Commit Graph

103 Commits (a7f7204bd7522b49cb919d0d984c395c322c0106)

Author SHA1 Message Date
Jake McGinty c7a2f7391c meta: release v1.5.4-beta.2 2022-02-03 01:50:39 +09:00
Jake McGinty f7df6bab01 meta: release v1.5.4-beta.1 2022-02-01 14:04:11 +09:00
Jake McGinty a77cbb4f49
meta: switch from ipnetwork to ipnet (#193) 2022-02-01 14:01:21 +09:00
Jake McGinty b6ce16bc00
server: add better validation to the associations endpoint (#194) 2022-02-01 13:53:31 +09:00
Jake McGinty 4715cd0c87 meta: release v1.5.3 2022-02-01 04:56:11 +09:00
Jake McGinty 49aaa3907a meta: cargo update 2022-02-01 04:27:24 +09:00
Jake McGinty 050ce1362a meta: fix new cargo clippy warnings 2022-02-01 04:20:21 +09:00
Jake McGinty 4000d84648 meta: release v1.5.3-beta.5 2022-01-22 18:08:31 +00:00
Jake McGinty 16ac280807 meta: release v1.5.3-beta.4 2022-01-18 15:56:36 +09:00
Jake McGinty b53376b9c8 meta: release v1.5.3-beta.3 2022-01-18 15:19:53 +09:00
Jake McGinty ce23bbdf63 meta: release v1.5.3-beta.2 2022-01-12 16:31:31 -06:00
Jake McGinty b15b541669 meta: release v1.5.3-beta.1 2022-01-11 14:18:19 -06:00
Matěj Laitl 1b260823f9
client, server systemd units: make Restart=always truly respected (#184)
Surprisingly, Restart=always may not _always_ restart the unit if it restarts too fast.

Set a combination of options which should make systemd truly restart innernet always.
See https://unix.stackexchange.com/q/289629/352972.

The `RestartSec=60` is the main and important one which would prevent systemd from ever failing
to restart innernet in the default settings (because with it it would never exceed the default
limit of 5 restarts in 10 seconds).

`StartLimitIntervalSec=0` option is a complementary one for explicitly disabling the logic, and
may be removed from this PR if deemed unnecessary.
2022-01-12 04:58:28 +09:00
Jake McGinty 0423e78683 server: cargo fmt 2022-01-11 01:54:59 -06:00
Jake McGinty 5c72592069 meta: rust edition 2018 -> 2021 2022-01-11 01:54:43 -06:00
Jake McGinty 8dd11977af meta: structopt 0.3 -> clap 3 2022-01-11 01:51:32 -06:00
Jake McGinty 6be3e61074 meta: release v1.5.2 2021-12-06 02:35:18 +09:00
Jake McGinty ae2c554b23
{client, server}: make config/data directories configurable (#172)
* client: allow config/data dirs to be changed

* server: allow config/data dirs to be changed

* meta: cargo clippy & cargo fmt

* shared: use const for Duration instead of lazy_static
2021-11-15 18:11:13 +09:00
Jake McGinty d7c491c8f3 client: granular control over NAT traversal
added to `innernet {up,fetch,install}`:

  --no-nat-traversal: Doesn't attempt NAT traversal
    (prevents long time delays in execution of command)

  --exclude-nat-candidates: Exclude a list of CIDRs from being
    considered candidates

  --no-nat-candidates: Don't report NAT candidates.
    (shorthand for '--exclude-nat-candidates 0.0.0.0/0')

Closes #160
2021-11-12 14:42:10 +09:00
Jake McGinty 9a59ac3094 meta: release v1.5.1 2021-11-11 18:42:21 +09:00
Jake McGinty 991c6435c1 client: wait after updating interface before attempting NAT traversal
otherwise, the server-reported IP itself won't have time to check
if a handshake succeeds or not.
2021-11-11 18:34:31 +09:00
Jake McGinty d7cf24c63c server: validate hostname in 'new'
fixes #164
2021-11-05 12:36:35 +09:00
Jake McGinty 17dd26921f meta: update dependencies 2021-11-05 12:22:35 +09:00
Jake McGinty 1b983d636d meta: release v1.5.0 2021-09-17 14:18:09 +09:00
Jake McGinty 9b1315b079 meta: release v1.5.0-beta.5 2021-09-16 02:00:03 +09:00
Jake McGinty cacd80b283 server: prompt for listen port before endpoint
also fix a logic bug if user cancels port selection in client
when trying to override endpoint.

fixes #148
2021-09-15 20:43:40 +09:00
Jake McGinty 4fa689d400 meta: rename wgctrl to wireguard-control
in preparation for publishing on crates.io
2021-09-15 12:43:20 +09:00
Jake McGinty 454e5458c1 meta: release v1.5.0-beta.4 2021-09-14 23:18:30 +09:00
Jake McGinty dcdaefd1ff meta: release v1.5.0-beta.3 2021-09-14 22:34:08 +09:00
Jake McGinty 2a640fd9b2 meta: release v1.5.0-beta.2 2021-09-14 17:59:48 +09:00
Jake McGinty dbb499a848 meta: release v1.5.0-beta.1 2021-09-14 17:26:46 +09:00
Jake McGinty cf3510918a
server: report local candidates for peers to connect (#151)
Before, only clients would report local addresses for NAT traversal. Servers should too! This will be helpful in common situations when the server is run inside the same LAN as other peers, and there's no NAT hairpinning enabled (or possible) on the router.

closes #146
2021-09-14 15:48:27 +09:00
tommie 120ac7d6b1
add "wireguard" as a recommended dependency for Debian. (#149)
It's very likely a user will want at least wireguard-dkms, and having
the userspace tools might be useful in an emergency. This metapackage
draws in both.

For automated installations in e.g. containers, use

    apt install --no-install-recommends

to avoid installing recommended packages.
2021-09-14 12:27:10 +09:00
Jake McGinty d4822afc98 meta: cargo clippy & fmt 2021-09-14 12:24:04 +09:00
Jake McGinty b3d2d7f2eb wgctrl-rs(userspace): remove subtle as dependency 2021-09-13 02:15:47 +09:00
Jake McGinty c652a8f799 wgctrl-rs: no longer expose bytes of Key publicly 2021-09-13 02:05:57 +09:00
Jake McGinty c618d7949b meta: cargo update && cargo fmt 2021-09-13 00:48:49 +09:00
Jake McGinty 22203e63d0 server: addd ipv6 tests as feature flag alongside ipv4 2021-09-05 23:50:09 +09:00
Jake McGinty 9c5380c7f8 client, server: forbid using reserved IPv6 anycast addresses as unicast
Previously, we treated all IPv6 addresses as assignable, but that causes
problems with setups that expect the first address in a subnet to be the
router anycast address.

Note that this does not fix existing innernet networks, and those
experiencing this problem are advised to revised to recreate their
network after this fix has been merged. Sorry for the annoyance.

Fixes #131
2021-09-05 23:50:09 +09:00
Jake McGinty b7de9cdc47
fix SQLite bug when migrating database from 1 to 2 (#136) 2021-09-02 02:25:34 +09:00
Jake McGinty 8903604caa
NAT traversal: ICE-esque candidate selection (#134)
This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server.

While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well.

Co-authored-by: Matěj Laitl <matej@laitl.cz>
2021-09-01 18:58:46 +09:00
Matěj Laitl eb90cc53a5
Fix clippy warnings, add clippy to CI (#127)
* Tidy code a bit thanks to clippy

Clippy 1.54 newly detects some redundant constructs, that's nice.

sort_unstable() should yield exact same results as sort() for `Vec<&str>`
and could be faster, clippy says.

* Add clippy to CI
2021-08-09 20:35:42 +09:00
Jake McGinty b169435355 meta: release v1.4.1 2021-08-03 01:26:38 +09:00
Jake McGinty 118986e5e3 meta: release v1.4.0 2021-07-11 22:16:20 +09:00
Jake McGinty 0c8a2ee991 meta: cargo clippy 2021-06-22 11:27:29 +09:00
Jake McGinty 7bc1033b58 meta: cargo clippy 2021-06-16 20:34:53 +09:00
Jake McGinty d8513d3d54 meta: release v1.4.0-beta.3 2021-06-16 20:28:52 +09:00
Jake McGinty 93b4b0b43c meta: release v1.4.0-beta.2 2021-06-14 23:53:02 +09:00
Jake McGinty 647ec7ca3e shared: proactively create invite file to ensure we have permission
This won't clean up an empty file if a later step fails, but this
is still better than the previous solution.

Closes #91
2021-06-14 18:15:31 +09:00
Jake McGinty 3a1f5cab6b meta: release v1.4.0-beta.1 2021-06-14 15:54:50 +09:00