|
@@ -51,62 +51,80 @@ func SetPeers(iface, currentNodeAddr string, keepalive int32, peers []wgtypes.Pe
|
|
|
ncutils.PrintLog("no peers pulled", 1)
|
|
ncutils.PrintLog("no peers pulled", 1)
|
|
|
return err
|
|
return err
|
|
|
}
|
|
}
|
|
|
- for _, peer := range peers {
|
|
|
|
|
-
|
|
|
|
|
- for _, currentPeer := range devicePeers {
|
|
|
|
|
- if currentPeer.AllowedIPs[0].String() == peer.AllowedIPs[0].String() &&
|
|
|
|
|
- currentPeer.PublicKey.String() != peer.PublicKey.String() {
|
|
|
|
|
- _, err := ncutils.RunCmd("wg set "+iface+" peer "+currentPeer.PublicKey.String()+" remove", true)
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- log.Println("error removing peer", peer.Endpoint.String())
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ found := false
|
|
|
|
|
+ //if a current peer is not in the list of new peers (based on PublicKey) delete it
|
|
|
|
|
+ for _, currentPeer := range devicePeers {
|
|
|
|
|
+ oldPeerAllowedIps[currentPeer.PublicKey.String()] = currentPeer.AllowedIPs
|
|
|
|
|
+ for _, peer := range peers {
|
|
|
|
|
+ if peer.PublicKey == currentPeer.PublicKey {
|
|
|
|
|
+ found = true
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
- udpendpoint := peer.Endpoint.String()
|
|
|
|
|
- var allowedips string
|
|
|
|
|
- var iparr []string
|
|
|
|
|
- for _, ipaddr := range peer.AllowedIPs {
|
|
|
|
|
- iparr = append(iparr, ipaddr.String())
|
|
|
|
|
- }
|
|
|
|
|
- allowedips = strings.Join(iparr, ",")
|
|
|
|
|
- keepAliveString := strconv.Itoa(int(keepalive))
|
|
|
|
|
- if keepAliveString == "0" {
|
|
|
|
|
- keepAliveString = "15"
|
|
|
|
|
- }
|
|
|
|
|
- if peer.Endpoint != nil {
|
|
|
|
|
- _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
|
|
|
|
|
- " endpoint "+udpendpoint+
|
|
|
|
|
- " persistent-keepalive "+keepAliveString+
|
|
|
|
|
- " allowed-ips "+allowedips, true)
|
|
|
|
|
- } else {
|
|
|
|
|
- _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
|
|
|
|
|
- " persistent-keepalive "+keepAliveString+
|
|
|
|
|
- " allowed-ips "+allowedips, true)
|
|
|
|
|
- }
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- log.Println("error setting peer", peer.PublicKey.String())
|
|
|
|
|
|
|
+ if !found {
|
|
|
|
|
+ _, err := ncutils.RunCmd("wg set "+iface+" peer "+currentPeer.PublicKey.String()+" remove", true)
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ log.Println("error removing peer", currentPeer.Endpoint.String())
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
+ //if a new peer is not in the list of existing peers, add it
|
|
|
|
|
+ found = false
|
|
|
|
|
+ replace := false
|
|
|
|
|
+ for _, peer := range peers {
|
|
|
|
|
+ for _, currentPeer := range devicePeers {
|
|
|
|
|
+ if peer.PublicKey == currentPeer.PublicKey {
|
|
|
|
|
+ found = true
|
|
|
|
|
+ }
|
|
|
|
|
+ if found {
|
|
|
|
|
+ //check all fields are still the same
|
|
|
|
|
+ replace = false
|
|
|
|
|
+ if peer.Endpoint != currentPeer.Endpoint || peer.PersistentKeepaliveInterval != ¤tPeer.PersistentKeepaliveInterval {
|
|
|
|
|
+ replace = true
|
|
|
|
|
+ }
|
|
|
|
|
+ for _, endpoint := range peer.AllowedIPs {
|
|
|
|
|
+ if ncutils.IPNetSliceContains(currentPeer.AllowedIPs, endpoint) {
|
|
|
|
|
+ replace = true
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- for _, currentPeer := range devicePeers {
|
|
|
|
|
- shouldDelete := true
|
|
|
|
|
- for _, peer := range peers {
|
|
|
|
|
- if peer.AllowedIPs[0].String() == currentPeer.AllowedIPs[0].String() {
|
|
|
|
|
- shouldDelete = false
|
|
|
|
|
}
|
|
}
|
|
|
- }
|
|
|
|
|
- if shouldDelete {
|
|
|
|
|
- output, err := ncutils.RunCmd("wg set "+iface+" peer "+currentPeer.PublicKey.String()+" remove", true)
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- log.Println(output, "error removing peer", currentPeer.PublicKey.String())
|
|
|
|
|
|
|
+
|
|
|
|
|
+ if !found || replace {
|
|
|
|
|
+ udpendpoint := peer.Endpoint.String()
|
|
|
|
|
+ var allowedips string
|
|
|
|
|
+ var iparr []string
|
|
|
|
|
+ for _, ipaddr := range peer.AllowedIPs {
|
|
|
|
|
+ iparr = append(iparr, ipaddr.String())
|
|
|
|
|
+ }
|
|
|
|
|
+ allowedips = strings.Join(iparr, ",")
|
|
|
|
|
+ keepAliveString := strconv.Itoa(int(keepalive))
|
|
|
|
|
+ if peer.Endpoint != nil && keepalive > 0 {
|
|
|
|
|
+ _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
|
|
|
|
|
+ " endpoint "+udpendpoint+
|
|
|
|
|
+ " persistent-keepalive "+keepAliveString+
|
|
|
|
|
+ " allowed-ips "+allowedips, true)
|
|
|
|
|
+ } else if peer.Endpoint != nil && keepalive == 0 {
|
|
|
|
|
+ _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
|
|
|
|
|
+ " endpoint "+udpendpoint+
|
|
|
|
|
+ " allowed-ips "+allowedips, true)
|
|
|
|
|
+ } else if peer.Endpoint == nil && keepalive != 0 {
|
|
|
|
|
+ _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
|
|
|
|
|
+ " persistent-keepalive "+keepAliveString+
|
|
|
|
|
+ " allowed-ips "+allowedips, true)
|
|
|
|
|
+ } else {
|
|
|
|
|
+ _, err = ncutils.RunCmd("wg set "+iface+" peer "+peer.PublicKey.String()+
|
|
|
|
|
+ " allowed-ips "+allowedips, true)
|
|
|
|
|
+ }
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ log.Println("error setting peer", peer.PublicKey.String())
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
- oldPeerAllowedIps[currentPeer.PublicKey.String()] = currentPeer.AllowedIPs
|
|
|
|
|
}
|
|
}
|
|
|
if ncutils.IsMac() {
|
|
if ncutils.IsMac() {
|
|
|
err = SetMacPeerRoutes(iface)
|
|
err = SetMacPeerRoutes(iface)
|
|
|
return err
|
|
return err
|
|
|
- } else if ncutils.IsLinux() {
|
|
|
|
|
|
|
+ } else {
|
|
|
local.SetPeerRoutes(iface, currentNodeAddr, oldPeerAllowedIps, peers)
|
|
local.SetPeerRoutes(iface, currentNodeAddr, oldPeerAllowedIps, peers)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -172,8 +190,7 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
|
|
|
d, _ = wgclient.Device(deviceiface)
|
|
d, _ = wgclient.Device(deviceiface)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- ApplyConf(node, deviceiface, confPath) // Apply initially
|
|
|
|
|
-
|
|
|
|
|
|
|
+ ApplyConf(node, deviceiface, confPath) // Apply initially
|
|
|
ncutils.PrintLog("waiting for interface...", 1) // ensure interface is created
|
|
ncutils.PrintLog("waiting for interface...", 1) // ensure interface is created
|
|
|
output, _ := ncutils.RunCmd("wg", false)
|
|
output, _ := ncutils.RunCmd("wg", false)
|
|
|
starttime := time.Now()
|
|
starttime := time.Now()
|
|
@@ -184,23 +201,29 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
|
|
|
time.Sleep(time.Second)
|
|
time.Sleep(time.Second)
|
|
|
ifaceReady = strings.Contains(output, ifacename)
|
|
ifaceReady = strings.Contains(output, ifacename)
|
|
|
}
|
|
}
|
|
|
- newDevice, devErr := wgclient.Device(deviceiface)
|
|
|
|
|
- if !ifaceReady || devErr != nil {
|
|
|
|
|
- return fmt.Errorf("could not reliably create interface, please check wg installation and retry")
|
|
|
|
|
|
|
+ //wgclient does not work well on freebsd
|
|
|
|
|
+ if node.OS == "freebsd" {
|
|
|
|
|
+ if !ifaceReady {
|
|
|
|
|
+ return fmt.Errorf("could not reliably create interface, please check wg installation and retry")
|
|
|
|
|
+ }
|
|
|
|
|
+ } else {
|
|
|
|
|
+ _, devErr := wgclient.Device(deviceiface)
|
|
|
|
|
+ if !ifaceReady || devErr != nil {
|
|
|
|
|
+ return fmt.Errorf("could not reliably create interface, please check wg installation and retry")
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
ncutils.PrintLog("interface ready - netclient engage", 1)
|
|
ncutils.PrintLog("interface ready - netclient engage", 1)
|
|
|
-
|
|
|
|
|
if syncconf { // should never be called really.
|
|
if syncconf { // should never be called really.
|
|
|
err = SyncWGQuickConf(ifacename, confPath)
|
|
err = SyncWGQuickConf(ifacename, confPath)
|
|
|
}
|
|
}
|
|
|
- currentPeers := newDevice.Peers
|
|
|
|
|
|
|
+
|
|
|
_, cidr, cidrErr := net.ParseCIDR(modcfg.NetworkSettings.AddressRange)
|
|
_, cidr, cidrErr := net.ParseCIDR(modcfg.NetworkSettings.AddressRange)
|
|
|
if cidrErr == nil {
|
|
if cidrErr == nil {
|
|
|
local.SetCIDRRoute(ifacename, node.Address, cidr)
|
|
local.SetCIDRRoute(ifacename, node.Address, cidr)
|
|
|
} else {
|
|
} else {
|
|
|
ncutils.PrintLog("could not set cidr route properly: "+cidrErr.Error(), 1)
|
|
ncutils.PrintLog("could not set cidr route properly: "+cidrErr.Error(), 1)
|
|
|
}
|
|
}
|
|
|
- local.SetCurrentPeerRoutes(ifacename, node.Address, currentPeers[:])
|
|
|
|
|
|
|
+ local.SetCurrentPeerRoutes(ifacename, node.Address, peers)
|
|
|
|
|
|
|
|
return err
|
|
return err
|
|
|
}
|
|
}
|
dcarns