1
0
mirror of https://github.com/tonarino/innernet.git synced 2024-11-24 08:42:33 +02:00
Commit Graph

129 Commits

Author SHA1 Message Date
Jake McGinty
9b1315b079 meta: release v1.5.0-beta.5 2021-09-16 02:00:03 +09:00
Jake McGinty
cacd80b283 server: prompt for listen port before endpoint
also fix a logic bug if user cancels port selection in client
when trying to override endpoint.

fixes #148
2021-09-15 20:43:40 +09:00
Jake McGinty
4fa689d400 meta: rename wgctrl to wireguard-control
in preparation for publishing on crates.io
2021-09-15 12:43:20 +09:00
Jake McGinty
454e5458c1 meta: release v1.5.0-beta.4 2021-09-14 23:18:30 +09:00
Jake McGinty
dcdaefd1ff meta: release v1.5.0-beta.3 2021-09-14 22:34:08 +09:00
Jake McGinty
2a640fd9b2 meta: release v1.5.0-beta.2 2021-09-14 17:59:48 +09:00
Jake McGinty
dbb499a848 meta: release v1.5.0-beta.1 2021-09-14 17:26:46 +09:00
Jake McGinty
cf3510918a
server: report local candidates for peers to connect (#151)
Before, only clients would report local addresses for NAT traversal. Servers should too! This will be helpful in common situations when the server is run inside the same LAN as other peers, and there's no NAT hairpinning enabled (or possible) on the router.

closes #146
2021-09-14 15:48:27 +09:00
tommie
120ac7d6b1
add "wireguard" as a recommended dependency for Debian. (#149)
It's very likely a user will want at least wireguard-dkms, and having
the userspace tools might be useful in an emergency. This metapackage
draws in both.

For automated installations in e.g. containers, use

    apt install --no-install-recommends

to avoid installing recommended packages.
2021-09-14 12:27:10 +09:00
Jake McGinty
d4822afc98 meta: cargo clippy & fmt 2021-09-14 12:24:04 +09:00
Jake McGinty
b3d2d7f2eb wgctrl-rs(userspace): remove subtle as dependency 2021-09-13 02:15:47 +09:00
Jake McGinty
c652a8f799 wgctrl-rs: no longer expose bytes of Key publicly 2021-09-13 02:05:57 +09:00
Jake McGinty
c618d7949b meta: cargo update && cargo fmt 2021-09-13 00:48:49 +09:00
Jake McGinty
22203e63d0 server: addd ipv6 tests as feature flag alongside ipv4 2021-09-05 23:50:09 +09:00
Jake McGinty
9c5380c7f8 client, server: forbid using reserved IPv6 anycast addresses as unicast
Previously, we treated all IPv6 addresses as assignable, but that causes
problems with setups that expect the first address in a subnet to be the
router anycast address.

Note that this does not fix existing innernet networks, and those
experiencing this problem are advised to revised to recreate their
network after this fix has been merged. Sorry for the annoyance.

Fixes #131
2021-09-05 23:50:09 +09:00
Jake McGinty
b7de9cdc47
fix SQLite bug when migrating database from 1 to 2 (#136) 2021-09-02 02:25:34 +09:00
Jake McGinty
8903604caa
NAT traversal: ICE-esque candidate selection (#134)
This change adds the ability for peers to report additional candidate endpoints for other peers to attempt connections with outside of the endpoint reported by the coordinating server.

While not a complete solution to the full spectrum of NAT traversal issues (TURN-esque proxying is still notably missing), it allows peers within the same NAT to connect to each other via their LAN addresses, which is a win nonetheless. In the future, more advanced candidate discovery could be used to punch through additional types of NAT cone types as well.

Co-authored-by: Matěj Laitl <matej@laitl.cz>
2021-09-01 18:58:46 +09:00
Matěj Laitl
eb90cc53a5
Fix clippy warnings, add clippy to CI (#127)
* Tidy code a bit thanks to clippy

Clippy 1.54 newly detects some redundant constructs, that's nice.

sort_unstable() should yield exact same results as sort() for `Vec<&str>`
and could be faster, clippy says.

* Add clippy to CI
2021-08-09 20:35:42 +09:00
Jake McGinty
b169435355 meta: release v1.4.1 2021-08-03 01:26:38 +09:00
Jake McGinty
118986e5e3 meta: release v1.4.0 2021-07-11 22:16:20 +09:00
Jake McGinty
0c8a2ee991 meta: cargo clippy 2021-06-22 11:27:29 +09:00
Jake McGinty
7bc1033b58 meta: cargo clippy 2021-06-16 20:34:53 +09:00
Jake McGinty
d8513d3d54 meta: release v1.4.0-beta.3 2021-06-16 20:28:52 +09:00
Jake McGinty
93b4b0b43c meta: release v1.4.0-beta.2 2021-06-14 23:53:02 +09:00
Jake McGinty
647ec7ca3e shared: proactively create invite file to ensure we have permission
This won't clean up an empty file if a later step fails, but this
is still better than the previous solution.

Closes #91
2021-06-14 18:15:31 +09:00
Jake McGinty
3a1f5cab6b meta: release v1.4.0-beta.1 2021-06-14 15:54:50 +09:00
Jake McGinty
449b4b8278
client: support running as non-root (#94)
shared(wg): use netlink instead of execve calls to "ip"
hostsfile: write to hostsfile in-place
2021-06-10 22:57:47 +09:00
George Shuklin
0942452950
Exit with code 1 (error) if wizard failed. (#96)
* Exit with code 1 (error) if wizard failed.
Should prevent error code 0 after
`creation failed: failed to create database (are you not running as root?).`
and similar errors.

* Switch error messages from stdin to stderr for init_wizard
2021-06-02 14:14:54 +09:00
Jake McGinty
8017539f82 client, server: fix RPM build issue. 2021-06-01 01:30:40 +09:00
Jake McGinty
ba0b062ce9 meta: release v1.3.1 2021-06-01 00:58:09 +09:00
Jake McGinty
b7f299c147 meta: cargo update & clippy 2021-06-01 00:22:48 +09:00
Jake McGinty
042881cc7d client, server: don't require root for completions command 2021-06-01 00:18:56 +09:00
Jake McGinty
9524019c55 client, server: make clap's helptext a bit friendlier 2021-05-26 14:23:02 +09:00
Kevin K
ec210f9468
client, server: adds ability to rename peers (#92)
This commit adds a subcommand to both the client and server to allow
changing the name of a peer. The peer retains all the same attributes as
before (public keys, IPs, admin/disabled status, etc.).

Closes #87
2021-05-25 19:58:00 +09:00
Kevin K
4226278e5a
client, server: add shell completions (#84)
This subcommand takes a shell as an argument and generates shell
completions for that shell to stdout.

example:

```
$ innernet completions bash
  OR
$ innernet-server completions bash
```
2021-05-25 16:10:16 +09:00
Jake McGinty
2d012c6bd9 meta: release v1.3.0 2021-05-21 14:46:30 +09:00
Jake McGinty
fed0c859c8 meta: cargo update & fmt 2021-05-21 13:35:52 +09:00
Kevin K
ff0527d836
client, server: adds ability to delete cidrs (#88)
This commit adds a `delete-cidr` to both the client and server. It walks
through the prompts just like adding a CIDR.

Only eligible CIDRs are presented to the user. Eligibilty requires:

- CIDR has no child CIDRs
- CIDR has no assigned peers

Closes #23
2021-05-21 12:39:33 +09:00
Jake McGinty
e2011b4260 meta: release v1.3.0-beta.7 2021-05-20 13:05:03 +09:00
Jake McGinty
25a4a0eb41 meta: release v1.3.0-beta.6 2021-05-20 03:44:45 +09:00
Jake McGinty
c512985214 meta: remove unused code and format 2021-05-20 03:18:43 +09:00
Jake McGinty
5b744d1f78 client, wgctrl: fix various linux userspace issues
Fixes #75
2021-05-20 03:16:48 +09:00
Jake McGinty
08b975e847 meta: release v1.3.0-beta.5 2021-05-19 16:59:27 +09:00
Jake McGinty
3892a99156
wgctrl: use wireguard backends explicitly (with OS-specific defaults) (#85)
Based on the conversation from #5 (comment) - this changes innernet's behavior on Linux from automatically falling back to the userspace, instead requiring --backend userspace to be specified.

This should help people avoid weird situations in environments like Docker.
2021-05-19 16:54:07 +09:00
Johann150
170c8267bf
client, server: make adding routes optional (#71) 2021-05-12 02:31:47 +09:00
Jake McGinty
3cb766f795 shared(prompts): add consent prompt for public IP query
Closes #73
2021-05-10 04:39:46 +09:00
Jake McGinty
ac01b8c9aa meta: release v1.3.0-beta.4 2021-05-10 04:18:47 +09:00
Jake McGinty
46d9783109 publicip: don't explode, just leave as None 2021-05-10 04:17:02 +09:00
Jake McGinty
426916fadd meta: make clippy happy 2021-05-10 00:09:50 +09:00
Jake McGinty
9d4eb80177 meta: release v1.3.0-beta.3 2021-05-09 21:37:19 +09:00
Jake McGinty
54e7c1b183 server(new): add more explanation text at beginning 2021-05-09 21:04:49 +09:00
Jake McGinty
d4d0d7301a meta: release v1.3.0-beta.2 2021-05-09 20:07:27 +09:00
Jake McGinty
0000488910
client, server: create own crate for public ip resolution (#72) 2021-05-09 19:57:52 +09:00
Michael Kuryshev
d7e9a60ba1
actions: build rpms for releases (#29) 2021-05-09 19:57:37 +09:00
Jake McGinty
78c2bfd6db meta: release v1.3.0-beta.1 2021-05-09 03:37:03 +09:00
Jake McGinty
2ce552cc36
client, server: invite expirations
The server now expects a UNIX timestamp after which the invitation will be expired. If a peer invite hasn't been redeemed after it expires, the server will clean up old entries and allow the IP to be re-allocated for a new invite.

Closes #24
2021-05-09 00:32:51 +09:00
Jake McGinty
c01c2be4bb
server: switch from using warp directly to hyper (#67)
Closes #53
2021-05-06 12:32:54 +09:00
Jake McGinty
9896d8ee52 meta: cargo update & fmt 2021-04-30 19:01:17 +09:00
Jake McGinty
c6bb8052fb meta: release v1.2.0 2021-04-24 23:39:28 +09:00
Jake McGinty
378aa8383c meta: release v1.2.0-beta.1 2021-04-21 01:13:44 +09:00
Jake McGinty
0a26bdedce
{client,server}: allow hostnames in endpoints (#56)
use new Endpoint type instead of SocketAddr in appropriate places
2021-04-21 00:35:10 +09:00
Jake McGinty
e2ea2ddded
docker-tests: initial integration tests (#55)
Scripts that demonstrate building a network of docker containers, doubling as an integration test for innernet.

Includes a number of improvements to the recent non-interactive CLI changes as well.
2021-04-19 21:56:18 +09:00
Jake McGinty
c4e369ee54 server: non-interactive network creation 2021-04-18 01:32:56 +09:00
Jake McGinty
b92ad65b17 client: add opts for non-interactive network installs 2021-04-17 12:33:24 +09:00
Jake McGinty
6d28e7f4ab
{client,server}: allow peer/cidr creation with CLI arguments (#48)
Fixes #20
2021-04-15 00:25:31 +09:00
Jake McGinty
cb0e76c39b meta: release v1.1.0 2021-04-11 16:42:24 +09:00
Jake McGinty
e8790f3178 meta: release v1.1.0-rc.2 2021-04-11 13:34:09 +09:00
Jake McGinty
6c55dafce6 meta: release v1.1.0-rc.1 2021-04-09 22:47:33 +09:00
Jake McGinty
c370c25924 server: add uninstall command 2021-04-09 22:42:29 +09:00
Jake McGinty
bd7987f82f meta: release v1.0.2-rc.2 2021-04-09 15:02:44 +09:00
Jake McGinty
72dc14c49c {client,server}: enforce permissions on directories and files
This may become a warning rather than an action later, but for now
let's make sure older installations that had incorrect permissions
are taken care of.
2021-04-09 15:00:53 +09:00
Jake McGinty
ee890ccaa7 meta: release v1.0.2-rc.1 2021-04-09 14:14:43 +09:00
Jake McGinty
a87d56cfc9
{client,server}: send and require a header that contains the server public key
This is a stop-gap CSRF protection mechanism from unsophisticated attacks. It's to be considered a temporary solution until a more complete one can be implemented, but it should be sufficient in most cases for the time being.

See https://github.com/tonarino/innernet/issues/38 for further discussion.
2021-04-09 13:48:00 +09:00
BlackHoleFox
b1e1ff8f4f
wgctrl-sys: Remove some unsafe in the kernel backend
Validates WireGuard interfaces against the linux specification for interface names.
Refactor userspace and other OSes to use InterfaceName
2021-04-09 10:28:37 +09:00
Jake McGinty
1e1436bfa5 (cargo-release) version v1.0.1 2021-04-08 11:09:54 +09:00
Jake McGinty
2122748727 server: add comments to get_listener 2021-04-06 13:33:55 +09:00
Jake McGinty
17f56556ea meta: include tickets for git-based cargo dependencies 2021-04-06 13:33:55 +09:00
Jake McGinty
41565e46d7 server: bind specifically to WireGuard interface on Linux
This is one many upcoming changes to address IP spoofing
issues.

See #26 for more details.
2021-04-06 13:33:55 +09:00
Jake McGinty
c49f061bb7 kabloomers. public release v1.0.0 2021-03-30 02:47:34 +09:00