diff --git a/common.go b/common.go new file mode 100644 index 0000000..bd31ea5 --- /dev/null +++ b/common.go @@ -0,0 +1,368 @@ +package main + +import ( + "encoding/base64" + "encoding/hex" + "encoding/json" + "fmt" + "net" + "strconv" + "strings" + "time" + + "github.com/fosrl/newt/logger" + "github.com/fosrl/olm/websocket" + "golang.org/x/exp/rand" + "golang.zx2c4.com/wireguard/conn" + "golang.zx2c4.com/wireguard/device" +) + +type WgData struct { + Endpoint string `json:"endpoint"` + PublicKey string `json:"publicKey"` + ServerIP string `json:"serverIP"` + TunnelIP string `json:"tunnelIP"` + Targets TargetsByType `json:"targets"` +} + +type TargetsByType struct { + UDP []string `json:"udp"` + TCP []string `json:"tcp"` +} + +type TargetData struct { + Targets []string `json:"targets"` +} + +var ( + stopHolepunch chan struct{} + stopRegister chan struct{} +) + +const ( + ENV_WG_TUN_FD = "WG_TUN_FD" + ENV_WG_UAPI_FD = "WG_UAPI_FD" + ENV_WG_PROCESS_FOREGROUND = "WG_PROCESS_FOREGROUND" +) + +type fixedPortBind struct { + port uint16 + conn.Bind +} + +func (b *fixedPortBind) Open(port uint16) ([]conn.ReceiveFunc, uint16, error) { + // Ignore the requested port and use our fixed port + return b.Bind.Open(b.port) +} + +func NewFixedPortBind(port uint16) conn.Bind { + return &fixedPortBind{ + port: port, + Bind: conn.NewDefaultBind(), + } +} + +func fixKey(key string) string { + // Remove any whitespace + key = strings.TrimSpace(key) + + // Decode from base64 + decoded, err := base64.StdEncoding.DecodeString(key) + if err != nil { + logger.Fatal("Error decoding base64") + } + + // Convert to hex + return hex.EncodeToString(decoded) +} + +func parseLogLevel(level string) logger.LogLevel { + switch strings.ToUpper(level) { + case "DEBUG": + return logger.DEBUG + case "INFO": + return logger.INFO + case "WARN": + return logger.WARN + case "ERROR": + return logger.ERROR + case "FATAL": + return logger.FATAL + default: + return logger.INFO // default to INFO if invalid level provided + } +} + +func mapToWireGuardLogLevel(level logger.LogLevel) int { + switch level { + case logger.DEBUG: + return device.LogLevelVerbose + // case logger.INFO: + // return device.LogLevel + case logger.WARN: + return device.LogLevelError + case logger.ERROR, logger.FATAL: + return device.LogLevelSilent + default: + return device.LogLevelSilent + } +} + +func resolveDomain(domain string) (string, error) { + // First handle any protocol prefix + domain = strings.TrimPrefix(strings.TrimPrefix(domain, "https://"), "http://") + + // if there are any trailing slashes, remove them + domain = strings.TrimSuffix(domain, "/") + + // Now split host and port + host, port, err := net.SplitHostPort(domain) + if err != nil { + // No port found, use the domain as is + host = domain + port = "" + } + + // Lookup IP addresses + ips, err := net.LookupIP(host) + if err != nil { + return "", fmt.Errorf("DNS lookup failed: %v", err) + } + + if len(ips) == 0 { + return "", fmt.Errorf("no IP addresses found for domain %s", host) + } + + // Get the first IPv4 address if available + var ipAddr string + for _, ip := range ips { + if ipv4 := ip.To4(); ipv4 != nil { + ipAddr = ipv4.String() + break + } + } + + // If no IPv4 found, use the first IP (might be IPv6) + if ipAddr == "" { + ipAddr = ips[0].String() + } + + // Add port back if it existed + if port != "" { + ipAddr = net.JoinHostPort(ipAddr, port) + } + + return ipAddr, nil +} + +// TODO: we need to send the token with this probably to verify auth +func sendUDPHolePunch(serverAddr string, olmID string, sourcePort uint16) error { + // Bind to specific local port + localAddr := &net.UDPAddr{ + Port: int(sourcePort), + IP: net.IPv4zero, + } + + remoteAddr, err := net.ResolveUDPAddr("udp", serverAddr) + if err != nil { + return fmt.Errorf("failed to resolve UDP address: %v", err) + } + + conn, err := net.ListenUDP("udp", localAddr) + if err != nil { + return fmt.Errorf("failed to bind UDP socket: %v", err) + } + defer conn.Close() + + payload := struct { + OlmID string `json:"olmId"` + }{ + OlmID: olmID, + } + + data, err := json.Marshal(payload) + if err != nil { + return fmt.Errorf("failed to marshal payload: %v", err) + } + + _, err = conn.WriteToUDP(data, remoteAddr) + if err != nil { + return fmt.Errorf("failed to send UDP packet: %v", err) + } + + return nil +} + +func keepSendingUDPHolePunch(endpoint string, olmID string, sourcePort uint16) { + host, err := resolveDomain(endpoint) + if err != nil { + logger.Error("Failed to resolve endpoint: %v", err) + return + } + + // Execute once immediately before starting the loop + if err := sendUDPHolePunch(host+":21820", olmID, sourcePort); err != nil { + logger.Error("Failed to send UDP hole punch: %v", err) + } + + ticker := time.NewTicker(250 * time.Millisecond) + defer ticker.Stop() + + for { + select { + case <-stopHolepunch: + logger.Info("Stopping UDP holepunch") + return + case <-ticker.C: + if err := sendUDPHolePunch(host+":21820", olmID, sourcePort); err != nil { + logger.Error("Failed to send UDP hole punch: %v", err) + } + } + } +} + +func sendRegistration(olm *websocket.Client, publicKey string) error { + err := olm.SendMessage("olm/wg/register", map[string]interface{}{ + "publicKey": publicKey, + }) + if err != nil { + logger.Error("Failed to send registration message: %v", err) + return err + } + logger.Info("Sent registration message") + return nil +} + +func keepSendingRegistration(olm *websocket.Client, publicKey string) { + ticker := time.NewTicker(1 * time.Second) + defer ticker.Stop() + + for { + select { + case <-stopRegister: + logger.Info("Stopping registration messages") + return + case <-ticker.C: + if err := sendRegistration(olm, publicKey); err != nil { + logger.Error("Failed to send periodic registration: %v", err) + } + } + } +} + +func monitorConnection(dev *device.Device, onTimeout func()) { + const ( + checkInterval = 100 * time.Millisecond // Check every 0.1 seconds + timeout = 500 * time.Millisecond // Total timeout of 1.5 seconds + ) + + go func() { + ticker := time.NewTicker(checkInterval) + defer ticker.Stop() + + timeoutTimer := time.NewTimer(timeout) + defer timeoutTimer.Stop() + + // var lastSent uint64 + + for { + select { + case <-ticker.C: + // Get the current device statistics + deviceInfo, err := dev.IpcGet() + if err != nil { + logger.Error("Failed to get device statistics: %v", err) + continue + } + + // Parse the statistics from the IPC output + stats := parseStatistics(deviceInfo) + + logger.Info("Received: %d, Sent: %d", stats.received, stats.sent) + + // Check if we've received any new bytes + if stats.received > 0 { + // Connection is successful, we received data + logger.Info("Connection established - received bytes detected") + return + } + + // Update the last known values + // lastSent = stats.sent + + case <-timeoutTimer.C: + // We've hit our timeout without seeing any received bytes + logger.Warn("Connection timeout - no data received within %v", timeout) + onTimeout() + return + } + } + }() +} + +// statistics holds the parsed byte counts from the device +type statistics struct { + received uint64 + sent uint64 +} + +// parseStatistics extracts the received and sent byte counts from the device info string +func parseStatistics(info string) statistics { + var stats statistics + + // Split the device info into lines + lines := strings.Split(info, "\n") + + // Look for the transfer_receive and transfer_send lines + for _, line := range lines { + if strings.HasPrefix(line, "rx_bytes=") { + valueStr := strings.TrimPrefix(line, "rx_bytes=") + if value, err := strconv.ParseUint(valueStr, 10, 64); err == nil { + stats.received = value + } + } else if strings.HasPrefix(line, "tx_bytes=") { + valueStr := strings.TrimPrefix(line, "tx_bytes=") + if value, err := strconv.ParseUint(valueStr, 10, 64); err == nil { + stats.sent = value + } + } + } + + return stats +} + +func FindAvailableUDPPort(minPort, maxPort uint16) (uint16, error) { + if maxPort < minPort { + return 0, fmt.Errorf("invalid port range: min=%d, max=%d", minPort, maxPort) + } + + // Create a slice of all ports in the range + portRange := make([]uint16, maxPort-minPort+1) + for i := range portRange { + portRange[i] = minPort + uint16(i) + } + + // Fisher-Yates shuffle to randomize the port order + rand.Seed(uint64(time.Now().UnixNano())) + for i := len(portRange) - 1; i > 0; i-- { + j := rand.Intn(i + 1) + portRange[i], portRange[j] = portRange[j], portRange[i] + } + + // Try each port in the randomized order + for _, port := range portRange { + addr := &net.UDPAddr{ + IP: net.ParseIP("127.0.0.1"), + Port: int(port), + } + conn, err := net.ListenUDP("udp", addr) + if err != nil { + continue // Port is in use or there was an error, try next port + } + _ = conn.SetDeadline(time.Now()) + conn.Close() + return port, nil + } + + return 0, fmt.Errorf("no available UDP ports found in range %d-%d", minPort, maxPort) +} diff --git a/main.go b/main.go index 2e2c488..1789106 100644 --- a/main.go +++ b/main.go @@ -1,8 +1,8 @@ +//go:build !windows + package main import ( - "encoding/base64" - "encoding/hex" "encoding/json" "flag" "fmt" @@ -13,17 +13,13 @@ import ( "regexp" "runtime" "strconv" - "strings" "syscall" - "time" "github.com/fosrl/newt/logger" "github.com/fosrl/olm/websocket" "github.com/vishvananda/netlink" - "golang.org/x/exp/rand" "golang.org/x/sys/unix" - "golang.zx2c4.com/wireguard/conn" "golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/ipc" "golang.zx2c4.com/wireguard/tun" @@ -31,144 +27,6 @@ import ( "golang.zx2c4.com/wireguard/wgctrl/wgtypes" ) -type WgData struct { - Endpoint string `json:"endpoint"` - PublicKey string `json:"publicKey"` - ServerIP string `json:"serverIP"` - TunnelIP string `json:"tunnelIP"` - Targets TargetsByType `json:"targets"` -} - -type TargetsByType struct { - UDP []string `json:"udp"` - TCP []string `json:"tcp"` -} - -type TargetData struct { - Targets []string `json:"targets"` -} - -var ( - stopHolepunch chan struct{} - stopRegister chan struct{} -) - -const ( - ENV_WG_TUN_FD = "WG_TUN_FD" - ENV_WG_UAPI_FD = "WG_UAPI_FD" - ENV_WG_PROCESS_FOREGROUND = "WG_PROCESS_FOREGROUND" -) - -type fixedPortBind struct { - port uint16 - conn.Bind -} - -func (b *fixedPortBind) Open(port uint16) ([]conn.ReceiveFunc, uint16, error) { - // Ignore the requested port and use our fixed port - return b.Bind.Open(b.port) -} - -func NewFixedPortBind(port uint16) conn.Bind { - return &fixedPortBind{ - port: port, - Bind: conn.NewDefaultBind(), - } -} - -func fixKey(key string) string { - // Remove any whitespace - key = strings.TrimSpace(key) - - // Decode from base64 - decoded, err := base64.StdEncoding.DecodeString(key) - if err != nil { - logger.Fatal("Error decoding base64") - } - - // Convert to hex - return hex.EncodeToString(decoded) -} - -func parseLogLevel(level string) logger.LogLevel { - switch strings.ToUpper(level) { - case "DEBUG": - return logger.DEBUG - case "INFO": - return logger.INFO - case "WARN": - return logger.WARN - case "ERROR": - return logger.ERROR - case "FATAL": - return logger.FATAL - default: - return logger.INFO // default to INFO if invalid level provided - } -} - -func mapToWireGuardLogLevel(level logger.LogLevel) int { - switch level { - case logger.DEBUG: - return device.LogLevelVerbose - // case logger.INFO: - // return device.LogLevel - case logger.WARN: - return device.LogLevelError - case logger.ERROR, logger.FATAL: - return device.LogLevelSilent - default: - return device.LogLevelSilent - } -} - -func resolveDomain(domain string) (string, error) { - // First handle any protocol prefix - domain = strings.TrimPrefix(strings.TrimPrefix(domain, "https://"), "http://") - - // if there are any trailing slashes, remove them - domain = strings.TrimSuffix(domain, "/") - - // Now split host and port - host, port, err := net.SplitHostPort(domain) - if err != nil { - // No port found, use the domain as is - host = domain - port = "" - } - - // Lookup IP addresses - ips, err := net.LookupIP(host) - if err != nil { - return "", fmt.Errorf("DNS lookup failed: %v", err) - } - - if len(ips) == 0 { - return "", fmt.Errorf("no IP addresses found for domain %s", host) - } - - // Get the first IPv4 address if available - var ipAddr string - for _, ip := range ips { - if ipv4 := ip.To4(); ipv4 != nil { - ipAddr = ipv4.String() - break - } - } - - // If no IPv4 found, use the first IP (might be IPv6) - if ipAddr == "" { - ipAddr = ips[0].String() - } - - // Add port back if it existed - if port != "" { - ipAddr = net.JoinHostPort(ipAddr, port) - } - - return ipAddr, nil -} - // ConfigureInterface configures a network interface with an IP address and brings it up func ConfigureInterface(interfaceName string, wgData WgData) error { var ipAddr string = wgData.TunnelIP @@ -264,218 +122,6 @@ func configureLinux(interfaceName string, ip net.IP, ipNet *net.IPNet) error { return nil } -// TODO: we need to send the token with this probably to verify auth -func sendUDPHolePunch(serverAddr string, olmID string, sourcePort uint16) error { - // Bind to specific local port - localAddr := &net.UDPAddr{ - Port: int(sourcePort), - IP: net.IPv4zero, - } - - remoteAddr, err := net.ResolveUDPAddr("udp", serverAddr) - if err != nil { - return fmt.Errorf("failed to resolve UDP address: %v", err) - } - - conn, err := net.ListenUDP("udp", localAddr) - if err != nil { - return fmt.Errorf("failed to bind UDP socket: %v", err) - } - defer conn.Close() - - payload := struct { - OlmID string `json:"olmId"` - }{ - OlmID: olmID, - } - - data, err := json.Marshal(payload) - if err != nil { - return fmt.Errorf("failed to marshal payload: %v", err) - } - - _, err = conn.WriteToUDP(data, remoteAddr) - if err != nil { - return fmt.Errorf("failed to send UDP packet: %v", err) - } - - return nil -} - -func keepSendingUDPHolePunch(endpoint string, olmID string, sourcePort uint16) { - host, err := resolveDomain(endpoint) - if err != nil { - logger.Error("Failed to resolve endpoint: %v", err) - return - } - - // Execute once immediately before starting the loop - if err := sendUDPHolePunch(host+":21820", olmID, sourcePort); err != nil { - logger.Error("Failed to send UDP hole punch: %v", err) - } - - ticker := time.NewTicker(250 * time.Millisecond) - defer ticker.Stop() - - for { - select { - case <-stopHolepunch: - logger.Info("Stopping UDP holepunch") - return - case <-ticker.C: - if err := sendUDPHolePunch(host+":21820", olmID, sourcePort); err != nil { - logger.Error("Failed to send UDP hole punch: %v", err) - } - } - } -} - -func sendRegistration(olm *websocket.Client, publicKey string) error { - err := olm.SendMessage("olm/wg/register", map[string]interface{}{ - "publicKey": publicKey, - }) - if err != nil { - logger.Error("Failed to send registration message: %v", err) - return err - } - logger.Info("Sent registration message") - return nil -} - -func keepSendingRegistration(olm *websocket.Client, publicKey string) { - ticker := time.NewTicker(1 * time.Second) - defer ticker.Stop() - - for { - select { - case <-stopRegister: - logger.Info("Stopping registration messages") - return - case <-ticker.C: - if err := sendRegistration(olm, publicKey); err != nil { - logger.Error("Failed to send periodic registration: %v", err) - } - } - } -} - -func FindAvailableUDPPort(minPort, maxPort uint16) (uint16, error) { - if maxPort < minPort { - return 0, fmt.Errorf("invalid port range: min=%d, max=%d", minPort, maxPort) - } - - // Create a slice of all ports in the range - portRange := make([]uint16, maxPort-minPort+1) - for i := range portRange { - portRange[i] = minPort + uint16(i) - } - - // Fisher-Yates shuffle to randomize the port order - rand.Seed(uint64(time.Now().UnixNano())) - for i := len(portRange) - 1; i > 0; i-- { - j := rand.Intn(i + 1) - portRange[i], portRange[j] = portRange[j], portRange[i] - } - - // Try each port in the randomized order - for _, port := range portRange { - addr := &net.UDPAddr{ - IP: net.ParseIP("127.0.0.1"), - Port: int(port), - } - conn, err := net.ListenUDP("udp", addr) - if err != nil { - continue // Port is in use or there was an error, try next port - } - _ = conn.SetDeadline(time.Now()) - conn.Close() - return port, nil - } - - return 0, fmt.Errorf("no available UDP ports found in range %d-%d", minPort, maxPort) -} - -func monitorConnection(dev *device.Device, onTimeout func()) { - const ( - checkInterval = 100 * time.Millisecond // Check every 0.1 seconds - timeout = 500 * time.Millisecond // Total timeout of 1.5 seconds - ) - - go func() { - ticker := time.NewTicker(checkInterval) - defer ticker.Stop() - - timeoutTimer := time.NewTimer(timeout) - defer timeoutTimer.Stop() - - // var lastSent uint64 - - for { - select { - case <-ticker.C: - // Get the current device statistics - deviceInfo, err := dev.IpcGet() - if err != nil { - logger.Error("Failed to get device statistics: %v", err) - continue - } - - // Parse the statistics from the IPC output - stats := parseStatistics(deviceInfo) - - logger.Info("Received: %d, Sent: %d", stats.received, stats.sent) - - // Check if we've received any new bytes - if stats.received > 0 { - // Connection is successful, we received data - logger.Info("Connection established - received bytes detected") - return - } - - // Update the last known values - // lastSent = stats.sent - - case <-timeoutTimer.C: - // We've hit our timeout without seeing any received bytes - logger.Warn("Connection timeout - no data received within %v", timeout) - onTimeout() - return - } - } - }() -} - -// statistics holds the parsed byte counts from the device -type statistics struct { - received uint64 - sent uint64 -} - -// parseStatistics extracts the received and sent byte counts from the device info string -func parseStatistics(info string) statistics { - var stats statistics - - // Split the device info into lines - lines := strings.Split(info, "\n") - - // Look for the transfer_receive and transfer_send lines - for _, line := range lines { - if strings.HasPrefix(line, "rx_bytes=") { - valueStr := strings.TrimPrefix(line, "rx_bytes=") - if value, err := strconv.ParseUint(valueStr, 10, 64); err == nil { - stats.received = value - } - } else if strings.HasPrefix(line, "tx_bytes=") { - valueStr := strings.TrimPrefix(line, "tx_bytes=") - if value, err := strconv.ParseUint(valueStr, 10, 64); err == nil { - stats.sent = value - } - } - } - - return stats -} - func main() { var ( endpoint string diff --git a/main_windows.go b/main_windows.go new file mode 100644 index 0000000..6617a14 --- /dev/null +++ b/main_windows.go @@ -0,0 +1,366 @@ +//go:build windows + +package main + +import ( + "encoding/json" + "flag" + "fmt" + "net" + "os" + "os/exec" + "os/signal" + "runtime" + "strconv" + "syscall" + + "github.com/fosrl/newt/logger" + "github.com/fosrl/olm/websocket" + "golang.org/x/sys/windows" + "golang.zx2c4.com/wireguard/device" + "golang.zx2c4.com/wireguard/ipc" + "golang.zx2c4.com/wireguard/tun" + "golang.zx2c4.com/wireguard/wgctrl/wgtypes" +) + +// ConfigureInterface configures a network interface with an IP address and brings it up +func ConfigureInterface(interfaceName string, wgData WgData) error { + var ipAddr string = wgData.TunnelIP + var destIP string = wgData.ServerIP + + if runtime.GOOS == "windows" { + return configureWindows(interfaceName, ipAddr, destIP) + } + + return fmt.Errorf("unsupported operating system: %s", runtime.GOOS) +} + +func configureWindows(interfaceName string, ipAddr, destIP string) error { + logger.Info("Configuring Windows interface: %s", interfaceName) + + // Parse the IP address and network + ip, ipNet, err := net.ParseCIDR(ipAddr) + if err != nil { + return fmt.Errorf("invalid IP address: %v", err) + } + + // Set the IP address using netsh + // Windows uses the 'netsh' command to configure network interfaces + maskBits, _ := ipNet.Mask.Size() + + // create a mask string like 255.255.255.0 from the maskBits + mask := net.CIDRMask(maskBits, 32) + maskIP := net.IP(mask) + + cmd := exec.Command("netsh", "interface", "ipv4", "set", "address", + fmt.Sprintf("name=%s", interfaceName), + "source=static", + fmt.Sprintf("addr=%s", ip.String()), + fmt.Sprintf("mask=%s", maskIP.String())) + + logger.Info("Running command: %v", cmd) + out, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("netsh command failed: %v, output: %s", err, out) + } + + // Add a route to the destination IP + cmd = exec.Command("netsh", "interface", "ipv4", "add", "route", + fmt.Sprintf("%s/32", destIP), + fmt.Sprintf("interface=%s", interfaceName), + "metric=1") + + logger.Info("Running command: %v", cmd) + out, err = cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("netsh route command failed: %v, output: %s", err, out) + } + + return nil +} + +func main() { + var ( + endpoint string + id string + secret string + mtu string + mtuInt int + dns string + privateKey wgtypes.Key + err error + logLevel string + interfaceName string + ) + + stopHolepunch = make(chan struct{}) + stopRegister = make(chan struct{}) + + // Check OS + if runtime.GOOS != "windows" { + fmt.Println("This version of olm is only for Windows systems") + os.Exit(1) + } + + // if PANGOLIN_ENDPOINT, OLM_ID, and OLM_SECRET are set as environment variables, they will be used as default values + endpoint = os.Getenv("PANGOLIN_ENDPOINT") + id = os.Getenv("OLM_ID") + secret = os.Getenv("OLM_SECRET") + mtu = os.Getenv("MTU") + dns = os.Getenv("DNS") + logLevel = os.Getenv("LOG_LEVEL") + interfaceName = os.Getenv("INTERFACE") + + if endpoint == "" { + flag.StringVar(&endpoint, "endpoint", "", "Endpoint of your Pangolin server") + } + if id == "" { + flag.StringVar(&id, "id", "", "Olm ID") + } + if secret == "" { + flag.StringVar(&secret, "secret", "", "Olm secret") + } + if mtu == "" { + flag.StringVar(&mtu, "mtu", "1280", "MTU to use") + } + if dns == "" { + flag.StringVar(&dns, "dns", "8.8.8.8", "DNS server to use") + } + if logLevel == "" { + flag.StringVar(&logLevel, "log-level", "INFO", "Log level (DEBUG, INFO, WARN, ERROR, FATAL)") + } + if interfaceName == "" { + flag.StringVar(&interfaceName, "interface", "olm", "Name of the WireGuard interface") + } + + // do a --version check + version := flag.Bool("version", false, "Print the version") + flag.Parse() + + if *version { + fmt.Println("Olm Windows version replaceme") + os.Exit(0) + } + + logger.Init() + loggerLevel := parseLogLevel(logLevel) + logger.GetLogger().SetLevel(parseLogLevel(logLevel)) + + // parse the mtu string into an int + mtuInt, err = strconv.Atoi(mtu) + if err != nil { + logger.Fatal("Failed to parse MTU: %v", err) + } + + privateKey, err = wgtypes.GeneratePrivateKey() + if err != nil { + logger.Fatal("Failed to generate private key: %v", err) + } + + // Create a new olm + olm, err := websocket.NewClient( + id, // CLI arg takes precedence + secret, // CLI arg takes precedence + endpoint, + ) + if err != nil { + logger.Fatal("Failed to create olm: %v", err) + } + + sourcePort, err := FindAvailableUDPPort(49152, 65535) + if err != nil { + fmt.Printf("Error finding available port: %v\n", err) + os.Exit(1) + } + + // Create TUN device and network stack + var dev *device.Device + var wgData WgData + var uapi net.Listener + var tdev tun.Device + + olm.RegisterHandler("olm/terminate", func(msg websocket.WSMessage) { + logger.Info("Received terminate message") + olm.Close() + }) + + olm.RegisterHandler("olm/wg/update", func(msg websocket.WSMessage) { + jsonData, err := json.Marshal(msg.Data) + if err != nil { + logger.Info("Error marshaling data: %v", err) + return + } + if err := json.Unmarshal(jsonData, &wgData); err != nil { + logger.Info("Error unmarshaling target data: %v", err) + return + } + endpoint, err := resolveDomain(wgData.Endpoint) + if err != nil { + logger.Error("Failed to resolve endpoint: %v", err) + return + } + // Configure WireGuard + config := fmt.Sprintf(`private_key=%s + public_key=%s + allowed_ip=%s/32 + endpoint=%s + persistent_keepalive_interval=1`, fixKey(privateKey.String()), fixKey(wgData.PublicKey), wgData.ServerIP, endpoint) + err = dev.IpcSet(config) + if err != nil { + logger.Error("Failed to configure WireGuard device: %v", err) + } + }) + + // Register handlers for different message types + olm.RegisterHandler("olm/wg/connect", func(msg websocket.WSMessage) { + logger.Info("Received message: %v", msg.Data) + close(stopRegister) + // if there is an existing tunnel then close it + if dev != nil { + logger.Info("Got new message. Closing existing tunnel!") + dev.Close() + } + jsonData, err := json.Marshal(msg.Data) + if err != nil { + logger.Info("Error marshaling data: %v", err) + return + } + if err := json.Unmarshal(jsonData, &wgData); err != nil { + logger.Info("Error unmarshaling target data: %v", err) + return + } + + // Windows-specific TUN device creation + tdev, err = tun.CreateTUN(interfaceName, mtuInt) + if err != nil { + logger.Error("Failed to create TUN device: %v", err) + return + } + + realInterfaceName, err2 := tdev.Name() + if err2 == nil { + interfaceName = realInterfaceName + } + + // Create the WireGuard device + dev = device.NewDevice(tdev, NewFixedPortBind(uint16(sourcePort)), device.NewLogger( + mapToWireGuardLogLevel(loggerLevel), + "wireguard: ", + )) + + // Setup UAPI for Windows + uapi, err = ipc.UAPIListen(interfaceName) + if err != nil { + logger.Error("Failed to listen on uapi socket: %v", err) + os.Exit(1) + } + + errs := make(chan error) + go func() { + for { + conn, err := uapi.Accept() + if err != nil { + errs <- err + return + } + go dev.IpcHandle(conn) + } + }() + logger.Info("UAPI listener started") + + host, err := resolveDomain(wgData.Endpoint) + if err != nil { + logger.Error("Failed to resolve endpoint: %v", err) + return + } + + // Configure WireGuard + config := fmt.Sprintf(`private_key=%s +public_key=%s +allowed_ip=%s/32 +endpoint=%s +persistent_keepalive_interval=1`, fixKey(privateKey.String()), fixKey(wgData.PublicKey), wgData.ServerIP, host) + err = dev.IpcSet(config) + if err != nil { + logger.Error("Failed to configure WireGuard device: %v", err) + } + + // Bring up the device + err = dev.Up() + if err != nil { + logger.Error("Failed to bring up WireGuard device: %v", err) + } + + // Configure the interface + err = ConfigureInterface(realInterfaceName, wgData) + if err != nil { + logger.Error("Failed to configure interface: %v", err) + } + + close(stopHolepunch) + // Monitor the connection for activity + monitorConnection(dev, func() { + host, err := resolveDomain(endpoint) + if err != nil { + logger.Error("Failed to resolve endpoint: %v", err) + return + } + // Configure WireGuard + config := fmt.Sprintf(`private_key=%s +public_key=%s +allowed_ip=%s/32 +endpoint=%s:21820 +persistent_keepalive_interval=1`, fixKey(privateKey.String()), fixKey(wgData.PublicKey), wgData.ServerIP, host) + err = dev.IpcSet(config) + if err != nil { + logger.Error("Failed to configure WireGuard device: %v", err) + } + logger.Info("Adjusted to point to relay!") + }) + logger.Info("WireGuard device created.") + }) + + olm.OnConnect(func() error { + publicKey := privateKey.PublicKey() + logger.Debug("Public key: %s", publicKey) + go keepSendingRegistration(olm, publicKey.String()) + logger.Info("Sent registration message") + return nil + }) + + // start sending UDP hole punch + go keepSendingUDPHolePunch(endpoint, id, sourcePort) + + // Connect to the WebSocket server + if err := olm.Connect(); err != nil { + logger.Fatal("Failed to connect to server: %v", err) + } + defer olm.Close() + + // Wait for interrupt signal + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM, windows.SIGTERM) + <-sigCh + + select { + case <-stopHolepunch: + // Channel already closed, do nothing + default: + close(stopHolepunch) + } + + select { + case <-stopRegister: + // Channel already closed + default: + close(stopRegister) + } + + if uapi != nil { + uapi.Close() + } + + if dev != nil { + dev.Close() + } +}