merge conflict with develop

Dockerfile

@@ -7,7 +7,7 @@ COPY . .
 RUN go mod tidy
 RUN GOOS=linux CGO_ENABLED=0 /usr/local/go/bin/go build -ldflags="-s -w" -o netclient-app .
 
-FROM alpine:3.19.1
+FROM alpine:3.20.0
 
 WORKDIR /root/
 

Dockerfile-netclient-multiarch-userspace

@@ -3,7 +3,7 @@ WORKDIR /app
 COPY . .
 RUN GOOS=linux CGO_ENABLED=0 /usr/local/go/bin/go build -ldflags="-w -s" -o netclient-app .
 
-FROM alpine:3.19.1
+FROM alpine:3.20.0
 
 WORKDIR /root/
 

cmd/install.go

@@ -4,6 +4,9 @@ Copyright © 2022 Netmaker Team <[email protected]>
 package cmd
 
 import (
+ "errors"
+ "runtime"
+
  "github.com/gravitl/netclient/functions"
  "github.com/spf13/cobra"
 )
@@ -17,6 +20,13 @@ var installCmd = &cobra.Command{
 ./netclient install [command options] [arguments]
 
 ensure you specify the full path to then new binary to be installed`,
+ PreRunE: func(cmd *cobra.Command, args []string) error {
+ if runtime.GOOS == "windows" {
+ cmd.SilenceUsage = true
+ return errors.New("cmd install on Windows is deprecated, please install with msi installer")
+ }
+ return nil
+ },
  Run: func(cmd *cobra.Command, args []string) {
  functions.Install()
  },

config/config.go

@@ -158,6 +158,13 @@ func DeleteServerHostPeerCfg() {
  netclient.HostPeers = []wgtypes.PeerConfig{}
 }
 
+// DeleteClientNodes - delete the nodes in client config
+func DeleteClientNodes() {
+ netclientCfgMutex.Lock()
+ defer netclientCfgMutex.Unlock()
+ netclient.Nodes = []string{}
+}
+
 // RemoveServerHostPeerCfg - sets remove flag for all peers on the given server peers
 func RemoveServerHostPeerCfg() {
  netclient := Netclient()

daemon/openrc_linux.go

@@ -9,6 +9,10 @@ import (
  "golang.org/x/exp/slog"
 )
 
+var (
+ LogFile = "/var/log/netclient.log"
+)
+
 // setupOpenRC - sets up openrc daemon
 func setupOpenRC() error {
  service := `#!/sbin/openrc-run
@@ -25,7 +29,6 @@ respawn_period=10
 output_log="/var/log/netclient.log"
 error_log="/var/log/netclient.log"
 depend() {
- need net
  after firewall
 }
 
@@ -34,6 +37,13 @@ depend() {
  if err := os.WriteFile("/etc/init.d/netclient", bytes, 0755); err != nil {
  return err
  }
+ if _, err := os.Stat(LogFile); err != nil {
+ if os.IsNotExist(err) {
+ if err := os.WriteFile(LogFile, []byte("--------------------"), 0644); err != nil {
+ return err
+ }
+ }
+ }
  if _, err := ncutils.RunCmd("/sbin/rc-update add netclient default", false); err != nil {
  return err
  }

functions/daemon.go

@@ -98,6 +98,9 @@ func Daemon() {
 
 // checkAndRestoreDefaultGateway -check if it needs to restore the default gateway
 func checkAndRestoreDefaultGateway() {
+ if config.Netclient().CurrGwNmIP == nil {
+ return
+ }
  //get the current default gateway
  ip, err := wireguard.GetDefaultGatewayIp()
  if err != nil {
@@ -161,14 +164,14 @@ func startGoRoutines(wg *sync.WaitGroup) context.CancelFunc {
  config.Netclient().WgPublicListenPort = config.WgPublicListenPort
  updateConfig = true
  }
- if config.Netclient().EndpointIP == nil {
- if ipv4 := config.HostPublicIP.To4(); ipv4 != nil {
- config.Netclient().EndpointIP = config.HostPublicIP
- updateConfig = true
- } else {
- config.HostPublicIP = nil
- }
+ if config.HostPublicIP != nil && !config.HostPublicIP.IsUnspecified() {
+ config.Netclient().EndpointIP = config.HostPublicIP
+ updateConfig = true
+ } else {
+ config.Netclient().EndpointIP = nil
+ updateConfig = true
  }
+
  if config.Netclient().NatType == "" {
  config.Netclient().NatType = config.HostNatType
  updateConfig = true
@@ -180,14 +183,13 @@ func startGoRoutines(wg *sync.WaitGroup) context.CancelFunc {
  } else {
  if ipv4 := ipv6.To4(); ipv4 != nil {
  slog.Warn("GetPublicIPv6 Warn: ", "Warn", "No IPv6 public ip found")
+ config.HostPublicIP6 = nil
+ config.Netclient().EndpointIPv6 = nil
+ updateConfig = true
  } else {
- if config.Netclient().EndpointIPv6 == nil {
- config.Netclient().EndpointIPv6 = ipv6
- config.HostPublicIP6 = ipv6
- updateConfig = true
- } else {
- config.HostPublicIP6 = ipv6
- }
+ config.Netclient().EndpointIPv6 = ipv6
+ config.HostPublicIP6 = ipv6
+ updateConfig = true
  }
  }
 
@@ -198,12 +200,10 @@ func startGoRoutines(wg *sync.WaitGroup) context.CancelFunc {
 
  config.SetServerCtx()
 
- if config.Netclient().OriginalDefaultGatewayIp == nil {
- originalDefaultGwIP, err := wireguard.GetDefaultGatewayIp()
- if err == nil && originalDefaultGwIP != nil {
- config.Netclient().OriginalDefaultGatewayIp = originalDefaultGwIP
- updateConfig = true
- }
+ originalDefaultGwIP, err := wireguard.GetDefaultGatewayIp()
+ if err == nil && originalDefaultGwIP != nil && (config.Netclient().CurrGwNmIP == nil || !config.Netclient().CurrGwNmIP.Equal(originalDefaultGwIP)) {
+ config.Netclient().OriginalDefaultGatewayIp = originalDefaultGwIP
+ updateConfig = true
  }
 
  if updateConfig {
@@ -550,5 +550,8 @@ func holePunchWgPort() (pubIP net.IP, pubPort int, natType string) {
  pubIP = publicIP
  pubPort = portToStun
  }
+ if ipv4 := pubIP.To4(); ipv4 == nil {
+ pubIP = nil
+ }
  return
 }

functions/mqhandlers.go

@@ -179,7 +179,7 @@ func HostPeerUpdate(client mqtt.Client, msg mqtt.Message) {
  }
  } else {
  //when change_default_gw set to false, check if it needs to restore to old gateway
- if config.Netclient().OriginalDefaultGatewayIp != nil && !config.Netclient().OriginalDefaultGatewayIp.Equal(ip) {
+ if config.Netclient().OriginalDefaultGatewayIp != nil && !config.Netclient().OriginalDefaultGatewayIp.Equal(ip) && config.Netclient().CurrGwNmIP != nil {
  err = wireguard.RestoreInternetGw()
  if err != nil {
  slog.Error("error restoring default gateway", "error", err.Error())
@@ -286,6 +286,7 @@ func HostUpdate(client mqtt.Client, msg mqtt.Message) {
  deleteHostCfg(client, serverName)
  config.WriteNodeConfig()
  config.WriteServerConfig()
+ config.DeleteClientNodes()
  restartDaemon = true
  case models.UpdateHost:
  resetInterface, restartDaemon, sendHostUpdate = config.UpdateHost(&hostUpdate.Host)
@@ -585,7 +586,7 @@ func mqFallbackPull(pullResponse models.HostPull, resetInterface, replacePeers b
  }
  } else {
  //when change_default_gw set to false, check if it needs to restore to old gateway
- if !config.Netclient().OriginalDefaultGatewayIp.Equal(ip) {
+ if !config.Netclient().OriginalDefaultGatewayIp.Equal(ip) && config.Netclient().CurrGwNmIP != nil {
  err = wireguard.RestoreInternetGw()
  if err != nil {
  slog.Error("error restoring default gateway", "error", err.Error())

functions/mqpublish.go

@@ -274,32 +274,31 @@ func UpdateHostSettings(fallback bool) error {
  return errors.New("server config is nil")
  }
  if !config.Netclient().IsStatic {
- if config.Netclient().EndpointIP == nil {
- config.Netclient().EndpointIP = config.HostPublicIP
- } else {
- if config.HostPublicIP != nil && !config.HostPublicIP.IsUnspecified() && !config.Netclient().EndpointIP.Equal(config.HostPublicIP) {
+ if config.HostPublicIP != nil && !config.HostPublicIP.IsUnspecified() {
+ if !config.Netclient().EndpointIP.Equal(config.HostPublicIP) {
  logger.Log(0, "endpoint has changed from", config.Netclient().EndpointIP.String(), "to", config.HostPublicIP.String())
  config.Netclient().EndpointIP = config.HostPublicIP
  publishMsg = true
  }
+ } else {
+ config.Netclient().EndpointIP = nil
+ publishMsg = true
  }
  }
+
  if !config.Netclient().IsStatic {
- if config.Netclient().EndpointIPv6 == nil {
- config.Netclient().EndpointIPv6 = config.HostPublicIP6
- } else {
- if config.HostPublicIP6 != nil && !config.HostPublicIP6.IsUnspecified() && !config.Netclient().EndpointIPv6.Equal(config.HostPublicIP6) {
+ if config.HostPublicIP6 != nil && !config.HostPublicIP6.IsUnspecified() {
+ if !config.Netclient().EndpointIPv6.Equal(config.HostPublicIP6) {
  logger.Log(0, "endpoint has changed from", config.Netclient().EndpointIPv6.String(), "to", config.HostPublicIP6.String())
  config.Netclient().EndpointIPv6 = config.HostPublicIP6
  publishMsg = true
  }
+ } else {
+ config.Netclient().EndpointIPv6 = nil
+ publishMsg = true
  }
  }
- // //if endpoint is ipv6, set EndpointIPv6 as the same value
- // if ipv4 := config.Netclient().EndpointIP.To4(); ipv4 == nil && config.Netclient().EndpointIPv6 == nil {
- // config.Netclient().EndpointIPv6 = config.Netclient().EndpointIP
- // publishMsg = true
- // }
+
  if config.WgPublicListenPort != 0 && config.Netclient().WgPublicListenPort != config.WgPublicListenPort {
  if !config.Netclient().IsStatic {
  config.Netclient().WgPublicListenPort = config.WgPublicListenPort

functions/server.go

@@ -83,6 +83,7 @@ func LeaveServer(s string) error {
  config.DeleteServerHostPeerCfg()
  config.DeleteServer(server.Name)
  config.DeleteNodes()
+ config.DeleteClientNodes()
  config.WriteServerConfig()
  config.WriteNodeConfig()
  config.WriteNetclientConfig()

go.mod

@@ -16,7 +16,7 @@ require (
  github.com/gravitl/tcping v0.1.2-0.20230801110928-546055ebde06
  github.com/gravitl/txeh v0.0.0-20230509181318-3778c58bd69f
  github.com/guumaster/hostctl v1.1.4
- github.com/hashicorp/go-version v1.6.0
+ github.com/hashicorp/go-version v1.7.0
  github.com/kr/pretty v0.3.1
  github.com/matryer/is v1.4.1
  github.com/minio/selfupdate v0.6.0

go.sum

@@ -72,8 +72,8 @@ github.com/gravitl/txeh v0.0.0-20230509181318-3778c58bd69f/go.mod h1:Nqo/7iOJSVP
 github.com/guumaster/hostctl v1.1.4 h1:4zb9wEurBlz/hQiXFz9feHHfunf7oj+9serAH8ohGuM=
 github.com/guumaster/hostctl v1.1.4/go.mod h1:2o7cm8eV8vVWWB611tdVfsUVPziD0KECwzPKLfOzwN8=
 github.com/guumaster/tablewriter v0.0.10 h1:A0HD94yMdt4usgxBjoEceNeE0XMJ027euoHAzsPqBQs=
-github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
-github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
+github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=

scripts/netclient.sh

@@ -14,10 +14,14 @@ cleanup() {
 }
 
 
+VERBOSITY_CMD=""
+if [ "$VERBOSITY" != "" ]; then
+ VERBOSITY_CMD="-v ${VERBOSITY}"
+fi
 
 # install netclient
 echo "[netclient] starting netclient daemon"
-/root/netclient install
+/root/netclient $VERBOSITY_CMD install
 wait $!
 
 # join network based on env vars

wireguard/types.go

@@ -164,9 +164,16 @@ func SetEgressRoutes(egressRoutes []models.EgressNetworkRoutes) {
 }
 
 func SetRoutesFromCache() {
+ //egress route
  if addrs1, ok := cache.EgressRouteCache.Load(config.Netclient().Host.ID.String()); ok {
  SetRoutes(addrs1.([]ifaceAddress))
  }
+ //inetGW route
+ gwIp := config.Netclient().CurrGwNmIP
+ if gwIp != nil {
+ RestoreInternetGw()
+ SetInternetGw(gwIp)
+ }
 }
 
 // checkEgressRoutes - check if the addr are the same ones

wireguard/wireguard_linux.go

@@ -18,9 +18,10 @@ import (
 )
 
 const (
- RouteTableName = 111
- IPv4Network = "0.0.0.0/0"
- IPv6Network = "::/0"
+ RouteTableName = 111
+ IPv4Network = "0.0.0.0/0"
+ IPv6Network = "::/0"
+ EgressRouteMetric = 256
 )
 
 // NCIface.Create - creates a linux WG interface based on a node's host config
@@ -170,6 +171,7 @@ func RemoveRoutes(addrs []ifaceAddress) {
  Gw: addr.GwIP,
  Src: addr.IP,
  Dst: &addr.Network,
+ Priority: EgressRouteMetric,
  }); err != nil {
  slog.Warn("error removing route", "error", err.Error())
  }
@@ -195,6 +197,7 @@ func SetRoutes(addrs []ifaceAddress) error {
  Gw: addr.GwIP,
  Src: addr.IP,
  Dst: &addr.Network,
+ Priority: EgressRouteMetric,
  }); err != nil && !strings.Contains(err.Error(), "file exists") {
  slog.Warn("error adding route", "error", err.Error())
  }
@@ -284,6 +287,15 @@ func getLocalIpByDefaultInterfaceName() (ip net.IP, err error) {
  return ip, errors.New("could not get local ip by default interface name")
 }
 
+func getSourceIpv6(gw net.IP) (src net.IP) {
+ for _, v := range config.Nodes {
+ if v.NetworkRange6.Contains(gw) {
+ return v.Address6.IP
+ }
+ }
+ return src
+}
+
 // SetInternetGw - set a new default gateway and add rules to activate it
 func SetInternetGw(gwIp net.IP) (err error) {
  if ipv4 := gwIp.To4(); ipv4 != nil {
@@ -296,8 +308,9 @@ func SetInternetGw(gwIp net.IP) (err error) {
 // setInternetGwV6 - set a new default gateway and add rules to activate it
 func setInternetGwV6(gwIp net.IP) (err error) {
 
+ srcIp := getSourceIpv6(gwIp)
  //build the gateway route, with Table ROUTE_TABLE_NAME, metric 1
- gwRoute := netlink.Route{Src: net.ParseIP("0::"), Dst: nil, Gw: gwIp, Table: RouteTableName, Priority: 1}
+ gwRoute := netlink.Route{Src: srcIp, Dst: nil, Gw: gwIp, Table: RouteTableName, Priority: 1}
 
  //Check if table ROUTE_TABLE_NAME existed
  routes, _ := netlink.RouteListFiltered(netlink.FAMILY_V6, &gwRoute, netlink.RT_FILTER_TABLE)
@@ -449,8 +462,9 @@ func RestoreInternetGw() (err error) {
 
 // restoreInternetGwV6 - delete the route in table ROUTE_TABLE_NAME and delet the rules
 func restoreInternetGwV6() (err error) {
+ srcIp := getSourceIpv6(config.Netclient().CurrGwNmIP)
  //build the default gateway route
- gwRoute := netlink.Route{Src: net.ParseIP("0::"), Dst: nil, Gw: config.Netclient().CurrGwNmIP, Table: RouteTableName, Priority: 1}
+ gwRoute := netlink.Route{Src: srcIp, Dst: nil, Gw: config.Netclient().CurrGwNmIP, Table: RouteTableName, Priority: 1}
 
  //delete default gateway at first
  if err := netlink.RouteDel(&gwRoute); err != nil {
@@ -517,7 +531,7 @@ func restoreInternetGwV4() (err error) {
  gwRoute := netlink.Route{Src: net.ParseIP("0.0.0.0"), Dst: nil, Gw: config.Netclient().CurrGwNmIP, Table: RouteTableName, Priority: 1}
 
  //delete default gateway at first
- if err := netlink.RouteDel(&gwRoute); err != nil {
+ if err := netlink.RouteDel(&gwRoute); err != nil && !strings.Contains(err.Error(), "no such process") {
  slog.Warn("remove default gateway failed", "error", err.Error())
  slog.Warn("please remove the gateway route manually")
  slog.Warn("gateway route: ", gwRoute.String())