pangolin_mirror/olm
1
0
Fork 0
mirror of https://github.com/fosrl/olm.git synced 2026-02-07 21:46:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename to olm

Browse Source
This commit is contained in:
Owen
2025-02-21 12:31:25 -05:00
parent ad01296c41
commit eb77be09e2
10 changed files with 65 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.dockerignore
View File

@@ -1,6 +1,6 @@
.gitignore .gitignore
.dockerignore .dockerignore
client olm
*.json *.json
README.md README.md
Makefile Makefile

2
.github/workflows/cicd.yml vendored
View File

@@ -36,7 +36,7 @@ jobs:
run: | run: |
TAG=${{ env.TAG }} TAG=${{ env.TAG }}
if [ -f main.go ]; then if [ -f main.go ]; then
sed -i 's/Client version replaceme/Client version '"$TAG"'/' main.go sed -i 's/Olm version replaceme/Olm version '"$TAG"'/' main.go
echo "Updated main.go with version $TAG" echo "Updated main.go with version $TAG"
else else
echo "main.go not found" echo "main.go not found"

2
.gitignore vendored
View File

@@ -1,3 +1,3 @@
client olm
.DS_Store .DS_Store
bin/ bin/

6
Dockerfile
View File

@@ -13,7 +13,7 @@ RUN go mod download
COPY . . COPY . .
# Build the application # Build the application
RUN CGO_ENABLED=0 GOOS=linux go build -o /client RUN CGO_ENABLED=0 GOOS=linux go build -o /olm
# Start a new stage from scratch # Start a new stage from scratch
FROM ubuntu:22.04 AS runner FROM ubuntu:22.04 AS runner
@@ -21,7 +21,7 @@ FROM ubuntu:22.04 AS runner
RUN apt-get update && apt-get install ca-certificates -y && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install ca-certificates -y && rm -rf /var/lib/apt/lists/*
# Copy the pre-built binary file from the previous stage and the entrypoint script # Copy the pre-built binary file from the previous stage and the entrypoint script
COPY --from=builder /client /usr/local/bin/ COPY --from=builder /olm /usr/local/bin/
COPY entrypoint.sh / COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
@@ -30,4 +30,4 @@ RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]
# Command to run the executable # Command to run the executable
CMD ["client"] CMD ["olm"]

28
Makefile
View File

@@ -6,29 +6,29 @@ docker-build-release:
echo "Error: tag is required. Usage: make build-all tag=<tag>"; \ echo "Error: tag is required. Usage: make build-all tag=<tag>"; \
exit 1; \ exit 1; \
fi fi
docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/client:latest -f Dockerfile --push . docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/olm:latest -f Dockerfile --push .
docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/client:$(tag) -f Dockerfile --push . docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/olm:$(tag) -f Dockerfile --push .
build: build:
docker build -t fosrl/client:latest . docker build -t fosrl/olm:latest .
push: push:
docker push fosrl/client:latest docker push fosrl/olm:latest
test: test:
docker run fosrl/client:latest docker run fosrl/olm:latest
local: local:
CGO_ENABLED=0 go build -o client CGO_ENABLED=0 go build -o olm
go-build-release: go-build-release:
CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/client_linux_arm64 CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/olm_linux_arm64
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/client_linux_amd64 CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/olm_linux_amd64
CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/client_darwin_arm64 CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/olm_darwin_arm64
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/client_darwin_amd64 CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/olm_darwin_amd64
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/client_windows_amd64.exe CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/olm_windows_amd64.exe
CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -o bin/client_freebsd_amd64 CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -o bin/olm_freebsd_amd64
CGO_ENABLED=0 GOOS=freebsd GOARCH=arm64 go build -o bin/client_freebsd_arm64 CGO_ENABLED=0 GOOS=freebsd GOARCH=arm64 go build -o bin/olm_freebsd_arm64
clean: clean:
rm client rm olm

44
README.md
View File

@@ -1,10 +1,10 @@
# Client # Olm
Client is a fully user space [WireGuard](https://www.wireguard.com/) tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Client, you don't need to manage complex WireGuard tunnels and NATing. Olm is a fully user space [WireGuard](https://www.wireguard.com/) tunnel olm and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Olm, you don't need to manage complex WireGuard tunnels and NATing.
### Installation and Documentation ### Installation and Documentation
Client is used with Pangolin and Gerbil as part of the larger system. See documentation below: Olm is used with Pangolin and Gerbil as part of the larger system. See documentation below:
- [Installation Instructions](https://docs.fossorial.io) - [Installation Instructions](https://docs.fossorial.io)
- [Full Documentation](https://docs.fossorial.io) - [Full Documentation](https://docs.fossorial.io)
@@ -13,34 +13,34 @@ Client is used with Pangolin and Gerbil as part of the larger system. See docume
<img src="public/screenshots/preview.png" alt="Preview"/> <img src="public/screenshots/preview.png" alt="Preview"/>
_Sample output of a Client container connected to Pangolin and hosting various resource target proxies._ _Sample output of a Olm container connected to Pangolin and hosting various resource target proxies._
## Key Functions ## Key Functions
### Registers with Pangolin ### Registers with Pangolin
Using the Client ID and a secret, the client will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket. Using the Olm ID and a secret, the olm will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.
### Receives WireGuard Control Messages ### Receives WireGuard Control Messages
When Client receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using [netstack](https://github.com/WireGuard/wireguard-go/blob/master/tun/netstack/examples/http_server.go) fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up. When Olm receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using [netstack](https://github.com/WireGuard/wireguard-go/blob/master/tun/netstack/examples/http_server.go) fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up.
### Receives Proxy Control Messages ### Receives Proxy Control Messages
When Client receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets. When Olm receives WireGuard control messages, it will use the information encoded to create a local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.
## CLI Args ## CLI Args
- `endpoint`: The endpoint where both Gerbil and Pangolin reside in order to connect to the websocket. - `endpoint`: The endpoint where both Gerbil and Pangolin reside in order to connect to the websocket.
- `id`: Client ID generated by Pangolin to identify the client. - `id`: Olm ID generated by Pangolin to identify the olm.
- `secret`: A unique secret (not shared and kept private) used to authenticate the client ID with the websocket in order to receive commands. - `secret`: A unique secret (not shared and kept private) used to authenticate the olm ID with the websocket in order to receive commands.
- `dns`: DNS server to use to resolve the endpoint - `dns`: DNS server to use to resolve the endpoint
- `log-level` (optional): The log level to use. Default: INFO - `log-level` (optional): The log level to use. Default: INFO
Example: Example:
```bash ```bash
./client \ ./olm \
--id 31frd0uzbjvp721 \ --id 31frd0uzbjvp721 \
--secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \ --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \
--endpoint https://example.com --endpoint https://example.com
@@ -50,23 +50,23 @@ You can also run it with Docker compose. For example, a service in your `docker-
```yaml ```yaml
services: services:
client: olm:
image: fosrl/client image: fosrl/olm
container_name: client container_name: olm
restart: unless-stopped restart: unless-stopped
environment: environment:
- PANGOLIN_ENDPOINT=https://example.com - PANGOLIN_ENDPOINT=https://example.com
- CLIENT_ID=2ix2t8xk22ubpfy - OLM_ID=2ix2t8xk22ubpfy
- CLIENT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 - OLM_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2
``` ```
You can also pass the CLI args to the container: You can also pass the CLI args to the container:
```yaml ```yaml
services: services:
client: olm:
image: fosrl/client image: fosrl/olm
container_name: client container_name: olm
restart: unless-stopped restart: unless-stopped
command: command:
- --id 31frd0uzbjvp721 - --id 31frd0uzbjvp721
@@ -78,11 +78,11 @@ Finally a basic systemd service:
``` ```
[Unit] [Unit]
Description=Client VPN Client Description=Olm VPN Olm
After=network.target After=network.target
[Service] [Service]
ExecStart=/usr/local/bin/client --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://example.com ExecStart=/usr/local/bin/olm --id 31frd0uzbjvp721 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 --endpoint https://example.com
Restart=always Restart=always
User=root User=root
@@ -90,7 +90,7 @@ User=root
WantedBy=multi-user.target WantedBy=multi-user.target
``` ```
Make sure to `mv ./client /usr/local/bin/client`! Make sure to `mv ./olm /usr/local/bin/olm`!
## Build ## Build
@@ -112,7 +112,7 @@ make local
## Licensing ## Licensing
Client is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us. Olm is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.
## Contributions ## Contributions

10
docker-compose.yml
View File

@@ -1,10 +1,10 @@
services: services:
client: olm:
image: fosrl/client:latest image: fosrl/olm:latest
container_name: client container_name: olm
restart: unless-stopped restart: unless-stopped
environment: environment:
- PANGOLIN_ENDPOINT=https://example.com - PANGOLIN_ENDPOINT=https://example.com
- CLIENT_ID=2ix2t8xk22ubpfy - OLM_ID=2ix2t8xk22ubpfy
- CLIENT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 - OLM_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2
- LOG_LEVEL=DEBUG - LOG_LEVEL=DEBUG

2
entrypoint.sh
View File

@@ -4,7 +4,7 @@ set -e
# first arg is `-f` or `--some-option` # first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then if [ "${1#-}" != "$1" ]; then
set -- client "$@" set -- olm "$@"
fi fi
exec "$@" exec "$@"

2
go.mod
View File

@@ -1,4 +1,4 @@
module github.com/fosrl/client module github.com/fosrl/olm
go 1.23.1 go 1.23.1

32
main.go
View File

@@ -291,10 +291,10 @@ func main() {
reachableAt string reachableAt string
) )
// if PANGOLIN_ENDPOINT, CLIENT_ID, and CLIENT_SECRET are set as environment variables, they will be used as default values // if PANGOLIN_ENDPOINT, OLM_ID, and OLM_SECRET are set as environment variables, they will be used as default values
endpoint = os.Getenv("PANGOLIN_ENDPOINT") endpoint = os.Getenv("PANGOLIN_ENDPOINT")
id = os.Getenv("CLIENT_ID") id = os.Getenv("OLM_ID")
secret = os.Getenv("CLIENT_SECRET") secret = os.Getenv("OLM_SECRET")
mtu = os.Getenv("MTU") mtu = os.Getenv("MTU")
dns = os.Getenv("DNS") dns = os.Getenv("DNS")
logLevel = os.Getenv("LOG_LEVEL") logLevel = os.Getenv("LOG_LEVEL")
@@ -306,10 +306,10 @@ func main() {
flag.StringVar(&endpoint, "endpoint", "", "Endpoint of your pangolin server") flag.StringVar(&endpoint, "endpoint", "", "Endpoint of your pangolin server")
} }
if id == "" { if id == "" {
flag.StringVar(&id, "id", "", "Client ID") flag.StringVar(&id, "id", "", "Olm ID")
} }
if secret == "" { if secret == "" {
flag.StringVar(&secret, "secret", "", "Client secret") flag.StringVar(&secret, "secret", "", "Olm secret")
} }
if mtu == "" { if mtu == "" {
flag.StringVar(&mtu, "mtu", "1280", "MTU to use") flag.StringVar(&mtu, "mtu", "1280", "MTU to use")
@@ -336,7 +336,7 @@ func main() {
flag.Parse() flag.Parse()
if *version { if *version {
fmt.Println("Client version replaceme") fmt.Println("Olm version replaceme")
os.Exit(0) os.Exit(0)
} }
@@ -355,14 +355,14 @@ func main() {
logger.Fatal("Failed to generate private key: %v", err) logger.Fatal("Failed to generate private key: %v", err)
} }
// Create a new client // Create a new olm
client, err := websocket.NewClient( olm, err := websocket.NewOlm(
id, // CLI arg takes precedence id, // CLI arg takes precedence
secret, // CLI arg takes precedence secret, // CLI arg takes precedence
endpoint, endpoint,
) )
if err != nil { if err != nil {
logger.Fatal("Failed to create client: %v", err) logger.Fatal("Failed to create olm: %v", err)
} }
// Create TUN device and network stack // Create TUN device and network stack
@@ -370,16 +370,16 @@ func main() {
var connected bool var connected bool
var wgData WgData var wgData WgData
client.RegisterHandler("client/terminate", func(msg websocket.WSMessage) { olm.RegisterHandler("olm/terminate", func(msg websocket.WSMessage) {
logger.Info("Received terminate message") logger.Info("Received terminate message")
client.Close() olm.Close()
}) })
pingStopChan := make(chan struct{}) pingStopChan := make(chan struct{})
defer close(pingStopChan) defer close(pingStopChan)
// Register handlers for different message types // Register handlers for different message types
client.RegisterHandler("client/wg/connect", func(msg websocket.WSMessage) { olm.RegisterHandler("olm/wg/connect", func(msg websocket.WSMessage) {
logger.Info("Received registration message") logger.Info("Received registration message")
if connected { if connected {
@@ -477,11 +477,11 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub
connected = true connected = true
}) })
client.OnConnect(func() error { olm.OnConnect(func() error {
publicKey := privateKey.PublicKey() publicKey := privateKey.PublicKey()
logger.Debug("Public key: %s", publicKey) logger.Debug("Public key: %s", publicKey)
err := client.SendMessage("client/wg/register", map[string]interface{}{ err := olm.SendMessage("olm/wg/register", map[string]interface{}{
"publicKey": publicKey.String(), "publicKey": publicKey.String(),
}) })
if err != nil { if err != nil {
@@ -494,10 +494,10 @@ persistent_keepalive_interval=5`, fixKey(privateKey.String()), fixKey(wgData.Pub
}) })
// Connect to the WebSocket server // Connect to the WebSocket server
if err := client.Connect(); err != nil { if err := olm.Connect(); err != nil {
logger.Fatal("Failed to connect to server: %v", err) logger.Fatal("Failed to connect to server: %v", err)
} }
defer client.Close() defer olm.Close()
// Wait for interrupt signal // Wait for interrupt signal
sigCh := make(chan os.Signal, 1) sigCh := make(chan os.Signal, 1)