Skip to content

feat: peer wireguard #2445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Jun 24, 2022
Merged

feat: peer wireguard #2445

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
2361e15
feat: peer wireguard
coadler Jun 10, 2022
ccd4217
disable wireguard on agent tests
coadler Jun 22, 2022
b1805a2
fixup! disable wireguard on agent tests
coadler Jun 22, 2022
2d53eaa
fixup! disable wireguard on agent tests
coadler Jun 22, 2022
c85a6e9
some stuff
coadler Jun 22, 2022
05abed3
Add comments and minor renames to peerwg (#2609)
kylecarbs Jun 23, 2022
14665de
change handshake separator
coadler Jun 23, 2022
2591ffc
cleanup
coadler Jun 23, 2022
f7a827d
fixup! cleanup
coadler Jun 23, 2022
f22156e
Merge branch 'main' into colin/wireguard-peer
coadler Jun 23, 2022
faad97f
fix down migration
coadler Jun 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
some stuff
  • Loading branch information
@coadler
coadler committed Jun 22, 2022
commit c85a6e9387eabcfc1b65e3a973c0a7ea7196e6aa
2 changes: 1 addition & 1 deletion agent/agent.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ type PublicKeys struct {

type Dialer func(ctx context.Context, logger slog.Logger) (Metadata, *peerbroker.Listener, error)
type PostKeys func(ctx context.Context, keys PublicKeys) error
type ListenWireguardPeers func(ctx context.Context, logger slog.Logger) (<-chan *peerwg.WireguardPeerMessage, func(), error)
type ListenWireguardPeers func(ctx context.Context, logger slog.Logger) (<-chan peerwg.WireguardPeerMessage, func(), error)

func New(dialer Dialer, options *Options) io.Closer {
if options == nil {
Expand Down
7 changes: 4 additions & 3 deletions agent/wireguard.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
func (a *agent) startWireguard(ctx context.Context, addrs []netaddr.IPPrefix) error {
if a.wg != nil {
_ = a.wg.Close()
a.wg = nil
}

if !a.enableWireguard {
Expand Down Expand Up @@ -46,12 +47,12 @@ func (a *agent) startWireguard(ctx context.Context, addrs []netaddr.IPPrefix) er
}

for {
peer := <-ch
if peer == nil {
peer, ok := <-ch
if !ok {
break
}

err := wg.AddPeer(*peer)
err := wg.AddPeer(peer)
a.logger.Info(ctx, "added wireguard peer", slog.F("peer", peer.Public.ShortString()), slog.Error(err))
}

Expand Down
1 change: 1 addition & 0 deletions cli/wireguardtunnel.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ func wireguardPortForward() *cobra.Command {
Use: "wireguard-port-forward <workspace>",
Aliases: []string{"wireguard-tunnel"},
Args: cobra.ExactArgs(1),
Hidden: true,
Example: `
- Port forward a single TCP port from 1234 in the workspace to port 5678 on
your local machine
Expand Down
5 changes: 2 additions & 3 deletions coderd/devtunnel/tunnel.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (
)

const (
Proto = "https"
EndpointWireguard = "wg-tunnel-udp.coder.app"
EndpointHTTPS = "wg-tunnel.coder.app"

Expand Down Expand Up @@ -111,7 +110,7 @@ allowed_ip=%s/128`,
}()

return &Tunnel{
URL: fmt.Sprintf("%s://%s.%s", Proto, cfg.ID, EndpointHTTPS),
URL: fmt.Sprintf("https://%s.%s", cfg.ID, EndpointHTTPS),
Listener: wgListen,
}, ch, nil
}
Expand Down Expand Up @@ -166,7 +165,7 @@ func sendConfigToServer(ctx context.Context, cfg Config) (created bool, err erro
return false, xerrors.Errorf("marshal config: %w", err)
}

req, err := http.NewRequestWithContext(ctx, "POST", Proto+"://"+EndpointHTTPS+"/tun", bytes.NewReader(raw))
req, err := http.NewRequestWithContext(ctx, "POST", "https://"+EndpointHTTPS+"/tun", bytes.NewReader(raw))
if err != nil {
return false, xerrors.Errorf("new request: %w", err)
}
Expand Down
6 changes: 3 additions & 3 deletions codersdk/workspaceagents.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -275,7 +275,7 @@ func (c *Client) PostWireguardPeer(ctx context.Context, workspaceID uuid.UUID, p
// WireguardPeerListener listens for wireguard peer messages. Peer messages are
// sent when a new client wants to connect. Once receiving a peer message, the
// peer should be added to the NetworkMap of the wireguard interface.
func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger) (<-chan *peerwg.WireguardPeerMessage, func(), error) {
func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger) (<-chan peerwg.WireguardPeerMessage, func(), error) {
serverURL, err := c.URL.Parse("/api/v2/workspaceagents/me/wireguardlisten")
if err != nil {
return nil, nil, xerrors.Errorf("parse url: %w", err)
Expand Down Expand Up @@ -304,7 +304,7 @@ func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger)
return nil, nil, readBodyAsError(res)
}

ch := make(chan *peerwg.WireguardPeerMessage, 1)
ch := make(chan peerwg.WireguardPeerMessage, 1)
go func() {
defer conn.Close(websocket.StatusGoingAway, "")
defer close(ch)
Expand All @@ -322,7 +322,7 @@ func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger)
continue
}

ch <- &msg
ch <- msg
}
}()

Expand Down
2 changes: 1 addition & 1 deletion peer/peerwg/peermessage.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ type WireguardPeerMessage struct {
// WireguardPeerMessage to quickly determine if the message is meant for the
// provided agentID.
func WireguardPeerMessageRecipientHint(agentID []byte, msg []byte) (bool, error) {
idx := bytes.Index(msg, []byte{10})
idx := bytes.Index(msg, []byte{peerMessageSeparator})
if idx == -1 {
return false, xerrors.Errorf("invalid peer message, no separator")
}
Expand Down
15 changes: 7 additions & 8 deletions peer/peerwg/wireguard.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,7 @@ import (
)

func UUIDToInet(uid uuid.UUID) pqtype.Inet {
uid[0] = 0xfd
uid[1] = 0x7a
uid[2] = 0x11
uid[3] = 0x5c
uid[4] = 0xa1
uid[5] = 0xe0
uid = privateUUID(uid)

return pqtype.Inet{
Valid: true,
Expand All @@ -53,15 +48,19 @@ func UUIDToInet(uid uuid.UUID) pqtype.Inet {
}

func UUIDToNetaddr(uid uuid.UUID) netaddr.IP {
return netaddr.IPFrom16(privateUUID(uid))
}

// privateUUID sets the uid to have the tailscale private ipv6 prefix.
func privateUUID(uid uuid.UUID) uuid.UUID {
// fd7a:115c:a1e0
uid[0] = 0xfd
uid[1] = 0x7a
uid[2] = 0x11
uid[3] = 0x5c
uid[4] = 0xa1
uid[5] = 0xe0

return netaddr.IPFrom16(uid)
return uid
}

var logf tslogger.Logf = log.Printf
Expand Down