Merge branch 'develop' into feature_v0.14.7_explicit_routes

logic/gateway.go

@@ -56,6 +56,7 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
 		}
 	}
 	if node.OS == "freebsd" {
+		// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 		postUpCmd = "kldload ipfw ipfw_nat ; "
 		postUpCmd += "ipfw disable one_pass ; "
 		postUpCmd += "ipfw nat 1 config if " + gateway.Interface + " same_ports unreg_only reset ; "
@@ -285,6 +286,7 @@ func DeleteGatewayExtClients(gatewayID string, networkName string) error {
 
 // firewallNFTCommandsCreateIngress - used to centralize firewall command maintenance for creating an ingress gateway using the nftables firewall.
 func firewallNFTCommandsCreateIngress(networkInterface string) (string, string) {
+	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 	postUp := "nft add table ip filter ; "
 	postUp += "nft add chain ip filter FORWARD ; "
 	postUp += "nft add rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
@@ -302,6 +304,7 @@ func firewallNFTCommandsCreateIngress(networkInterface string) (string, string)
 
 // firewallNFTCommandsCreateEgress - used to centralize firewall command maintenance for creating an egress gateway using the nftables firewall.
 func firewallNFTCommandsCreateEgress(networkInterface string, gatewayInterface string, egressNatEnabled string) (string, string) {
+	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 	postUp := "nft add table ip filter ; "
 	postUp += "nft add chain ip filter FORWARD ; "
 	postUp += "nft add rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
@@ -322,6 +325,7 @@ func firewallNFTCommandsCreateEgress(networkInterface string, gatewayInterface s
 
 // firewallIPTablesCommandsCreateIngress - used to centralize firewall command maintenance for creating an ingress gateway using the iptables firewall.
 func firewallIPTablesCommandsCreateIngress(networkInterface string) (string, string) {
+	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 	postUp := "iptables -A FORWARD -i " + networkInterface + " -j ACCEPT ; "
 	postUp += "iptables -A FORWARD -o " + networkInterface + " -j ACCEPT ; "
 	postUp += "iptables -t nat -A POSTROUTING -o " + networkInterface + " -j MASQUERADE"
@@ -336,7 +340,7 @@ func firewallIPTablesCommandsCreateIngress(networkInterface string) (string, str
 
 // firewallIPTablesCommandsCreateEgress - used to centralize firewall command maintenance for creating an egress gateway using the iptables firewall.
 func firewallIPTablesCommandsCreateEgress(networkInterface string, gatewayInterface string, egressNatEnabled string) (string, string) {
-
+	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 	postUp := "iptables -A FORWARD -i " + networkInterface + " -j ACCEPT; "
 	postUp += "iptables -A FORWARD -o " + networkInterface + " -j ACCEPT"
 	postDown := "iptables -D FORWARD -i " + networkInterface + " -j ACCEPT; "

netclient/functions/upgrades/v0-14-7.go

@@ -1,12 +1,8 @@
 package upgrades
 
 import (
-	"os"
-	"runtime"
-
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/netclient/config"
-	"github.com/gravitl/netmaker/netclient/ncutils"
 )
 
 var upgrade0147 = UpgradeInfo{
@@ -26,16 +22,18 @@ var upgrade0147 = UpgradeInfo{
 func update0147(cfg *config.ClientConfig) {
 	//do stuff for 14.X -> 14.6
 	// No-op
-	if runtime.GOARCH == "darwin" {
-		oldLocation := "/Applications/Netclient"
-		newLocation := ncutils.MAC_APP_DATA_PATH
-		err := os.Rename(oldLocation, newLocation)
-		if err != nil {
-			logger.FatalLog("There was an issue moving the Netclient file from Applications to Application Support:", err.Error())
-		} else {
-			logger.Log(0, "The Netclient data file has been moved from Applications to Application Support")
-		}
+	/*
+		if runtime.GOARCH == "darwin" {
+			oldLocation := "/Applications/Netclient"
+			newLocation := ncutils.MAC_APP_DATA_PATH
+			err := os.Rename(oldLocation, newLocation)
+			if err != nil {
+				logger.FatalLog("There was an issue moving the Netclient file from Applications to Application Support:", err.Error())
+			} else {
+				logger.Log(0, "The Netclient data file has been moved from Applications to Application Support")
+			}
 
-	}
+		}
+	*/
 	logger.Log(0, "updating schema for v0.14.7")
 }

netclient/ncutils/netclientutils.go

@@ -42,15 +42,12 @@ const NO_DB_RECORDS = "could not find any records"
 // LINUX_APP_DATA_PATH - linux path
 const LINUX_APP_DATA_PATH = "/etc/netclient"
 
-// MAC_APP_DATA_PATH - linux path
-const MAC_APP_DATA_PATH = "/Library/Application Support/Netclient"
+// MAC_APP_DATA_PATH - mac path
+const MAC_APP_DATA_PATH = "/Applications/Netclient"
 
 // WINDOWS_APP_DATA_PATH - windows path
 const WINDOWS_APP_DATA_PATH = "C:\\Program Files (x86)\\Netclient"
 
-// WINDOWS_APP_DATA_PATH - windows path
-//const WINDOWS_WG_DPAPI_PATH = "C:\\Program Files\\WireGuard\\Data\\Configurations"
-
 // WINDOWS_SVC_NAME - service name
 const WINDOWS_SVC_NAME = "netclient"
 

netclient/wireguard/common.go

@@ -2,7 +2,6 @@ package wireguard
 
 import (
 	"fmt"
-	"log"
 	"net"
 	"runtime"
 	"strconv"
@@ -52,7 +51,7 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
 				currentPeer.PublicKey.String() != peer.PublicKey.String() {
 				_, err := ncutils.RunCmd("wg set "+iface+" peer "+currentPeer.PublicKey.String()+" remove", true)
 				if err != nil {
-					log.Println("error removing peer", peer.Endpoint.String())
+					logger.Log(0, "error removing peer", peer.Endpoint.String())
 				}
 			}
 		}
@@ -82,7 +81,7 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
 				" allowed-ips "+allowedips, true)
 		}
 		if err != nil {
-			log.Println("error setting peer", peer.PublicKey.String())
+			logger.Log(0, "error setting peer", peer.PublicKey.String())
 		}
 	}
 
@@ -104,7 +103,7 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
 				if shouldDelete {
 					output, err := ncutils.RunCmd("wg set "+iface+" peer "+currentPeer.PublicKey.String()+" remove", true)
 					if err != nil {
-						log.Println(output, "error removing peer", currentPeer.PublicKey.String())
+						logger.Log(0, output, "error removing peer", currentPeer.PublicKey.String())
 					}
 				}
 				for _, ip := range currentPeer.AllowedIPs {
@@ -341,11 +340,24 @@ func WriteWgConfig(node *models.Node, privateKey string, peers []wgtypes.PeerCon
 	//if node.DNSOn == "yes" {
 	//	wireguard.Section(section_interface).Key("DNS").SetValue(cfg.Server.CoreDNSAddr)
 	//}
+	//need to split postup/postdown because ini lib adds a ` and the ` breaks freebsd
 	if node.PostUp != "" {
-		wireguard.Section(section_interface).Key("PostUp").SetValue(node.PostUp)
+		parts := strings.Split(node.PostUp, " ; ")
+		for i, part := range parts {
+			if i == 0 {
+				wireguard.Section(section_interface).Key("PostUp").SetValue(part)
+			}
+			wireguard.Section(section_interface).Key("PostUp").AddShadow(part)
+		}
 	}
 	if node.PostDown != "" {
-		wireguard.Section(section_interface).Key("PostDown").SetValue(node.PostDown)
+		parts := strings.Split(node.PostDown, " ; ")
+		for i, part := range parts {
+			if i == 0 {
+				wireguard.Section(section_interface).Key("PostDown").SetValue(part)
+			}
+			wireguard.Section(section_interface).Key("PostDown").AddShadow(part)
+		}
 	}
 	if node.MTU != 0 {
 		wireguard.Section(section_interface).Key("MTU").SetValue(strconv.FormatInt(int64(node.MTU), 10))
@@ -451,11 +463,24 @@ func UpdateWgInterface(file, privateKey, nameserver string, node models.Node) er
 	//if node.DNSOn == "yes" {
 	//	wireguard.Section(section_interface).Key("DNS").SetValue(nameserver)
 	//}
+	//need to split postup/postdown because ini lib adds a quotes which breaks freebsd
 	if node.PostUp != "" {
-		wireguard.Section(section_interface).Key("PostUp").SetValue(node.PostUp)
+		parts := strings.Split(node.PostUp, " ; ")
+		for i, part := range parts {
+			if i == 0 {
+				wireguard.Section(section_interface).Key("PostUp").SetValue(part)
+			}
+			wireguard.Section(section_interface).Key("PostUp").AddShadow(part)
+		}
 	}
 	if node.PostDown != "" {
-		wireguard.Section(section_interface).Key("PostDown").SetValue(node.PostDown)
+		parts := strings.Split(node.PostDown, ";")
+		for i, part := range parts {
+			if i == 0 {
+				wireguard.Section(section_interface).Key("PostDown").SetValue(part)
+			}
+			wireguard.Section(section_interface).Key("PostDown").AddShadow(part)
+		}
 	}
 	if node.MTU != 0 {
 		wireguard.Section(section_interface).Key("MTU").SetValue(strconv.FormatInt(int64(node.MTU), 10))

servercfg/serverconf.go

@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/gravitl/netmaker/config"
-	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/models"
 )
 
@@ -430,20 +429,16 @@ func GetPublicIP() (string, error) {
 	iplist := []string{"https://ip.server.gravitl.com", "https://ifconfig.me", "https://api.ipify.org", "https://ipinfo.io/ip"}
 	publicIpService := os.Getenv("PUBLIC_IP_SERVICE")
 	if publicIpService != "" {
-		logger.Log(4, "User (environment variable) provided public IP service is", publicIpService)
-
 		// prepend the user-specified service so it's checked first
 		iplist = append([]string{publicIpService}, iplist...)
 	} else if config.Config.Server.PublicIPService != "" {
 		publicIpService = config.Config.Server.PublicIPService
-		logger.Log(4, "User (config file) provided public IP service is", publicIpService)
 
 		// prepend the user-specified service so it's checked first
 		iplist = append([]string{publicIpService}, iplist...)
 	}
 
 	for _, ipserver := range iplist {
-		logger.Log(4, "Running public IP check with service", ipserver)
 		client := &http.Client{
 			Timeout: time.Second * 10,
 		}
@@ -458,7 +453,6 @@ func GetPublicIP() (string, error) {
 				continue
 			}
 			endpoint = string(bodyBytes)
-			logger.Log(4, "Public IP address is", endpoint)
 			break
 		}
 	}