Commit Graph

104 Commits (1b260823f993a4902f8ef484633d8a7c7552f782)

Author SHA1 Message Date
Jake McGinty 5c72592069 meta: rust edition 2018 -> 2021 2022-01-11 01:54:43 -06:00
Jake McGinty 8dd11977af meta: structopt 0.3 -> clap 3 2022-01-11 01:51:32 -06:00
Jake McGinty 09e68c2c01
(linux) wireguard-control: migrate from `wireguard-control-sys` to `netlink` crates (#177)
also introduces a new `netlink-request` crate to help modularize the netlink code. this currently depends on a fork of the `netlink` project, but we should be able to use the official version soon.
2022-01-07 18:35:21 +09:00
Jake McGinty 6be3e61074 meta: release v1.5.2 2021-12-06 02:35:18 +09:00
Jake McGinty ec754e60c4 client: non-interactive `set-listen-port` and `override-endpoint`
closes #158
2021-11-16 18:46:45 +09:00
Jake McGinty ae2c554b23
{client, server}: make config/data directories configurable (#172)
* client: allow config/data dirs to be changed

* server: allow config/data dirs to be changed

* meta: cargo clippy & cargo fmt

* shared: use const for Duration instead of lazy_static
2021-11-15 18:11:13 +09:00
Jake McGinty bce7af20ce client: fix NAT traverse helptext 2021-11-14 10:24:25 +09:00
Jake McGinty d7c491c8f3 client: granular control over NAT traversal
added to `innernet {up,fetch,install}`:

  --no-nat-traversal: Doesn't attempt NAT traversal
    (prevents long time delays in execution of command)

  --exclude-nat-candidates: Exclude a list of CIDRs from being
    considered candidates

  --no-nat-candidates: Don't report NAT candidates.
    (shorthand for '--exclude-nat-candidates 0.0.0.0/0')

Closes #160
2021-11-12 14:42:10 +09:00
Jake McGinty 9a59ac3094 meta: release v1.5.1 2021-11-11 18:42:21 +09:00
Jake McGinty 991c6435c1 client: wait after updating interface before attempting NAT traversal
otherwise, the server-reported IP itself won't have time to check
if a handshake succeeds or not.
2021-11-11 18:34:31 +09:00
Jake McGinty b0d0ee8565 fix tests 2021-11-06 18:54:52 +09:00
Jake McGinty d7cf24c63c server: validate hostname in 'new'
fixes #164
2021-11-05 12:36:35 +09:00
Jake McGinty 17dd26921f meta: update dependencies 2021-11-05 12:22:35 +09:00
Jake McGinty c09d828414 shared: follow-up to bfa5d5e, double- to single-quote in opt rustdocs 2021-09-21 12:50:21 +09:00
Jake McGinty 1b983d636d meta: release v1.5.0 2021-09-17 14:18:09 +09:00
Jake McGinty 9b1315b079 meta: release v1.5.0-beta.5 2021-09-16 02:00:03 +09:00
Jake McGinty cacd80b283 server: prompt for listen port before endpoint
also fix a logic bug if user cancels port selection in client
when trying to override endpoint.

fixes #148
2021-09-15 20:43:40 +09:00
Jake McGinty 4fa689d400 meta: rename wgctrl to wireguard-control
in preparation for publishing on crates.io
2021-09-15 12:43:20 +09:00
Jake McGinty 454e5458c1 meta: release v1.5.0-beta.4 2021-09-14 23:18:30 +09:00
Jake McGinty dcdaefd1ff meta: release v1.5.0-beta.3 2021-09-14 22:34:08 +09:00
Jake McGinty 2a640fd9b2 meta: release v1.5.0-beta.2 2021-09-14 17:59:48 +09:00
Jake McGinty dbb499a848 meta: release v1.5.0-beta.1 2021-09-14 17:26:46 +09:00
Jake McGinty c94d9d2c03 shared: fix chmod in InterfaceConfig 2021-09-14 17:16:16 +09:00
Jake McGinty cf3510918a
server: report local candidates for peers to connect (#151)
Before, only clients would report local addresses for NAT traversal. Servers should too! This will be helpful in common situations when the server is run inside the same LAN as other peers, and there's no NAT hairpinning enabled (or possible) on the router.

closes #146
2021-09-14 15:48:27 +09:00
Jake McGinty c618d7949b meta: cargo update && cargo fmt 2021-09-13 00:48:49 +09:00
Jake McGinty 3689b068a2 shared: create dirs with 700 permissions
Closes #150
2021-09-13 00:43:27 +09:00
Jake McGinty f715689540 shared(wg): remove leftover debug println on macOS
Closes #143
2021-09-12 20:34:02 +09:00
Jake McGinty 9c5380c7f8 client, server: forbid using reserved IPv6 anycast addresses as unicast
Previously, we treated all IPv6 addresses as assignable, but that causes
problems with setups that expect the first address in a subnet to be the
router anycast address.

Note that this does not fix existing innernet networks, and those
experiencing this problem are advised to revised to recreate their
network after this fix has been merged. Sorry for the annoyance.

Fixes #131
2021-09-05 23:50:09 +09:00
Jake McGinty 8903604caa
NAT traversal: ICE-esque candidate selection (#134)
This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server.

While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well.

Co-authored-by: Matěj Laitl <matej@laitl.cz>
2021-09-01 18:58:46 +09:00
Jake McGinty fd06b8054d shared(types): better self-documenting REJECT_AFTER_TYPE... type 2021-08-10 15:51:51 +09:00
Matěj Laitl eb90cc53a5
Fix clippy warnings, add clippy to CI (#127)
* Tidy code a bit thanks to clippy

Clippy 1.54 newly detects some redundant constructs, that's nice.

sort_unstable() should yield exact same results as sort() for `Vec<&str>`
and could be faster, clippy says.

* Add clippy to CI
2021-08-09 20:35:42 +09:00
Jake McGinty e97eb737a4
shared(PeerDiff): refactor struct and update peer endpoints only when handshake failed
The past behavior of clients was to, on every fetch from the server, update each of its peer's endpoints with the one reported from the server. While this wasn't a problem on certain types of NATs to help with holepunching, in some situations it caused previously working connections to no longer work (when one peer had a port-restricted or symmetric cone type NAT).
2021-08-05 09:38:14 +09:00
Jake McGinty b169435355 meta: release v1.4.1 2021-08-03 01:26:38 +09:00
Jake McGinty bbfb11e175 meta: cargo update & clippy fixes 2021-07-27 14:14:50 +09:00
Jake McGinty 118986e5e3 meta: release v1.4.0 2021-07-11 22:16:20 +09:00
Jake McGinty 4afa8a8a4e shared(types): CidrTree: re-add with_root, rewrite leaves() 2021-06-23 20:54:05 +09:00
Jake McGinty 62e6464064 shared(types): undo with_root until a rewrite of leaves() 2021-06-23 20:31:22 +09:00
Jake McGinty 3c8530d956 shared: add with_root method in CidrTree 2021-06-23 16:11:37 +09:00
Jake McGinty 0c8a2ee991 meta: cargo clippy 2021-06-22 11:27:29 +09:00
Jake McGinty 7bc1033b58 meta: cargo clippy 2021-06-16 20:34:53 +09:00
Jake McGinty d8513d3d54 meta: release v1.4.0-beta.3 2021-06-16 20:28:52 +09:00
Jake McGinty 1aed782683 client: tighten some error types and apply helptext to io::Error 2021-06-16 20:26:01 +09:00
Jake McGinty 93b4b0b43c meta: release v1.4.0-beta.2 2021-06-14 23:53:02 +09:00
Jake McGinty d6ab8e6653 shared(wg): default to 1400 if network CIDR is IPv6
Second fix for #102
2021-06-14 23:06:04 +09:00
Jake McGinty 4a458a413c meta: cargo fmt 2021-06-14 19:10:31 +09:00
Jake McGinty d431953353 client, server: configurable MTU via --mtu
ex: innernet --mtu 1400 up foobarnet

Closes #102
2021-06-14 19:06:40 +09:00
Jake McGinty 647ec7ca3e shared: proactively create invite file to ensure we have permission
This won't clean up an empty file if a later step fails, but this
is still better than the previous solution.

Closes #91
2021-06-14 18:15:31 +09:00
Jake McGinty 3a1f5cab6b meta: release v1.4.0-beta.1 2021-06-14 15:54:50 +09:00
Jake McGinty 72ef070ef3 shared(prompts): fail on no TTY if interactivity was needed
Fixes #98
2021-06-14 15:52:15 +09:00
Jake McGinty 449b4b8278
client: support running as non-root (#94)
shared(wg): use netlink instead of execve calls to "ip"
hostsfile: write to hostsfile in-place
2021-06-10 22:57:47 +09:00