Remove container stuff for now

Former-commit-id: 6c41e3f3f6

.dockerignore

@@ -1,6 +1,6 @@
 .gitignore
 .dockerignore
-newt
+olm
 *.json
 README.md
 Makefile

.github/dependabot.yml

@@ -0,0 +1,35 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    groups:
+      dev-patch-updates:
+        dependency-type: "development"
+        update-types:
+          - "patch"
+      dev-minor-updates:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+      prod-patch-updates:
+        dependency-type: "production"
+        update-types:
+          - "patch"
+      prod-minor-updates:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    groups:
+      patch-updates:
+        update-types:
+          - "patch"
+      minor-updates:
+        update-types:
+          - "minor"

.github/workflows/cicd.yml

@@ -0,0 +1,44 @@
+name: CI/CD Pipeline
+
+on:
+    push:
+        tags:
+            - "*"
+
+jobs:
+    release:
+        name: Build and Release
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v3
+
+            - name: Extract tag name
+              id: get-tag
+              run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+
+            - name: Install Go
+              uses: actions/setup-go@v4
+              with:
+                  go-version: 1.24
+
+            - name: Update version in main.go
+              run: |
+                  TAG=${{ env.TAG }}
+                  if [ -f main.go ]; then
+                    sed -i 's/version_replaceme/'"$TAG"'/' main.go
+                    echo "Updated main.go with version $TAG"
+                  else
+                    echo "main.go not found"
+                  fi
+
+            - name: Build binaries
+              run: |
+                  make go-build-release
+
+            - name: Upload artifacts from /bin
+              uses: actions/upload-artifact@v4
+              with:
+                  name: binaries
+                  path: bin/

.github/workflows/test.yml

@@ -0,0 +1,25 @@
+name: Run Tests
+
+on:
+  pull_request:
+    branches:
+      - main
+      - dev
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.24'
+
+      - name: Build go
+        run: go build
+
+      - name: Build binaries
+        run: make go-build-release

.gitignore

@@ -1 +1,3 @@
-newt
+olm
+.DS_Store
+bin/

.go-version

@@ -0,0 +1 @@
+1.24

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23.1-alpine AS builder
+FROM golang:1.24-alpine AS builder
 
 # Set the working directory inside the container
 WORKDIR /app
@@ -13,15 +13,15 @@ RUN go mod download
 COPY . .
 
 # Build the application
-RUN CGO_ENABLED=0 GOOS=linux go build -o /newt
+RUN CGO_ENABLED=0 GOOS=linux go build -o /olm
 
 # Start a new stage from scratch
-FROM ubuntu:22.04 AS runner
+FROM ubuntu:24.04 AS runner
 
 RUN apt-get update && apt-get install ca-certificates -y  && rm -rf /var/lib/apt/lists/*
 
 # Copy the pre-built binary file from the previous stage and the entrypoint script
-COPY --from=builder /newt /usr/local/bin/
+COPY --from=builder /olm /usr/local/bin/
 COPY entrypoint.sh /
 
 RUN chmod +x /entrypoint.sh
@@ -30,4 +30,4 @@ RUN chmod +x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 
 # Command to run the executable
-CMD ["newt"]
+CMD ["olm"]

Makefile

@@ -1,17 +1,15 @@
 
-all: build push
-
-build:
-	docker build -t fosrl/newt:latest .
-
-push:
-	docker push fosrl/newt:latest
-
-test:
-	docker run fosrl/newt:latest
+all: go-build-release 
 
 local: 
-	 CGO_ENABLED=0 go build -o newt
+	CGO_ENABLED=0 go build -o olm
 
+go-build-release:
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/olm_linux_arm64
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/olm_linux_amd64
+	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/olm_darwin_arm64
+	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/olm_darwin_amd64
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/olm_windows_amd64.exe
+	
 clean:
-	rm newt
+	rm olm

README.md

@@ -1,89 +1,231 @@
-# Newt
+# Olm
 
-Newt is a fully user space [WireGuard](https://www.wireguard.com/) tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing.
+Olm is a [WireGuard](https://www.wireguard.com/) tunnel client designed to securely connect your computer to Newt sites running on remote networks.
 
 ### Installation and Documentation
 
-Newt is used with Pangolin and Gerbil as part of the larger system. See documentation below:
+Olm is used with Pangolin and Newt as part of the larger system. See documentation below:
 
--   [Installation Instructions](https://docs.fossorial.io)
 -   [Full Documentation](https://docs.fossorial.io)
 
-## Preview
-
-<img src="public/screenshots/preview.png" alt="Preview"/>
-
-_Sample output of a Newt container connected to Pangolin and hosting various resource target proxies._
-
 ## Key Functions
 
 ### Registers with Pangolin
 
-Using the Newt ID and a secret the client will make HTTP requests to Pangolin to receive a session token. Using that token it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.
+Using the Olm ID and a secret, the olm will make HTTP requests to Pangolin to receive a session token. Using that token, it will connect to a websocket and maintain that connection. Control messages will be sent over the websocket.
 
 ### Receives WireGuard Control Messages
 
-When Newt receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel using [netstack](https://github.com/WireGuard/wireguard-go/blob/master/tun/netstack/examples/http_server.go) fully in user space. It will ping over the tunnel to ensure the peer on the Gerbil side is brought up. 
-
-### Receives Proxy Control Messages
-
-When Newt receives WireGuard control messages, it will use the information encoded to crate local low level TCP and UDP proxies attached to the virtual tunnel in order to relay traffic to programmed targets.
+When Olm receives WireGuard control messages, it will use the information encoded (endpoint, public key) to bring up a WireGuard tunnel on your computer to a remote Newt. It will ping over the tunnel to ensure the peer is brought up.
 
 ## CLI Args
 
-- `endpoint`: The endpoint where both Gerbil and Pangolin reside in order to connect to the websocket.
-- `id`: Newt ID generated by Pangolin to identify the client.
-- `secret`: A unique secret (not shared and kept private) used to authenticate the client ID with the websocket in order to receive commands. 
-- `dns`: DNS server to use to resolve the endpoint
-- `log-level` (optional): The log level to use. Default: INFO
+-   `endpoint`: The endpoint where both Gerbil and Pangolin reside in order to connect to the websocket.
+-   `id`: Olm ID generated by Pangolin to identify the olm.
+-   `secret`: A unique secret (not shared and kept private) used to authenticate the olm ID with the websocket in order to receive commands.
+-   `mtu` (optional): MTU for the internal WG interface. Default: 1280
+-   `dns` (optional): DNS server to use to resolve the endpoint. Default: 8.8.8.8
+-   `log-level` (optional): The log level to use (DEBUG, INFO, WARN, ERROR, FATAL). Default: INFO
+-   `ping-interval` (optional): Interval for pinging the server. Default: 3s
+-   `ping-timeout` (optional): Timeout for each ping. Default: 5s
+-   `interface` (optional): Name of the WireGuard interface. Default: olm
+-   `enable-http` (optional): Enable HTTP server for receiving connection requests. Default: false
+-   `http-addr` (optional): HTTP server address (e.g., ':9452'). Default: :9452
+-   `holepunch` (optional): Enable hole punching. Default: false
+
+## Environment Variables
+
+All CLI arguments can also be set via environment variables:
+
+-   `PANGOLIN_ENDPOINT`: Equivalent to `--endpoint`
+-   `OLM_ID`: Equivalent to `--id`
+-   `OLM_SECRET`: Equivalent to `--secret`
+-   `MTU`: Equivalent to `--mtu`
+-   `DNS`: Equivalent to `--dns`
+-   `LOG_LEVEL`: Equivalent to `--log-level`
+-   `INTERFACE`: Equivalent to `--interface`
+-   `HTTP_ADDR`: Equivalent to `--http-addr`
+-   `PING_INTERVAL`: Equivalent to `--ping-interval`
+-   `PING_TIMEOUT`: Equivalent to `--ping-timeout`
+-   `HOLEPUNCH`: Set to "true" to enable hole punching (equivalent to `--holepunch`)
 
 Example:
 
 ```bash
-./newt \
+olm \
 --id 31frd0uzbjvp721 \
 --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 \
 --endpoint https://example.com
 ```
 
-You can also run it with Docker compose. For example, a service in your `docker-compose.yml` might look like this using environment vars (recommended):
+## Hole Punching
 
-```yaml
-services:
-  newt:
-    image: fosrl/newt
-    container_name: newt
-    restart: unless-stopped
-    environment:
-      - PANGOLIN_ENDPOINT=https://example.com
-      - NEWT_ID=2ix2t8xk22ubpfy 
-      - NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 
+In the default mode, olm "relays" traffic through Gerbil in the cloud to get down to newt. This is a little more reliable. Support for NAT hole punching is also EXPERIMENTAL right now using the `--holepunch` flag. This will attempt to orchestrate a NAT hole punch between the two sites so that traffic flows directly. This will save data costs and speed. If it fails it should fall back to relaying.
+
+Right now, basic NAT hole punching is supported. We plan to add:
+
+-   [ ] Birthday paradox
+-   [ ] UPnP
+-   [ ] LAN detection
+
+## Windows Service
+
+On Windows, olm has to be installed and run as a Windows service. When running it with the cli args live above it will attempt to install and run the service to function like a cli tool. You can also run the following:
+
+### Service Management Commands
+
+```
+# Install the service
+olm.exe install
+
+# Start the service
+olm.exe start
+
+# Stop the service
+olm.exe stop
+
+# Check service status
+olm.exe status
+
+# Remove the service
+olm.exe remove
+
+# Run in debug mode (console output) with our without id & secret
+olm.exe debug
+
+# Show help
+olm.exe help
 ```
 
-You can also pass the CLI args to the container:
+### Service Configuration
 
-```yaml
-services:
-  newt:
-    image: fosrl/newt
-    container_name: newt
-    restart: unless-stopped
-    command:
-        - --id 31frd0uzbjvp721
-        - --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6
-        - --endpoint https://example.com
+When running as a service, Olm will read configuration from environment variables or you can modify the service to include command-line arguments:
+
+1. Install the service: `olm.exe install`
+2. Configure the service with your credentials using Windows Service Manager or by setting system environment variables:
+    - `PANGOLIN_ENDPOINT=https://example.com`
+    - `OLM_ID=your_olm_id`
+    - `OLM_SECRET=your_secret`
+3. Start the service: `olm.exe start`
+
+### Service Logs
+
+When running as a service, logs are written to:
+
+-   Windows Event Log (Application log, source: "OlmWireguardService")
+-   Log files in: `%PROGRAMDATA%\olm\logs\olm.log`
+
+You can view the Windows Event Log using Event Viewer or PowerShell:
+
+```powershell
+Get-EventLog -LogName Application -Source "OlmWireguardService" -Newest 10
+```
+
+## HTTP Endpoints
+
+Olm can be controlled with an embedded http server when using `--enable-http`. This allows you to start it as a daemon and trigger it with the following endpoints:
+
+### POST /connect
+Initiates a new connection request.
+
+**Request Body:**
+```json
+{
+  "id": "string",
+  "secret": "string", 
+  "endpoint": "string"
+}
+```
+
+**Required Fields:**
+- `id`: Connection identifier
+- `secret`: Authentication secret
+- `endpoint`: Target endpoint URL
+
+**Response:**
+- **Status Code:** `202 Accepted`
+- **Content-Type:** `application/json`
+
+```json
+{
+  "status": "connection request accepted"
+}
+```
+
+**Error Responses:**
+- `405 Method Not Allowed` - Non-POST requests
+- `400 Bad Request` - Invalid JSON or missing required fields
+
+### GET /status
+Returns the current connection status and peer information.
+
+**Response:**
+- **Status Code:** `200 OK`
+- **Content-Type:** `application/json`
+
+```json
+{
+  "status": "connected",
+  "connected": true,
+  "tunnelIP": "100.89.128.3/20",
+  "version": "version_replaceme",
+  "peers": {
+    "10": {
+      "siteId": 10,
+      "connected": true,
+      "rtt": 145338339,
+      "lastSeen": "2025-08-13T14:39:17.208334428-07:00",
+      "endpoint": "p.fosrl.io:21820",
+      "isRelay": true
+    },
+    "8": {
+      "siteId": 8,
+      "connected": false,
+      "rtt": 0,
+      "lastSeen": "2025-08-13T14:39:19.663823645-07:00",
+      "endpoint": "p.fosrl.io:21820",
+      "isRelay": true
+    }
+  }
+}
+```
+
+**Fields:**
+- `status`: Overall connection status ("connected" or "disconnected")
+- `connected`: Boolean connection state
+- `tunnelIP`: IP address and subnet of the tunnel (when connected)
+- `version`: Olm version string
+- `peers`: Map of peer statuses by site ID
+  - `siteId`: Peer site identifier
+  - `connected`: Boolean peer connection state
+  - `rtt`: Peer round-trip time (integer, nanoseconds)
+  - `lastSeen`: Last time peer was seen (RFC3339 timestamp)
+  - `endpoint`: Peer endpoint address
+  - `isRelay`: Whether the peer is relayed (true) or direct (false)
+
+**Error Responses:**
+- `405 Method Not Allowed` - Non-GET requests
+
+## Usage Examples
+
+### Connect to a peer
+```bash
+curl -X POST http://localhost:8080/connect \
+  -H "Content-Type: application/json" \
+  -d '{
+    "id": "31frd0uzbjvp721",
+    "secret": "h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6",
+    "endpoint": "https://example.com"
+  }'
+```
+
+### Check connection status
+```bash
+curl http://localhost:8080/status
 ```
 
 ## Build
 
-### Container 
-
-Ensure Docker is installed.
-
-```bash
-make
-```
-
 ### Binary
 
 Make sure to have Go 1.23.1 installed.
@@ -94,8 +236,8 @@ make local
 
 ## Licensing
 
-Newt is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.
+Olm is dual licensed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.
 
 ## Contributions
 
-Please see [CONTRIBUTIONS](./CONTRIBUTING.md) in the repository for guidelines and best practices.
+Please see [CONTRIBUTIONS](./CONTRIBUTING.md) in the repository for guidelines and best practices.

SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+If you discover a security vulnerability, please follow the steps below to responsibly disclose it to us:
+
+1. **Do not create a public GitHub issue or discussion post.** This could put the security of other users at risk.
+2. Send a detailed report to [security@fossorial.io](mailto:security@fossorial.io) or send a **private** message to a maintainer on [Discord](https://discord.gg/HCJR8Xhme4). Include:
+
+- Description and location of the vulnerability.
+- Potential impact of the vulnerability.
+- Steps to reproduce the vulnerability.
+- Potential solutions to fix the vulnerability.
+- Your name/handle and a link for recognition (optional).
+
+We aim to address the issue as soon as possible.

docker-compose.yml

@@ -1,9 +0,0 @@
-services:
-  newt:
-    image: fosrl/newt:latest
-    container_name: newt
-    restart: unless-stopped
-    environment:
-      - PANGOLIN_ENDPOINT=https://example.com
-      - NEWT_ID=2ix2t8xk22ubpfy 
-      - NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 

entrypoint.sh

@@ -4,7 +4,7 @@ set -e
 
 # first arg is `-f` or `--some-option`
 if [ "${1#-}" != "$1" ]; then
-    set -- newt "$@"
+    set -- olm "$@"
 fi
 
 exec "$@"

go.mod

@@ -1,19 +1,22 @@
-module github.com/fosrl/newt
+module github.com/fosrl/olm
 
-go 1.23.1
-
-toolchain go1.23.2
-
-require golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173
+go 1.24
 
 require (
-	github.com/google/btree v1.1.2 // indirect
-	github.com/gorilla/websocket v1.5.3 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
-	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
-	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 // indirect
-	gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 // indirect
+	github.com/fosrl/newt v0.0.0-20250730062419-3ccd755d557a
+	github.com/vishvananda/netlink v1.3.1
+	golang.org/x/crypto v0.41.0
+	golang.org/x/exp v0.0.0-20250718183923-645b1fa84792
+	golang.org/x/sys v0.35.0
+	golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb
+	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10
+)
+
+require (
+	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/vishvananda/netns v0.0.5 // indirect
+	golang.org/x/net v0.42.0 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
+	gvisor.dev/gvisor v0.0.0-20250718192347-d7830d968c56 // indirect
+	software.sslmate.com/src/go-pkcs12 v0.6.0 // indirect
 )

go.sum

@@ -1,20 +1,34 @@
-github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
-github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/fosrl/newt v0.0.0-20250730062419-3ccd755d557a h1:bUGN4piHlcqgfdRLrwqiLZZxgcitzBzNDQS1+CHSmJI=
+github.com/fosrl/newt v0.0.0-20250730062419-3ccd755d557a/go.mod h1:PbiPYp1hbL07awrmbqTSTz7lTenieTHN6cIkUVCGD3I=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0=
+github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4=
+github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
+github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
+golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 h1:R9PFI6EUdfVKgwKjZef7QIwGcBKu86OEFpJ9nUEP2l4=
+golang.org/x/exp v0.0.0-20250718183923-645b1fa84792/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc=
+golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
+golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
-golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 h1:/jFs0duh4rdb8uIfPMv78iAJGcPKDeqAFnaLBropIC4=
-golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 h1:CawjfCvYQH2OU3/TnxLx97WDSUDRABfT18pCOYwc2GE=
-golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6/go.mod h1:3rxYc4HtVcSG9gVaTs2GEBdehh+sYPOwKtyUWEOTb80=
-gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
-gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
+golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A=
+golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw=
+golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 h1:3GDAcqdIg1ozBNLgPy4SLT84nfcBjr6rhGtXYtrkWLU=
+golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10/go.mod h1:T97yPqesLiNrOYxkwmhMI0ZIlJDm+p0PMR8eRVeR5tQ=
+gvisor.dev/gvisor v0.0.0-20250718192347-d7830d968c56 h1:H+qymc2ndLKNFR5TcaPmsHGiJnhJMqeofBYSRq4oG3c=
+gvisor.dev/gvisor v0.0.0-20250718192347-d7830d968c56/go.mod h1:i8iCZyAdwRnLZYaIi2NUL1gfNtAveqxkKAe0JfAv9Bs=
+software.sslmate.com/src/go-pkcs12 v0.6.0 h1:f3sQittAeF+pao32Vb+mkli+ZyT+VwKaD014qFGq6oU=
+software.sslmate.com/src/go-pkcs12 v0.6.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=

httpserver/httpserver.go

@@ -0,0 +1,217 @@
+package httpserver
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/fosrl/newt/logger"
+)
+
+// ConnectionRequest defines the structure for an incoming connection request
+type ConnectionRequest struct {
+	ID       string `json:"id"`
+	Secret   string `json:"secret"`
+	Endpoint string `json:"endpoint"`
+}
+
+// PeerStatus represents the status of a peer connection
+type PeerStatus struct {
+	SiteID    int           `json:"siteId"`
+	Connected bool          `json:"connected"`
+	RTT       time.Duration `json:"rtt"`
+	LastSeen  time.Time     `json:"lastSeen"`
+	Endpoint  string        `json:"endpoint,omitempty"`
+	IsRelay   bool          `json:"isRelay"`
+}
+
+// StatusResponse is returned by the status endpoint
+type StatusResponse struct {
+	Status       string              `json:"status"`
+	Connected    bool                `json:"connected"`
+	TunnelIP     string              `json:"tunnelIP,omitempty"`
+	Version      string              `json:"version,omitempty"`
+	PeerStatuses map[int]*PeerStatus `json:"peers,omitempty"`
+}
+
+// HTTPServer represents the HTTP server and its state
+type HTTPServer struct {
+	addr           string
+	server         *http.Server
+	connectionChan chan ConnectionRequest
+	statusMu       sync.RWMutex
+	peerStatuses   map[int]*PeerStatus
+	connectedAt    time.Time
+	isConnected    bool
+	tunnelIP       string
+	version        string
+}
+
+// NewHTTPServer creates a new HTTP server
+func NewHTTPServer(addr string) *HTTPServer {
+	s := &HTTPServer{
+		addr:           addr,
+		connectionChan: make(chan ConnectionRequest, 1),
+		peerStatuses:   make(map[int]*PeerStatus),
+	}
+
+	return s
+}
+
+// Start starts the HTTP server
+func (s *HTTPServer) Start() error {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/connect", s.handleConnect)
+	mux.HandleFunc("/status", s.handleStatus)
+
+	s.server = &http.Server{
+		Addr:    s.addr,
+		Handler: mux,
+	}
+
+	logger.Info("Starting HTTP server on %s", s.addr)
+	go func() {
+		if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			logger.Error("HTTP server error: %v", err)
+		}
+	}()
+
+	return nil
+}
+
+// Stop stops the HTTP server
+func (s *HTTPServer) Stop() error {
+	logger.Info("Stopping HTTP server")
+	return s.server.Close()
+}
+
+// GetConnectionChannel returns the channel for receiving connection requests
+func (s *HTTPServer) GetConnectionChannel() <-chan ConnectionRequest {
+	return s.connectionChan
+}
+
+// UpdatePeerStatus updates the status of a peer including endpoint and relay info
+func (s *HTTPServer) UpdatePeerStatus(siteID int, connected bool, rtt time.Duration, endpoint string, isRelay bool) {
+	s.statusMu.Lock()
+	defer s.statusMu.Unlock()
+
+	status, exists := s.peerStatuses[siteID]
+	if !exists {
+		status = &PeerStatus{
+			SiteID: siteID,
+		}
+		s.peerStatuses[siteID] = status
+	}
+
+	status.Connected = connected
+	status.RTT = rtt
+	status.LastSeen = time.Now()
+	status.Endpoint = endpoint
+	status.IsRelay = isRelay
+}
+
+// SetConnectionStatus sets the overall connection status
+func (s *HTTPServer) SetConnectionStatus(isConnected bool) {
+	s.statusMu.Lock()
+	defer s.statusMu.Unlock()
+
+	s.isConnected = isConnected
+
+	if isConnected {
+		s.connectedAt = time.Now()
+	} else {
+		// Clear peer statuses when disconnected
+		s.peerStatuses = make(map[int]*PeerStatus)
+	}
+}
+
+// SetTunnelIP sets the tunnel IP address
+func (s *HTTPServer) SetTunnelIP(tunnelIP string) {
+	s.statusMu.Lock()
+	defer s.statusMu.Unlock()
+	s.tunnelIP = tunnelIP
+}
+
+// SetVersion sets the olm version
+func (s *HTTPServer) SetVersion(version string) {
+	s.statusMu.Lock()
+	defer s.statusMu.Unlock()
+	s.version = version
+}
+
+// UpdatePeerRelayStatus updates only the relay status of a peer
+func (s *HTTPServer) UpdatePeerRelayStatus(siteID int, endpoint string, isRelay bool) {
+	s.statusMu.Lock()
+	defer s.statusMu.Unlock()
+
+	status, exists := s.peerStatuses[siteID]
+	if !exists {
+		status = &PeerStatus{
+			SiteID: siteID,
+		}
+		s.peerStatuses[siteID] = status
+	}
+
+	status.Endpoint = endpoint
+	status.IsRelay = isRelay
+}
+
+// handleConnect handles the /connect endpoint
+func (s *HTTPServer) handleConnect(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	var req ConnectionRequest
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&req); err != nil {
+		http.Error(w, fmt.Sprintf("Invalid request: %v", err), http.StatusBadRequest)
+		return
+	}
+
+	// Validate required fields
+	if req.ID == "" || req.Secret == "" || req.Endpoint == "" {
+		http.Error(w, "Missing required fields: id, secret, and endpoint must be provided", http.StatusBadRequest)
+		return
+	}
+
+	// Send the request to the main goroutine
+	s.connectionChan <- req
+
+	// Return a success response
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusAccepted)
+	json.NewEncoder(w).Encode(map[string]string{
+		"status": "connection request accepted",
+	})
+}
+
+// handleStatus handles the /status endpoint
+func (s *HTTPServer) handleStatus(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	s.statusMu.RLock()
+	defer s.statusMu.RUnlock()
+
+	resp := StatusResponse{
+		Connected:    s.isConnected,
+		TunnelIP:     s.tunnelIP,
+		Version:      s.version,
+		PeerStatuses: s.peerStatuses,
+	}
+
+	if s.isConnected {
+		resp.Status = "connected"
+	} else {
+		resp.Status = "disconnected"
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(resp)
+}

logger/level.go

@@ -1,27 +0,0 @@
-package logger
-
-type LogLevel int
-
-const (
-	DEBUG LogLevel = iota
-	INFO
-	WARN
-	ERROR
-	FATAL
-)
-
-var levelStrings = map[LogLevel]string{
-	DEBUG: "DEBUG",
-	INFO:  "INFO",
-	WARN:  "WARN",
-	ERROR: "ERROR",
-	FATAL: "FATAL",
-}
-
-// String returns the string representation of the log level
-func (l LogLevel) String() string {
-	if s, ok := levelStrings[l]; ok {
-		return s
-	}
-	return "UNKNOWN"
-}

logger/logger.go

@@ -1,106 +0,0 @@
-package logger
-
-import (
-	"fmt"
-	"log"
-	"os"
-	"sync"
-	"time"
-)
-
-// Logger struct holds the logger instance
-type Logger struct {
-	logger *log.Logger
-	level  LogLevel
-}
-
-var (
-	defaultLogger *Logger
-	once          sync.Once
-)
-
-// NewLogger creates a new logger instance
-func NewLogger() *Logger {
-	return &Logger{
-		logger: log.New(os.Stdout, "", 0),
-		level:  DEBUG,
-	}
-}
-
-// Init initializes the default logger
-func Init() *Logger {
-	once.Do(func() {
-		defaultLogger = NewLogger()
-	})
-	return defaultLogger
-}
-
-// GetLogger returns the default logger instance
-func GetLogger() *Logger {
-	if defaultLogger == nil {
-		Init()
-	}
-	return defaultLogger
-}
-
-// SetLevel sets the minimum logging level
-func (l *Logger) SetLevel(level LogLevel) {
-	l.level = level
-}
-
-// log handles the actual logging
-func (l *Logger) log(level LogLevel, format string, args ...interface{}) {
-	if level < l.level {
-		return
-	}
-	timestamp := time.Now().Format("2006/01/02 15:04:05")
-	message := fmt.Sprintf(format, args...)
-	l.logger.Printf("%s: %s %s", level.String(), timestamp, message)
-}
-
-// Debug logs debug level messages
-func (l *Logger) Debug(format string, args ...interface{}) {
-	l.log(DEBUG, format, args...)
-}
-
-// Info logs info level messages
-func (l *Logger) Info(format string, args ...interface{}) {
-	l.log(INFO, format, args...)
-}
-
-// Warn logs warning level messages
-func (l *Logger) Warn(format string, args ...interface{}) {
-	l.log(WARN, format, args...)
-}
-
-// Error logs error level messages
-func (l *Logger) Error(format string, args ...interface{}) {
-	l.log(ERROR, format, args...)
-}
-
-// Fatal logs fatal level messages and exits
-func (l *Logger) Fatal(format string, args ...interface{}) {
-	l.log(FATAL, format, args...)
-	os.Exit(1)
-}
-
-// Global helper functions
-func Debug(format string, args ...interface{}) {
-	GetLogger().Debug(format, args...)
-}
-
-func Info(format string, args ...interface{}) {
-	GetLogger().Info(format, args...)
-}
-
-func Warn(format string, args ...interface{}) {
-	GetLogger().Warn(format, args...)
-}
-
-func Error(format string, args ...interface{}) {
-	GetLogger().Error(format, args...)
-}
-
-func Fatal(format string, args ...interface{}) {
-	GetLogger().Fatal(format, args...)
-}

peermonitor/peermonitor.go

@@ -0,0 +1,324 @@
+package peermonitor
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/fosrl/newt/logger"
+	"github.com/fosrl/newt/websocket"
+	"github.com/fosrl/olm/wgtester"
+	"golang.zx2c4.com/wireguard/device"
+)
+
+// PeerMonitorCallback is the function type for connection status change callbacks
+type PeerMonitorCallback func(siteID int, connected bool, rtt time.Duration)
+
+// WireGuardConfig holds the WireGuard configuration for a peer
+type WireGuardConfig struct {
+	SiteID       int
+	PublicKey    string
+	ServerIP     string
+	Endpoint     string
+	PrimaryRelay string // The primary relay endpoint
+}
+
+// PeerMonitor handles monitoring the connection status to multiple WireGuard peers
+type PeerMonitor struct {
+	monitors          map[int]*wgtester.Client
+	configs           map[int]*WireGuardConfig
+	callback          PeerMonitorCallback
+	mutex             sync.Mutex
+	running           bool
+	interval          time.Duration
+	timeout           time.Duration
+	maxAttempts       int
+	privateKey        string
+	wsClient          *websocket.Client
+	device            *device.Device
+	handleRelaySwitch bool // Whether to handle relay switching
+}
+
+// NewPeerMonitor creates a new peer monitor with the given callback
+func NewPeerMonitor(callback PeerMonitorCallback, privateKey string, wsClient *websocket.Client, device *device.Device, handleRelaySwitch bool) *PeerMonitor {
+	return &PeerMonitor{
+		monitors:          make(map[int]*wgtester.Client),
+		configs:           make(map[int]*WireGuardConfig),
+		callback:          callback,
+		interval:          1 * time.Second, // Default check interval
+		timeout:           2500 * time.Millisecond,
+		maxAttempts:       8,
+		privateKey:        privateKey,
+		wsClient:          wsClient,
+		device:            device,
+		handleRelaySwitch: handleRelaySwitch,
+	}
+}
+
+// SetInterval changes how frequently peers are checked
+func (pm *PeerMonitor) SetInterval(interval time.Duration) {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	pm.interval = interval
+
+	// Update interval for all existing monitors
+	for _, client := range pm.monitors {
+		client.SetPacketInterval(interval)
+	}
+}
+
+// SetTimeout changes the timeout for waiting for responses
+func (pm *PeerMonitor) SetTimeout(timeout time.Duration) {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	pm.timeout = timeout
+
+	// Update timeout for all existing monitors
+	for _, client := range pm.monitors {
+		client.SetTimeout(timeout)
+	}
+}
+
+// SetMaxAttempts changes the maximum number of attempts for TestConnection
+func (pm *PeerMonitor) SetMaxAttempts(attempts int) {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	pm.maxAttempts = attempts
+
+	// Update max attempts for all existing monitors
+	for _, client := range pm.monitors {
+		client.SetMaxAttempts(attempts)
+	}
+}
+
+// AddPeer adds a new peer to monitor
+func (pm *PeerMonitor) AddPeer(siteID int, endpoint string, wgConfig *WireGuardConfig) error {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	// Check if we're already monitoring this peer
+	if _, exists := pm.monitors[siteID]; exists {
+		// Update the endpoint instead of creating a new monitor
+		pm.removePeerUnlocked(siteID)
+	}
+
+	client, err := wgtester.NewClient(endpoint)
+	if err != nil {
+		return err
+	}
+
+	// Configure the client with our settings
+	client.SetPacketInterval(pm.interval)
+	client.SetTimeout(pm.timeout)
+	client.SetMaxAttempts(pm.maxAttempts)
+
+	// Store the client and config
+	pm.monitors[siteID] = client
+	pm.configs[siteID] = wgConfig
+
+	// If monitor is already running, start monitoring this peer
+	if pm.running {
+		siteIDCopy := siteID // Create a copy for the closure
+		err = client.StartMonitor(func(status wgtester.ConnectionStatus) {
+			pm.handleConnectionStatusChange(siteIDCopy, status)
+		})
+	}
+
+	return err
+}
+
+// removePeerUnlocked stops monitoring a peer and removes it from the monitor
+// This function assumes the mutex is already held by the caller
+func (pm *PeerMonitor) removePeerUnlocked(siteID int) {
+	client, exists := pm.monitors[siteID]
+	if !exists {
+		return
+	}
+
+	client.StopMonitor()
+	client.Close()
+	delete(pm.monitors, siteID)
+	delete(pm.configs, siteID)
+}
+
+// RemovePeer stops monitoring a peer and removes it from the monitor
+func (pm *PeerMonitor) RemovePeer(siteID int) {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	pm.removePeerUnlocked(siteID)
+}
+
+// Start begins monitoring all peers
+func (pm *PeerMonitor) Start() {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	if pm.running {
+		return // Already running
+	}
+
+	pm.running = true
+
+	// Start monitoring all peers
+	for siteID, client := range pm.monitors {
+		siteIDCopy := siteID // Create a copy for the closure
+		err := client.StartMonitor(func(status wgtester.ConnectionStatus) {
+			pm.handleConnectionStatusChange(siteIDCopy, status)
+		})
+		if err != nil {
+			logger.Error("Failed to start monitoring peer %d: %v\n", siteID, err)
+			continue
+		}
+		logger.Info("Started monitoring peer %d\n", siteID)
+	}
+}
+
+// handleConnectionStatusChange is called when a peer's connection status changes
+func (pm *PeerMonitor) handleConnectionStatusChange(siteID int, status wgtester.ConnectionStatus) {
+	// Call the user-provided callback first
+	if pm.callback != nil {
+		pm.callback(siteID, status.Connected, status.RTT)
+	}
+
+	// If disconnected, handle failover
+	if !status.Connected {
+		// Send relay message to the server
+		if pm.wsClient != nil {
+			pm.sendRelay(siteID)
+		}
+	}
+}
+
+// handleFailover handles failover to the relay server when a peer is disconnected
+func (pm *PeerMonitor) HandleFailover(siteID int, relayEndpoint string) {
+	pm.mutex.Lock()
+	config, exists := pm.configs[siteID]
+	pm.mutex.Unlock()
+
+	if !exists {
+		return
+	}
+
+	// Configure WireGuard to use the relay
+	wgConfig := fmt.Sprintf(`private_key=%s
+public_key=%s
+allowed_ip=%s/32
+endpoint=%s:21820
+persistent_keepalive_interval=1`, pm.privateKey, config.PublicKey, config.ServerIP, relayEndpoint)
+
+	err := pm.device.IpcSet(wgConfig)
+	if err != nil {
+		logger.Error("Failed to configure WireGuard device: %v\n", err)
+		return
+	}
+
+	logger.Info("Adjusted peer %d to point to relay!\n", siteID)
+}
+
+// sendRelay sends a relay message to the server
+func (pm *PeerMonitor) sendRelay(siteID int) error {
+	if !pm.handleRelaySwitch {
+		return nil
+	}
+
+	if pm.wsClient == nil {
+		return fmt.Errorf("websocket client is nil")
+	}
+
+	err := pm.wsClient.SendMessage("olm/wg/relay", map[string]interface{}{
+		"siteId": siteID,
+	})
+	if err != nil {
+		logger.Error("Failed to send registration message: %v", err)
+		return err
+	}
+	logger.Info("Sent relay message")
+	return nil
+}
+
+// Stop stops monitoring all peers
+func (pm *PeerMonitor) Stop() {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	if !pm.running {
+		return
+	}
+
+	pm.running = false
+
+	// Stop all monitors
+	for _, client := range pm.monitors {
+		client.StopMonitor()
+	}
+}
+
+// Close stops monitoring and cleans up resources
+func (pm *PeerMonitor) Close() {
+	pm.mutex.Lock()
+	defer pm.mutex.Unlock()
+
+	// Stop and close all clients
+	for siteID, client := range pm.monitors {
+		client.StopMonitor()
+		client.Close()
+		delete(pm.monitors, siteID)
+	}
+
+	pm.running = false
+}
+
+// TestPeer tests connectivity to a specific peer
+func (pm *PeerMonitor) TestPeer(siteID int) (bool, time.Duration, error) {
+	pm.mutex.Lock()
+	client, exists := pm.monitors[siteID]
+	pm.mutex.Unlock()
+
+	if !exists {
+		return false, 0, fmt.Errorf("peer with siteID %d not found", siteID)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), pm.timeout*time.Duration(pm.maxAttempts))
+	defer cancel()
+
+	connected, rtt := client.TestConnection(ctx)
+	return connected, rtt, nil
+}
+
+// TestAllPeers tests connectivity to all peers
+func (pm *PeerMonitor) TestAllPeers() map[int]struct {
+	Connected bool
+	RTT       time.Duration
+} {
+	pm.mutex.Lock()
+	peers := make(map[int]*wgtester.Client, len(pm.monitors))
+	for siteID, client := range pm.monitors {
+		peers[siteID] = client
+	}
+	pm.mutex.Unlock()
+
+	results := make(map[int]struct {
+		Connected bool
+		RTT       time.Duration
+	})
+	for siteID, client := range peers {
+		ctx, cancel := context.WithTimeout(context.Background(), pm.timeout*time.Duration(pm.maxAttempts))
+		connected, rtt := client.TestConnection(ctx)
+		cancel()
+
+		results[siteID] = struct {
+			Connected bool
+			RTT       time.Duration
+		}{
+			Connected: connected,
+			RTT:       rtt,
+		}
+	}
+
+	return results
+}

proxy/manager.go

@@ -1,334 +0,0 @@
-package proxy
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/fosrl/newt/logger"
-
-	"golang.zx2c4.com/wireguard/tun/netstack"
-)
-
-func NewProxyManager(tnet *netstack.Net) *ProxyManager {
-	return &ProxyManager{
-		tnet: tnet,
-	}
-}
-
-func (pm *ProxyManager) AddTarget(protocol, listen string, port int, target string) {
-	pm.Lock()
-	defer pm.Unlock()
-
-	logger.Info("Adding target: %s://%s:%d -> %s", protocol, listen, port, target)
-
-	newTarget := ProxyTarget{
-		Protocol: protocol,
-		Listen:   listen,
-		Port:     port,
-		Target:   target,
-		cancel:   make(chan struct{}),
-		done:     make(chan struct{}),
-	}
-
-	pm.targets = append(pm.targets, newTarget)
-}
-
-func (pm *ProxyManager) RemoveTarget(protocol, listen string, port int) error {
-	pm.Lock()
-	defer pm.Unlock()
-
-	protocol = strings.ToLower(protocol)
-	if protocol != "tcp" && protocol != "udp" {
-		return fmt.Errorf("unsupported protocol: %s", protocol)
-	}
-
-	for i, target := range pm.targets {
-		if target.Listen == listen &&
-			target.Port == port &&
-			strings.ToLower(target.Protocol) == protocol {
-
-			// Signal the serving goroutine to stop
-			select {
-			case <-target.cancel:
-				// Channel is already closed, no need to close it again
-			default:
-				close(target.cancel)
-			}
-
-			// Close the appropriate listener/connection based on protocol
-			target.Lock()
-			switch protocol {
-			case "tcp":
-				if target.listener != nil {
-					select {
-					case <-target.cancel:
-						// Listener was already closed by Stop()
-					default:
-						target.listener.Close()
-					}
-				}
-			case "udp":
-				if target.udpConn != nil {
-					select {
-					case <-target.cancel:
-						// Connection was already closed by Stop()
-					default:
-						target.udpConn.Close()
-					}
-				}
-			}
-			target.Unlock()
-
-			// Wait for the target to fully stop
-			<-target.done
-
-			// Remove the target from the slice
-			pm.targets = append(pm.targets[:i], pm.targets[i+1:]...)
-			return nil
-		}
-	}
-
-	return fmt.Errorf("target not found for %s %s:%d", protocol, listen, port)
-}
-
-func (pm *ProxyManager) Start() error {
-	pm.RLock()
-	defer pm.RUnlock()
-
-	for i := range pm.targets {
-		target := &pm.targets[i]
-
-		target.Lock()
-		// If target is already running, skip it
-		if target.listener != nil || target.udpConn != nil {
-			target.Unlock()
-			continue
-		}
-
-		// Mark the target as starting by creating a nil listener/connection
-		// This prevents other goroutines from trying to start it
-		if strings.ToLower(target.Protocol) == "tcp" {
-			target.listener = nil
-		} else {
-			target.udpConn = nil
-		}
-		target.Unlock()
-
-		switch strings.ToLower(target.Protocol) {
-		case "tcp":
-			go pm.serveTCP(target)
-		case "udp":
-			go pm.serveUDP(target)
-		default:
-			return fmt.Errorf("unsupported protocol: %s", target.Protocol)
-		}
-	}
-	return nil
-}
-
-func (pm *ProxyManager) Stop() error {
-	pm.Lock()
-	defer pm.Unlock()
-
-	var wg sync.WaitGroup
-	for i := range pm.targets {
-		target := &pm.targets[i]
-		wg.Add(1)
-		go func(t *ProxyTarget) {
-			defer wg.Done()
-			close(t.cancel)
-			t.Lock()
-			if t.listener != nil {
-				t.listener.Close()
-			}
-			if t.udpConn != nil {
-				t.udpConn.Close()
-			}
-			t.Unlock()
-			// Wait for the target to fully stop
-			<-t.done
-		}(target)
-	}
-	wg.Wait()
-	return nil
-}
-
-func (pm *ProxyManager) serveTCP(target *ProxyTarget) {
-	defer close(target.done) // Signal that this target is fully stopped
-
-	listener, err := pm.tnet.ListenTCP(&net.TCPAddr{
-		IP:   net.ParseIP(target.Listen),
-		Port: target.Port,
-	})
-	if err != nil {
-		logger.Info("Failed to start TCP listener for %s:%d: %v", target.Listen, target.Port, err)
-		return
-	}
-
-	target.Lock()
-	target.listener = listener
-	target.Unlock()
-
-	defer listener.Close()
-	logger.Info("TCP proxy listening on %s", listener.Addr())
-
-	var activeConns sync.WaitGroup
-	acceptDone := make(chan struct{})
-
-	// Goroutine to handle shutdown signal
-	go func() {
-		<-target.cancel
-		close(acceptDone)
-		listener.Close()
-	}()
-
-	for {
-		conn, err := listener.Accept()
-		if err != nil {
-			select {
-			case <-target.cancel:
-				// Wait for active connections to finish
-				activeConns.Wait()
-				return
-			default:
-				logger.Info("Failed to accept TCP connection: %v", err)
-				// Don't return here, try to accept new connections
-				time.Sleep(time.Second)
-				continue
-			}
-		}
-
-		activeConns.Add(1)
-		go func() {
-			defer activeConns.Done()
-			pm.handleTCPConnection(conn, target.Target, acceptDone)
-		}()
-	}
-}
-
-func (pm *ProxyManager) handleTCPConnection(clientConn net.Conn, target string, done chan struct{}) {
-	defer clientConn.Close()
-
-	serverConn, err := net.Dial("tcp", target)
-	if err != nil {
-		logger.Info("Failed to connect to target %s: %v", target, err)
-		return
-	}
-	defer serverConn.Close()
-
-	var wg sync.WaitGroup
-	wg.Add(2)
-
-	// Client -> Server
-	go func() {
-		defer wg.Done()
-		select {
-		case <-done:
-			return
-		default:
-			io.Copy(serverConn, clientConn)
-		}
-	}()
-
-	// Server -> Client
-	go func() {
-		defer wg.Done()
-		select {
-		case <-done:
-			return
-		default:
-			io.Copy(clientConn, serverConn)
-		}
-	}()
-
-	wg.Wait()
-}
-
-func (pm *ProxyManager) serveUDP(target *ProxyTarget) {
-	defer close(target.done) // Signal that this target is fully stopped
-
-	addr := &net.UDPAddr{
-		IP:   net.ParseIP(target.Listen),
-		Port: target.Port,
-	}
-
-	conn, err := pm.tnet.ListenUDP(addr)
-	if err != nil {
-		logger.Info("Failed to start UDP listener for %s:%d: %v", target.Listen, target.Port, err)
-		return
-	}
-
-	target.Lock()
-	target.udpConn = conn
-	target.Unlock()
-
-	defer conn.Close()
-	logger.Info("UDP proxy listening on %s", conn.LocalAddr())
-
-	buffer := make([]byte, 65535)
-	var activeConns sync.WaitGroup
-
-	for {
-		select {
-		case <-target.cancel:
-			activeConns.Wait() // Wait for all active UDP handlers to complete
-			return
-		default:
-			n, remoteAddr, err := conn.ReadFrom(buffer)
-			if err != nil {
-				select {
-				case <-target.cancel:
-					activeConns.Wait()
-					return
-				default:
-					logger.Info("Failed to read UDP packet: %v", err)
-					continue
-				}
-			}
-
-			targetAddr, err := net.ResolveUDPAddr("udp", target.Target)
-			if err != nil {
-				logger.Info("Failed to resolve target address %s: %v", target.Target, err)
-				continue
-			}
-
-			activeConns.Add(1)
-			go func(data []byte, remote net.Addr) {
-				defer activeConns.Done()
-				targetConn, err := net.DialUDP("udp", nil, targetAddr)
-				if err != nil {
-					logger.Info("Failed to connect to target %s: %v", target.Target, err)
-					return
-				}
-				defer targetConn.Close()
-
-				select {
-				case <-target.cancel:
-					return
-				default:
-					_, err = targetConn.Write(data)
-					if err != nil {
-						logger.Info("Failed to write to target: %v", err)
-						return
-					}
-
-					response := make([]byte, 65535)
-					n, err := targetConn.Read(response)
-					if err != nil {
-						logger.Info("Failed to read response from target: %v", err)
-						return
-					}
-
-					_, err = conn.WriteTo(response[:n], remote)
-					if err != nil {
-						logger.Info("Failed to write response to client: %v", err)
-					}
-				}
-			}(buffer[:n], remoteAddr)
-		}
-	}
-}

proxy/types.go

@@ -1,28 +0,0 @@
-package proxy
-
-import (
-	"log"
-	"net"
-	"sync"
-
-	"golang.zx2c4.com/wireguard/tun/netstack"
-)
-
-type ProxyTarget struct {
-	Protocol   string
-	Listen     string
-	Port       int
-	Target     string
-	cancel     chan struct{}  // Channel to signal shutdown
-	done       chan struct{}  // Channel to signal completion
-	listener   net.Listener   // For TCP
-	udpConn    net.PacketConn // For UDP
-	sync.Mutex                // Protect access to connection
-}
-
-type ProxyManager struct {
-	targets      []ProxyTarget
-	tnet         *netstack.Net
-	log          *log.Logger
-	sync.RWMutex // Protect access to targets slice
-}

service_unix.go

@@ -0,0 +1,50 @@
+//go:build !windows
+
+package main
+
+import (
+	"fmt"
+)
+
+// Service management functions are not available on non-Windows platforms
+func installService() error {
+	return fmt.Errorf("service management is only available on Windows")
+}
+
+func removeService() error {
+	return fmt.Errorf("service management is only available on Windows")
+}
+
+func startService(args []string) error {
+	_ = args // unused on Unix platforms
+	return fmt.Errorf("service management is only available on Windows")
+}
+
+func stopService() error {
+	return fmt.Errorf("service management is only available on Windows")
+}
+
+func getServiceStatus() (string, error) {
+	return "", fmt.Errorf("service management is only available on Windows")
+}
+
+func debugService(args []string) error {
+	_ = args // unused on Unix platforms
+	return fmt.Errorf("debug service is only available on Windows")
+}
+
+func isWindowsService() bool {
+	return false
+}
+
+func runService(name string, isDebug bool, args []string) {
+	// No-op on non-Windows platforms
+}
+
+func setupWindowsEventLog() {
+	// No-op on non-Windows platforms
+}
+
+func watchLogFile(end bool) error {
+	return fmt.Errorf("watching log file is only available on Windows")
+}

service_windows.go

@@ -0,0 +1,537 @@
+//go:build windows
+
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"syscall"
+	"time"
+
+	"github.com/fosrl/newt/logger"
+	"golang.org/x/sys/windows/svc"
+	"golang.org/x/sys/windows/svc/debug"
+	"golang.org/x/sys/windows/svc/eventlog"
+	"golang.org/x/sys/windows/svc/mgr"
+)
+
+const (
+	serviceName        = "OlmWireguardService"
+	serviceDisplayName = "Olm WireGuard VPN Service"
+	serviceDescription = "Olm WireGuard VPN client service for secure network connectivity"
+)
+
+// Global variable to store service arguments
+var serviceArgs []string
+
+// getServiceArgsPath returns the path where service arguments are stored
+func getServiceArgsPath() string {
+	logDir := filepath.Join(os.Getenv("PROGRAMDATA"), "olm")
+	return filepath.Join(logDir, "service_args.json")
+}
+
+// saveServiceArgs saves the service arguments to a file
+func saveServiceArgs(args []string) error {
+	logDir := filepath.Join(os.Getenv("PROGRAMDATA"), "olm")
+	err := os.MkdirAll(logDir, 0755)
+	if err != nil {
+		return fmt.Errorf("failed to create config directory: %v", err)
+	}
+
+	argsPath := getServiceArgsPath()
+	data, err := json.Marshal(args)
+	if err != nil {
+		return fmt.Errorf("failed to marshal service args: %v", err)
+	}
+
+	err = os.WriteFile(argsPath, data, 0644)
+	if err != nil {
+		return fmt.Errorf("failed to write service args: %v", err)
+	}
+
+	return nil
+}
+
+// loadServiceArgs loads the service arguments from a file
+func loadServiceArgs() ([]string, error) {
+	argsPath := getServiceArgsPath()
+	data, err := os.ReadFile(argsPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return []string{}, nil // Return empty args if file doesn't exist
+		}
+		return nil, fmt.Errorf("failed to read service args: %v", err)
+	}
+
+	// delete the file after reading
+	err = os.Remove(argsPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to delete service args file: %v", err)
+	}
+
+	var args []string
+	err = json.Unmarshal(data, &args)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal service args: %v", err)
+	}
+
+	return args, nil
+}
+
+type olmService struct {
+	elog debug.Log
+	ctx  context.Context
+	stop context.CancelFunc
+	args []string
+}
+
+func (s *olmService) Execute(args []string, r <-chan svc.ChangeRequest, changes chan<- svc.Status) (bool, uint32) {
+	const cmdsAccepted = svc.AcceptStop | svc.AcceptShutdown
+	changes <- svc.Status{State: svc.StartPending}
+
+	s.elog.Info(1, "Service Execute called, starting main logic")
+
+	// Load saved service arguments
+	savedArgs, err := loadServiceArgs()
+	if err != nil {
+		s.elog.Error(1, fmt.Sprintf("Failed to load service args: %v", err))
+		// Continue with empty args if loading fails
+		savedArgs = []string{}
+	}
+	s.args = savedArgs
+
+	// Start the main olm functionality
+	olmDone := make(chan struct{})
+	go func() {
+		s.runOlm()
+		close(olmDone)
+	}()
+
+	changes <- svc.Status{State: svc.Running, Accepts: cmdsAccepted}
+	s.elog.Info(1, "Service status set to Running")
+
+	for {
+		select {
+		case c := <-r:
+			switch c.Cmd {
+			case svc.Interrogate:
+				changes <- c.CurrentStatus
+			case svc.Stop, svc.Shutdown:
+				s.elog.Info(1, "Service stopping")
+				changes <- svc.Status{State: svc.StopPending}
+				if s.stop != nil {
+					s.stop()
+				}
+				// Wait for main logic to finish or timeout
+				select {
+				case <-olmDone:
+					s.elog.Info(1, "Main logic finished gracefully")
+				case <-time.After(10 * time.Second):
+					s.elog.Info(1, "Timeout waiting for main logic to finish")
+				}
+				return false, 0
+			default:
+				s.elog.Error(1, fmt.Sprintf("Unexpected control request #%d", c))
+			}
+		case <-olmDone:
+			s.elog.Info(1, "Main olm logic completed, stopping service")
+			changes <- svc.Status{State: svc.StopPending}
+			return false, 0
+		}
+	}
+}
+
+func (s *olmService) runOlm() {
+	// Create a context that can be cancelled when the service stops
+	s.ctx, s.stop = context.WithCancel(context.Background())
+
+	// Setup logging for service mode
+	s.elog.Info(1, "Starting Olm main logic")
+
+	// Run the main olm logic and wait for it to complete
+	done := make(chan struct{})
+	go func() {
+		defer func() {
+			if r := recover(); r != nil {
+				s.elog.Error(1, fmt.Sprintf("Olm panic: %v", r))
+			}
+			close(done)
+		}()
+
+		// Call the main olm function with stored arguments
+		runOlmMainWithArgs(s.ctx, s.args)
+	}()
+
+	// Wait for either context cancellation or main logic completion
+	select {
+	case <-s.ctx.Done():
+		s.elog.Info(1, "Olm service context cancelled")
+	case <-done:
+		s.elog.Info(1, "Olm main logic completed")
+	}
+}
+
+func runService(name string, isDebug bool, args []string) {
+	var err error
+	var elog debug.Log
+
+	if isDebug {
+		elog = debug.New(name)
+		fmt.Printf("Starting %s service in debug mode\n", name)
+	} else {
+		elog, err = eventlog.Open(name)
+		if err != nil {
+			fmt.Printf("Failed to open event log: %v\n", err)
+			return
+		}
+	}
+	defer elog.Close()
+
+	elog.Info(1, fmt.Sprintf("Starting %s service", name))
+	run := svc.Run
+	if isDebug {
+		run = debug.Run
+	}
+
+	service := &olmService{elog: elog, args: args}
+	err = run(name, service)
+	if err != nil {
+		elog.Error(1, fmt.Sprintf("%s service failed: %v", name, err))
+		if isDebug {
+			fmt.Printf("Service failed: %v\n", err)
+		}
+		return
+	}
+	elog.Info(1, fmt.Sprintf("%s service stopped", name))
+	if isDebug {
+		fmt.Printf("%s service stopped\n", name)
+	}
+}
+
+func installService() error {
+	exepath, err := os.Executable()
+	if err != nil {
+		return fmt.Errorf("failed to get executable path: %v", err)
+	}
+
+	m, err := mgr.Connect()
+	if err != nil {
+		return fmt.Errorf("failed to connect to service manager: %v", err)
+	}
+	defer m.Disconnect()
+
+	s, err := m.OpenService(serviceName)
+	if err == nil {
+		s.Close()
+		return fmt.Errorf("service %s already exists", serviceName)
+	}
+
+	config := mgr.Config{
+		ServiceType:    0x10, // SERVICE_WIN32_OWN_PROCESS
+		StartType:      mgr.StartManual,
+		ErrorControl:   mgr.ErrorNormal,
+		DisplayName:    serviceDisplayName,
+		Description:    serviceDescription,
+		BinaryPathName: exepath,
+	}
+
+	s, err = m.CreateService(serviceName, exepath, config)
+	if err != nil {
+		return fmt.Errorf("failed to create service: %v", err)
+	}
+	defer s.Close()
+
+	err = eventlog.InstallAsEventCreate(serviceName, eventlog.Error|eventlog.Warning|eventlog.Info)
+	if err != nil {
+		s.Delete()
+		return fmt.Errorf("failed to install event log: %v", err)
+	}
+
+	return nil
+}
+
+func removeService() error {
+	m, err := mgr.Connect()
+	if err != nil {
+		return fmt.Errorf("failed to connect to service manager: %v", err)
+	}
+	defer m.Disconnect()
+
+	s, err := m.OpenService(serviceName)
+	if err != nil {
+		return fmt.Errorf("service %s is not installed", serviceName)
+	}
+	defer s.Close()
+
+	// Stop the service if it's running
+	status, err := s.Query()
+	if err != nil {
+		return fmt.Errorf("failed to query service status: %v", err)
+	}
+
+	if status.State != svc.Stopped {
+		_, err = s.Control(svc.Stop)
+		if err != nil {
+			return fmt.Errorf("failed to stop service: %v", err)
+		}
+
+		// Wait for service to stop
+		timeout := time.Now().Add(30 * time.Second)
+		for status.State != svc.Stopped {
+			if timeout.Before(time.Now()) {
+				return fmt.Errorf("timeout waiting for service to stop")
+			}
+			time.Sleep(300 * time.Millisecond)
+			status, err = s.Query()
+			if err != nil {
+				return fmt.Errorf("failed to query service status: %v", err)
+			}
+		}
+	}
+
+	err = s.Delete()
+	if err != nil {
+		return fmt.Errorf("failed to delete service: %v", err)
+	}
+
+	err = eventlog.Remove(serviceName)
+	if err != nil {
+		return fmt.Errorf("failed to remove event log: %v", err)
+	}
+
+	return nil
+}
+
+func startService(args []string) error {
+	// Save the service arguments before starting
+	if len(args) > 0 {
+		err := saveServiceArgs(args)
+		if err != nil {
+			return fmt.Errorf("failed to save service args: %v", err)
+		}
+	}
+
+	m, err := mgr.Connect()
+	if err != nil {
+		return fmt.Errorf("failed to connect to service manager: %v", err)
+	}
+	defer m.Disconnect()
+
+	s, err := m.OpenService(serviceName)
+	if err != nil {
+		return fmt.Errorf("service %s is not installed", serviceName)
+	}
+	defer s.Close()
+
+	err = s.Start()
+	if err != nil {
+		return fmt.Errorf("failed to start service: %v", err)
+	}
+
+	return nil
+}
+
+func stopService() error {
+	m, err := mgr.Connect()
+	if err != nil {
+		return fmt.Errorf("failed to connect to service manager: %v", err)
+	}
+	defer m.Disconnect()
+
+	s, err := m.OpenService(serviceName)
+	if err != nil {
+		return fmt.Errorf("service %s is not installed", serviceName)
+	}
+	defer s.Close()
+
+	status, err := s.Control(svc.Stop)
+	if err != nil {
+		return fmt.Errorf("failed to stop service: %v", err)
+	}
+
+	timeout := time.Now().Add(30 * time.Second)
+	for status.State != svc.Stopped {
+		if timeout.Before(time.Now()) {
+			return fmt.Errorf("timeout waiting for service to stop")
+		}
+		time.Sleep(300 * time.Millisecond)
+		status, err = s.Query()
+		if err != nil {
+			return fmt.Errorf("failed to query service status: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func debugService(args []string) error {
+	// Save the service arguments before starting
+	if len(args) > 0 {
+		err := saveServiceArgs(args)
+		if err != nil {
+			return fmt.Errorf("failed to save service args: %v", err)
+		}
+	}
+
+	// fmt.Printf("Starting service in debug mode...\n")
+
+	// Start the service
+	err := startService([]string{}) // Pass empty args since we already saved them
+	if err != nil {
+		return fmt.Errorf("failed to start service: %v", err)
+	}
+
+	// fmt.Printf("Service started. Watching logs (Press Ctrl+C to stop watching)...\n")
+	// fmt.Printf("================================================================================\n")
+
+	// Watch the log file
+	return watchLogFile(true)
+}
+
+func watchLogFile(end bool) error {
+	logDir := filepath.Join(os.Getenv("PROGRAMDATA"), "olm", "logs")
+	logPath := filepath.Join(logDir, "olm.log")
+
+	// Ensure the log directory exists
+	err := os.MkdirAll(logDir, 0755)
+	if err != nil {
+		return fmt.Errorf("failed to create log directory: %v", err)
+	}
+
+	// Wait for the log file to be created if it doesn't exist
+	var file *os.File
+	for i := 0; i < 30; i++ { // Wait up to 15 seconds
+		file, err = os.Open(logPath)
+		if err == nil {
+			break
+		}
+		if i == 0 {
+			fmt.Printf("Waiting for log file to be created...\n")
+		}
+		time.Sleep(500 * time.Millisecond)
+	}
+
+	if err != nil {
+		return fmt.Errorf("failed to open log file after waiting: %v", err)
+	}
+	defer file.Close()
+
+	// Seek to the end of the file to only show new logs
+	_, err = file.Seek(0, 2)
+	if err != nil {
+		return fmt.Errorf("failed to seek to end of file: %v", err)
+	}
+
+	// Set up signal handling for graceful exit
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM)
+
+	// Create a ticker to check for new content
+	ticker := time.NewTicker(500 * time.Millisecond)
+	defer ticker.Stop()
+
+	buffer := make([]byte, 4096)
+
+	for {
+		select {
+		case <-sigCh:
+			fmt.Printf("\n\nStopping log watch...\n")
+			// stop the service if needed
+			if end {
+				if err := stopService(); err != nil {
+					fmt.Printf("Failed to stop service: %v\n", err)
+				}
+			}
+			fmt.Printf("Log watch stopped.\n")
+			return nil
+		case <-ticker.C:
+			// Read new content
+			n, err := file.Read(buffer)
+			if err != nil && err != io.EOF {
+				// Try to reopen the file in case it was recreated
+				file.Close()
+				file, err = os.Open(logPath)
+				if err != nil {
+					return fmt.Errorf("error reopening log file: %v", err)
+				}
+				continue
+			}
+
+			if n > 0 {
+				// Print the new content
+				fmt.Print(string(buffer[:n]))
+			}
+		}
+	}
+}
+
+func getServiceStatus() (string, error) {
+	m, err := mgr.Connect()
+	if err != nil {
+		return "", fmt.Errorf("failed to connect to service manager: %v", err)
+	}
+	defer m.Disconnect()
+
+	s, err := m.OpenService(serviceName)
+	if err != nil {
+		return "Not Installed", nil
+	}
+	defer s.Close()
+
+	status, err := s.Query()
+	if err != nil {
+		return "", fmt.Errorf("failed to query service status: %v", err)
+	}
+
+	switch status.State {
+	case svc.Stopped:
+		return "Stopped", nil
+	case svc.StartPending:
+		return "Starting", nil
+	case svc.StopPending:
+		return "Stopping", nil
+	case svc.Running:
+		return "Running", nil
+	case svc.ContinuePending:
+		return "Continue Pending", nil
+	case svc.PausePending:
+		return "Pause Pending", nil
+	case svc.Paused:
+		return "Paused", nil
+	default:
+		return "Unknown", nil
+	}
+}
+
+func isWindowsService() bool {
+	isWindowsService, err := svc.IsWindowsService()
+	return err == nil && isWindowsService
+}
+
+func setupWindowsEventLog() {
+	// Create log directory if it doesn't exist
+	logDir := filepath.Join(os.Getenv("PROGRAMDATA"), "olm", "logs")
+	err := os.MkdirAll(logDir, 0755)
+	if err != nil {
+		fmt.Printf("Failed to create log directory: %v\n", err)
+		return
+	}
+
+	logFile := filepath.Join(logDir, "olm.log")
+	file, err := os.OpenFile(logFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
+	if err != nil {
+		fmt.Printf("Failed to open log file: %v\n", err)
+		return
+	}
+
+	// Set the custom logger output
+	logger.GetLogger().SetOutput(file)
+
+	log.Printf("Olm service logging initialized - log file: %s", logFile)
+}

unix.go

@@ -0,0 +1,35 @@
+//go:build !windows
+
+package main
+
+import (
+	"net"
+	"os"
+	"strconv"
+
+	"golang.org/x/sys/unix"
+	"golang.zx2c4.com/wireguard/ipc"
+	"golang.zx2c4.com/wireguard/tun"
+)
+
+func createTUNFromFD(tunFdStr string, mtuInt int) (tun.Device, error) {
+	fd, err := strconv.ParseUint(tunFdStr, 10, 32)
+	if err != nil {
+		return nil, err
+	}
+
+	err = unix.SetNonblock(int(fd), true)
+	if err != nil {
+		return nil, err
+	}
+
+	file := os.NewFile(uintptr(fd), "")
+	return tun.CreateTUNFromFile(file, mtuInt)
+}
+func uapiOpen(interfaceName string) (*os.File, error) {
+	return ipc.UAPIOpen(interfaceName)
+}
+
+func uapiListen(interfaceName string, fileUAPI *os.File) (net.Listener, error) {
+	return ipc.UAPIListen(interfaceName, fileUAPI)
+}

websocket/client.go

@@ -1,347 +0,0 @@
-package websocket
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/fosrl/newt/logger"
-
-	"github.com/gorilla/websocket"
-)
-
-type Client struct {
-	conn        *websocket.Conn
-	config      *Config
-	baseURL     string
-	handlers    map[string]MessageHandler
-	done        chan struct{}
-	handlersMux sync.RWMutex
-
-	reconnectInterval time.Duration
-	isConnected       bool
-	reconnectMux      sync.RWMutex
-
-	onConnect func() error
-}
-
-type ClientOption func(*Client)
-
-type MessageHandler func(message WSMessage)
-
-// WithBaseURL sets the base URL for the client
-func WithBaseURL(url string) ClientOption {
-	return func(c *Client) {
-		c.baseURL = url
-	}
-}
-
-func (c *Client) OnConnect(callback func() error) {
-	c.onConnect = callback
-}
-
-// NewClient creates a new Newt client
-func NewClient(newtID, secret string, endpoint string, opts ...ClientOption) (*Client, error) {
-	config := &Config{
-		NewtID:   newtID,
-		Secret:   secret,
-		Endpoint: endpoint,
-	}
-
-	client := &Client{
-		config:            config,
-		baseURL:           endpoint, // default value
-		handlers:          make(map[string]MessageHandler),
-		done:              make(chan struct{}),
-		reconnectInterval: 10 * time.Second,
-		isConnected:       false,
-	}
-
-	// Apply options before loading config
-	for _, opt := range opts {
-		opt(client)
-	}
-
-	// Load existing config if available
-	if err := client.loadConfig(); err != nil {
-		return nil, fmt.Errorf("failed to load config: %w", err)
-	}
-
-	return client, nil
-}
-
-// Connect establishes the WebSocket connection
-func (c *Client) Connect() error {
-	go c.connectWithRetry()
-	return nil
-}
-
-// Close closes the WebSocket connection
-func (c *Client) Close() error {
-	close(c.done)
-	if c.conn != nil {
-		return c.conn.Close()
-	}
-
-	// stop the ping monitor
-	c.setConnected(false)
-
-	return nil
-}
-
-// SendMessage sends a message through the WebSocket connection
-func (c *Client) SendMessage(messageType string, data interface{}) error {
-	if c.conn == nil {
-		return fmt.Errorf("not connected")
-	}
-
-	msg := WSMessage{
-		Type: messageType,
-		Data: data,
-	}
-
-	return c.conn.WriteJSON(msg)
-}
-
-// RegisterHandler registers a handler for a specific message type
-func (c *Client) RegisterHandler(messageType string, handler MessageHandler) {
-	c.handlersMux.Lock()
-	defer c.handlersMux.Unlock()
-	c.handlers[messageType] = handler
-}
-
-// readPump pumps messages from the WebSocket connection
-func (c *Client) readPump() {
-	defer c.conn.Close()
-
-	for {
-		select {
-		case <-c.done:
-			return
-		default:
-			var msg WSMessage
-			err := c.conn.ReadJSON(&msg)
-			if err != nil {
-				return
-			}
-
-			c.handlersMux.RLock()
-			if handler, ok := c.handlers[msg.Type]; ok {
-				handler(msg)
-			}
-			c.handlersMux.RUnlock()
-		}
-	}
-}
-
-func (c *Client) getToken() (string, error) {
-	// Parse the base URL to ensure we have the correct hostname
-	baseURL, err := url.Parse(c.baseURL)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse base URL: %w", err)
-	}
-
-	// Ensure we have the base URL without trailing slashes
-	baseEndpoint := strings.TrimRight(baseURL.String(), "/")
-
-	// If we already have a token, try to use it
-	if c.config.Token != "" {
-		tokenCheckData := map[string]interface{}{
-			"newtId": c.config.NewtID,
-			"secret": c.config.Secret,
-			"token":  c.config.Token,
-		}
-		jsonData, err := json.Marshal(tokenCheckData)
-		if err != nil {
-			return "", fmt.Errorf("failed to marshal token check data: %w", err)
-		}
-
-		// Create a new request
-		req, err := http.NewRequest(
-			"POST",
-			baseEndpoint+"/api/v1/auth/newt/get-token",
-			bytes.NewBuffer(jsonData),
-		)
-		if err != nil {
-			return "", fmt.Errorf("failed to create request: %w", err)
-		}
-
-		// Set headers
-		req.Header.Set("Content-Type", "application/json")
-		req.Header.Set("X-CSRF-Token", "x-csrf-protection")
-
-		// Make the request
-		client := &http.Client{}
-		resp, err := client.Do(req)
-		if err != nil {
-			return "", fmt.Errorf("failed to check token validity: %w", err)
-		}
-		defer resp.Body.Close()
-
-		var tokenResp TokenResponse
-		if err := json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
-			return "", fmt.Errorf("failed to decode token check response: %w", err)
-		}
-
-		// If token is still valid, return it
-		if tokenResp.Success && tokenResp.Message == "Token session already valid" {
-			return c.config.Token, nil
-		}
-	}
-
-	// Get a new token
-	tokenData := map[string]interface{}{
-		"newtId": c.config.NewtID,
-		"secret": c.config.Secret,
-	}
-	jsonData, err := json.Marshal(tokenData)
-	if err != nil {
-		return "", fmt.Errorf("failed to marshal token request data: %w", err)
-	}
-
-	// Create a new request
-	req, err := http.NewRequest(
-		"POST",
-		baseEndpoint+"/api/v1/auth/newt/get-token",
-		bytes.NewBuffer(jsonData),
-	)
-	if err != nil {
-		return "", fmt.Errorf("failed to create request: %w", err)
-	}
-
-	// Set headers
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("X-CSRF-Token", "x-csrf-protection")
-
-	// Make the request
-	client := &http.Client{}
-	resp, err := client.Do(req)
-	if err != nil {
-		return "", fmt.Errorf("failed to request new token: %w", err)
-	}
-	defer resp.Body.Close()
-
-	var tokenResp TokenResponse
-	if err := json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
-		return "", fmt.Errorf("failed to decode token response: %w", err)
-	}
-
-	if !tokenResp.Success {
-		return "", fmt.Errorf("failed to get token: %s", tokenResp.Message)
-	}
-
-	if tokenResp.Data.Token == "" {
-		return "", fmt.Errorf("received empty token from server")
-	}
-
-	return tokenResp.Data.Token, nil
-}
-
-func (c *Client) connectWithRetry() {
-	for {
-		select {
-		case <-c.done:
-			return
-		default:
-			err := c.establishConnection()
-			if err != nil {
-				logger.Error("Failed to connect: %v. Retrying in %v...", err, c.reconnectInterval)
-				time.Sleep(c.reconnectInterval)
-				continue
-			}
-			return
-		}
-	}
-}
-
-func (c *Client) establishConnection() error {
-	// Get token for authentication
-	token, err := c.getToken()
-	if err != nil {
-		return fmt.Errorf("failed to get token: %w", err)
-	}
-
-	// Parse the base URL to determine protocol and hostname
-	baseURL, err := url.Parse(c.baseURL)
-	if err != nil {
-		return fmt.Errorf("failed to parse base URL: %w", err)
-	}
-
-	// Determine WebSocket protocol based on HTTP protocol
-	wsProtocol := "wss"
-	if baseURL.Scheme == "http" {
-		wsProtocol = "ws"
-	}
-
-	// Create WebSocket URL
-	wsURL := fmt.Sprintf("%s://%s/api/v1/ws", wsProtocol, baseURL.Host)
-	u, err := url.Parse(wsURL)
-	if err != nil {
-		return fmt.Errorf("failed to parse WebSocket URL: %w", err)
-	}
-
-	// Add token to query parameters
-	q := u.Query()
-	q.Set("token", token)
-	u.RawQuery = q.Encode()
-
-	// Connect to WebSocket
-	conn, _, err := websocket.DefaultDialer.Dial(u.String(), nil)
-	if err != nil {
-		return fmt.Errorf("failed to connect to WebSocket: %w", err)
-	}
-
-	c.conn = conn
-	c.setConnected(true)
-
-	// Start the ping monitor
-	go c.pingMonitor()
-	// Start the read pump
-	go c.readPump()
-
-	if c.onConnect != nil {
-		if err := c.onConnect(); err != nil {
-			logger.Error("OnConnect callback failed: %v", err)
-		}
-	}
-
-	return nil
-}
-
-func (c *Client) pingMonitor() {
-	ticker := time.NewTicker(30 * time.Second)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-c.done:
-			return
-		case <-ticker.C:
-			if err := c.conn.WriteControl(websocket.PingMessage, []byte{}, time.Now().Add(10*time.Second)); err != nil {
-				logger.Error("Ping failed: %v", err)
-				c.reconnect()
-				return
-			}
-		}
-	}
-}
-
-func (c *Client) reconnect() {
-	c.setConnected(false)
-	if c.conn != nil {
-		c.conn.Close()
-	}
-
-	go c.connectWithRetry()
-}
-
-func (c *Client) setConnected(status bool) {
-	c.reconnectMux.Lock()
-	defer c.reconnectMux.Unlock()
-	c.isConnected = status
-}

websocket/config.go

@@ -1,72 +0,0 @@
-package websocket
-
-import (
-	"encoding/json"
-	"log"
-	"os"
-	"path/filepath"
-	"runtime"
-)
-
-func getConfigPath() string {
-	var configDir string
-	switch runtime.GOOS {
-	case "darwin":
-		configDir = filepath.Join(os.Getenv("HOME"), "Library", "Application Support", "newt-client")
-	case "windows":
-		configDir = filepath.Join(os.Getenv("APPDATA"), "newt-client")
-	default: // linux and others
-		configDir = filepath.Join(os.Getenv("HOME"), ".config", "newt-client")
-	}
-
-	if err := os.MkdirAll(configDir, 0755); err != nil {
-		log.Printf("Failed to create config directory: %v", err)
-	}
-
-	return filepath.Join(configDir, "config.json")
-}
-
-func (c *Client) loadConfig() error {
-	if c.config.NewtID != "" && c.config.Secret != "" && c.config.Endpoint != "" {
-		return nil
-	}
-
-	configPath := getConfigPath()
-	data, err := os.ReadFile(configPath)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-
-	var config Config
-	if err := json.Unmarshal(data, &config); err != nil {
-		return err
-	}
-
-	if c.config.NewtID == "" {
-		c.config.NewtID = config.NewtID
-	}
-	if c.config.Token == "" {
-		c.config.Token = config.Token
-	}
-	if c.config.Secret == "" {
-		c.config.Secret = config.Secret
-	}
-	if c.config.Endpoint == "" {
-		c.config.Endpoint = config.Endpoint
-		c.baseURL = config.Endpoint
-	}
-
-	return nil
-}
-
-func (c *Client) saveConfig() error {
-	configPath := getConfigPath()
-	data, err := json.MarshalIndent(c.config, "", "  ")
-	if err != nil {
-		return err
-	}
-	return os.WriteFile(configPath, data, 0644)
-}

websocket/types.go

@@ -1,21 +0,0 @@
-package websocket
-
-type Config struct {
-	NewtID   string `json:"newtId"`
-	Secret   string `json:"secret"`
-	Token    string `json:"token"`
-	Endpoint string `json:"endpoint"`
-}
-
-type TokenResponse struct {
-	Data struct {
-		Token string `json:"token"`
-	} `json:"data"`
-	Success bool   `json:"success"`
-	Message string `json:"message"`
-}
-
-type WSMessage struct {
-	Type string      `json:"type"`
-	Data interface{} `json:"data"`
-}

wgtester/wgtester.go

@@ -0,0 +1,260 @@
+package wgtester
+
+import (
+	"context"
+	"encoding/binary"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/fosrl/newt/logger"
+)
+
+const (
+	// Magic bytes to identify our packets
+	magicHeader uint32 = 0xDEADBEEF
+	// Request packet type
+	packetTypeRequest uint8 = 1
+	// Response packet type
+	packetTypeResponse uint8 = 2
+	// Packet format:
+	// - 4 bytes: magic header (0xDEADBEEF)
+	// - 1 byte: packet type (1 = request, 2 = response)
+	// - 8 bytes: timestamp (for round-trip timing)
+	packetSize = 13
+)
+
+// Client handles checking connectivity to a server
+type Client struct {
+	conn           *net.UDPConn
+	serverAddr     string
+	monitorRunning bool
+	monitorLock    sync.Mutex
+	connLock       sync.Mutex // Protects connection operations
+	shutdownCh     chan struct{}
+	packetInterval time.Duration
+	timeout        time.Duration
+	maxAttempts    int
+}
+
+// ConnectionStatus represents the current connection state
+type ConnectionStatus struct {
+	Connected bool
+	RTT       time.Duration
+}
+
+// NewClient creates a new connection test client
+func NewClient(serverAddr string) (*Client, error) {
+	return &Client{
+		serverAddr:     serverAddr,
+		shutdownCh:     make(chan struct{}),
+		packetInterval: 2 * time.Second,
+		timeout:        500 * time.Millisecond, // Timeout for individual packets
+		maxAttempts:    3,                      // Default max attempts
+	}, nil
+}
+
+// SetPacketInterval changes how frequently packets are sent in monitor mode
+func (c *Client) SetPacketInterval(interval time.Duration) {
+	c.packetInterval = interval
+}
+
+// SetTimeout changes the timeout for waiting for responses
+func (c *Client) SetTimeout(timeout time.Duration) {
+	c.timeout = timeout
+}
+
+// SetMaxAttempts changes the maximum number of attempts for TestConnection
+func (c *Client) SetMaxAttempts(attempts int) {
+	c.maxAttempts = attempts
+}
+
+// Close cleans up client resources
+func (c *Client) Close() {
+	c.StopMonitor()
+
+	c.connLock.Lock()
+	defer c.connLock.Unlock()
+
+	if c.conn != nil {
+		c.conn.Close()
+		c.conn = nil
+	}
+}
+
+// ensureConnection makes sure we have an active UDP connection
+func (c *Client) ensureConnection() error {
+	c.connLock.Lock()
+	defer c.connLock.Unlock()
+
+	if c.conn != nil {
+		return nil
+	}
+
+	serverAddr, err := net.ResolveUDPAddr("udp", c.serverAddr)
+	if err != nil {
+		return err
+	}
+
+	c.conn, err = net.DialUDP("udp", nil, serverAddr)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// TestConnection checks if the connection to the server is working
+// Returns true if connected, false otherwise
+func (c *Client) TestConnection(ctx context.Context) (bool, time.Duration) {
+	if err := c.ensureConnection(); err != nil {
+		logger.Warn("Failed to ensure connection: %v", err)
+		return false, 0
+	}
+
+	// Prepare packet buffer
+	packet := make([]byte, packetSize)
+	binary.BigEndian.PutUint32(packet[0:4], magicHeader)
+	packet[4] = packetTypeRequest
+
+	// Send multiple attempts as specified
+	for attempt := 0; attempt < c.maxAttempts; attempt++ {
+		select {
+		case <-ctx.Done():
+			return false, 0
+		default:
+			// Add current timestamp to packet
+			timestamp := time.Now().UnixNano()
+			binary.BigEndian.PutUint64(packet[5:13], uint64(timestamp))
+
+			// Lock the connection for the entire send/receive operation
+			c.connLock.Lock()
+
+			// Check if connection is still valid after acquiring lock
+			if c.conn == nil {
+				c.connLock.Unlock()
+				return false, 0
+			}
+
+			logger.Debug("Attempting to send monitor packet to %s", c.serverAddr)
+			_, err := c.conn.Write(packet)
+			if err != nil {
+				c.connLock.Unlock()
+				logger.Info("Error sending packet: %v", err)
+				continue
+			}
+			logger.Debug("Successfully sent monitor packet")
+
+			// Set read deadline
+			c.conn.SetReadDeadline(time.Now().Add(c.timeout))
+
+			// Wait for response
+			responseBuffer := make([]byte, packetSize)
+			n, err := c.conn.Read(responseBuffer)
+			c.connLock.Unlock()
+
+			if err != nil {
+				if netErr, ok := err.(net.Error); ok && netErr.Timeout() {
+					// Timeout, try next attempt
+					time.Sleep(100 * time.Millisecond) // Brief pause between attempts
+					continue
+				}
+				logger.Error("Error reading response: %v", err)
+				continue
+			}
+
+			if n != packetSize {
+				continue // Malformed packet
+			}
+
+			// Verify response
+			magic := binary.BigEndian.Uint32(responseBuffer[0:4])
+			packetType := responseBuffer[4]
+			if magic != magicHeader || packetType != packetTypeResponse {
+				continue // Not our response
+			}
+
+			// Extract the original timestamp and calculate RTT
+			sentTimestamp := int64(binary.BigEndian.Uint64(responseBuffer[5:13]))
+			rtt := time.Duration(time.Now().UnixNano() - sentTimestamp)
+
+			return true, rtt
+		}
+	}
+
+	return false, 0
+}
+
+// TestConnectionWithTimeout tries to test connection with a timeout
+// Returns true if connected, false otherwise
+func (c *Client) TestConnectionWithTimeout(timeout time.Duration) (bool, time.Duration) {
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+	return c.TestConnection(ctx)
+}
+
+// MonitorCallback is the function type for connection status change callbacks
+type MonitorCallback func(status ConnectionStatus)
+
+// StartMonitor begins monitoring the connection and calls the callback
+// when the connection status changes
+func (c *Client) StartMonitor(callback MonitorCallback) error {
+	c.monitorLock.Lock()
+	defer c.monitorLock.Unlock()
+
+	if c.monitorRunning {
+		logger.Info("Monitor already running")
+		return nil // Already running
+	}
+
+	if err := c.ensureConnection(); err != nil {
+		return err
+	}
+
+	c.monitorRunning = true
+	c.shutdownCh = make(chan struct{})
+
+	go func() {
+		var lastConnected bool
+		firstRun := true
+
+		ticker := time.NewTicker(c.packetInterval)
+		defer ticker.Stop()
+
+		for {
+			select {
+			case <-c.shutdownCh:
+				return
+			case <-ticker.C:
+				ctx, cancel := context.WithTimeout(context.Background(), c.timeout)
+				connected, rtt := c.TestConnection(ctx)
+				cancel()
+
+				// Callback if status changed or it's the first check
+				if connected != lastConnected || firstRun {
+					callback(ConnectionStatus{
+						Connected: connected,
+						RTT:       rtt,
+					})
+					lastConnected = connected
+					firstRun = false
+				}
+			}
+		}
+	}()
+
+	return nil
+}
+
+// StopMonitor stops the connection monitoring
+func (c *Client) StopMonitor() {
+	c.monitorLock.Lock()
+	defer c.monitorLock.Unlock()
+
+	if !c.monitorRunning {
+		return
+	}
+
+	close(c.shutdownCh)
+	c.monitorRunning = false
+}

windows.go

@@ -0,0 +1,25 @@
+//go:build windows
+
+package main
+
+import (
+	"errors"
+	"net"
+	"os"
+
+	"golang.zx2c4.com/wireguard/ipc"
+	"golang.zx2c4.com/wireguard/tun"
+)
+
+func createTUNFromFD(tunFdStr string, mtuInt int) (tun.Device, error) {
+	return nil, errors.New("CreateTUNFromFile not supported on Windows")
+}
+
+func uapiOpen(interfaceName string) (*os.File, error) {
+	return nil, nil
+}
+
+func uapiListen(interfaceName string, fileUAPI *os.File) (net.Listener, error) {
+	// On Windows, UAPIListen only takes one parameter
+	return ipc.UAPIListen(interfaceName)
+}