Commit Graph

94 Commits (b2e414984e007121ce8b7f84877bfe935d209c17)

Author SHA1 Message Date
Jake McGinty 0c8a2ee991 meta: cargo clippy 2021-06-22 11:27:29 +09:00
Jake McGinty 7bc1033b58 meta: cargo clippy 2021-06-16 20:34:53 +09:00
Jake McGinty 1aed782683 client: tighten some error types and apply helptext to io::Error 2021-06-16 20:26:01 +09:00
Jake McGinty d6ab8e6653 shared(wg): default to 1400 if network CIDR is IPv6
Second fix for #102
2021-06-14 23:06:04 +09:00
Jake McGinty 4a458a413c meta: cargo fmt 2021-06-14 19:10:31 +09:00
Jake McGinty d431953353 client, server: configurable MTU via --mtu
ex: innernet --mtu 1400 up foobarnet

Closes #102
2021-06-14 19:06:40 +09:00
Jake McGinty 647ec7ca3e shared: proactively create invite file to ensure we have permission
This won't clean up an empty file if a later step fails, but this
is still better than the previous solution.

Closes #91
2021-06-14 18:15:31 +09:00
Jake McGinty 72ef070ef3 shared(prompts): fail on no TTY if interactivity was needed
Fixes #98
2021-06-14 15:52:15 +09:00
Jake McGinty 449b4b8278
client: support running as non-root (#94)
shared(wg): use netlink instead of execve calls to "ip"
hostsfile: write to hostsfile in-place
2021-06-10 22:57:47 +09:00
Jake McGinty 15e9c08a8a shared(wg): remove leftover debugging command
Fixes #95
doy.
2021-05-31 16:27:04 +09:00
Kevin K ec210f9468
client, server: adds ability to rename peers (#92)
This commit adds a subcommand to both the client and server to allow
changing the name of a peer. The peer retains all the same attributes as
before (public keys, IPs, admin/disabled status, etc.).

Closes #87
2021-05-25 19:58:00 +09:00
Jake McGinty b4fb9f9250 client, server: new CIDRs must be hostname-compatible
towards the goal of supporting #82
2021-05-21 13:35:07 +09:00
Jake McGinty 911a2d8f00 shared(prompts): wait for newline on confirmations 2021-05-21 13:02:11 +09:00
Kevin K ff0527d836
client, server: adds ability to delete cidrs (#88)
This commit adds a `delete-cidr` to both the client and server. It walks
through the prompts just like adding a CIDR.

Only eligible CIDRs are presented to the user. Eligibilty requires:

- CIDR has no child CIDRs
- CIDR has no assigned peers

Closes #23
2021-05-21 12:39:33 +09:00
Jake McGinty c512985214 meta: remove unused code and format 2021-05-20 03:18:43 +09:00
Jake McGinty 5b744d1f78 client, wgctrl: fix various linux userspace issues
Fixes #75
2021-05-20 03:16:48 +09:00
Jake McGinty 3892a99156
wgctrl: use wireguard backends explicitly (with OS-specific defaults) (#85)
Based on the conversation from #5 (comment) - this changes innernet's behavior on Linux from automatically falling back to the userspace, instead requiring --backend userspace to be specified.

This should help people avoid weird situations in environments like Docker.
2021-05-19 16:54:07 +09:00
Johann150 170c8267bf
client, server: make adding routes optional (#71) 2021-05-12 02:31:47 +09:00
Jake McGinty 3cb766f795 shared(prompts): add consent prompt for public IP query
Closes #73
2021-05-10 04:39:46 +09:00
Jake McGinty 46d9783109 publicip: don't explode, just leave as None 2021-05-10 04:17:02 +09:00
Jake McGinty 426916fadd meta: make clippy happy 2021-05-10 00:09:50 +09:00
Jake McGinty 981f7e8701 shared: add better visibility into IO errors 2021-05-09 21:34:11 +09:00
Jake McGinty 54e7c1b183 server(new): add more explanation text at beginning 2021-05-09 21:04:49 +09:00
Jake McGinty 0000488910
client, server: create own crate for public ip resolution (#72) 2021-05-09 19:57:52 +09:00
Jake McGinty fb1de8e210 shared(wg): don't fail silently on bringing the interface up 2021-05-09 02:17:23 +09:00
Jake McGinty 2ce552cc36
client, server: invite expirations
The server now expects a UNIX timestamp after which the invitation will be expired. If a peer invite hasn't been redeemed after it expires, the server will clean up old entries and allow the IP to be re-allocated for a new invite.

Closes #24
2021-05-09 00:32:51 +09:00
Jake McGinty 76500b3778 shared(prompts): simplify cidr selection code 2021-05-07 15:45:32 +09:00
Jake McGinty f27a2426c8 client: make clippy happy 2021-05-06 12:40:00 +09:00
Jake McGinty c01c2be4bb
server: switch from using warp directly to hyper (#67)
Closes #53
2021-05-06 12:32:54 +09:00
Jake McGinty f18fe14553 {client,server}: hide innernet-server CIDR from selection menus
It's a special /32 CIDR that is un-interactable, so is only taking
up space.

Closes #63
2021-05-04 11:34:16 +09:00
Jake McGinty 0a26bdedce
{client,server}: allow hostnames in endpoints (#56)
use new Endpoint type instead of SocketAddr in appropriate places
2021-04-21 00:35:10 +09:00
Jake McGinty e2ea2ddded
docker-tests: initial integration tests (#55)
Scripts that demonstrate building a network of docker containers, doubling as an integration test for innernet.

Includes a number of improvements to the recent non-interactive CLI changes as well.
2021-04-19 21:56:18 +09:00
Jake McGinty c4e369ee54 server: non-interactive network creation 2021-04-18 01:32:56 +09:00
Jake McGinty b92ad65b17 client: add opts for non-interactive network installs 2021-04-17 12:33:24 +09:00
Jake McGinty 6d28e7f4ab
{client,server}: allow peer/cidr creation with CLI arguments (#48)
Fixes #20
2021-04-15 00:25:31 +09:00
Jake McGinty 05d78eb253 shared: add types module 2021-04-11 14:56:47 +09:00
Jake McGinty dcf553c8fd shared: update chmod util to ignore non-perm bits 2021-04-10 17:13:00 +09:00
Jake McGinty c370c25924 server: add uninstall command 2021-04-09 22:42:29 +09:00
Jake McGinty a44fe0d3ad client: add uninstall command 2021-04-09 22:37:33 +09:00
Jake McGinty 72dc14c49c {client,server}: enforce permissions on directories and files
This may become a warning rather than an action later, but for now
let's make sure older installations that had incorrect permissions
are taken care of.
2021-04-09 15:00:53 +09:00
Jake McGinty a87d56cfc9
{client,server}: send and require a header that contains the server public key
This is a stop-gap CSRF protection mechanism from unsophisticated attacks. It's to be considered a temporary solution until a more complete one can be implemented, but it should be sufficient in most cases for the time being.

See https://github.com/tonarino/innernet/issues/38 for further discussion.
2021-04-09 13:48:00 +09:00
BlackHoleFox b1e1ff8f4f
wgctrl-sys: Remove some unsafe in the kernel backend
Validates WireGuard interfaces against the linux specification for interface names.
Refactor userspace and other OSes to use InterfaceName
2021-04-09 10:28:37 +09:00
Anselm Eberhardt c3ae74bd34 Fix macos ip/route setup for ipv6 nets 2021-03-31 18:22:13 +02:00
Jake McGinty c49f061bb7 kabloomers. public release v1.0.0 2021-03-30 02:47:34 +09:00