2020-02-10 20:58:13 +01:00
|
|
|
package dsnet
|
|
|
|
|
|
|
|
import (
|
2020-03-02 03:54:43 +01:00
|
|
|
"encoding/json"
|
|
|
|
"io/ioutil"
|
2020-10-25 22:02:06 +01:00
|
|
|
"math/rand"
|
2020-02-10 20:58:13 +01:00
|
|
|
"net"
|
2020-03-03 23:33:48 +01:00
|
|
|
"os"
|
2020-03-19 21:12:42 +01:00
|
|
|
"time"
|
2020-03-04 00:09:54 +01:00
|
|
|
|
|
|
|
"github.com/go-playground/validator/v10"
|
2020-03-04 21:34:11 +01:00
|
|
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
2020-02-10 20:58:13 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// see https://github.com/WireGuard/wgctrl-go/blob/master/wgtypes/types.go for definitions
|
2020-02-20 20:08:07 +01:00
|
|
|
type PeerConfig struct {
|
|
|
|
// Used to update DNS
|
2020-03-02 00:08:10 +01:00
|
|
|
Hostname string `validate:"required,gte=1,lte=255"`
|
2020-03-02 20:38:00 +01:00
|
|
|
// username of person running this host/router
|
|
|
|
Owner string `validate:"required,gte=1,lte=255"`
|
2020-02-20 20:08:07 +01:00
|
|
|
// Description of what the host is and/or does
|
2020-03-02 00:08:10 +01:00
|
|
|
Description string `validate:"required,gte=1,lte=255"`
|
2020-03-03 23:30:36 +01:00
|
|
|
// Internal VPN IP address. Added to AllowedIPs in server config as a /32
|
2020-10-26 18:58:15 +01:00
|
|
|
IP net.IP
|
|
|
|
IP6 net.IP
|
2020-03-19 21:12:42 +01:00
|
|
|
Added time.Time `validate:"required"`
|
2020-03-03 23:30:36 +01:00
|
|
|
// TODO ExternalIP support (Endpoint)
|
|
|
|
//ExternalIP net.UDPAddr `validate:"required,udp4_addr"`
|
|
|
|
// TODO support routing additional networks (AllowedIPs)
|
2020-03-08 21:49:35 +01:00
|
|
|
Networks []JSONIPNet `validate:"required"`
|
|
|
|
PublicKey JSONKey `validate:"required,len=44"`
|
|
|
|
PrivateKey JSONKey `json:"-"` // omitted from config!
|
|
|
|
PresharedKey JSONKey `validate:"required,len=44"`
|
2020-02-20 20:08:07 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
type DsnetConfig struct {
|
2020-02-27 23:19:48 +01:00
|
|
|
// domain to append to hostnames. Relies on separate DNS server for
|
|
|
|
// resolution. Informational only.
|
2020-10-26 19:27:35 +01:00
|
|
|
ExternalIP net.IP
|
2020-10-26 09:27:22 +01:00
|
|
|
ExternalIP6 net.IP
|
2020-03-04 20:38:48 +01:00
|
|
|
ListenPort int `validate:"gte=1024,lte=65535"`
|
|
|
|
Domain string `validate:"required,gte=1,lte=255"`
|
|
|
|
InterfaceName string `validate:"required,gte=1,lte=255"`
|
2020-03-02 20:41:36 +01:00
|
|
|
// IP network from which to allocate automatic sequential addresses
|
|
|
|
// Network is chosen randomly when not specified
|
2020-10-24 21:51:03 +02:00
|
|
|
Network JSONIPNet `validate:"required"`
|
|
|
|
Network6 JSONIPNet `validate:"required"`
|
2020-10-26 18:58:15 +01:00
|
|
|
IP net.IP
|
|
|
|
IP6 net.IP
|
2020-10-24 21:51:03 +02:00
|
|
|
DNS net.IP
|
2020-03-08 21:49:35 +01:00
|
|
|
// extra networks available, will be added to AllowedIPs
|
|
|
|
Networks []JSONIPNet `validate:"required"`
|
2020-03-01 23:03:31 +01:00
|
|
|
// TODO Default subnets to route via VPN
|
2020-11-18 23:37:32 +01:00
|
|
|
ReportFile string `validate:"required"`
|
|
|
|
PrivateKey JSONKey `validate:"required,len=44"`
|
|
|
|
PostUp string
|
|
|
|
PostDown string
|
|
|
|
Peers []PeerConfig `validate:"dive"`
|
2020-02-20 20:08:07 +01:00
|
|
|
}
|
|
|
|
|
2020-03-02 03:54:43 +01:00
|
|
|
func MustLoadDsnetConfig() *DsnetConfig {
|
|
|
|
raw, err := ioutil.ReadFile(CONFIG_FILE)
|
2020-03-03 23:33:48 +01:00
|
|
|
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
ExitFail("%s does not exist. `dsnet init` may be required.", CONFIG_FILE)
|
|
|
|
} else if os.IsPermission(err) {
|
|
|
|
ExitFail("%s cannot be accessed. Sudo may be required.", CONFIG_FILE)
|
|
|
|
} else {
|
|
|
|
check(err)
|
|
|
|
}
|
|
|
|
|
2020-03-02 03:54:43 +01:00
|
|
|
conf := DsnetConfig{}
|
|
|
|
err = json.Unmarshal(raw, &conf)
|
|
|
|
check(err)
|
2020-03-04 00:09:54 +01:00
|
|
|
|
|
|
|
err = validator.New().Struct(conf)
|
|
|
|
check(err)
|
|
|
|
|
2020-10-26 19:11:56 +01:00
|
|
|
if len(conf.ExternalIP) == 0 && len(conf.ExternalIP6) == 0 {
|
|
|
|
ExitFail("Config does not contain ExternalIP or ExternalIP6")
|
|
|
|
}
|
|
|
|
|
2020-03-02 03:54:43 +01:00
|
|
|
return &conf
|
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *DsnetConfig) MustSave() {
|
|
|
|
_json, _ := json.MarshalIndent(conf, "", " ")
|
|
|
|
err := ioutil.WriteFile(CONFIG_FILE, _json, 0600)
|
|
|
|
check(err)
|
|
|
|
}
|
|
|
|
|
2020-03-02 04:08:28 +01:00
|
|
|
func (conf *DsnetConfig) MustAddPeer(peer PeerConfig) {
|
2020-03-02 20:26:08 +01:00
|
|
|
// TODO validate all PeerConfig (keys etc)
|
|
|
|
|
|
|
|
for _, p := range conf.Peers {
|
|
|
|
if peer.Hostname == p.Hostname {
|
|
|
|
ExitFail("%s is not an unique hostname", peer.Hostname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-03-04 23:01:30 +01:00
|
|
|
for _, p := range conf.Peers {
|
|
|
|
if peer.PublicKey.Key == p.PublicKey.Key {
|
|
|
|
ExitFail("%s is not an unique public key", peer.Hostname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, p := range conf.Peers {
|
|
|
|
if peer.PresharedKey.Key == p.PresharedKey.Key {
|
|
|
|
ExitFail("%s is not an unique preshared key", peer.Hostname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-03-03 23:30:36 +01:00
|
|
|
if conf.IPAllocated(peer.IP) {
|
|
|
|
ExitFail("%s is already allocated", peer.IP)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, peerIPNet := range peer.Networks {
|
2020-03-02 20:26:08 +01:00
|
|
|
if conf.IPAllocated(peerIPNet.IPNet.IP) {
|
2020-03-02 20:31:29 +01:00
|
|
|
ExitFail("%s is already allocated", peerIPNet)
|
2020-03-02 20:26:08 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-03-02 04:08:28 +01:00
|
|
|
conf.Peers = append(conf.Peers, peer)
|
|
|
|
}
|
|
|
|
|
2020-03-05 21:35:51 +01:00
|
|
|
func (conf *DsnetConfig) MustRemovePeer(hostname string) {
|
2020-03-05 21:46:28 +01:00
|
|
|
peerIndex := -1
|
2020-03-05 21:35:51 +01:00
|
|
|
|
|
|
|
for i, peer := range conf.Peers {
|
|
|
|
if peer.Hostname == hostname {
|
|
|
|
peerIndex = i
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if peerIndex == -1 {
|
|
|
|
ExitFail("Could not find peer with hostname %s", hostname)
|
|
|
|
}
|
|
|
|
|
2020-04-04 10:22:09 +02:00
|
|
|
// remove peer from slice, retaining order
|
|
|
|
copy(conf.Peers[peerIndex:], conf.Peers[peerIndex+1:]) // shift left
|
2020-10-24 21:51:03 +02:00
|
|
|
conf.Peers = conf.Peers[:len(conf.Peers)-1] // truncate
|
2020-03-05 21:35:51 +01:00
|
|
|
}
|
|
|
|
|
2020-03-02 19:53:10 +01:00
|
|
|
func (conf DsnetConfig) IPAllocated(IP net.IP) bool {
|
2020-10-24 22:08:12 +02:00
|
|
|
if IP.Equal(conf.IP) || IP.Equal(conf.IP6) {
|
2020-03-02 21:10:48 +01:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2020-03-02 19:53:10 +01:00
|
|
|
for _, peer := range conf.Peers {
|
2020-10-24 22:08:12 +02:00
|
|
|
if IP.Equal(peer.IP) || IP.Equal(peer.IP6) {
|
2020-03-03 23:30:36 +01:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, peerIPNet := range peer.Networks {
|
2020-03-02 20:13:38 +01:00
|
|
|
if IP.Equal(peerIPNet.IPNet.IP) {
|
2020-03-02 20:31:29 +01:00
|
|
|
return true
|
2020-03-02 19:53:10 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-03-02 20:31:29 +01:00
|
|
|
return false
|
2020-03-02 19:53:10 +01:00
|
|
|
}
|
|
|
|
|
2020-10-25 15:57:18 +01:00
|
|
|
// choose a free IPv4 for a new Peer (sequential allocation)
|
|
|
|
func (conf DsnetConfig) MustAllocateIP() net.IP {
|
|
|
|
network := conf.Network.IPNet
|
2020-03-02 19:44:19 +01:00
|
|
|
ones, bits := network.Mask.Size()
|
|
|
|
zeros := bits - ones
|
2020-10-25 09:23:43 +01:00
|
|
|
|
|
|
|
// avoids network addr
|
|
|
|
min := 1
|
2020-10-25 15:57:18 +01:00
|
|
|
// avoids broadcast addr + overflow
|
2020-10-25 09:23:43 +01:00
|
|
|
max := (1 << zeros) - 2
|
2020-03-02 19:44:19 +01:00
|
|
|
|
2020-10-25 15:59:46 +01:00
|
|
|
IP := make(net.IP, len(network.IP))
|
|
|
|
|
2020-03-02 19:44:19 +01:00
|
|
|
for i := min; i <= max; i++ {
|
2020-10-25 15:57:18 +01:00
|
|
|
// dst, src!
|
2020-03-02 19:44:19 +01:00
|
|
|
copy(IP, network.IP)
|
|
|
|
|
|
|
|
// OR the host part with the network part
|
|
|
|
for j := 0; j < len(IP); j++ {
|
|
|
|
shift := (len(IP) - j - 1) * 8
|
|
|
|
IP[j] = IP[j] | byte(i>>shift)
|
2020-03-02 20:13:38 +01:00
|
|
|
}
|
2020-03-02 19:44:19 +01:00
|
|
|
|
2020-03-02 22:02:21 +01:00
|
|
|
if !conf.IPAllocated(IP) {
|
2020-03-02 20:29:08 +01:00
|
|
|
return IP
|
2020-03-02 19:53:10 +01:00
|
|
|
}
|
2020-03-02 19:44:19 +01:00
|
|
|
}
|
|
|
|
|
2020-03-02 20:29:08 +01:00
|
|
|
ExitFail("IP range exhausted")
|
|
|
|
|
|
|
|
return net.IP{}
|
2020-03-02 19:44:19 +01:00
|
|
|
}
|
2020-03-04 21:30:05 +01:00
|
|
|
|
2020-10-25 15:57:18 +01:00
|
|
|
// choose a free IPv6 for a new Peer (pseudorandom allocation)
|
|
|
|
func (conf DsnetConfig) MustAllocateIP6() net.IP {
|
|
|
|
network := conf.Network6.IPNet
|
|
|
|
ones, bits := network.Mask.Size()
|
|
|
|
zeros := bits - ones
|
|
|
|
|
|
|
|
rbs := make([]byte, zeros)
|
|
|
|
rand.Seed(time.Now().UTC().UnixNano())
|
|
|
|
|
2020-10-25 15:59:46 +01:00
|
|
|
IP := make(net.IP, len(network.IP))
|
|
|
|
|
2020-10-25 15:57:18 +01:00
|
|
|
for i := 0; i <= 10000; i++ {
|
|
|
|
rand.Read(rbs)
|
|
|
|
// dst, src! Copy prefix of IP
|
|
|
|
copy(IP, network.IP)
|
|
|
|
|
|
|
|
// OR the host part with the network part
|
|
|
|
for j := ones / 8; j < len(IP); j++ {
|
|
|
|
IP[j] = IP[j] | rbs[j]
|
|
|
|
}
|
|
|
|
|
|
|
|
if !conf.IPAllocated(IP) {
|
|
|
|
return IP
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ExitFail("Could not allocate random IPv6 after 10000 tries. This was highly unlikely!")
|
|
|
|
|
|
|
|
return net.IP{}
|
|
|
|
}
|
|
|
|
|
2020-03-04 21:30:05 +01:00
|
|
|
func (conf DsnetConfig) GetWgPeerConfigs() []wgtypes.PeerConfig {
|
|
|
|
wgPeers := make([]wgtypes.PeerConfig, 0, len(conf.Peers))
|
|
|
|
|
|
|
|
for _, peer := range conf.Peers {
|
2020-03-08 15:10:38 +01:00
|
|
|
// create a new PSK in memory to avoid passing the same value by
|
|
|
|
// pointer to each peer (d'oh)
|
|
|
|
presharedKey := peer.PresharedKey.Key
|
|
|
|
|
2020-03-12 21:02:57 +01:00
|
|
|
// AllowedIPs = private IP + defined networks
|
2020-10-27 22:57:44 +01:00
|
|
|
allowedIPs := make([]net.IPNet, 0, len(peer.Networks)+2)
|
|
|
|
|
|
|
|
if len(peer.IP) > 0 {
|
|
|
|
allowedIPs = append(
|
|
|
|
allowedIPs,
|
|
|
|
net.IPNet{
|
|
|
|
IP: peer.IP,
|
|
|
|
Mask: net.IPMask{255, 255, 255, 255},
|
|
|
|
},
|
|
|
|
)
|
2020-03-12 21:02:57 +01:00
|
|
|
}
|
2020-10-27 22:57:44 +01:00
|
|
|
|
|
|
|
if len(peer.IP6) > 0 {
|
|
|
|
allowedIPs = append(
|
|
|
|
allowedIPs,
|
|
|
|
net.IPNet{
|
|
|
|
IP: peer.IP6,
|
|
|
|
Mask: net.IPMask{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
|
|
|
|
},
|
|
|
|
)
|
2020-10-27 22:42:21 +01:00
|
|
|
}
|
2020-03-12 21:02:57 +01:00
|
|
|
|
2020-11-02 18:56:12 +01:00
|
|
|
for _, net := range peer.Networks {
|
|
|
|
allowedIPs = append(allowedIPs, net.IPNet)
|
2020-03-12 21:02:57 +01:00
|
|
|
}
|
|
|
|
|
2020-03-04 21:30:05 +01:00
|
|
|
wgPeers = append(wgPeers, wgtypes.PeerConfig{
|
2020-03-07 22:57:00 +01:00
|
|
|
PublicKey: peer.PublicKey.Key,
|
|
|
|
Remove: false,
|
|
|
|
UpdateOnly: false,
|
2020-03-08 15:10:38 +01:00
|
|
|
PresharedKey: &presharedKey,
|
2020-03-07 22:57:00 +01:00
|
|
|
Endpoint: nil,
|
|
|
|
ReplaceAllowedIPs: true,
|
2020-03-12 21:02:57 +01:00
|
|
|
AllowedIPs: allowedIPs,
|
2020-03-04 21:30:05 +01:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
return wgPeers
|
|
|
|
}
|