Merge branch 'develop' into oidc

README.md

@@ -1,11 +1,18 @@
 
 <p align="center">
-  <a href="https://netmaker.org">
-  <img src="./img/netmaker.png" width="75%"><break/>
+  <a href="https://netmaker.io">
+  <img src="./img/netmaker-teal.png" width="50%"><break/>
   </a>
 </p>
+
 <p align="center">
-a platform for modern, blazing fast virtual networks 
+<a href="https://runacap.com/ross-index/q1-2022/" target="_blank" rel="noopener">
+    <img src="https://runacap.com/wp-content/uploads/2022/06/ROSS_badge_white_Q1_2022.svg" alt="ROSS Index - Fastest Growing Open-Source Startups in Q1 2022 | Runa Capital"  width="15%"/>
+</a>  
+<a href="https://www.ycombinator.com/companies/netmaker/" target="_blank" rel="noopener">
+    <img src="./img/y-combinator.png" alt="Y-Combinator" width="16%" />
+</a>  
+
 </p>
 
 <p align="center">
@@ -32,13 +39,14 @@ a platform for modern, blazing fast virtual networks
   </a> 
 </p>
 
-# WireGuard® Automation from Homelab to Enterprise
-- [x] Peer-to-Peer Mesh Networks
-- [x] Kubernetes and Multi-Cloud Enablement
-- [x] Remote Site Access via Gateway
-- [x] OAuth and Private DNS Features
-- [x] Fine-grained access controls 
-- [x] Support for Linux, Mac, Windows, FreeBSD, iPhone, and Android
+# WireGuard<sup>®</sup> automation from homelab to enterprise
+
+| Create & Automate                         | Manage                                  |
+|-------------------------------------------|-----------------------------------------|
+| :heavy_check_mark: WireGuard Networks     | :heavy_check_mark: Admin UI             |
+| :heavy_check_mark: Remote Access Gateways | :heavy_check_mark: OAuth                |
+| :heavy_check_mark: Mesh VPNs              | :heavy_check_mark: Private DNS          |
+| :heavy_check_mark: Site-to-Site           | :heavy_check_mark: Access Control Lists |
 
 # Get Started in 5 Minutes  
 

go.mod

@@ -14,9 +14,9 @@ require (
 	github.com/mattn/go-sqlite3 v1.14.10
 	github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.7.2
+	github.com/stretchr/testify v1.7.4
 	github.com/txn2/txeh v1.3.0
-	github.com/urfave/cli/v2 v2.8.1
+	github.com/urfave/cli/v2 v2.10.2
 	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
 	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
 	golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602
@@ -44,7 +44,7 @@ require (
 	fyne.io/systray v1.10.0 // indirect
 	github.com/Microsoft/go-winio v0.4.14 // indirect
 	github.com/coreos/go-oidc/v3 v3.2.0
-	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/distribution v2.7.1+incompatible // indirect
 	github.com/docker/docker v17.12.1-ce+incompatible // indirect

go.sum

@@ -88,8 +88,9 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -423,6 +424,7 @@ github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 h1:m59mIOBO4kfcNCE
 github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9/go.mod h1:mvWM0+15UqyrFKqdRjY6LuAVJR0HOVhJlEgZ5JWtSWU=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -430,8 +432,9 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.7.4 h1:wZRexSlwd7ZXfKINDLsO4r7WBt3gTKONc6K/VesHvHM=
+github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tevino/abool v1.2.0 h1:heAkClL8H6w+mK5md9dzsuohKeXHUpY7Vw0ZCKW+huA=
 github.com/tevino/abool v1.2.0/go.mod h1:qc66Pna1RiIsPa7O4Egxxs9OqkuxDX55zznh9K07Tzg=
@@ -442,8 +445,8 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.4.0/go.mod h1:NX9W0zmTvedE5oDoOMs2RTC8RvdK98NTYZE5LbaEYPg=
-github.com/urfave/cli/v2 v2.8.1 h1:CGuYNZF9IKZY/rfBe3lJpccSoIY1ytfvmgQT90cNOl4=
-github.com/urfave/cli/v2 v2.8.1/go.mod h1:Z41J9TPoffeoqP0Iza0YbAhGvymRdZAd2uPmZ5JxRdY=
+github.com/urfave/cli/v2 v2.10.2 h1:x3p8awjp/2arX+Nl/G2040AZpOCHS/eMJJ1/a+mye4Y=
+github.com/urfave/cli/v2 v2.10.2/go.mod h1:f8iq5LtQ/bLxafbdBSLPPNsgaW0l/2fYYEHhAyPlwvo=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=

logic/peers.go

@@ -416,6 +416,15 @@ func GetPeerUpdateForRelayedNode(node *models.Node, udppeers map[string]string)
 			allowedips = append(allowedips[:i], allowedips[i+1:]...)
 		}
 	}
+	//delete egressrange from allowedip if we are egress gateway
+	if node.IsEgressGateway == "yes" {
+		for i := len(allowedips) - 1; i >= 0; i-- {
+			if StringSliceContains(node.EgressGatewayRanges, allowedips[i].IP.String()) {
+				allowedips = append(allowedips[:i], allowedips[i+1:]...)
+			}
+		}
+
+	}
 
 	pubkey, err := wgtypes.ParseKey(relay.PublicKey)
 	if err != nil {

logic/wireguard.go

@@ -166,7 +166,7 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 		if network.AddressRange6 != "" {
 			net := strings.Split(network.AddressRange6, "/")
 			mask6 = net[len(net)-1]
-			address6 = node.Address
+			address6 = node.Address6
 		}
 
 		setKernelDevice(ifacename, address4, mask4, address6, mask6)
@@ -346,9 +346,6 @@ func setWGKeyConfig(node *models.Node) error {
 }
 
 func removeLocalServer(node *models.Node) error {
-	if !IsLocalServer(node) {
-		return nil
-	}
 
 	var err error
 	var ifacename = node.Interface

mq/mq.go

@@ -54,7 +54,7 @@ func SetupMQTT(publish bool) mqtt.Client {
 	client := mqtt.NewClient(opts)
 	tperiod := time.Now().Add(10 * time.Second)
 	for {
-		if token := client.Connect(); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
+		if token := client.Connect(); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
 			logger.Log(2, "unable to connect to broker, retrying ...")
 			if time.Now().After(tperiod) {
 				if token.Error() == nil {

mq/util.go

@@ -67,7 +67,7 @@ func publish(node *models.Node, dest string, msg []byte) error {
 	if encryptErr != nil {
 		return encryptErr
 	}
-	if token := client.Publish(dest, 0, true, encrypted); token.WaitTimeout(MQ_TIMEOUT*time.Second) && token.Error() != nil {
+	if token := client.Publish(dest, 0, true, encrypted); !token.WaitTimeout(MQ_TIMEOUT*time.Second) || token.Error() != nil {
 		var err error
 		if token.Error() == nil {
 			err = errors.New("connection timeout")

netclient/cli_options/cmds.go

@@ -95,6 +95,15 @@ func GetCommands(cliFlags []cli.Flag) []*cli.Command {
 				return err
 			},
 		},
+		{
+			Name:  "install",
+			Usage: "install binary and daemon",
+			Flags: cliFlags,
+			Action: func(c *cli.Context) error {
+				parseVerbosity(c)
+				return command.Install()
+			},
+		},
 	}
 }
 

netclient/command/commands.go

@@ -92,19 +92,25 @@ func Pull(cfg *config.ClientConfig) error {
 
 		currentServers[currCfg.Server.Server] = *currCfg
 	}
-
+	//generate new client key if one doesn' exist
+	var private *ed25519.PrivateKey
+	private, err = tls.ReadKey(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key")
+	if err != nil {
+		_, newKey, err := ed25519.GenerateKey(rand.Reader)
+		if err != nil {
+			return err
+		}
+		if err := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); err != nil {
+			return err
+		}
+		private = &newKey
+	}
+	// re-register with server -- get new certs for broker
 	for _, clientCfg := range currentServers {
-		_, newKey, kerr := ed25519.GenerateKey(rand.Reader)
-		if kerr == nil && err == nil {
-			if kerr := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); kerr != nil {
-				logger.Log(0, "error saving key", kerr.Error())
-			} else {
-				if kerr = functions.RegisterWithServer(&newKey, &clientCfg); err != nil {
-					logger.Log(0, "registration error", kerr.Error())
-				} else {
-					daemon.Restart()
-				}
-			}
+		if err = functions.RegisterWithServer(private, &clientCfg); err != nil {
+			logger.Log(0, "registration error", err.Error())
+		} else {
+			daemon.Restart()
 		}
 	}
 	logger.Log(1, "reset network and peer configs")
@@ -131,3 +137,8 @@ func Daemon() error {
 	err := functions.Daemon()
 	return err
 }
+
+// Install - installs binary and daemon
+func Install() error {
+	return functions.Install()
+}

netclient/daemon/common.go

@@ -4,12 +4,10 @@ import (
 	"errors"
 	"runtime"
 	"time"
-
-	"github.com/gravitl/netmaker/netclient/config"
 )
 
 // InstallDaemon - Calls the correct function to install the netclient as a daemon service on the given operating system.
-func InstallDaemon(cfg *config.ClientConfig) error {
+func InstallDaemon() error {
 	os := runtime.GOOS
 	var err error
 

netclient/daemon/freebsd.go

@@ -23,13 +23,13 @@ func SetupFreebsdDaemon() error {
 		return err
 	}
 	//install binary
-	//should check if the existing binary is the corect version -- for now only copy if file doesn't exist
-	if !ncutils.FileExists(EXEC_DIR + "netclient") {
-		err = ncutils.Copy(binarypath, EXEC_DIR+"netclient")
-		if err != nil {
-			log.Println(err)
-			return err
-		}
+	if ncutils.FileExists(EXEC_DIR + "netclient") {
+		logger.Log(0, "updating netclient binary in ", EXEC_DIR)
+	}
+	err = ncutils.Copy(binarypath, EXEC_DIR+"netclient")
+	if err != nil {
+		log.Println(err)
+		return err
 	}
 
 	rcFile := `#!/bin/sh

netclient/daemon/macos.go

@@ -20,12 +20,13 @@ func SetupMacDaemon() error {
 		return err
 	}
 
-	if !ncutils.FileExists(MAC_EXEC_DIR + "netclient") {
-		err = ncutils.Copy(binarypath, MAC_EXEC_DIR+"netclient")
-		if err != nil {
-			log.Println(err)
-			return err
-		}
+	if ncutils.FileExists(MAC_EXEC_DIR + "netclient") {
+		logger.Log(0, "updating netclient binary in", MAC_EXEC_DIR)
+	}
+	err = ncutils.Copy(binarypath, MAC_EXEC_DIR+"netclient")
+	if err != nil {
+		log.Println(err)
+		return err
 	}
 
 	_, errN := os.Stat("~/Library/LaunchAgents")

netclient/daemon/systemd.go

@@ -33,13 +33,13 @@ func SetupSystemDDaemon() error {
 		return err
 	}
 	//install binary
-	//should check if the existing binary is the corect version -- for now only copy if file doesn't exist
-	if !ncutils.FileExists(EXEC_DIR + "netclient") {
-		err = ncutils.Copy(binarypath, EXEC_DIR+"netclient")
-		if err != nil {
-			log.Println(err)
-			return err
-		}
+	if ncutils.FileExists(EXEC_DIR + "netclient") {
+		logger.Log(0, "updating netclient binary in", EXEC_DIR)
+	}
+	err = ncutils.Copy(binarypath, EXEC_DIR+"netclient")
+	if err != nil {
+		log.Println(err)
+		return err
 	}
 
 	systemservice := `[Unit]

netclient/daemon/windows.go

@@ -14,20 +14,21 @@ import (
 // SetupWindowsDaemon - sets up the Windows daemon service
 func SetupWindowsDaemon() error {
 
-	if !ncutils.FileExists(ncutils.GetNetclientPathSpecific() + "winsw.xml") {
-		if err := writeServiceConfig(); err != nil {
-			return err
-		}
+	if ncutils.FileExists(ncutils.GetNetclientPathSpecific() + "winsw.xml") {
+		logger.Log(0, "updating netclient service")
+	}
+	if err := writeServiceConfig(); err != nil {
+		return err
 	}
 
-	if !ncutils.FileExists(ncutils.GetNetclientPathSpecific() + "winsw.exe") {
-		logger.Log(0, "performing first time daemon setup")
-		err := ncutils.GetEmbedded()
-		if err != nil {
-			return err
-		}
-		logger.Log(0, "finished daemon setup")
+	if ncutils.FileExists(ncutils.GetNetclientPathSpecific() + "winsw.exe") {
+		logger.Log(0, "updating netclient binary")
+	}
+	err := ncutils.GetEmbedded()
+	if err != nil {
+		return err
 	}
+	logger.Log(0, "finished daemon setup")
 	//get exact formatted commands
 	RunWinSWCMD("install")
 	time.Sleep(time.Millisecond)

netclient/functions/daemon.go

@@ -170,7 +170,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
 	logger.Log(0, "netclient daemon started for server: ", cfg.Server.Server)
 	client, err := setupMQTT(cfg, false)
 	if err != nil {
-		logger.Log(0, "unable to connect to broker", err.Error())
+		logger.Log(0, "unable to connect to broker", cfg.Server.Server, err.Error())
 		return
 	}
 	defer client.Disconnect(250)
@@ -179,7 +179,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
 }
 
 // NewTLSConf sets up tls configuration to connect to broker securely
-func NewTLSConfig(server string) *tls.Config {
+func NewTLSConfig(server string) (*tls.Config, error) {
 	file := ncutils.GetNetclientServerPath(server) + ncutils.GetSeparator() + "root.pem"
 	certpool := x509.NewCertPool()
 	ca, err := os.ReadFile(file)
@@ -192,7 +192,8 @@ func NewTLSConfig(server string) *tls.Config {
 	}
 	clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+ncutils.GetSeparator()+"client.pem", ncutils.GetNetclientPath()+ncutils.GetSeparator()+"client.key")
 	if err != nil {
-		log.Fatalf("could not read client cert/key %v \n", err)
+		logger.Log(0, "could not read client cert/key ", err.Error())
+		return nil, err
 	}
 	certs := []tls.Certificate{clientKeyPair}
 	return &tls.Config{
@@ -201,7 +202,8 @@ func NewTLSConfig(server string) *tls.Config {
 		ClientCAs:          nil,
 		Certificates:       certs,
 		InsecureSkipVerify: false,
-	}
+	}, nil
+
 }
 
 // setupMQTT creates a connection to broker and returns client
@@ -211,7 +213,12 @@ func setupMQTT(cfg *config.ClientConfig, publish bool) (mqtt.Client, error) {
 	server := cfg.Server.Server
 	port := cfg.Server.MQPort
 	opts.AddBroker("ssl://" + server + ":" + port)
-	opts.SetTLSConfig(NewTLSConfig(server))
+	tlsConfig, err := NewTLSConfig(server)
+	if err != nil {
+		logger.Log(0, "failed to get TLS config for", server, err.Error())
+		return nil, err
+	}
+	opts.SetTLSConfig(tlsConfig)
 	opts.SetClientID(ncutils.MakeRandomString(23))
 	opts.SetDefaultPublishHandler(All)
 	opts.SetAutoReconnect(true)

netclient/functions/install.go

@@ -0,0 +1,16 @@
+package functions
+
+import (
+	"github.com/gravitl/netmaker/logger"
+	"github.com/gravitl/netmaker/netclient/daemon"
+)
+
+//Install - installs binary/daemon
+func Install() error {
+	daemon.Stop()
+	if err := daemon.InstallDaemon(); err != nil {
+		logger.Log(0, "error installing daemon", err.Error())
+		return err
+	}
+	return daemon.Restart()
+}

netclient/functions/join.go

@@ -166,7 +166,7 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error {
 		logger.Log(0, "Node is marked as PENDING.")
 		logger.Log(0, "Awaiting approval from Admin before configuring WireGuard.")
 		if cfg.Daemon != "off" {
-			return daemon.InstallDaemon(cfg)
+			return daemon.InstallDaemon()
 		}
 	}
 	logger.Log(1, "node created on remote server...updating configs")
@@ -188,7 +188,7 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error {
 	if err != nil {
 		return err
 	}
-	if err := Register(cfg, privateKey); err != nil {
+	if err := Register(cfg); err != nil {
 		return err
 	}
 	if cfg.Server.Server == "" {
@@ -200,7 +200,7 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error {
 	}
 
 	if cfg.Daemon == "install" || ncutils.IsFreeBSD() {
-		err = daemon.InstallDaemon(cfg)
+		err = daemon.InstallDaemon()
 		if err != nil {
 			return err
 		}

netclient/functions/mqpublish.go

@@ -15,7 +15,6 @@ import (
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/netclient/auth"
 	"github.com/gravitl/netmaker/netclient/config"
-	"github.com/gravitl/netmaker/netclient/daemon"
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/tls"
 )
@@ -108,11 +107,10 @@ func Hello(nodeCfg *config.ClientConfig) {
 		_, err := Pull(nodeCfg.Node.Network, true)
 		if err != nil {
 			logger.Log(0, "could not run pull on "+nodeCfg.Node.Network+", error: "+err.Error())
-		} else {
-			daemon.Restart()
 		}
+	} else {
+		logger.Log(3, "checkin for", nodeCfg.Network, "complete")
 	}
-	logger.Log(3, "checkin for", nodeCfg.Network, "complete")
 }
 
 // node cfg is required  in order to fetch the traffic keys of that node for encryption

netclient/functions/register.go

@@ -15,7 +15,7 @@ import (
 )
 
 // Register - the function responsible for registering with the server and acquiring certs
-func Register(cfg *config.ClientConfig, key string) error {
+func Register(cfg *config.ClientConfig) error {
 
 	//generate new key if one doesn' exist
 	var private *ed25519.PrivateKey

netclient/wireguard/mac.go

@@ -55,10 +55,6 @@ func WgQuickUpMac(node *models.Node, iface string, confPath string) error {
 		return err
 	}
 	var ips = append(node.AllowedIPs, node.Address, node.Address6)
-	peerIPs := getPeerIPs(realIface)
-	if len(peerIPs) > 0 {
-		ips = append(ips, peerIPs...)
-	}
 	for _, i := range ips {
 		if i != "" {
 			err = addAddress(realIface, i)
@@ -74,7 +70,8 @@ func WgQuickUpMac(node *models.Node, iface string, confPath string) error {
 		logger.Log(1, "error turning on interface ", iface)
 		return err
 	}
-	for _, i := range ips {
+	peerIPs := getPeerIPs(realIface)
+	for _, i := range peerIPs {
 		if i != "" {
 			err = addRoute(i, realIface)
 			if err != nil {

scripts/netclient-install.sh

@@ -34,7 +34,7 @@ elif [ -f /etc/arch-release ]; then
 	update_cmd='pacman -Sy'
 	install_cmd='pacman -S --noconfirm'
 elif [ "${OS}" = "FreeBSD" ]; then
-	dependencies="wireguard"
+	dependencies="wireguard wget"
 	update_cmd='pkg update'
 	install_cmd='pkg install -y'
 elif [ -f /etc/openwrt_release ]; then
@@ -206,12 +206,22 @@ if [  "${OS}" = "OpenWRT" ]; then
 	EXTRA_ARGS="--daemon=off"
 fi
 
-if [ -z "${NAME}" ]; then
-  ./netclient join -t $KEY $EXTRA_ARGS
-else
-  ./netclient join -t $KEY --name $NAME $EXTRA_ARGS
+if [ "${KEY}" != "nokey" ]; then
+  if [ -z "${NAME}" ]; then
+    ./netclient join -t $KEY $EXTRA_ARGS
+  else
+    ./netclient join -t $KEY --name $NAME $EXTRA_ARGS
+  fi
 fi
 
+if [ "${OS}" = "FreeBSD" ]; then
+  if ! [ -x /usr/sbin/netclient ]; then
+    echo "Moving netclient executable to \"/usr/sbin/netclient\""
+    mv netclient /usr/sbin  
+  else
+    echo "Netclient already present."
+  fi
+fi
 
 if [ "${OS}" = "OpenWRT" ]; then
 	mv ./netclient /sbin/netclient