Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 658ac4034a |
Generated
+1
-36
@@ -2340,7 +2340,6 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "defguard_wireguard_rs"
|
||||
version = "0.3.0"
|
||||
source = "git+https://github.com/DefGuard/wireguard-rs?rev=d40df5c4e598918253682c42c4aa189d0ec2499a#d40df5c4e598918253682c42c4aa189d0ec2499a"
|
||||
dependencies = [
|
||||
"base64 0.21.4",
|
||||
"libc",
|
||||
@@ -5805,19 +5804,6 @@ dependencies = [
|
||||
"tokio",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "netlink-request"
|
||||
version = "1.6.0"
|
||||
dependencies = [
|
||||
"netlink-packet-core 0.7.0",
|
||||
"netlink-packet-generic",
|
||||
"netlink-packet-route 0.17.1",
|
||||
"netlink-packet-utils",
|
||||
"netlink-sys",
|
||||
"nix 0.25.1",
|
||||
"once_cell",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "netlink-sys"
|
||||
version = "0.8.5"
|
||||
@@ -5853,8 +5839,6 @@ dependencies = [
|
||||
"bitflags 1.3.2",
|
||||
"cfg-if",
|
||||
"libc",
|
||||
"memoffset 0.6.5",
|
||||
"pin-utils",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -7644,6 +7628,7 @@ dependencies = [
|
||||
"boringtun",
|
||||
"bytes",
|
||||
"dashmap",
|
||||
"defguard_wireguard_rs",
|
||||
"etherparse",
|
||||
"futures",
|
||||
"ip_network",
|
||||
@@ -7660,7 +7645,6 @@ dependencies = [
|
||||
"thiserror",
|
||||
"tokio",
|
||||
"tokio-tun",
|
||||
"wireguard-control",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -12573,25 +12557,6 @@ dependencies = [
|
||||
"windows-sys 0.48.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wireguard-control"
|
||||
version = "1.6.0"
|
||||
dependencies = [
|
||||
"base64 0.13.1",
|
||||
"hex",
|
||||
"libc",
|
||||
"log",
|
||||
"netlink-packet-core 0.7.0",
|
||||
"netlink-packet-generic",
|
||||
"netlink-packet-route 0.17.1",
|
||||
"netlink-packet-utils",
|
||||
"netlink-packet-wireguard",
|
||||
"netlink-request",
|
||||
"netlink-sys",
|
||||
"rand_core 0.6.4",
|
||||
"x25519-dalek 2.0.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "with_builtin_macros"
|
||||
version = "0.0.3"
|
||||
|
||||
@@ -20,8 +20,7 @@ bincode = "1.3.3"
|
||||
#boringtun = "0.6.0"
|
||||
boringtun = { workspace = true }
|
||||
bytes = "1.5.0"
|
||||
#defguard_wireguard_rs = { git = "https://github.com/DefGuard/wireguard-rs", rev = "d40df5c4e598918253682c42c4aa189d0ec2499a" }
|
||||
wireguard-control = { path = "../../../innernet/wireguard-control" }
|
||||
defguard_wireguard_rs = { path = "../../../wireguard-rs" }
|
||||
dashmap = "5.5.3"
|
||||
etherparse = "0.13.0"
|
||||
futures = "0.3.28"
|
||||
|
||||
+18
-14
@@ -17,30 +17,34 @@ use std::sync::Arc;
|
||||
#[cfg(target_os = "linux")]
|
||||
use nym_tun::tun_device;
|
||||
|
||||
use defguard_wireguard_rs::{host::Peer, InterfaceConfiguration, WGApi, WireguardInterfaceApi};
|
||||
use nym_network_defaults::{WG_PORT, WG_TUN_DEVICE_ADDRESS};
|
||||
use nym_tun::tun_task_channel;
|
||||
use setup::PRIVATE_KEY;
|
||||
use wireguard_control::{Backend, Device, DeviceUpdate, Key, KeyPair, PeerConfigBuilder};
|
||||
|
||||
#[cfg(target_os = "linux")]
|
||||
/// Start wireguard device
|
||||
pub async fn start_wireguard(
|
||||
mut task_client: nym_task::TaskClient,
|
||||
_gateway_client_registry: Arc<GatewayClientRegistry>,
|
||||
) -> Result<(), Box<dyn std::error::Error + Send + Sync + 'static>> {
|
||||
) -> Result<WGApi, Box<dyn std::error::Error + Send + Sync + 'static>> {
|
||||
let ifname = String::from("wg0");
|
||||
let wgapi = WGApi::new(ifname.clone(), false)?;
|
||||
wgapi.create_interface()?;
|
||||
let interface_config = InterfaceConfiguration {
|
||||
name: ifname.clone(),
|
||||
prvkey: PRIVATE_KEY.to_string(),
|
||||
address: WG_TUN_DEVICE_ADDRESS.to_string(),
|
||||
port: WG_PORT as u32,
|
||||
peers: vec![],
|
||||
};
|
||||
wgapi.configure_interface(&interface_config)?;
|
||||
let peer = std::env::var("NYM_PEER_PUBLIC_KEY").expect("NYM_PEER_PUBLIC_KEY must be set");
|
||||
let peer = PeerConfigBuilder::new(&Key::from_base64(&peer).unwrap())
|
||||
.add_allowed_ip("10.1.0.2".parse()?, 32);
|
||||
DeviceUpdate::new()
|
||||
.set_keypair(KeyPair::from_private(
|
||||
Key::from_base64(PRIVATE_KEY).unwrap(),
|
||||
))
|
||||
.set_listen_port(WG_PORT)
|
||||
.add_peer(peer)
|
||||
.apply(&"wg0".parse().unwrap(), Backend::Kernel)
|
||||
.unwrap();
|
||||
let mut peer = Peer::new(peer.as_str().try_into().unwrap());
|
||||
peer.set_allowed_ips(vec!["10.1.0.2".parse().unwrap()]);
|
||||
wgapi.configure_peer(&peer)?;
|
||||
wgapi.configure_peer_routing(&vec![peer.clone()])?;
|
||||
|
||||
tokio::spawn(async move { task_client.recv().await });
|
||||
|
||||
Ok(())
|
||||
Ok(wgapi)
|
||||
}
|
||||
|
||||
+1
-1
@@ -80,7 +80,7 @@ nym-validator-client = { path = "../common/client-libs/validator-client" }
|
||||
nym-ip-packet-router = { path = "../service-providers/ip-packet-router" }
|
||||
|
||||
nym-wireguard = { path = "../common/wireguard", optional = true }
|
||||
defguard_wireguard_rs = { git = "https://github.com/DefGuard/wireguard-rs", rev = "d40df5c4e598918253682c42c4aa189d0ec2499a", optional = true }
|
||||
defguard_wireguard_rs = { path = "../../wireguard-rs", optional = true }
|
||||
|
||||
[dev-dependencies]
|
||||
tower = "0.4.13"
|
||||
|
||||
@@ -201,11 +201,10 @@ impl<St> Gateway<St> {
|
||||
mixnet_handling::Listener::new(listening_address, shutdown).start(connection_handler);
|
||||
}
|
||||
|
||||
#[cfg(target_os = "linux")]
|
||||
async fn start_wireguard(
|
||||
&self,
|
||||
shutdown: TaskClient,
|
||||
) -> Result<(), Box<dyn Error + Send + Sync>> {
|
||||
) -> Result<WGApi, Box<dyn Error + Send + Sync>> {
|
||||
// TODO: possibly we should start the UDP listener and TUN device explicitly here
|
||||
nym_wireguard::start_wireguard(shutdown, Arc::clone(&self.client_registry)).await
|
||||
}
|
||||
@@ -521,8 +520,8 @@ impl<St> Gateway<St> {
|
||||
Arc::new(coconut_verifier),
|
||||
);
|
||||
|
||||
#[cfg(target_os = "linux")]
|
||||
self.start_wireguard(shutdown.subscribe().named("wireguard"))
|
||||
let wg_api = self
|
||||
.start_wireguard(shutdown.subscribe().named("wireguard"))
|
||||
.await
|
||||
.expect("Could not start wireguard");
|
||||
|
||||
@@ -532,6 +531,7 @@ impl<St> Gateway<St> {
|
||||
// that's a nasty workaround, but anyhow errors are generally nicer, especially on exit
|
||||
bail!("{err}")
|
||||
}
|
||||
wg_api.remove_interface()?;
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user