diff --git a/.dockerignore b/.dockerignore index 16e21ed..df8d8ae 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,6 @@ .gitignore .dockerignore -client +olm *.json README.md Makefile diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a48894a..20f5df7 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -36,7 +36,7 @@ jobs: run: | TAG=${{ env.TAG }} if [ -f main.go ]; then - sed -i 's/Client version replaceme/Client version '"$TAG"'/' main.go + sed -i 's/Olm version replaceme/Olm version '"$TAG"'/' main.go echo "Updated main.go with version $TAG" else echo "main.go not found" diff --git a/.gitignore b/.gitignore index a2c4eb9..6a52691 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -client +olm .DS_Store bin/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c4851aa..f3dddb3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN go mod download COPY . . # Build the application -RUN CGO_ENABLED=0 GOOS=linux go build -o /client +RUN CGO_ENABLED=0 GOOS=linux go build -o /olm # Start a new stage from scratch FROM ubuntu:22.04 AS runner @@ -21,7 +21,7 @@ FROM ubuntu:22.04 AS runner RUN apt-get update && apt-get install ca-certificates -y && rm -rf /var/lib/apt/lists/* # Copy the pre-built binary file from the previous stage and the entrypoint script -COPY --from=builder /client /usr/local/bin/ +COPY --from=builder /olm /usr/local/bin/ COPY entrypoint.sh / RUN chmod +x /entrypoint.sh @@ -30,4 +30,4 @@ RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] # Command to run the executable -CMD ["client"] \ No newline at end of file +CMD ["olm"] \ No newline at end of file diff --git a/Makefile b/Makefile index a60772e..2f0f982 100644 --- a/Makefile +++ b/Makefile @@ -6,29 +6,29 @@ docker-build-release: echo "Error: tag is required. Usage: make build-all tag="; \ exit 1; \ fi - docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/client:latest -f Dockerfile --push . - docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/client:$(tag) -f Dockerfile --push . + docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/olm:latest -f Dockerfile --push . + docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/olm:$(tag) -f Dockerfile --push . build: - docker build -t fosrl/client:latest . + docker build -t fosrl/olm:latest . push: - docker push fosrl/client:latest + docker push fosrl/olm:latest test: - docker run fosrl/client:latest + docker run fosrl/olm:latest local: - CGO_ENABLED=0 go build -o client + CGO_ENABLED=0 go build -o olm go-build-release: - CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/client_linux_arm64 - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/client_linux_amd64 - CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/client_darwin_arm64 - CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/client_darwin_amd64 - CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/client_windows_amd64.exe - CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -o bin/client_freebsd_amd64 - CGO_ENABLED=0 GOOS=freebsd GOARCH=arm64 go build -o bin/client_freebsd_arm64 + CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/olm_linux_arm64 + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/olm_linux_amd64 + CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/olm_darwin_arm64 + CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/olm_darwin_amd64 + CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/olm_windows_amd64.exe + CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -o bin/olm_freebsd_amd64 + CGO_ENABLED=0 GOOS=freebsd GOARCH=arm64 go build -o bin/olm_freebsd_arm64 clean: - rm client + rm olm diff --git a/README.md b/README.md index 5b53779..848f302 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ -# Client +# Olm -Client is a fully user space [WireGuard](https://www.wireguard.com/) tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Client, you don't need to manage complex WireGuard tunnels and NATing. +Olm is a fully user space [WireGuard](https://www.wireguard.com/) tunnel olm and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Olm, you don't need to manage complex WireGuard tunnels and NATing. ### Installation and Documentation -Client is used with Pangolin and Gerbil as part of the larger system. See documentation below: +Olm is used with Pangolin and Gerbil as part of the larger system. See documentation below: - [Installation Instructions](https://docs.fossorial.io) - [Full Documentation](https://docs.fossorial.io) @@ -13,34 +13,34 @@ Client is used with Pangolin and Gerbil as part of the larger system. See docume Preview -_Sample output of a Client container connected to Pangolin and hosting various resource target proxies._ +_Sample output of a Olm container connected to Pangolin and hosting various resource target proxies._ ## Key Functions ### Registers with Pangolin -Using the Client ID and a secret, the client will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket. +Using the Olm ID and a secret, the olm will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket. ### Receives WireGuard Control Messages -When Client receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using [netstack](https://github.com/WireGuard/wireguard-go/blob/master/tun/netstack/examples/http_server.go) fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up. +When Olm receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using [netstack](https://github.com/WireGuard/wireguard-go/blob/master/tun/netstack/examples/http_server.go) fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up. ### Receives Proxy Control Messages -When Client receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets. +When Olm receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets. ## CLI Args - `endpoint`: The endpoint where both Gerbil and Pangolin reside in order to connect to the websocket. -- `id`: Client ID generated by Pangolin to identify the client. -- `secret`: A unique secret (not shared and kept private) used to authenticate the client ID with the websocket in order to receive commands. +- `id`: Olm ID generated by Pangolin to identify the olm. +- `secret`: A unique secret (not shared and kept private) used to authenticate the olm ID with the websocket in order to receive commands. - `dns`: DNS server to use to resolve the endpoint - `log-level` (optional): The log level to use. Default: INFO Example: ```bash -./client \ +./olm \ --id 31frd0uzbjvp721 \ --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \ --endpoint https://example.com @@ -50,23 +50,23 @@ You can also run it with Docker compose. For example, a service in your `docker- ```yaml services: - client: - image: fosrl/client - container_name: client + olm: + image: fosrl/olm + container_name: olm restart: unless-stopped environment: - PANGOLIN_ENDPOINT=https://example.com - - CLIENT_ID=2ix2t8xk22ubpfy - - CLIENT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 + - OLM_ID=2ix2t8xk22ubpfy + - OLM_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 ``` You can also pass the CLI args to the container: ```yaml services: - client: - image: fosrl/client - container_name: client + olm: + image: fosrl/olm + container_name: olm restart: unless-stopped command: - --id 31frd0uzbjvp721 @@ -78,11 +78,11 @@ Finally a basic systemd service: ``` [Unit] -Description=Client VPN Client +Description=Olm VPN Olm After=network.target [Service] -ExecStart=/usr/local/bin/client --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://example.com +ExecStart=/usr/local/bin/olm --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://example.com Restart=always User=root @@ -90,7 +90,7 @@ User=root WantedBy=multi-user.target ``` -Make sure to `mv ./client /usr/local/bin/client`! +Make sure to `mv ./olm /usr/local/bin/olm`! ## Build @@ -112,7 +112,7 @@ make local ## Licensing -Client is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us. +Olm is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us. ## Contributions diff --git a/docker-compose.yml b/docker-compose.yml index 49e364b..b63cf27 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,10 @@ services: - client: - image: fosrl/client:latest - container_name: client + olm: + image: fosrl/olm:latest + container_name: olm restart: unless-stopped environment: - PANGOLIN_ENDPOINT=https://example.com - - CLIENT_ID=2ix2t8xk22ubpfy - - CLIENT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 + - OLM_ID=2ix2t8xk22ubpfy + - OLM_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 - LOG_LEVEL=DEBUG \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 57ca6fa..5ca3dda 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,7 +4,7 @@ set -e # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then - set -- client "$@" + set -- olm "$@" fi exec "$@" \ No newline at end of file diff --git a/go.mod b/go.mod index 660fb89..da5328e 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/fosrl/client +module github.com/fosrl/olm go 1.23.1 diff --git a/main.go b/main.go index 0435f65..4076739 100644 --- a/main.go +++ b/main.go @@ -291,10 +291,10 @@ func main() { reachableAt string ) - // if PANGOLIN_ENDPOINT, CLIENT_ID, and CLIENT_SECRET are set as environment variables, they will be used as default values + // if PANGOLIN_ENDPOINT, OLM_ID, and OLM_SECRET are set as environment variables, they will be used as default values endpoint = os.Getenv("PANGOLIN_ENDPOINT") - id = os.Getenv("CLIENT_ID") - secret = os.Getenv("CLIENT_SECRET") + id = os.Getenv("OLM_ID") + secret = os.Getenv("OLM_SECRET") mtu = os.Getenv("MTU") dns = os.Getenv("DNS") logLevel = os.Getenv("LOG_LEVEL") @@ -306,10 +306,10 @@ func main() { flag.StringVar(&endpoint, "endpoint", "", "Endpoint of your pangolin server") } if id == "" { - flag.StringVar(&id, "id", "", "Client ID") + flag.StringVar(&id, "id", "", "Olm ID") } if secret == "" { - flag.StringVar(&secret, "secret", "", "Client secret") + flag.StringVar(&secret, "secret", "", "Olm secret") } if mtu == "" { flag.StringVar(&mtu, "mtu", "1280", "MTU to use") @@ -336,7 +336,7 @@ func main() { flag.Parse() if *version { - fmt.Println("Client version replaceme") + fmt.Println("Olm version replaceme") os.Exit(0) } @@ -355,14 +355,14 @@ func main() { logger.Fatal("Failed to generate private key: %v", err) } - // Create a new client - client, err := websocket.NewClient( + // Create a new olm + olm, err := websocket.NewOlm( id, // CLI arg takes precedence secret, // CLI arg takes precedence endpoint, ) if err != nil { - logger.Fatal("Failed to create client: %v", err) + logger.Fatal("Failed to create olm: %v", err) } // Create TUN device and network stack @@ -370,16 +370,16 @@ func main() { var connected bool var wgData WgData - client.RegisterHandler("client/terminate", func(msg websocket.WSMessage) { + olm.RegisterHandler("olm/terminate", func(msg websocket.WSMessage) { logger.Info("Received terminate message") - client.Close() + olm.Close() }) pingStopChan := make(chan struct{}) defer close(pingStopChan) // Register handlers for different message types - client.RegisterHandler("client/wg/connect", func(msg websocket.WSMessage) { + olm.RegisterHandler("olm/wg/connect", func(msg websocket.WSMessage) { logger.Info("Received registration message") if connected { @@ -477,11 +477,11 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub connected = true }) - client.OnConnect(func() error { + olm.OnConnect(func() error { publicKey := privateKey.PublicKey() logger.Debug("Public key: %s", publicKey) - err := client.SendMessage("client/wg/register", map[string]interface{}{ + err := olm.SendMessage("olm/wg/register", map[string]interface{}{ "publicKey": publicKey.String(), }) if err != nil { @@ -494,10 +494,10 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub }) // Connect to the WebSocket server - if err := client.Connect(); err != nil { + if err := olm.Connect(); err != nil { logger.Fatal("Failed to connect to server: %v", err) } - defer client.Close() + defer olm.Close() // Wait for interrupt signal sigCh := make(chan os.Signal, 1)