adding sync

logic/wireguard.go

@@ -45,30 +45,7 @@ func RemoveConf(iface string, printlog bool) error {
 	return err
 }
 
-// == Private Methods ==
-
-func setWGConfig(node models.Node, network string, peerupdate bool) error {
-
-	node.SetID()
-	peers, hasGateway, gateways, err := GetServerPeers(node.MacAddress, node.Network, node.IsDualStack == "yes", node.IsIngressGateway == "yes")
-	if err != nil {
-		return err
-	}
-	privkey, err := FetchPrivKey(node.ID)
-	if err != nil {
-		return err
-	}
-	if peerupdate {
-		var iface string
-		iface = node.Interface
-		err = setServerPeers(iface, node.PersistentKeepalive, peers)
-		Log("updated peers on server "+node.Name, 2)
-	} else {
-		err = initWireguard(&node, privkey, peers, hasGateway, gateways)
-		Log("finished setting wg config on server "+node.Name, 3)
-	}
-	return err
-}
+// Private Functions
 
 func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string, fwmark int32) error {
 
@@ -290,7 +267,29 @@ func setServerPeers(iface string, keepalive int32, peers []wgtypes.PeerConfig) e
 	return nil
 }
 
-func setWGConfig(node models.Node) error {
+func setWGConfig(node models.Node, network string, peerupdate bool) error {
+
+	node.SetID()
+	peers, hasGateway, gateways, err := GetServerPeers(node.MacAddress, node.Network, node.IsDualStack == "yes", node.IsIngressGateway == "yes")
+	if err != nil {
+		return err
+	}
+	privkey, err := FetchPrivKey(node.ID)
+	if err != nil {
+		return err
+	}
+	if peerupdate {
+		var iface string = node.Interface
+		err = setServerPeers(iface, node.PersistentKeepalive, peers)
+		Log("updated peers on server "+node.Name, 2)
+	} else {
+		err = initWireguard(&node, privkey, peers, hasGateway, gateways, 0)
+		Log("finished setting wg config on server "+node.Name, 3)
+	}
+	return err
+}
+
+func setWGKeyConfig(node models.Node) error {
 
 	node.SetID()
 	privatekey, err := wgtypes.GeneratePrivateKey()

netclient/functions/join.go

@@ -220,7 +220,7 @@ func JoinNetwork(cfg config.ClientConfig, privateKey string) error {
 	}
 
 	ncutils.Log("starting wireguard")
-	err = wireguard.InitWireguard(&node, privateKey, peers, hasGateway, gateways)
+	err = wireguard.InitWireguard(&node, privateKey, peers, hasGateway, gateways, false)
 	if err != nil {
 		return err
 	}

netclient/wireguard/common.go

@@ -6,7 +6,6 @@ import (
 	"log"
 	"os"
 	"os/exec"
-	"reflect"
 	"runtime"
 	"strconv"
 	"strings"
@@ -47,7 +46,6 @@ func SetPeers(iface string, keepalive int32, peers []wgtypes.PeerConfig) error {
 		ncutils.PrintLog("no peers pulled", 1)
 		return err
 	}
-PEERS:
 	for _, peer := range peers {
 
 		for _, currentPeer := range devicePeers {
@@ -57,13 +55,7 @@ PEERS:
 				if err != nil {
 					log.Println("error removing peer", peer.Endpoint.String())
 				}
-			} else if currentPeer.PublicKey.String() == peer.PublicKey.String() &&
-				currentPeer.Endpoint.String() == peer.Endpoint.String() &&
-				reflect.DeepEqual(currentPeer.AllowedIPs, peer.AllowedIPs) {
-
-				continue PEERS
 			}
-
 		}
 		udpendpoint := peer.Endpoint.String()
 		var allowedips string
@@ -110,7 +102,7 @@ PEERS:
 }
 
 // Initializes a WireGuard interface
-func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string) error {
+func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig, hasGateway bool, gateways []string, syncconf bool) error {
 
 	key, err := wgtypes.ParseKey(privkey)
 	if err != nil {
@@ -126,7 +118,8 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 	if err != nil {
 		return err
 	}
-	fwmark := modcfg.FWMark
+	fwmarkint32 := modcfg.FWMark
+	fwmarkint := int(fwmarkint32)
 	nodecfg := modcfg.Node
 	servercfg := modcfg.Server
 
@@ -174,6 +167,7 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 		conf = wgtypes.Config{
 			PrivateKey:   &key,
 			ListenPort:   &nodeport,
+			FirewallMark: &fwmarkint,
 			ReplacePeers: true,
 			Peers:        peers,
 		}
@@ -181,9 +175,9 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 	if !ncutils.IsKernel() {
 		var newConf string
 		if node.UDPHolePunch != "yes" {
-			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), strconv.FormatInt(int64(node.ListenPort), 10), node.MTU, fwmark, node.PersistentKeepalive, peers)
+			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), strconv.FormatInt(int64(node.ListenPort), 10), node.MTU, fwmarkint32, node.PersistentKeepalive, peers)
 		} else {
-			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), "", node.MTU, fwmark, node.PersistentKeepalive, peers)
+			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), "", node.MTU, fwmarkint32, node.PersistentKeepalive, peers)
 		}
 		confPath := ncutils.GetNetclientPathSpecific() + ifacename + ".conf"
 		ncutils.PrintLog("writing wg conf file to: "+confPath, 1)
@@ -200,16 +194,20 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 				deviceiface = ifacename
 			}
 		}
-		d, _ := wgclient.Device(deviceiface)
-		for d != nil && d.Name == deviceiface {
-			_ = RemoveConf(ifacename, false) // remove interface first
-			time.Sleep(time.Second >> 2)
-			d, _ = wgclient.Device(deviceiface)
-		}
-		err = ApplyConf(confPath)
-		if err != nil {
-			ncutils.PrintLog("failed to create wireguard interface", 1)
-			return err
+		if syncconf {
+			err = wgclient.ConfigureDevice(deviceiface, conf)
+		} else {
+			d, _ := wgclient.Device(deviceiface)
+			for d != nil && d.Name == deviceiface {
+				_ = RemoveConf(ifacename, false) // remove interface first
+				time.Sleep(time.Second >> 2)
+				d, _ = wgclient.Device(deviceiface)
+			}
+			err = ApplyConf(confPath)
+			if err != nil {
+				ncutils.PrintLog("failed to create wireguard interface", 1)
+				return err
+			}
 		}
 	} else {
 		ipExec, err := exec.LookPath("ip")
@@ -293,7 +291,7 @@ func SetWGConfig(network string, peerupdate bool) error {
 	if err != nil {
 		return err
 	}
-	if peerupdate {
+	if peerupdate && !ncutils.IsFreeBSD() {
 		var iface string
 		iface = nodecfg.Interface
 		if ncutils.IsMac() {
@@ -303,8 +301,10 @@ func SetWGConfig(network string, peerupdate bool) error {
 			}
 		}
 		err = SetPeers(iface, nodecfg.PersistentKeepalive, peers)
+	} else if peerupdate {
+		err = InitWireguard(&nodecfg, privkey, peers, hasGateway, gateways, true)
 	} else {
-		err = InitWireguard(&nodecfg, privkey, peers, hasGateway, gateways)
+		err = InitWireguard(&nodecfg, privkey, peers, hasGateway, gateways, false)
 	}
 	return err
 }
@@ -335,3 +335,18 @@ func ApplyConf(confPath string) error {
 	}
 	return err
 }
+
+// ApplyConf - applys a conf on disk to WireGuard interface
+func SyncConf(confPath string) error {
+	os := runtime.GOOS
+	var err error
+	switch os {
+	/*
+		case "windows":
+			_ = SyncWindowsConf(confPath)
+	*/
+	default:
+		err = SyncWGQuickConf(confPath)
+	}
+	return err
+}

netclient/wireguard/unix.go

@@ -2,6 +2,7 @@ package wireguard
 
 import (
 	"io/ioutil"
+
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/netclient/config"
 	"github.com/gravitl/netmaker/netclient/ncutils"
@@ -50,18 +51,20 @@ func SetWGKeyConfig(network string, serveraddr string) error {
 // ApplyWGQuickConf - applies wg-quick commands if os supports
 func ApplyWGQuickConf(confPath string) error {
 	_, _ = ncutils.RunCmd("wg-quick down "+confPath, false)
-	if _, err := ncutils.RunCmd("wg-quick up "+confPath, false); err != nil {
-		return err
-	}
-	return nil
+	_, err := ncutils.RunCmd("wg-quick up "+confPath, false)
+	return err
+}
+
+// ApplyWGQuickConf - applies wg-quick commands if os supports
+func SyncWGQuickConf(confPath string) error {
+	_, err := ncutils.RunCmd("wg-quick down "+confPath, false)
+	return err
 }
 
 // RemoveWGQuickConf - calls wg-quick down
 func RemoveWGQuickConf(confPath string, printlog bool) error {
-	if _, err := ncutils.RunCmd("wg-quick down "+confPath, printlog); err != nil {
-		return err
-	}
-	return nil
+	_, err := ncutils.RunCmd("wg-quick down "+confPath, printlog)
+	return err
 }
 
 // StorePrivKey - stores wg priv key on disk locally