[proxy] add pre-shared key support (#5377)

2026-04-16 15:26:40 +00:00 · 2026-02-23 16:31:29 +01:00
parent 5d171f181a
commit 9d123ec059
4 changed files with 39 additions and 12 deletions
--- a/proxy/server.go
+++ b/proxy/server.go
@@ -114,6 +114,8 @@ type Server struct {
 	// When enabled, the real client IP is extracted from the PROXY header
 	// sent by upstream L4 proxies that support PROXY protocol.
 	ProxyProtocol bool
+	// PreSharedKey used for tunnel between proxy and peers (set globally not per account)
+	PreSharedKey string
 }

 // NotifyStatus sends a status update to management about tunnel connectivity
@@ -163,7 +165,11 @@ func (s *Server) ListenAndServe(ctx context.Context, addr string) (err error) {

 	// Initialize the netbird client, this is required to build peer connections
 	// to proxy over.
-	s.netbird = roundtrip.NewNetBird(s.ManagementAddress, s.ID, s.ProxyURL, s.WireguardPort, s.Logger, s, s.mgmtClient)
+	s.netbird = roundtrip.NewNetBird(s.ID, s.ProxyURL, roundtrip.ClientConfig{
+		MgmtAddr:     s.ManagementAddress,
+		WGPort:       s.WireguardPort,
+		PreSharedKey: s.PreSharedKey,
+	}, s.Logger, s, s.mgmtClient)

 	tlsConfig, err := s.configureTLS(ctx)
 	if err != nil {