diff --git a/CONFIG.md b/CONFIG.md index 700b849..08b2393 100644 --- a/CONFIG.md +++ b/CONFIG.md @@ -133,11 +133,16 @@ Any other CIDR networks that can be routed through this peer. The public key derived from the private key generated by dsnet when the peer was added. - "PresharedKey": "GcUtlze0BMuxo3iVEjpOahKdTf8xVfF8hDW3Ylw5az0=" + "PresharedKey": "GcUtlze0BMuxo3iVEjpOahKdTf8xVfF8hDW3Ylw5az0=", The pre-shared key for this peer. The peer has the same key defined as the pre-shared key for the server peer. This is optional in wireguard but not for dsnet due to the extra (post quantum!) security it provides. + "PersistentKeepalive": 25 + +The PersistentKeepalive value for the server in generated client configs, and +for each peer connected to the server. + } diff --git a/Makefile b/Makefile index fb4a5a0..b23e2cd 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ .PHONY: all build compile quick clean -all: build +all: compile clean: @rm -r dist diff --git a/cmd/cli/config.go b/cmd/cli/config.go index ddace1f..58f1acc 100644 --- a/cmd/cli/config.go +++ b/cmd/cli/config.go @@ -65,6 +65,8 @@ type DsnetConfig struct { PostUp string PostDown string Peers []PeerConfig `validate:"dive"` + // used for server and client + PersistentKeepalive int `validate:"gte=0,lte=255"` } // LoadConfigFile parses the json config file, validates and stuffs @@ -81,7 +83,13 @@ func LoadConfigFile() (*DsnetConfig, error) { return nil, err } - conf := DsnetConfig{} + conf := DsnetConfig{ + // set default for if key is not set. If it is set, this will not be + // used _even if value is zero!_ + // Effectively, this is a migration + PersistentKeepalive: 25, + } + err = json.Unmarshal(raw, &conf) if err != nil { return nil, err diff --git a/cmd/cli/init.go b/cmd/cli/init.go index 14448aa..a24a769 100644 --- a/cmd/cli/init.go +++ b/cmd/cli/init.go @@ -34,17 +34,18 @@ func Init() { check(err) conf := &DsnetConfig{ - PrivateKey: privateKey, - ListenPort: listenPort, - Network: getPrivateNet(), - Network6: getULANet(), - Peers: []PeerConfig{}, - Domain: "dsnet", - ReportFile: reportFile, - ExternalIP: externalIPV4, - ExternalIP6: getExternalIP6(), - InterfaceName: interfaceName, - Networks: []lib.JSONIPNet{}, + PrivateKey: privateKey, + ListenPort: listenPort, + Network: getPrivateNet(), + Network6: getULANet(), + Peers: []PeerConfig{}, + Domain: "dsnet", + ReportFile: reportFile, + ExternalIP: externalIPV4, + ExternalIP6: getExternalIP6(), + InterfaceName: interfaceName, + Networks: []lib.JSONIPNet{}, + PersistentKeepalive: 25, } server := GetServer(conf) diff --git a/cmd/cli/server.go b/cmd/cli/server.go index 1b16e32..cb95f9b 100644 --- a/cmd/cli/server.go +++ b/cmd/cli/server.go @@ -8,22 +8,23 @@ import ( func GetServer(config *DsnetConfig) *lib.Server { fallbackWGBin := viper.GetString("fallback_wg_bin") return &lib.Server{ - ExternalHostname: config.ExternalHostname, - ExternalIP: config.ExternalIP, - ExternalIP6: config.ExternalIP6, - ListenPort: config.ListenPort, - Domain: config.Domain, - InterfaceName: config.InterfaceName, - Network: config.Network, - Network6: config.Network6, - IP: config.IP, - IP6: config.IP6, - DNS: config.DNS, - PrivateKey: config.PrivateKey, - PostUp: config.PostUp, - PostDown: config.PostDown, - FallbackWGBin: fallbackWGBin, - Peers: jsonPeerToDsnetPeer(config.Peers), - Networks: config.Networks, + ExternalHostname: config.ExternalHostname, + ExternalIP: config.ExternalIP, + ExternalIP6: config.ExternalIP6, + ListenPort: config.ListenPort, + Domain: config.Domain, + InterfaceName: config.InterfaceName, + Network: config.Network, + Network6: config.Network6, + IP: config.IP, + IP6: config.IP6, + DNS: config.DNS, + PrivateKey: config.PrivateKey, + PostUp: config.PostUp, + PostDown: config.PostDown, + FallbackWGBin: fallbackWGBin, + Peers: jsonPeerToDsnetPeer(config.Peers), + Networks: config.Networks, + PersistentKeepalive: config.PersistentKeepalive, } } diff --git a/lib/generator.go b/lib/generator.go index 60f770e..bc35289 100644 --- a/lib/generator.go +++ b/lib/generator.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "text/template" - "time" ) func getPeerConfTplString(peerType PeerType) (string, error) { @@ -63,7 +62,6 @@ func GetWGPeerTemplate(peer Peer, peerType PeerType, server Server) (*bytes.Buff err = t.Execute(&templateBuff, map[string]interface{}{ "Peer": peer, "Server": server, - "Keepalive": time.Duration(peer.KeepAlive).Seconds(), "CidrSize": cidrSize, "CidrSize6": cidrSize6, // vyatta requires an interface in range/format wg0-wg999 diff --git a/lib/peer.go b/lib/peer.go index f17a56c..e522416 100644 --- a/lib/peer.go +++ b/lib/peer.go @@ -24,17 +24,17 @@ const ( ) type Peer struct { - Hostname string - Owner string - Description string - IP net.IP - IP6 net.IP - Added time.Time - PublicKey JSONKey - PrivateKey JSONKey - PresharedKey JSONKey - Networks []JSONIPNet - KeepAlive time.Duration + Hostname string + Owner string + Description string + IP net.IP + IP6 net.IP + Added time.Time + PublicKey JSONKey + PrivateKey JSONKey + PresharedKey JSONKey + Networks []JSONIPNet + PersistentKeepalive int } func NewPeer(server *Server, owner string, hostname string, description string) (Peer, error) { @@ -65,6 +65,8 @@ func NewPeer(server *Server, owner string, hostname string, description string) PrivateKey: privateKey, PresharedKey: presharedKey, Networks: []JSONIPNet{}, + // inherit from server setting, which is derived from config + PersistentKeepalive: server.PersistentKeepalive, } if len(server.Network.IPNet.Mask) > 0 { diff --git a/lib/server.go b/lib/server.go index c9f6837..4f5abfe 100644 --- a/lib/server.go +++ b/lib/server.go @@ -10,23 +10,24 @@ import ( ) type Server struct { - ExternalHostname string - ExternalIP net.IP - ExternalIP6 net.IP - ListenPort int - Domain string - InterfaceName string - Network JSONIPNet - Network6 JSONIPNet - IP net.IP - IP6 net.IP - DNS net.IP - PrivateKey JSONKey - PostUp string - PostDown string - FallbackWGBin string - Peers []Peer - Networks []JSONIPNet + ExternalHostname string + ExternalIP net.IP + ExternalIP6 net.IP + ListenPort int + Domain string + InterfaceName string + Network JSONIPNet + Network6 JSONIPNet + IP net.IP + IP6 net.IP + DNS net.IP + PrivateKey JSONKey + PostUp string + PostDown string + FallbackWGBin string + Peers []Peer + Networks []JSONIPNet + PersistentKeepalive int } func (s *Server) GetPeers() []wgtypes.PeerConfig { diff --git a/lib/templates.go b/lib/templates.go index 8f4bdb4..fb27bac 100644 --- a/lib/templates.go +++ b/lib/templates.go @@ -16,7 +16,7 @@ DNS={{ .Server.DNS }} PublicKey={{ .Server.PrivateKey.PublicKey.Key }} PresharedKey={{ .Peer.PresharedKey.Key }} Endpoint={{ .Endpoint }}:{{ .Server.ListenPort }} -PersistentKeepalive={{ .Keepalive }} +PersistentKeepalive={{ .Server.PersistentKeepalive }} {{ if gt (.Server.Network.IPNet.IP | len) 0 -}} AllowedIPs={{ .Server.Network.IPNet.IP }}/{{ .CidrSize }} {{ end -}} @@ -44,7 +44,7 @@ set interfaces wireguard {{ .Wgif }} description {{ .Server.InterfaceName }} {{ end }} set interfaces wireguard {{ .Wgif }} peer {{ .Server.PrivateKey.PublicKey.Key }} endpoint {{ .Endpoint }}:{{ .Server.ListenPort }} -set interfaces wireguard {{ .Wgif }} peer {{ .Server.PrivateKey.PublicKey.Key }} persistent-keepalive {{ .Keepalive }} +set interfaces wireguard {{ .Wgif }} peer {{ .Server.PrivateKey.PublicKey.Key }} persistent-keepalive {{ .Server.PersistentKeepalive }} set interfaces wireguard {{ .Wgif }} peer {{ .Server.PrivateKey.PublicKey.Key }} preshared-key {{ .Peer.PresharedKey.Key }} {{ if gt (.Server.Network.IPNet.IP | len) 0 -}} set interfaces wireguard {{ .Wgif }} peer {{ .Server.PrivateKey.PublicKey.Key }} allowed-ips {{ .Server.Network.IPNet.IP }}/{{ .CidrSize }} @@ -85,7 +85,7 @@ const nixosPeerConf = `networking.wireguard.interfaces = {{ "{" }} {{ end -}} ]; endpoint = "{{ .Endpoint }}:{{ .Server.ListenPort }}"; - persistentKeepalive = {{ .Keepalive }}; + persistentKeepalive = {{ .Server.PersistentKeepalive }}; {{ "}" }} ]; {{ "};" }}