Merge pull request #1816 from gravitl/feature_proxy_ingress_routing

Feature proxy ingress routing

controllers/ext_client.go

@@ -43,14 +43,13 @@ func checkIngressExists(nodeID string) bool {
 // Get all extclients associated with network.
 // Gets all extclients associated with network, including pending extclients.
 //
-//		Schemes: https
+//			Schemes: https
 //
-// 		Security:
-//   		oauth
-//
-//		Responses:
-//			200: extClientSliceResponse
+//			Security:
+//	  		oauth
 //
+//			Responses:
+//				200: extClientSliceResponse
 func getNetworkExtClients(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
@@ -75,14 +74,13 @@ func getNetworkExtClients(w http.ResponseWriter, r *http.Request) {
 //
 // A separate function to get all extclients, not just extclients for a particular network.
 //
+//			Schemes: https
 //
-//		Schemes: https
-//
-// 		Security:
-//   		oauth
+//			Security:
+//	  		oauth
 //
-//		Responses:
-//			200: extClientSliceResponse
+//			Responses:
+//				200: extClientSliceResponse
 //
 // Not quite sure if this is necessary. Probably necessary based on front end but may
 // want to review after iteration 1 if it's being used or not
@@ -126,14 +124,13 @@ func getAllExtClients(w http.ResponseWriter, r *http.Request) {
 //
 // Get an individual extclient.
 //
-//		Schemes: https
+//			Schemes: https
 //
-// 		Security:
-//   		oauth
-//
-//		Responses:
-//			200: extClientResponse
+//			Security:
+//	  		oauth
 //
+//			Responses:
+//				200: extClientResponse
 func getExtClient(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -158,14 +155,13 @@ func getExtClient(w http.ResponseWriter, r *http.Request) {
 //
 // Get an individual extclient.
 //
-//		Schemes: https
-//
-// 		Security:
-//   		oauth
+//			Schemes: https
 //
-//		Responses:
-//			200: extClientResponse
+//			Security:
+//	  		oauth
 //
+//			Responses:
+//				200: extClientResponse
 func getExtClientConf(w http.ResponseWriter, r *http.Request) {
 	// set header.
 	w.Header().Set("Content-Type", "application/json")
@@ -293,11 +289,10 @@ Endpoint = %s
 //
 // Create an individual extclient.  Must have valid key and be unique.
 //
-//		Schemes: https
-//
-// 		Security:
-//   		oauth
+//			Schemes: https
 //
+//			Security:
+//	  		oauth
 func createExtClient(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 
@@ -332,9 +327,9 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	listenPort := node.ListenPort
+	listenPort := node.LocalListenPort
 	if node.Proxy {
-		listenPort = 51722
+		listenPort = node.ProxyListenPort
 	}
 	extclient.IngressGatewayEndpoint = node.Endpoint + ":" + strconv.FormatInt(int64(listenPort), 10)
 
@@ -385,14 +380,13 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 //
 // Update an individual extclient.
 //
-//		Schemes: https
-//
-// 		Security:
-//   		oauth
+//			Schemes: https
 //
-//		Responses:
-//			200: extClientResponse
+//			Security:
+//	  		oauth
 //
+//			Responses:
+//				200: extClientResponse
 func updateExtClient(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 
@@ -480,14 +474,13 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) {
 //
 // Delete an individual extclient.
 //
-//		Schemes: https
-//
-// 		Security:
-//   		oauth
+//			Schemes: https
 //
-//		Responses:
-//			200: successResponse
+//			Security:
+//	  		oauth
 //
+//			Responses:
+//				200: successResponse
 func deleteExtClient(w http.ResponseWriter, r *http.Request) {
 	// Set header
 	w.Header().Set("Content-Type", "application/json")

go.mod

@@ -51,7 +51,7 @@ require (
 )
 
 require (
-	github.com/gravitl/netclient v0.0.0-20221208194139-5b7afd6e65c3
+	github.com/gravitl/netclient v0.0.0-20221212172659-bdf676e4250a
 	github.com/matryer/is v1.4.0
 )
 
@@ -59,6 +59,7 @@ require (
 	github.com/bep/debounce v1.2.1 // indirect
 	github.com/devilcove/httpclient v0.6.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/google/gopacket v1.1.19 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
@@ -71,6 +72,7 @@ require (
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
@@ -91,6 +93,7 @@ require (
 	github.com/wailsapp/wails/v2 v2.2.0 // indirect
 	golang.design/x/clipboard v0.6.3 // indirect
 	golang.org/x/exp/shiny v0.0.0-20221208044002-44028be4359e // indirect
+	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
 )

go.sum

@@ -243,6 +243,8 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -290,12 +292,20 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/goxjs/gl v0.0.0-20210104184919-e3fafc6f8f2a/go.mod h1:dy/f2gjY09hwVfIyATps4G2ai7/hLwLkc5TrPqONuXY=
 github.com/goxjs/glfw v0.0.0-20191126052801-d2efb5f20838/go.mod h1:oS8P8gVOT4ywTcjV6wZlOU4GuVFQ8F5328KY3MJ79CY=
-github.com/gravitl/netclient v0.0.0-20221208080934-8f9ebf4e379b h1:3jJ6KujHPfgc2m9xoyI2tKOzJ3c+ATr17i8Laoxq61c=
-github.com/gravitl/netclient v0.0.0-20221208080934-8f9ebf4e379b/go.mod h1:K/gbw9ArTN0rcSqig/npWoa2gsFagHYoK1lFHG/pChA=
-github.com/gravitl/netclient v0.0.0-20221208184536-9701334ba409 h1:lmgL0jtoOcGVTmh4293wUHxfK5di6bRtJwPBmtvHNls=
-github.com/gravitl/netclient v0.0.0-20221208184536-9701334ba409/go.mod h1:qaNSJ095IxNwY2UB+tztMsgi3LtshPZiUnkzpC5R5Yk=
 github.com/gravitl/netclient v0.0.0-20221208194139-5b7afd6e65c3 h1:i2vwqLkR1niZDq6/3bCwaf5p9YfPsekx1i3PPG7/bkk=
 github.com/gravitl/netclient v0.0.0-20221208194139-5b7afd6e65c3/go.mod h1:6REsMGnbJ8fSP8ah3O1zFlEeeBoo92cL6ybz42mNJrk=
+github.com/gravitl/netclient v0.0.0-20221212031253-ab5eb9a53372 h1:P6jwgZ+w4Y90TLko2QkVl8NOjNYflEqh6yB+l7M5haI=
+github.com/gravitl/netclient v0.0.0-20221212031253-ab5eb9a53372/go.mod h1:KQlziG6asAFnUqehMBh2K2Od6pAx/F7Rm33MowgTyiI=
+github.com/gravitl/netclient v0.0.0-20221212032929-15c2b84448e8 h1:5YMrQAqcGhOVuCL0HuB/2NUH0+5EI9ElTdM4mW6hP+I=
+github.com/gravitl/netclient v0.0.0-20221212032929-15c2b84448e8/go.mod h1:qcvfwzXyCRWD9YV6KA1oPiG+wlsOhef7eh7mQ05bgkQ=
+github.com/gravitl/netclient v0.0.0-20221212051457-45afab7712d2 h1:k6VSRlyUW0DXqZSH/YLXZQZmpQ64nPzvjnO1+UtzOT4=
+github.com/gravitl/netclient v0.0.0-20221212051457-45afab7712d2/go.mod h1:T/MD12+MgaeoyoecaiL4v6SPP7QFQVc+/TPMM8M6XkE=
+github.com/gravitl/netclient v0.0.0-20221212052505-39043ad6b57c h1:E/HkEf5lwPddwi/6U0+We3Z03klpWbnn75MO9CUD80w=
+github.com/gravitl/netclient v0.0.0-20221212052505-39043ad6b57c/go.mod h1:FzorTqDHIx2RZSij15VDPc1lafn/3R6ppYcOK0n7szk=
+github.com/gravitl/netclient v0.0.0-20221212162818-256d5ec70bfa h1:KOEaK6EqC7f+g8PZUmQsu6yuS/7Dh8lYGItpCPtf8ms=
+github.com/gravitl/netclient v0.0.0-20221212162818-256d5ec70bfa/go.mod h1:FzorTqDHIx2RZSij15VDPc1lafn/3R6ppYcOK0n7szk=
+github.com/gravitl/netclient v0.0.0-20221212172659-bdf676e4250a h1:1c8zoEJS7BeQ3STbeiQ+cEP2uytb1G6FevXORiZCxNc=
+github.com/gravitl/netclient v0.0.0-20221212172659-bdf676e4250a/go.mod h1:FzorTqDHIx2RZSij15VDPc1lafn/3R6ppYcOK0n7szk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/guumaster/hostctl v1.1.3 h1:b/yR3svkYsbr5VBdvfdyLXUl2xaKopSzgE/Xi7+1WRo=
 github.com/guumaster/hostctl v1.1.3/go.mod h1:h5rDx5Z8Hj2bYZfDt/eX4BNS2RSq7iRcGVQqfROJyH8=
@@ -383,7 +393,8 @@ github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-runewidth v0.0.10 h1:CoZ3S2P7pvtP45xOtBw+/mDL2z0RKI576gSkzRRpdGg=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
 github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo=
@@ -441,7 +452,8 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
 github.com/posthog/posthog-go v0.0.0-20211028072449-93c17c49e2b0 h1:Y2hUrkfuM0on62KZOci/VLijlkdF/yeWU262BQgvcjE=
 github.com/posthog/posthog-go v0.0.0-20211028072449-93c17c49e2b0/go.mod h1:oa2sAs9tGai3VldabTV0eWejt/O4/OOD7azP8GaikqU=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/rivo/uniseg v0.1.0 h1:+2KBaVoUmb9XzDsrx/Ct0W/EYOSFf/nWTauy++DprtY=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
@@ -814,8 +826,9 @@ golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE=
+golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=

logic/extpeers.go

@@ -138,6 +138,12 @@ func CreateExtClient(extclient *models.ExtClient) error {
 				return err
 			}
 			extclient.Address = newAddress
+
+			extclientInternalAddr, err := UniqueAddress(extclient.Network, true)
+			if err != nil {
+				return err
+			}
+			extclient.InternalIPAddr = extclientInternalAddr
 		}
 	}
 
@@ -148,6 +154,11 @@ func CreateExtClient(extclient *models.ExtClient) error {
 				return err
 			}
 			extclient.Address6 = addr6
+			extclientInternalAddr6, err := UniqueAddress6(extclient.Network, true)
+			if err != nil {
+				return err
+			}
+			extclient.InternalIPAddr6 = extclientInternalAddr6
 		}
 	}
 

logic/gateway.go

@@ -181,10 +181,8 @@ func CreateIngressGateway(netid string, nodeid string, failover bool) (models.No
 
 	var postUpCmd, postDownCmd string
 	node, err := GetNodeByID(nodeid)
-	if node.OS != "linux" { // add in darwin later
-		return models.Node{}, errors.New(node.OS + " is unsupported for ingress gateways")
-	}
-	if node.OS == "linux" && node.FirewallInUse == models.FIREWALL_NONE {
+
+	if node.FirewallInUse == models.FIREWALL_NONE {
 		return models.Node{}, errors.New("firewall is not supported for ingress gateways")
 	}
 

logic/peers.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/c-robinson/iplib"
 	"github.com/gravitl/netclient/nmproxy/manager"
+	proxy_models "github.com/gravitl/netclient/nmproxy/models"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic/acls/nodeacls"
@@ -23,22 +24,12 @@ import (
 func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPayload, error) {
 	proxyPayload := manager.ProxyManagerPayload{}
 	var peers []wgtypes.PeerConfig
-	peerConfMap := make(map[string]manager.PeerConf)
+	peerConfMap := make(map[string]proxy_models.PeerConf)
 	var err error
 	currentPeers, err := GetNetworkNodes(node.Network)
 	if err != nil {
 		return proxyPayload, err
 	}
-	var metrics *models.Metrics
-	if servercfg.Is_EE {
-		metrics, _ = GetMetrics(node.ID)
-	}
-	if metrics == nil {
-		metrics = &models.Metrics{}
-	}
-	if metrics.FailoverPeers == nil {
-		metrics.FailoverPeers = make(map[string]string)
-	}
 	if !onlyPeers {
 		if node.IsRelayed == "yes" {
 			relayNode := FindRelay(node)
@@ -61,13 +52,13 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 				proxyPayload.IsRelay = false
 			} else {
 
-				relayPeersMap := make(map[string]manager.RelayedConf)
+				relayPeersMap := make(map[string]proxy_models.RelayedConf)
 				for _, relayedNode := range relayedNodes {
 					payload, err := GetPeersForProxy(&relayedNode, true)
 					if err == nil {
 						relayedEndpoint, udpErr := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", relayedNode.Endpoint, relayedNode.LocalListenPort))
 						if udpErr == nil {
-							relayPeersMap[relayedNode.PublicKey] = manager.RelayedConf{
+							relayPeersMap[relayedNode.PublicKey] = proxy_models.RelayedConf{
 								RelayedPeerEndpoint: relayedEndpoint,
 								RelayedPeerPubKey:   relayedNode.PublicKey,
 								Peers:               payload.Peers,
@@ -93,22 +84,29 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			logger.Log(1, "failed to parse node pub key: ", peer.ID)
 			continue
 		}
+		proxyStatus := peer.Proxy
 		listenPort := peer.LocalListenPort
-		if listenPort == 0 {
+		if proxyStatus {
+			listenPort = peer.ProxyListenPort
+			if listenPort == 0 {
+				listenPort = proxy_models.NmProxyPort
+			}
+		} else if listenPort == 0 {
 			listenPort = peer.ListenPort
+
 		}
+
 		endpoint, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", peer.Endpoint, listenPort))
 		if err != nil {
 			logger.Log(1, "failed to resolve udp addr for node: ", peer.ID, peer.Endpoint, err.Error())
 			continue
 		}
-		allowedips := GetAllowedIPs(node, &peer, metrics, false)
+		allowedips := GetAllowedIPs(node, &peer, nil, false)
 		var keepalive time.Duration
 		if node.PersistentKeepalive != 0 {
 			// set_keepalive
 			keepalive, _ = time.ParseDuration(strconv.FormatInt(int64(node.PersistentKeepalive), 10) + "s")
 		}
-		proxyStatus := peer.Proxy
 		if peer.IsServer == "yes" {
 			proxyStatus = servercfg.IsProxyEnabled()
 		}
@@ -119,9 +117,10 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			PersistentKeepaliveInterval: &keepalive,
 			ReplaceAllowedIPs:           true,
 		})
-		peerConfMap[peer.PublicKey] = manager.PeerConf{
-			Address: peer.PrimaryAddress(),
-			Proxy:   proxyStatus,
+		peerConfMap[peer.PublicKey] = proxy_models.PeerConf{
+			Address:          net.ParseIP(peer.PrimaryAddress()),
+			Proxy:            proxyStatus,
+			PublicListenPort: listenPort,
 		}
 
 		if !onlyPeers && peer.IsRelayed == "yes" {
@@ -129,12 +128,13 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			if relayNode != nil {
 				relayTo, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", relayNode.Endpoint, relayNode.LocalListenPort))
 				if err == nil {
-					peerConfMap[peer.PublicKey] = manager.PeerConf{
+					peerConfMap[peer.PublicKey] = proxy_models.PeerConf{
 
-						IsRelayed: true,
-						RelayedTo: relayTo,
-						Address:   peer.PrimaryAddress(),
-						Proxy:     proxyStatus,
+						IsRelayed:        true,
+						RelayedTo:        relayTo,
+						Address:          net.ParseIP(peer.PrimaryAddress()),
+						Proxy:            proxyStatus,
+						PublicListenPort: listenPort,
 					}
 				}
 
@@ -329,7 +329,7 @@ func GetPeerUpdate(node *models.Node) (models.PeerUpdate, error) {
 		}
 	}
 	if node.IsIngressGateway == "yes" {
-		extPeers, idsAndAddr, err := getExtPeers(node)
+		extPeers, idsAndAddr, err := getExtPeers(node, true)
 		if err == nil {
 			peers = append(peers, extPeers...)
 			for i := range idsAndAddr {
@@ -349,7 +349,7 @@ func GetPeerUpdate(node *models.Node) (models.PeerUpdate, error) {
 	return peerUpdate, nil
 }
 
-func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, error) {
+func getExtPeers(node *models.Node, forIngressNode bool) ([]wgtypes.PeerConfig, []models.IDandAddr, error) {
 	var peers []wgtypes.PeerConfig
 	var idsAndAddr []models.IDandAddr
 	extPeers, err := GetNetworkExtClients(node.Network)
@@ -369,7 +369,7 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, e
 
 		var allowedips []net.IPNet
 		var peer wgtypes.PeerConfig
-		if extPeer.Address != "" {
+		if forIngressNode && extPeer.Address != "" {
 			var peeraddr = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address),
 				Mask: net.CIDRMask(32, 32),
@@ -379,7 +379,7 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, e
 			}
 		}
 
-		if extPeer.Address6 != "" {
+		if forIngressNode && extPeer.Address6 != "" {
 			var addr6 = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address6),
 				Mask: net.CIDRMask(128, 128),
@@ -388,12 +388,31 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, e
 				allowedips = append(allowedips, addr6)
 			}
 		}
+		if !forIngressNode {
+			if extPeer.InternalIPAddr != "" {
+				peerInternalAddr := net.IPNet{
+					IP:   net.ParseIP(extPeer.InternalIPAddr),
+					Mask: net.CIDRMask(32, 32),
+				}
+				if peerInternalAddr.IP != nil && peerInternalAddr.Mask != nil {
+					allowedips = append(allowedips, peerInternalAddr)
+				}
+			}
+			if extPeer.InternalIPAddr6 != "" {
+				peerInternalAddr6 := net.IPNet{
+					IP:   net.ParseIP(extPeer.InternalIPAddr6),
+					Mask: net.CIDRMask(32, 32),
+				}
+				if peerInternalAddr6.IP != nil && peerInternalAddr6.Mask != nil {
+					allowedips = append(allowedips, peerInternalAddr6)
+				}
+			}
+		}
 
 		primaryAddr := extPeer.Address
 		if primaryAddr == "" {
 			primaryAddr = extPeer.Address6
 		}
-
 		peer = wgtypes.PeerConfig{
 			PublicKey:         pubkey,
 			ReplaceAllowedIPs: true,
@@ -409,7 +428,7 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, e
 
 }
 
-func getExtPeersForProxy(node *models.Node, proxyPeerConf map[string]manager.PeerConf) ([]wgtypes.PeerConfig, map[string]manager.PeerConf, error) {
+func getExtPeersForProxy(node *models.Node, proxyPeerConf map[string]proxy_models.PeerConf) ([]wgtypes.PeerConfig, map[string]proxy_models.PeerConf, error) {
 	var peers []wgtypes.PeerConfig
 
 	extPeers, err := GetNetworkExtClients(node.Network)
@@ -454,10 +473,14 @@ func getExtPeersForProxy(node *models.Node, proxyPeerConf map[string]manager.Pee
 			ReplaceAllowedIPs: true,
 			AllowedIPs:        allowedips,
 		}
-
-		extConf := manager.PeerConf{
-			IsExtClient: true,
-			Address:     extPeer.Address,
+		extInternalPrimaryAddr := extPeer.InternalIPAddr
+		if extInternalPrimaryAddr == "" {
+			extInternalPrimaryAddr = extPeer.InternalIPAddr6
+		}
+		extConf := proxy_models.PeerConf{
+			IsExtClient:   true,
+			Address:       net.ParseIP(extPeer.Address),
+			ExtInternalIp: net.ParseIP(extInternalPrimaryAddr),
 		}
 		if extPeer.IngressGatewayID == node.ID {
 			extConf.IsAttachedExtClient = true
@@ -482,7 +505,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics, fetchRelaye
 
 	// handle ingress gateway peers
 	if peer.IsIngressGateway == "yes" {
-		extPeers, _, err := getExtPeers(peer)
+		extPeers, _, err := getExtPeers(peer, false)
 		if err != nil {
 			logger.Log(2, "could not retrieve ext peers for ", peer.Name, err.Error())
 		}
@@ -555,7 +578,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics, fetchRelaye
 				allowedips = append(allowedips, extAllowedIPs...)
 			}
 			if relayedNode.IsIngressGateway == "yes" {
-				extPeers, _, err := getExtPeers(relayedNode)
+				extPeers, _, err := getExtPeers(relayedNode, false)
 				if err == nil {
 					for _, extPeer := range extPeers {
 						allowedips = append(allowedips, extPeer.AllowedIPs...)
@@ -719,7 +742,7 @@ func GetPeerUpdateForRelayedNode(node *models.Node, udppeers map[string]string)
 	}
 	//if ingress add extclients
 	if node.IsIngressGateway == "yes" {
-		extPeers, _, err := getExtPeers(node)
+		extPeers, _, err := getExtPeers(node, true)
 		if err == nil {
 			peers = append(peers, extPeers...)
 		} else {

models/extclient.go

@@ -14,4 +14,6 @@ type ExtClient struct {
 	LastModified           int64  `json:"lastmodified" bson:"lastmodified"`
 	Enabled                bool   `json:"enabled" bson:"enabled"`
 	OwnerID                string `json:"ownerid" bson:"ownerid"`
+	InternalIPAddr         string `json:"internal_ip_addr" bson:"internal_ip_addr"`
+	InternalIPAddr6        string `json:"internal_ip_addr6" bson:"internal_ip_addr6"`
 }

models/node.go

@@ -64,6 +64,7 @@ type Node struct {
 	NetworkSettings         Network              `json:"networksettings" bson:"networksettings" yaml:"networksettings" validate:"-"`
 	ListenPort              int32                `json:"listenport" bson:"listenport" yaml:"listenport" validate:"omitempty,numeric,min=1024,max=65535"`
 	LocalListenPort         int32                `json:"locallistenport" bson:"locallistenport" yaml:"locallistenport" validate:"numeric,min=0,max=65535"`
+	ProxyListenPort         int32                `json:"proxy_listen_port" bson:"proxy_listen_port" yaml:"proxy_listen_port" validate:"numeric,min=0,max=65535"`
 	PublicKey               string               `json:"publickey" bson:"publickey" yaml:"publickey" validate:"required,base64"`
 	Endpoint                string               `json:"endpoint" bson:"endpoint" yaml:"endpoint" validate:"required,ip"`
 	PostUp                  string               `json:"postup" bson:"postup" yaml:"postup"`

mq/publishers.go

@@ -110,6 +110,13 @@ func PublishExtPeerUpdate(node *models.Node) error {
 	if err != nil {
 		return err
 	}
+	if node.Proxy {
+		proxyUpdate, err := logic.GetPeersForProxy(node, false)
+		if err == nil {
+			peerUpdate.ProxyUpdate = proxyUpdate
+		}
+	}
+
 	if err = publish(node, fmt.Sprintf("peers/%s/%s", node.Network, node.ID), data); err != nil {
 		return err
 	}

servercfg/serverconf.go

@@ -41,6 +41,8 @@ func GetServerConfig() config.ServerConfig {
 	cfg.AllowedOrigin = GetAllowedOrigin()
 	cfg.RestBackend = "off"
 	cfg.NodeID = GetNodeID()
+	cfg.StunHost = GetStunAddr()
+	cfg.StunPort = GetStunPort()
 	if IsRestBackend() {
 		cfg.RestBackend = "on"
 	}

stun-server/stun-server.go

@@ -153,7 +153,7 @@ func Start(wg *sync.WaitGroup) {
 		<-quit
 		cancel()
 	}()
-	normalized := normalize(fmt.Sprintf("0.0.0.0:%s", servercfg.GetStunPort()))
+	normalized := normalize(fmt.Sprintf("0.0.0.0:%d", servercfg.GetStunPort()))
 	logger.Log(0, "netmaker-stun listening on", normalized, "via udp")
 	err := listenUDPAndServe(ctx, "udp", normalized)
 	if err != nil {