Merge branch 'dev' into jit

2026-03-27 04:56:43 +00:00 · 2026-03-12 16:53:16 -07:00
parent 22cd02ae15 53def4e2f6
commit e326da3d3e
9 changed files with 66 additions and 38 deletions
--- a/olm/connect.go
+++ b/olm/connect.go
@@ -169,10 +169,17 @@ func (o *Olm) handleConnect(msg websocket.WSMessage) {
 		SharedBind:    o.sharedBind,
 		WSClient:      o.websocket,
 		APIServer:     o.apiServer,
+		PublicDNS:     o.tunnelConfig.PublicDNS,
 	})

 	for i := range wgData.Sites {
 		site := wgData.Sites[i]
+
+		if site.PublicKey == "" {
+			logger.Warn("Skipping site %d (%s): no public key available (site may not be connected)", site.SiteId, site.Name)
+			continue
+		}
+
 		var siteEndpoint string
 		// here we are going to take the relay endpoint if it exists which means we requested a relay for this peer
 		if site.RelayEndpoint != "" {
--- a/olm/olm.go
+++ b/olm/olm.go
@@ -33,7 +33,7 @@ type Olm struct {
 	privateKey wgtypes.Key
 	logFile    *os.File

-	registered     bool
+	registered    bool
 	tunnelRunning bool

 	uapiListener net.Listener
@@ -116,7 +116,7 @@ func (o *Olm) initTunnelInfo(clientID string) error {
 	logger.Info("Created shared UDP socket on port %d (refcount: %d)", sourcePort, sharedBind.GetRefCount())

 	// Create the holepunch manager
-	o.holePunchManager = holepunch.NewManager(sharedBind, clientID, "olm", privateKey.PublicKey().String())
+	o.holePunchManager = holepunch.NewManager(sharedBind, clientID, "olm", privateKey.PublicKey().String(), o.tunnelConfig.PublicDNS)

 	return nil
 }
@@ -237,7 +237,7 @@ func (o *Olm) registerAPICallbacks() {
 				tunnelConfig.MTU = 1420
 			}
 			if req.DNS == "" {
-				tunnelConfig.DNS = "9.9.9.9"
+				tunnelConfig.DNS = "8.8.8.8"
 			}
 			// DNSProxyIP has no default - it must be provided if DNS proxy is desired
 			// UpstreamDNS defaults to 8.8.8.8 if not provided
@@ -322,16 +322,23 @@ func (o *Olm) StartTunnel(config TunnelConfig) {
 		logger.Info("Tunnel already running")
 		return
 	}
-	
+
 	// debug print out the whole config
 	logger.Debug("Starting tunnel with config: %+v", config)

 	o.tunnelRunning = true // Also set it here in case it is called externally
 	o.tunnelConfig = config

+	// TODO: we are hardcoding this for now but we should really pull it from the current config of the system
+	if o.tunnelConfig.DNS != "" {
+		o.tunnelConfig.PublicDNS = []string{o.tunnelConfig.DNS + ":53"}
+	} else {
+		o.tunnelConfig.PublicDNS = []string{"8.8.8.8:53"}
+	}
+
 	// Reset terminated status when tunnel starts
 	o.apiServer.SetTerminated(false)
-	
+
 	fingerprint := config.InitialFingerprint
 	if fingerprint == nil {
 		fingerprint = make(map[string]any)
@@ -343,7 +350,7 @@ func (o *Olm) StartTunnel(config TunnelConfig) {
 	}

 	o.SetFingerprint(fingerprint)
-	o.SetPostures(postures)	
+	o.SetPostures(postures)

 	// Create a cancellable context for this tunnel process
 	tunnelCtx, cancel := context.WithCancel(o.olmCtx)
@@ -418,7 +425,7 @@ func (o *Olm) StartTunnel(config TunnelConfig) {

 		if o.registered {
 			o.websocket.StartPingMonitor()
-			
+
 			logger.Debug("Already registered, skipping registration")
 			return nil
 		}
--- a/olm/peer.go
+++ b/olm/peer.go
@@ -43,6 +43,11 @@ func (o *Olm) handleWgPeerAdd(msg websocket.WSMessage) {
 		}
 		o.peerSendMu.Unlock()
 	}
+	
+	if siteConfigMsg.PublicKey == "" {
+		logger.Warn("Skipping add-peer for site %d (%s): no public key available (site may not be connected)", siteConfigMsg.SiteId, siteConfigMsg.Name)
+		return
+	}

 	_ = o.holePunchManager.TriggerHolePunch() // Trigger immediate hole punch attempt so that if the peer decides to relay we have already punched close to when we need it

@@ -184,7 +189,8 @@ func (o *Olm) handleWgPeerRelay(msg websocket.WSMessage) {
 		monitor.CancelRelaySend(relayData.ChainId)
 	}

-	primaryRelay, err := util.ResolveDomain(relayData.RelayEndpoint)
+	primaryRelay, err := util.ResolveDomainUpstream(relayData.RelayEndpoint, o.tunnelConfig.PublicDNS)
+	
 	if err != nil {
 		logger.Error("Failed to resolve primary relay endpoint: %v", err)
 		return
@@ -224,7 +230,8 @@ func (o *Olm) handleWgPeerUnrelay(msg websocket.WSMessage) {
 		monitor.CancelRelaySend(relayData.ChainId)
 	}

-	primaryRelay, err := util.ResolveDomain(relayData.Endpoint)
+	primaryRelay, err := util.ResolveDomainUpstream(relayData.Endpoint, o.tunnelConfig.PublicDNS)
+	
 	if err != nil {
 		logger.Warn("Failed to resolve primary relay endpoint: %v", err)
 	}
--- a/olm/types.go
+++ b/olm/types.go
@@ -61,6 +61,7 @@ type TunnelConfig struct {
 	MTU           int
 	DNS           string
 	UpstreamDNS   []string
+	PublicDNS   []string
 	InterfaceName string

 	// Advanced