Commit Graph

129 Commits (a77cbb4f490b1156b0955de93d36a1e7a4e3195c)

Author SHA1 Message Date
Jake McGinty a77cbb4f49
meta: switch from ipnetwork to ipnet (#193) 2022-02-01 14:01:21 +09:00
Jake McGinty 110bace5c7
client: enable IPv6 NAT candidate reporting (#192) 2022-02-01 12:21:31 +09:00
Jake McGinty 4715cd0c87 meta: release v1.5.3 2022-02-01 04:56:11 +09:00
Jake McGinty ddac328ae5 client: make more commands automation-friendly
Fixes #190
2022-01-31 06:10:45 +00:00
Jake McGinty e11b73972c client: stop uninstall from prompting if network doesn't exist 2022-01-24 01:46:37 +00:00
Jake McGinty 4000d84648 meta: release v1.5.3-beta.5 2022-01-22 18:08:31 +00:00
Jake McGinty 16ac280807 meta: release v1.5.3-beta.4 2022-01-18 15:56:36 +09:00
Jake McGinty b53376b9c8 meta: release v1.5.3-beta.3 2022-01-18 15:19:53 +09:00
Jake McGinty ce23bbdf63 meta: release v1.5.3-beta.2 2022-01-12 16:31:31 -06:00
Jake McGinty b15b541669 meta: release v1.5.3-beta.1 2022-01-11 14:18:19 -06:00
Matěj Laitl 1b260823f9
client, server systemd units: make Restart=always truly respected (#184)
Surprisingly, Restart=always may not _always_ restart the unit if it restarts too fast.

Set a combination of options which should make systemd truly restart innernet always.
See https://unix.stackexchange.com/q/289629/352972.

The `RestartSec=60` is the main and important one which would prevent systemd from ever failing
to restart innernet in the default settings (because with it it would never exceed the default
limit of 5 restarts in 10 seconds).

`StartLimitIntervalSec=0` option is a complementary one for explicitly disabling the logic, and
may be removed from this PR if deemed unnecessary.
2022-01-12 04:58:28 +09:00
Jake McGinty 0423e78683 server: cargo fmt 2022-01-11 01:54:59 -06:00
Jake McGinty 5c72592069 meta: rust edition 2018 -> 2021 2022-01-11 01:54:43 -06:00
Jake McGinty 8dd11977af meta: structopt 0.3 -> clap 3 2022-01-11 01:51:32 -06:00
Jake McGinty 09e68c2c01
(linux) wireguard-control: migrate from `wireguard-control-sys` to `netlink` crates (#177)
also introduces a new `netlink-request` crate to help modularize the netlink code. this currently depends on a fork of the `netlink` project, but we should be able to use the official version soon.
2022-01-07 18:35:21 +09:00
Jake McGinty 6be3e61074 meta: release v1.5.2 2021-12-06 02:35:18 +09:00
Jake McGinty d2a2e881e5 add warning when binary is called with 'inn' shortcut 2021-11-30 04:16:44 +09:00
Jake McGinty 2c31a4b6ec client: run 'up' on all interfaces when none is specified 2021-11-23 23:07:57 -07:00
Jake McGinty ec754e60c4 client: non-interactive `set-listen-port` and `override-endpoint`
closes #158
2021-11-16 18:46:45 +09:00
Jake McGinty ae2c554b23
{client, server}: make config/data directories configurable (#172)
* client: allow config/data dirs to be changed

* server: allow config/data dirs to be changed

* meta: cargo clippy & cargo fmt

* shared: use const for Duration instead of lazy_static
2021-11-15 18:11:13 +09:00
Jake McGinty e6f25ca1d7 docker-tests: add simultaneous peer invitation test 2021-11-12 17:53:37 +09:00
Jake McGinty d7c491c8f3 client: granular control over NAT traversal
added to `innernet {up,fetch,install}`:

  --no-nat-traversal: Doesn't attempt NAT traversal
    (prevents long time delays in execution of command)

  --exclude-nat-candidates: Exclude a list of CIDRs from being
    considered candidates

  --no-nat-candidates: Don't report NAT candidates.
    (shorthand for '--exclude-nat-candidates 0.0.0.0/0')

Closes #160
2021-11-12 14:42:10 +09:00
Jake McGinty 9a59ac3094 meta: release v1.5.1 2021-11-11 18:42:21 +09:00
Jake McGinty 991c6435c1 client: wait after updating interface before attempting NAT traversal
otherwise, the server-reported IP itself won't have time to check
if a handshake succeeds or not.
2021-11-11 18:34:31 +09:00
Jake McGinty 17dd26921f meta: update dependencies 2021-11-05 12:22:35 +09:00
Jake McGinty bfa5d5ee5d client: change rustdoc double-quotes to single for zsh completions.
clap (used by StructOpt) doesn't escape double-quotes inside the
rustdocs that is uses to generate completion helptext. Rather than wait
on them, it's simpler to just avoid double-quotes for now at least.

Closes #156
2021-09-21 12:46:56 +09:00
Tianon Gravi 072ac4bf96
client: fix minor typo ("exhuasted") (#155) 2021-09-18 13:16:27 +09:00
Jake McGinty 1b983d636d meta: release v1.5.0 2021-09-17 14:18:09 +09:00
Jake McGinty 9b1315b079 meta: release v1.5.0-beta.5 2021-09-16 02:00:03 +09:00
Jake McGinty ae89e06655 meta: make clippy happy 2021-09-15 21:18:04 +09:00
Jake McGinty cacd80b283 server: prompt for listen port before endpoint
also fix a logic bug if user cancels port selection in client
when trying to override endpoint.

fixes #148
2021-09-15 20:43:40 +09:00
Jake McGinty 4fa689d400 meta: rename wgctrl to wireguard-control
in preparation for publishing on crates.io
2021-09-15 12:43:20 +09:00
Jake McGinty 454e5458c1 meta: release v1.5.0-beta.4 2021-09-14 23:18:30 +09:00
Jake McGinty f774a5f97c client: print endpoint reported by wireguard, not server
thanks again @strohel :)
2021-09-14 23:12:12 +09:00
Jake McGinty b179a62a22 client: always show yourself as 'conneted' to avoid confusion 2021-09-14 22:49:08 +09:00
Jake McGinty dcdaefd1ff meta: release v1.5.0-beta.3 2021-09-14 22:34:08 +09:00
Jake McGinty 7ceebccbfa client: fix logical inverse in is_recently_connected indicator
thanks @strohel!!
2021-09-14 22:33:49 +09:00
Jake McGinty 2a640fd9b2 meta: release v1.5.0-beta.2 2021-09-14 17:59:48 +09:00
Jake McGinty 62821d5bdf client: update hosts even when you're the only peer on the network
Fixes #144
2021-09-14 17:57:07 +09:00
Jake McGinty dbb499a848 meta: release v1.5.0-beta.1 2021-09-14 17:26:46 +09:00
Jake McGinty cf3510918a
server: report local candidates for peers to connect (#151)
Before, only clients would report local addresses for NAT traversal. Servers should too! This will be helpful in common situations when the server is run inside the same LAN as other peers, and there's no NAT hairpinning enabled (or possible) on the router.

closes #146
2021-09-14 15:48:27 +09:00
tommie 120ac7d6b1
add "wireguard" as a recommended dependency for Debian. (#149)
It's very likely a user will want at least wireguard-dkms, and having
the userspace tools might be useful in an emergency. This metapackage
draws in both.

For automated installations in e.g. containers, use

    apt install --no-install-recommends

to avoid installing recommended packages.
2021-09-14 12:27:10 +09:00
Jake McGinty c618d7949b meta: cargo update && cargo fmt 2021-09-13 00:48:49 +09:00
Jake McGinty 42eb0a7589 client: wait for newline for uninstall
fixes #145
2021-09-13 00:46:06 +09:00
Jake McGinty 2a5a820bc2 client: create new data stores with 600 permissions
fixes #147
2021-09-13 00:43:53 +09:00
Jake McGinty f715689540 shared(wg): remove leftover debug println on macOS
Closes #143
2021-09-12 20:34:02 +09:00
Jake McGinty 9c5380c7f8 client, server: forbid using reserved IPv6 anycast addresses as unicast
Previously, we treated all IPv6 addresses as assignable, but that causes
problems with setups that expect the first address in a subnet to be the
router anycast address.

Note that this does not fix existing innernet networks, and those
experiencing this problem are advised to revised to recreate their
network after this fix has been merged. Sorry for the annoyance.

Fixes #131
2021-09-05 23:50:09 +09:00
Jake McGinty 20a07cf8fd client: don't show Linux instructions outside of linux
fixes #128
2021-09-05 16:37:58 +09:00
Jake McGinty b7de9cdc47
fix SQLite bug when migrating database from 1 to 2 (#136) 2021-09-02 02:25:34 +09:00
Jake McGinty 8903604caa
NAT traversal: ICE-esque candidate selection (#134)
This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server.

While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well.

Co-authored-by: Matěj Laitl <matej@laitl.cz>
2021-09-01 18:58:46 +09:00