.ListenPort != newListenPort { - PublishNodeUpdate(cfg) - } + // if newListenPort has been modified to find an available port, publish to server + if cfg.Node.ListenPort != newListenPort { + PublishNodeUpdate(cfg) } } diff --git a/netclient/functions/mqpublish.go b/netclient/functions/mqpublish.go index d17b5188..43ca150b 100644 --- a/netclient/functions/mqpublish.go +++ b/netclient/functions/mqpublish.go @@ -5,10 +5,12 @@ import ( "encoding/json" "errors" "fmt" + "net" "os" "sync" "time" + "github.com/cloverstd/tcping/ping" "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/netclient/auth" "github.com/gravitl/netmaker/netclient/config" @@ -16,6 +18,9 @@ import ( "github.com/gravitl/netmaker/tls" ) +// pubNetworks hold the currently publishable networks +var pubNetworks []string + // Checkin -- go routine that checks for public or local ip changes, publishes changes // if there are no updates, simply "pings" the server as a checkin func Checkin(ctx context.Context, wg *sync.WaitGroup) { @@ -27,13 +32,7 @@ func Checkin(ctx context.Context, wg *sync.WaitGroup) { return //delay should be configuraable -> use cfg.Node.NetworkSettings.DefaultCheckInInterval ?? case <-time.After(time.Second * 60): - // logger.Log(0, "Checkin running") - //read latest config - networks, err := ncutils.GetSystemNetworks() - if err != nil { - return - } - for _, network := range networks { + for _, network := range pubNetworks { var nodeCfg config.ClientConfig nodeCfg.Network = network nodeCfg.ReadConfig() @@ -109,7 +108,7 @@ func Hello(nodeCfg *config.ClientConfig) { logger.Log(0, "could not run pull on "+nodeCfg.Node.Network+", error: "+err.Error()) } } - logger.Log(3, "server checkin complete") + logger.Log(3, "checkin for", nodeCfg.Network, "complete") } // node cfg is required in order to fetch the traffic keys of that node for encryption @@ -124,7 +123,10 @@ func publish(nodeCfg *config.ClientConfig, dest string, msg []byte, qos byte) er return err } - client := setupMQTT(nodeCfg, true) + client, err := setupMQTT(nodeCfg, true) + if err != nil { + return fmt.Errorf("mq setup error %w", err) + } defer client.Disconnect(250) encrypted, err := ncutils.Chunk(msg, serverPubKey, trafficPrivKey) if err != nil { @@ -140,7 +142,7 @@ func publish(nodeCfg *config.ClientConfig, dest string, msg []byte, qos byte) er err = token.Error() } if err != nil { - return token.Error() + return err } } return nil @@ -161,3 +163,25 @@ func checkCertExpiry(cfg *config.ClientConfig) error { } return nil } + +func checkBroker(broker string) error { + _, err := net.LookupIP(broker) + if err != nil { + return errors.New("nslookup failed for broker ... check dns records") + } + pinger := ping.NewTCPing() + pinger.SetTarget(&ping.Target{ + Protocol: ping.TCP, + Host: broker, + Port: 8883, + Counter: 3, + Interval: 1 * time.Second, + Timeout: 2 * time.Second, + }) + pingerDone := pinger.Start() + <-pingerDone + if pinger.Result().SuccessCounter == 0 { + return errors.New("unable to connect to broker port ... check netmaker server and firewalls") + } + return nil +} diff --git a/netclient/gui/components/views/networks.go b/netclient/gui/components/views/networks.go index 81496dc1..9db972a7 100644 --- a/netclient/gui/components/views/networks.go +++ b/netclient/gui/components/views/networks.go @@ -67,6 +67,7 @@ func GetSingleNetworkView(network string) fyne.CanvasObject { LoadingNotify() nets, err := functions.List(network) if err != nil || len(nets) < 1 { + ClearNotification() return container.NewCenter(widget.NewLabel("No data retrieved.")) } var nodecfg config.ClientConfig @@ -79,10 +80,10 @@ func GetSingleNetworkView(network string) fyne.CanvasObject { privateAddr6 := nodecfg.Node.Address6 endpoint := nodecfg.Node.Endpoint health := " (HEALTHY)" - if time.Now().After(lastCheckInTime.Add(time.Minute * 5)) { - health = " (WARNING)" - } else if time.Now().After(lastCheckInTime.Add(time.Minute * 30)) { + if time.Now().After(lastCheckInTime.Add(time.Minute * 30)) { health = " (ERROR)" + } else if time.Now().After(lastCheckInTime.Add(time.Minute * 5)) { + health = " (WARNING)" } lastCheckIn += health version := nodecfg.Node.Version diff --git a/netclient/local/dns.go b/netclient/local/dns.go deleted file mode 100644 index 1f168b34..00000000 --- a/netclient/local/dns.go +++ /dev/null @@ -1,149 +0,0 @@ -package local - -import ( - "fmt" - "net" - "os" - "strings" - "time" - - //"github.com/davecgh/go-spew/spew" - "log" - "os/exec" - - "github.com/gravitl/netmaker/logger" - "github.com/gravitl/netmaker/models" - "github.com/gravitl/netmaker/netclient/ncutils" -) - -const DNS_UNREACHABLE_ERROR = "nameserver unreachable" - -// SetDNSWithRetry - Attempt setting dns, if it fails return true (to reset dns) -func SetDNSWithRetry(node models.Node, address string) bool { - var reachable bool - if !hasPrereqs() { - return true - } - for counter := 0; !reachable && counter < 5; counter++ { - reachable = IsDNSReachable(address) - time.Sleep(time.Second << 1) - } - if !reachable { - logger.Log(0, "not setting dns (server unreachable), will try again later: "+address) - return true - } else if err := UpdateDNS(node.Interface, node.Network, address); err != nil { - logger.Log(0, "error applying dns"+err.Error()) - } else if IsDNSWorking(node.Network, address) { - return true - } - resetDNS() - return false -} - -func resetDNS() { - ncutils.RunCmd("systemctl restart systemd-resolved", true) -} - -// SetDNS - sets the DNS of a local machine -func SetDNS(nameserver string) error { - bytes, err := os.ReadFile("/etc/resolv.conf") - if err != nil { - return err - } - resolvstring := string(bytes) - // //check whether s contains substring text - hasdns := strings.Contains(resolvstring, nameserver) - if hasdns { - return nil - } - resolv, err := os.OpenFile("/etc/resolv.conf", os.O_APPEND|os.O_WRONLY, 0644) - if err != nil { - return err - } - defer resolv.Close() - _, err = resolv.WriteString("nameserver " + nameserver + "\n") - - return err -} - -func hasPrereqs() bool { - if !ncutils.IsLinux() { - return false - } - _, err := exec.LookPath("resolvectl") - return err == nil -} - -// UpdateDNS - updates local DNS of client -func UpdateDNS(ifacename string, network string, nameserver string) error { - if !ncutils.IsLinux() { - return nil - } - if ifacename == "" { - return fmt.Errorf("cannot set dns: interface name is blank") - } - if network == "" { - return fmt.Errorf("cannot set dns: network name is blank") - } - if nameserver == "" { - return fmt.Errorf("cannot set dns: nameserver is blank") - } - if !IsDNSReachable(nameserver) { - return fmt.Errorf(DNS_UNREACHABLE_ERROR + " : " + nameserver + ":53") - } - _, err := exec.LookPath("resolvectl") - if err != nil { - log.Println(err) - log.Println("WARNING: resolvectl not present. Unable to set dns. Install resolvectl or run manually.") - } else { - _, err = ncutils.RunCmd("resolvectl domain "+ifacename+" ~"+network, true) - if err != nil { - log.Println("WARNING: Error encountered setting domain on dns. Aborted setting dns.") - } else { - _, err = ncutils.RunCmd("resolvectl default-route "+ifacename+" false", true) - if err != nil { - log.Println("WARNING: Error encountered setting default-route on dns. Aborted setting dns.") - } else { - _, err = ncutils.RunCmd("resolvectl dns "+ifacename+" "+nameserver, true) - if err != nil { - log.Println("WARNING: Error encountered running resolvectl dns " + ifacename + " " + nameserver) - } - } - } - } - return err -} - -// IsDNSReachable - checks if nameserver is reachable -func IsDNSReachable(nameserver string) bool { - port := "53" - protocols := [2]string{"tcp", "udp"} - for _, proto := range protocols { - timeout := time.Second - conn, err := net.DialTimeout(proto, net.JoinHostPort(nameserver, port), timeout) - if err != nil { - return false - } - if conn != nil { - defer conn.Close() - } else { - return false - } - } - return true -} - -// IsDNSWorking - checks if record is returned by correct nameserver -func IsDNSWorking(network string, nameserver string) bool { - var isworking bool - servers, err := net.LookupNS("netmaker" + "." + network) - if err != nil { - return isworking - } - for _, ns := range servers { - if strings.Contains(ns.Host, nameserver) { - isworking = true - } - } - return isworking -} diff --git a/netclient/netclient.exe.manifest.xml b/netclient/netclient.exe.manifest.xml index 8c744b0f..bf43282e 100644 --- a/netclient/netclient.exe.manifest.xml +++ b/netclient/netclient.exe.manifest.xml @@ -1,7 +1,7 @@ 0 for _, currentPeer := range devicePeers { - if currentPeer.AllowedIPs[0].String() == peer.AllowedIPs[0].String() && + // make sure currenPeer has AllowedIP's before comparison + hascurrentPeerIP := len(currentPeer.AllowedIPs) > 0 + + if hasPeerIP && hascurrentPeerIP && + currentPeer.AllowedIPs[0].String() == peer.AllowedIPs[0].String() && currentPeer.PublicKey.String() != peer.PublicKey.String() { _, err := ncutils.RunCmd("wg set "+iface+" peer "+currentPeer.PublicKey.String()+" remove", true) if err != nil { @@ -54,7 +59,7 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error var allowedips string var iparr []string for _, ipaddr := range peer.AllowedIPs { - if len(peer.AllowedIPs) > 0 && (&ipaddr) != nil { + if hasPeerIP && (&ipaddr) != nil { iparr = append(iparr, ipaddr.String()) } } @@ -85,7 +90,9 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error shouldDelete := true if peers != nil && len(peers) > 0 { for _, peer := range peers { - if peer.AllowedIPs[0].String() == currentPeer.AllowedIPs[0].String() { + + if len(peer.AllowedIPs) > 0 && len(currentPeer.AllowedIPs) > 0 && + peer.AllowedIPs[0].String() == currentPeer.AllowedIPs[0].String() { shouldDelete = false } // re-check this if logic is not working, added in case of allowedips not working @@ -238,7 +245,7 @@ func SetWGConfig(network string, peerupdate bool, peers []wgtypes.PeerConfig) er if err != nil { return err } - servercfg := cfg.Server + nodecfg := cfg.Node privkey, err := RetrievePrivKey(network) @@ -260,9 +267,7 @@ func SetWGConfig(network string, peerupdate bool, peers []wgtypes.PeerConfig) er } else { err = InitWireguard(&nodecfg, privkey, peers, false) } - if nodecfg.DNSOn == "yes" { - _ = local.UpdateDNS(nodecfg.Interface, nodecfg.Network, servercfg.CoreDNSAddr) - } + return err } diff --git a/netclient/wireguard/noquick.go b/netclient/wireguard/noquick.go index 4c714377..8fdf01b0 100644 --- a/netclient/wireguard/noquick.go +++ b/netclient/wireguard/noquick.go @@ -40,8 +40,7 @@ func ApplyWithoutWGQuick(node *models.Node, ifacename string, confPath string) e nodeport := int(node.ListenPort) if node.UDPHolePunch == "yes" && node.IsServer == "no" && - node.IsIngressGateway != "yes" && - node.IsStatic != "yes" { + node.IsIngressGateway != "yes" { conf = wgtypes.Config{ PrivateKey: &key, }