Commit Graph

56 Commits (ee475715c3c5df75fff2df155f4f72d169c85aed)

Author SHA1 Message Date
Jake McGinty ee475715c3 client: make install step a bit more resilient
change private keys on client earlier to avoid race conditions,
and attempt the fetch call multiple times to avoid spurious issues,
while also not failing the entire command if fetch doesn't succeed.
2021-04-28 15:00:39 +09:00
Jake McGinty 733118a463 README: add security recommendations for services 2021-04-25 01:59:48 +09:00
Jake McGinty c6bb8052fb meta: release v1.2.0 2021-04-24 23:39:28 +09:00
dbr/Ben 2f18ff8e10
Fix cargo install instructions (#59)
"git checkout" -> "git clone" and install both client and server for consistency with other install methods
2021-04-24 00:30:03 +09:00
Jake McGinty 378aa8383c meta: release v1.2.0-beta.1 2021-04-21 01:13:44 +09:00
Jake McGinty d56136a89f docker-test: minor cleanups 2021-04-21 01:11:20 +09:00
Jake McGinty 0a26bdedce
{client,server}: allow hostnames in endpoints (#56)
use new Endpoint type instead of SocketAddr in appropriate places
2021-04-21 00:35:10 +09:00
Jake McGinty e2ea2ddded
docker-tests: initial integration tests (#55)
Scripts that demonstrate building a network of docker containers, doubling as an integration test for innernet.

Includes a number of improvements to the recent non-interactive CLI changes as well.
2021-04-19 21:56:18 +09:00
Matt Blessed 849cc4cd4f
use proper c char types (#54)
related: https://github.com/tonarino/innernet/issues/50
2021-04-19 15:23:46 +09:00
Jake McGinty c4e369ee54 server: non-interactive network creation 2021-04-18 01:32:56 +09:00
Jake McGinty b92ad65b17 client: add opts for non-interactive network installs 2021-04-17 12:33:24 +09:00
Jake McGinty 6d28e7f4ab
{client,server}: allow peer/cidr creation with CLI arguments (#48)
Fixes #20
2021-04-15 00:25:31 +09:00
Brian Schwind a1818d9618
Update minimum Rust version in README.md 2021-04-13 12:17:06 +09:00
Jake McGinty 142553a9cc client: use StructOpt's conflicts_with 2021-04-12 00:34:56 +09:00
Jake McGinty cb0e76c39b meta: release v1.1.0 2021-04-11 16:42:24 +09:00
Jake McGinty 10ae9b51eb wgctrl-rs: remove loud debug println 2021-04-11 16:38:32 +09:00
Jake McGinty 05d78eb253 shared: add types module 2021-04-11 14:56:47 +09:00
Jake McGinty e8790f3178 meta: release v1.1.0-rc.2 2021-04-11 13:34:09 +09:00
Jake McGinty dde58c8f45 wgctrl-rs: create /var/run/wireguard if it's not there
wireguard-go wasn't writing the name file if the directory didn't
already exist.
2021-04-11 13:30:38 +09:00
Jake McGinty c15db6f833 client: don't leave interface behind on failed install 2021-04-10 17:38:59 +09:00
Jake McGinty dcf553c8fd shared: update chmod util to ignore non-perm bits 2021-04-10 17:13:00 +09:00
Jake McGinty 0feb34690e client: small cleanups 2021-04-10 16:03:39 +09:00
Jake McGinty 6c55dafce6 meta: release v1.1.0-rc.1 2021-04-09 22:47:33 +09:00
Jake McGinty c370c25924 server: add uninstall command 2021-04-09 22:42:29 +09:00
Jake McGinty a44fe0d3ad client: add uninstall command 2021-04-09 22:37:33 +09:00
Jake McGinty 5c444cc841 release.sh: generate manpages after version bump 2021-04-09 16:26:56 +09:00
Jake McGinty eedb5758c9 meta: add homebrew package for macOS 2021-04-09 16:22:50 +09:00
Jake McGinty 6b6cb07690 release.sh: store compressed and uncompressed manpages 2021-04-09 16:15:46 +09:00
Jake McGinty badabf1145 meta: release.sh: use annotated tags 2021-04-09 15:06:57 +09:00
Jake McGinty bd7987f82f meta: release v1.0.2-rc.2 2021-04-09 15:02:44 +09:00
Jake McGinty 72dc14c49c {client,server}: enforce permissions on directories and files
This may become a warning rather than an action later, but for now
let's make sure older installations that had incorrect permissions
are taken care of.
2021-04-09 15:00:53 +09:00
Jake McGinty ee890ccaa7 meta: release v1.0.2-rc.1 2021-04-09 14:14:43 +09:00
Jake McGinty 0a0ce0793d meta: release.sh
cargo-release doesn't do everything we want during the release process,
so a separate script ends up being necessary if I don't want to forget
steps.
2021-04-09 14:14:34 +09:00
Jake McGinty a87d56cfc9
{client,server}: send and require a header that contains the server public key
This is a stop-gap CSRF protection mechanism from unsophisticated attacks. It's to be considered a temporary solution until a more complete one can be implemented, but it should be sufficient in most cases for the time being.

See https://github.com/tonarino/innernet/issues/38 for further discussion.
2021-04-09 13:48:00 +09:00
Jake McGinty bcd68df772 wgctrl-sys: correct InterfaceName parsing and simplify a bit
It was dropping the last character in the name, and I modified it to
instead just error on any &str that has a '\0' in it. The strictness
feels acceptable and simplifies the code a bit.
2021-04-09 12:27:49 +09:00
BlackHoleFox b1e1ff8f4f
wgctrl-sys: Remove some unsafe in the kernel backend
Validates WireGuard interfaces against the linux specification for interface names.
Refactor userspace and other OSes to use InterfaceName
2021-04-09 10:28:37 +09:00
Orhun Parmaksız 67c69ecfa0
readme: update installation instructions for Arch Linux (#40) 2021-04-09 10:03:34 +09:00
Jake McGinty 9b6d27d860 readme: remove linux modprobe section 2021-04-08 12:17:28 +09:00
Jake McGinty 9b55619002 wgctrl-rs: environment variable userspace impl overrides
wgctrl-rs will now look for the WG_USERSPACE_IMPLEMENTATION or
WG_QUICK_USERSPACE_IMPLEMENTATION environment variables to
override the default wireguard-go userspace implementation choice.

Closes #34
2021-04-08 11:54:01 +09:00
Jake McGinty 1e1436bfa5 (cargo-release) version v1.0.1 2021-04-08 11:09:54 +09:00
Jake McGinty 99ee399b6e wgctrl-rs: fix typo in comment 2021-04-08 11:09:54 +09:00
Jake McGinty 41fd9014c0 wgctrl-rs: modprobe wireguard if it's available but not loaded
Fixes #5
2021-04-08 11:04:35 +09:00
Jake McGinty 4ec2f4099b hostsfile: v1.0.1 2021-04-08 10:46:49 +09:00
Jake McGinty 296cd7b496
client: changeable hosts file settings
Introduces `--hosts-path [PATH]` and `--no-write-hosts` options in `innernet`.

This could be further improved to have a persistent setting in a config file i.e. /etc/innernet.conf (which doesn't currently exist).

Fixes #6
2021-04-07 17:00:52 +09:00
Jake McGinty f0018c1052
actions: trigger checks on PRs 2021-04-07 02:49:24 +09:00
Martin Hauke 77a7c36cce systemd: Add file innernet.target
Add file innernet.target, which allows you to stop or restart all client
instances.
2021-04-06 23:22:28 +09:00
Jake McGinty 2122748727 server: add comments to get_listener 2021-04-06 13:33:55 +09:00
Jake McGinty 17f56556ea meta: include tickets for git-based cargo dependencies 2021-04-06 13:33:55 +09:00
Jake McGinty 41565e46d7 server: bind specifically to WireGuard interface on Linux
This is one many upcoming changes to address IP spoofing
issues.

See #26 for more details.
2021-04-06 13:33:55 +09:00
Jake McGinty d2bc2b3506
Merge pull request #21 from aeber/fix_macos_ipv6
Fix macos ip/route setup for ipv6 nets
2021-04-02 16:44:40 +09:00