diff --git a/cmd/config.go b/cmd/config.go index da17231f8..c7ea6e7d8 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -1,16 +1,58 @@ package cmd +import ( + "encoding/json" + "github.com/pion/ice/v2" + "github.com/wiretrustee/wiretrustee/connection" + "io/ioutil" + "os" +) + type Config struct { // Wireguard private key of local peer PrivateKey string // configured remote peers (Wireguard public keys) - Peers string - StunURL string - TurnURL string - TurnUser string - TurnPwd string + Peers []connection.Peer + StunTurnURLs []*ice.URL // host:port of the signal server SignalAddr string WgAddr string WgIface string } + +//Write writes configPath to a file +func (cfg *Config) Write(path string) error { + bs, err := json.Marshal(cfg) + if err != nil { + return err + } + + err = ioutil.WriteFile(path, bs, 0600) + if err != nil { + return err + } + + return nil +} + +//Read reads configPath from a file +func Read(path string) (*Config, error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + + bs, err := ioutil.ReadAll(f) + if err != nil { + return nil, err + } + + var cfg Config + err = json.Unmarshal(bs, &cfg) + if err != nil { + return nil, err + } + + return &cfg, nil +} diff --git a/cmd/up.go b/cmd/up.go index 73e8b68a5..b65208a7e 100644 --- a/cmd/up.go +++ b/cmd/up.go @@ -2,14 +2,11 @@ package cmd import ( "context" - "fmt" - "github.com/pion/ice/v2" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/wiretrustee/wiretrustee/connection" sig "github.com/wiretrustee/wiretrustee/signal" "os" - "strings" ) const ( @@ -17,15 +14,21 @@ const ( ) var ( - cfgFile string - - config = &Config{} + configPath string + logLevel string upCmd = &cobra.Command{ Use: "up", Short: "start wiretrustee", Run: func(cmd *cobra.Command, args []string) { - log.SetLevel(log.DebugLevel) + level, err := log.ParseLevel(logLevel) + if err != nil { + log.Errorf("efailed parsing log-level %s: %s", logLevel, err) + os.Exit(ExitSetupFailed) + } + log.SetLevel(level) + + config, _ := Read(configPath) ctx := context.Background() signalClient, err := sig.NewClient(config.SignalAddr, ctx) @@ -36,15 +39,9 @@ var ( //todo proper close handling defer func() { signalClient.Close() }() - stunURL, _ := ice.ParseURL(config.StunURL) - turnURL, _ := ice.ParseURL(config.TurnURL) - turnURL.Password = config.TurnPwd - turnURL.Username = config.TurnUser - urls := []*ice.URL{turnURL, stunURL} + engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr) - engine := connection.NewEngine(signalClient, urls, config.WgIface, config.WgAddr) - - err = engine.Start(config.PrivateKey, strings.Split(config.Peers, ",")) + err = engine.Start(config.PrivateKey, config.Peers) //signalClient.WaitConnected() @@ -54,58 +51,7 @@ var ( ) func init() { - //upCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.wiretrustee.yaml)") - upCmd.PersistentFlags().StringVar(&config.WgAddr, "address", "", "IP address of a peer in CIDR notation (e.g. 10.30.30.1/24)") - upCmd.PersistentFlags().StringVar(&config.PrivateKey, "key", "", "Peers Wireguard private key") - upCmd.PersistentFlags().StringVar(&config.Peers, "peers", "", "A comma separated list of peers (Wireguard public keys) to connect to") - upCmd.MarkPersistentFlagRequired("key") - upCmd.MarkPersistentFlagRequired("ip") - upCmd.MarkPersistentFlagRequired("peers") - upCmd.PersistentFlags().StringVar(&config.WgIface, "interface", "wiretrustee0", "Wireguard interface name") - upCmd.PersistentFlags().StringVar(&config.StunURL, "stun", "stun:stun.wiretrustee.com:3468", "A comma separated list of STUN servers including protocol (e.g. stun:stun.wiretrustee.com:3468") - upCmd.PersistentFlags().StringVar(&config.TurnURL, "turn", "turn:stun.wiretrustee.com:3468", "A comma separated list of TURN servers including protocol (e.g. stun:stun.wiretrustee.com:3468") - upCmd.PersistentFlags().StringVar(&config.TurnUser, "turnUser", "wiretrustee", "A comma separated list of TURN servers including protocol (e.g. stun:stun.wiretrustee.com:3468") - upCmd.PersistentFlags().StringVar(&config.TurnPwd, "turnPwd", "wt2021hello@", "A comma separated list of TURN servers including protocol (e.g. stun:stun.wiretrustee.com:3468") - upCmd.PersistentFlags().StringVar(&config.SignalAddr, "signal", "signal.wiretrustee.com:10000", "Signal server URL (e.g. signal.wiretrustee.com:10000") - //upCmd.MarkPersistentFlagRequired("config") - fmt.Printf("") -} - -func defaultConfig() *Config { - - return &Config{ - PrivateKey: "OCVgR9VJT4y4tBscRQ6SYHWocQlykUMCDI6APjp3ilY=", - Peers: "uRoZAk1g90WXXvazH0SS6URZ2/Kmhx+hbVhUt2ipzlU=", - SignalAddr: "signal.wiretrustee.com:10000", - StunURL: "stun.wiretrustee.com:3468", - TurnURL: "stun.wiretrustee.com:3468", - TurnPwd: "wt2021hello@", - TurnUser: "wiretrustee", - WgAddr: "10.30.30.1/24", - WgIface: "wt0", - } -} - -func ReadConfig(path string) (*Config, error) { - /*f, err := os.Open(path) - if err != nil { - return nil, err - } - defer f.Close() - - bs, err := ioutil.ReadAll(f) - if err != nil { - return nil, err - } - - var cfg Config - - err = yaml.Unmarshal(bs, &cfg) - if err != nil { - return nil, err - } - - return &cfg, nil*/ - - return &Config{}, nil + upCmd.PersistentFlags().StringVar(&configPath, "config", "", "") + upCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "") + upCmd.MarkPersistentFlagRequired("config") } diff --git a/connection/connection.go b/connection/connection.go index 294fa2ae6..e18a87260 100644 --- a/connection/connection.go +++ b/connection/connection.go @@ -11,17 +11,18 @@ import ( ) var ( - DefaultAllowedIps = "0.0.0.0/0" DefaultWgKeepAlive = 20 * time.Second ) -type Config struct { +type ConnConfig struct { // Local Wireguard listening address e.g. 127.0.0.1:51820 WgListenAddr string // A Local Wireguard Peer IP address in CIDR notation e.g. 10.30.30.1/24 WgPeerIp string // Local Wireguard Interface name (e.g. wg0) WgIface string + // Wireguard allowed IPs (e.g. 10.30.30.2/32) + WgAllowedIPs string // Local Wireguard private key WgKey wgtypes.Key // Remote Wireguard public key @@ -37,7 +38,7 @@ type IceCredentials struct { } type Connection struct { - Config Config + Config ConnConfig // signalCandidate is a handler function to signal remote peer about local connection candidate signalCandidate func(candidate ice.Candidate) error @@ -58,7 +59,7 @@ type Connection struct { wgConn net.Conn } -func NewConnection(config Config, +func NewConnection(config ConnConfig, signalCandidate func(candidate ice.Candidate) error, signalOffer func(uFrag string, pwd string) error, signalAnswer func(uFrag string, pwd string) error, @@ -287,7 +288,7 @@ func (conn *Connection) createWireguardProxy() (*net.Conn, error) { return nil, err } // add local proxy connection as a Wireguard peer - err = iface.UpdatePeer(conn.Config.WgIface, conn.Config.RemoteWgKey.String(), DefaultAllowedIps, DefaultWgKeepAlive, + err = iface.UpdatePeer(conn.Config.WgIface, conn.Config.RemoteWgKey.String(), conn.Config.WgAllowedIPs, DefaultWgKeepAlive, wgConn.LocalAddr().String()) if err != nil { log.Errorf("error while configuring Wireguard peer [%s] %s", conn.Config.RemoteWgKey.String(), err.Error()) diff --git a/connection/engine.go b/connection/engine.go index d46c0307b..06ba03c77 100644 --- a/connection/engine.go +++ b/connection/engine.go @@ -23,6 +23,11 @@ type Engine struct { wgIp string } +type Peer struct { + WgPubKey string + WgAllowedIps string +} + func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string) *Engine { return &Engine{ stunsTurns: stunsTurns, @@ -33,7 +38,7 @@ func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgA } } -func (e *Engine) Start(privateKey string, peers []string) error { +func (e *Engine) Start(privateKey string, peers []Peer) error { // setup wireguard myKey, err := wgtypes.ParseKey(privateKey) @@ -65,11 +70,12 @@ func (e *Engine) Start(privateKey string, peers []string) error { // initialize peer agents for _, peer := range peers { - remoteKey, _ := wgtypes.ParseKey(peer) - connConfig := &Config{ + remoteKey, _ := wgtypes.ParseKey(peer.WgPubKey) + connConfig := &ConnConfig{ WgListenAddr: fmt.Sprintf("127.0.0.1:%d", *wgPort), WgPeerIp: e.wgIp, WgIface: e.wgIface, + WgAllowedIPs: peer.WgAllowedIps, WgKey: myKey, RemoteWgKey: remoteKey, StunTurnURLS: e.stunsTurns,