Commit Graph

160 Commits (dynamic-global-ip-resolution)

Author SHA1 Message Date
Jake McGinty ae2c554b23
{client, server}: make config/data directories configurable (#172)
* client: allow config/data dirs to be changed

* server: allow config/data dirs to be changed

* meta: cargo clippy & cargo fmt

* shared: use const for Duration instead of lazy_static
2021-11-15 18:11:13 +09:00
Jake McGinty e6f25ca1d7 docker-tests: add simultaneous peer invitation test 2021-11-12 17:53:37 +09:00
Jake McGinty d7c491c8f3 client: granular control over NAT traversal
added to `innernet {up,fetch,install}`:

  --no-nat-traversal: Doesn't attempt NAT traversal
    (prevents long time delays in execution of command)

  --exclude-nat-candidates: Exclude a list of CIDRs from being
    considered candidates

  --no-nat-candidates: Don't report NAT candidates.
    (shorthand for '--exclude-nat-candidates 0.0.0.0/0')

Closes #160
2021-11-12 14:42:10 +09:00
Jake McGinty 9a59ac3094 meta: release v1.5.1 2021-11-11 18:42:21 +09:00
Jake McGinty 991c6435c1 client: wait after updating interface before attempting NAT traversal
otherwise, the server-reported IP itself won't have time to check
if a handshake succeeds or not.
2021-11-11 18:34:31 +09:00
Jake McGinty 17dd26921f meta: update dependencies 2021-11-05 12:22:35 +09:00
Jake McGinty bfa5d5ee5d client: change rustdoc double-quotes to single for zsh completions.
clap (used by StructOpt) doesn't escape double-quotes inside the
rustdocs that is uses to generate completion helptext. Rather than wait
on them, it's simpler to just avoid double-quotes for now at least.

Closes #156
2021-09-21 12:46:56 +09:00
Tianon Gravi 072ac4bf96
client: fix minor typo ("exhuasted") (#155) 2021-09-18 13:16:27 +09:00
Jake McGinty 1b983d636d meta: release v1.5.0 2021-09-17 14:18:09 +09:00
Jake McGinty 9b1315b079 meta: release v1.5.0-beta.5 2021-09-16 02:00:03 +09:00
Jake McGinty ae89e06655 meta: make clippy happy 2021-09-15 21:18:04 +09:00
Jake McGinty cacd80b283 server: prompt for listen port before endpoint
also fix a logic bug if user cancels port selection in client
when trying to override endpoint.

fixes #148
2021-09-15 20:43:40 +09:00
Jake McGinty 4fa689d400 meta: rename wgctrl to wireguard-control
in preparation for publishing on crates.io
2021-09-15 12:43:20 +09:00
Jake McGinty 454e5458c1 meta: release v1.5.0-beta.4 2021-09-14 23:18:30 +09:00
Jake McGinty f774a5f97c client: print endpoint reported by wireguard, not server
thanks again @strohel :)
2021-09-14 23:12:12 +09:00
Jake McGinty b179a62a22 client: always show yourself as 'conneted' to avoid confusion 2021-09-14 22:49:08 +09:00
Jake McGinty dcdaefd1ff meta: release v1.5.0-beta.3 2021-09-14 22:34:08 +09:00
Jake McGinty 7ceebccbfa client: fix logical inverse in is_recently_connected indicator
thanks @strohel!!
2021-09-14 22:33:49 +09:00
Jake McGinty 2a640fd9b2 meta: release v1.5.0-beta.2 2021-09-14 17:59:48 +09:00
Jake McGinty 62821d5bdf client: update hosts even when you're the only peer on the network
Fixes #144
2021-09-14 17:57:07 +09:00
Jake McGinty dbb499a848 meta: release v1.5.0-beta.1 2021-09-14 17:26:46 +09:00
Jake McGinty cf3510918a
server: report local candidates for peers to connect (#151)
Before, only clients would report local addresses for NAT traversal. Servers should too! This will be helpful in common situations when the server is run inside the same LAN as other peers, and there's no NAT hairpinning enabled (or possible) on the router.

closes #146
2021-09-14 15:48:27 +09:00
tommie 120ac7d6b1
add "wireguard" as a recommended dependency for Debian. (#149)
It's very likely a user will want at least wireguard-dkms, and having
the userspace tools might be useful in an emergency. This metapackage
draws in both.

For automated installations in e.g. containers, use

    apt install --no-install-recommends

to avoid installing recommended packages.
2021-09-14 12:27:10 +09:00
Jake McGinty c618d7949b meta: cargo update && cargo fmt 2021-09-13 00:48:49 +09:00
Jake McGinty 42eb0a7589 client: wait for newline for uninstall
fixes #145
2021-09-13 00:46:06 +09:00
Jake McGinty 2a5a820bc2 client: create new data stores with 600 permissions
fixes #147
2021-09-13 00:43:53 +09:00
Jake McGinty f715689540 shared(wg): remove leftover debug println on macOS
Closes #143
2021-09-12 20:34:02 +09:00
Jake McGinty 9c5380c7f8 client, server: forbid using reserved IPv6 anycast addresses as unicast
Previously, we treated all IPv6 addresses as assignable, but that causes
problems with setups that expect the first address in a subnet to be the
router anycast address.

Note that this does not fix existing innernet networks, and those
experiencing this problem are advised to revised to recreate their
network after this fix has been merged. Sorry for the annoyance.

Fixes #131
2021-09-05 23:50:09 +09:00
Jake McGinty 20a07cf8fd client: don't show Linux instructions outside of linux
fixes #128
2021-09-05 16:37:58 +09:00
Jake McGinty b7de9cdc47
fix SQLite bug when migrating database from 1 to 2 (#136) 2021-09-02 02:25:34 +09:00
Jake McGinty 8903604caa
NAT traversal: ICE-esque candidate selection (#134)
This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server.

While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well.

Co-authored-by: Matěj Laitl <matej@laitl.cz>
2021-09-01 18:58:46 +09:00
Matěj Laitl eb90cc53a5
Fix clippy warnings, add clippy to CI (#127)
* Tidy code a bit thanks to clippy

Clippy 1.54 newly detects some redundant constructs, that's nice.

sort_unstable() should yield exact same results as sort() for `Vec<&str>`
and could be faster, clippy says.

* Add clippy to CI
2021-08-09 20:35:42 +09:00
Jake McGinty e97eb737a4
shared(PeerDiff): refactor struct and update peer endpoints only when handshake failed
The past behavior of clients was to, on every fetch from the server, update each of its peer's endpoints with the one reported from the server. While this wasn't a problem on certain types of NATs to help with holepunching, in some situations it caused previously working connections to no longer work (when one peer had a port-restricted or symmetric cone type NAT).
2021-08-05 09:38:14 +09:00
Jake McGinty b169435355 meta: release v1.4.1 2021-08-03 01:26:38 +09:00
Jake McGinty 89f2e813cf client(install): fix install check failure when /var/run/wireguard doesn't exist 2021-08-03 00:44:06 +09:00
Jake McGinty 82325509db meta: cargo clippy & fmt 2021-08-02 23:10:20 +09:00
Jake McGinty 61b055c44b client(install): bail if WireGuard interface with same name exists
Closes #113
2021-08-02 23:07:45 +09:00
Jake McGinty bbfb11e175 meta: cargo update & clippy fixes 2021-07-27 14:14:50 +09:00
Jake McGinty 26b962bea0 client: add debug info for peer endpoint changes on update 2021-07-15 15:54:31 +09:00
Jake McGinty 118986e5e3 meta: release v1.4.0 2021-07-11 22:16:20 +09:00
Jake McGinty 0c8a2ee991 meta: cargo clippy 2021-06-22 11:27:29 +09:00
Jake McGinty 7bc1033b58 meta: cargo clippy 2021-06-16 20:34:53 +09:00
Jake McGinty d8513d3d54 meta: release v1.4.0-beta.3 2021-06-16 20:28:52 +09:00
Jake McGinty 1aed782683 client: tighten some error types and apply helptext to io::Error 2021-06-16 20:26:01 +09:00
Jake McGinty 93b4b0b43c meta: release v1.4.0-beta.2 2021-06-14 23:53:02 +09:00
Jake McGinty 2fa7524def client: add list-cidrs function
Closes #99
2021-06-14 18:50:21 +09:00
Jake McGinty 647ec7ca3e shared: proactively create invite file to ensure we have permission
This won't clean up an empty file if a later step fails, but this
is still better than the previous solution.

Closes #91
2021-06-14 18:15:31 +09:00
Jake McGinty 3a1f5cab6b meta: release v1.4.0-beta.1 2021-06-14 15:54:50 +09:00
Jake McGinty 449b4b8278
client: support running as non-root (#94)
shared(wg): use netlink instead of execve calls to "ip"
hostsfile: write to hostsfile in-place
2021-06-10 22:57:47 +09:00
Jake McGinty 8017539f82 client, server: fix RPM build issue. 2021-06-01 01:30:40 +09:00
Jake McGinty ba0b062ce9 meta: release v1.3.1 2021-06-01 00:58:09 +09:00
Jake McGinty b7f299c147 meta: cargo update & clippy 2021-06-01 00:22:48 +09:00
Jake McGinty 042881cc7d client, server: don't require root for completions command 2021-06-01 00:18:56 +09:00
Jake McGinty 9524019c55 client, server: make clap's helptext a bit friendlier 2021-05-26 14:23:02 +09:00
Kevin K ec210f9468
client, server: adds ability to rename peers (#92)
This commit adds a subcommand to both the client and server to allow
changing the name of a peer. The peer retains all the same attributes as
before (public keys, IPs, admin/disabled status, etc.).

Closes #87
2021-05-25 19:58:00 +09:00
Kevin K 4226278e5a
client, server: add shell completions (#84)
This subcommand takes a shell as an argument and generates shell
completions for that shell to stdout.

example:

```
$ innernet completions bash
  OR
$ innernet-server completions bash
```
2021-05-25 16:10:16 +09:00
Jake McGinty 2d012c6bd9 meta: release v1.3.0 2021-05-21 14:46:30 +09:00
Jake McGinty fed0c859c8 meta: cargo update & fmt 2021-05-21 13:35:52 +09:00
Jake McGinty 911a2d8f00 shared(prompts): wait for newline on confirmations 2021-05-21 13:02:11 +09:00
Jake McGinty a140786d53 client: fix add-cidr when confirm is 'no' 2021-05-21 13:00:09 +09:00
Kevin K ff0527d836
client, server: adds ability to delete cidrs (#88)
This commit adds a `delete-cidr` to both the client and server. It walks
through the prompts just like adding a CIDR.

Only eligible CIDRs are presented to the user. Eligibilty requires:

- CIDR has no child CIDRs
- CIDR has no assigned peers

Closes #23
2021-05-21 12:39:33 +09:00
Jake McGinty 15595d6f23 client: count handshakes within 3 minutes as 'online' 2021-05-21 03:03:44 +09:00
Jake McGinty e2011b4260 meta: release v1.3.0-beta.7 2021-05-20 13:05:03 +09:00
Jake McGinty d5af2596f7 client: convert printlns to logs 2021-05-20 12:49:13 +09:00
Jake McGinty 25a4a0eb41 meta: release v1.3.0-beta.6 2021-05-20 03:44:45 +09:00
Jake McGinty c512985214 meta: remove unused code and format 2021-05-20 03:18:43 +09:00
Jake McGinty 5b744d1f78 client, wgctrl: fix various linux userspace issues
Fixes #75
2021-05-20 03:16:48 +09:00
Jake McGinty e95d79db66 client: add verbose logging 2021-05-20 03:16:48 +09:00
Jake McGinty 08b975e847 meta: release v1.3.0-beta.5 2021-05-19 16:59:27 +09:00
Jake McGinty 3892a99156
wgctrl: use wireguard backends explicitly (with OS-specific defaults) (#85)
Based on the conversation from #5 (comment) - this changes innernet's behavior on Linux from automatically falling back to the userspace, instead requiring --backend userspace to be specified.

This should help people avoid weird situations in environments like Docker.
2021-05-19 16:54:07 +09:00
Johann150 170c8267bf
client, server: make adding routes optional (#71) 2021-05-12 02:31:47 +09:00
Jake McGinty ac01b8c9aa meta: release v1.3.0-beta.4 2021-05-10 04:18:47 +09:00
Jake McGinty e166619883 client(datastore): fix tests 2021-05-10 00:08:33 +09:00
Jake McGinty 5671e3837d client(show): refactor and add indicator of online-ness 2021-05-10 00:03:00 +09:00
Jake McGinty 88ae2aba17 client(datastore): mark peers not returned by server as disabled 2021-05-10 00:02:03 +09:00
Jake McGinty 9d4eb80177 meta: release v1.3.0-beta.3 2021-05-09 21:37:19 +09:00
Jake McGinty 981f7e8701 shared: add better visibility into IO errors 2021-05-09 21:34:11 +09:00
Jake McGinty d4d0d7301a meta: release v1.3.0-beta.2 2021-05-09 20:07:27 +09:00
Michael Kuryshev d7e9a60ba1
actions: build rpms for releases (#29) 2021-05-09 19:57:37 +09:00
Jake McGinty 78c2bfd6db meta: release v1.3.0-beta.1 2021-05-09 03:37:03 +09:00
Jake McGinty 2ce552cc36
client, server: invite expirations
The server now expects a UNIX timestamp after which the invitation will be expired. If a peer invite hasn't been redeemed after it expires, the server will clean up old entries and allow the IP to be re-allocated for a new invite.

Closes #24
2021-05-09 00:32:51 +09:00
Jake McGinty f27a2426c8 client: make clippy happy 2021-05-06 12:40:00 +09:00
Jake McGinty a7f35ee12b client(list --tree): show CIDRs in numerical order
Closes #47
2021-04-30 19:02:07 +09:00
Jake McGinty 7ef92b354c meta: cargo update, fmt, fix build 2021-04-28 15:16:17 +09:00
Jake McGinty ee475715c3 client: make install step a bit more resilient
change private keys on client earlier to avoid race conditions,
and attempt the fetch call multiple times to avoid spurious issues,
while also not failing the entire command if fetch doesn't succeed.
2021-04-28 15:00:39 +09:00
Jake McGinty c6bb8052fb meta: release v1.2.0 2021-04-24 23:39:28 +09:00
Jake McGinty 378aa8383c meta: release v1.2.0-beta.1 2021-04-21 01:13:44 +09:00
Jake McGinty 0a26bdedce
{client,server}: allow hostnames in endpoints (#56)
use new Endpoint type instead of SocketAddr in appropriate places
2021-04-21 00:35:10 +09:00
Jake McGinty e2ea2ddded
docker-tests: initial integration tests (#55)
Scripts that demonstrate building a network of docker containers, doubling as an integration test for innernet.

Includes a number of improvements to the recent non-interactive CLI changes as well.
2021-04-19 21:56:18 +09:00
Jake McGinty c4e369ee54 server: non-interactive network creation 2021-04-18 01:32:56 +09:00
Jake McGinty b92ad65b17 client: add opts for non-interactive network installs 2021-04-17 12:33:24 +09:00
Jake McGinty 6d28e7f4ab
{client,server}: allow peer/cidr creation with CLI arguments (#48)
Fixes #20
2021-04-15 00:25:31 +09:00
Jake McGinty 142553a9cc client: use StructOpt's conflicts_with 2021-04-12 00:34:56 +09:00
Jake McGinty cb0e76c39b meta: release v1.1.0 2021-04-11 16:42:24 +09:00
Jake McGinty e8790f3178 meta: release v1.1.0-rc.2 2021-04-11 13:34:09 +09:00
Jake McGinty c15db6f833 client: don't leave interface behind on failed install 2021-04-10 17:38:59 +09:00
Jake McGinty 0feb34690e client: small cleanups 2021-04-10 16:03:39 +09:00
Jake McGinty 6c55dafce6 meta: release v1.1.0-rc.1 2021-04-09 22:47:33 +09:00
Jake McGinty c370c25924 server: add uninstall command 2021-04-09 22:42:29 +09:00
Jake McGinty a44fe0d3ad client: add uninstall command 2021-04-09 22:37:33 +09:00