Skip to content

Commit

Permalink
Merge pull request #429 from freifunkMUC/feature/add-mtu-config
Browse files Browse the repository at this point in the history 
add config to set the MTU on a interface
  • Loading branch information
@fbuetler
fbuetler committed Jul 20, 2023
2 parents 68cc75b + 9e36527 commit e1a0588
Show file tree
Hide file tree
Showing 10 changed files with 52 additions and 17 deletions.
4 changes: 3 additions & 1 deletion cmd/serve/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"gopkg.in/alecthomas/kingpin.v2"
"gopkg.in/yaml.v2"

"github.com/freifunkMUC/wg-access-server/buildinfo"
"github.com/freifunkMUC/wg-access-server/internal/config"
"github.com/freifunkMUC/wg-access-server/internal/devices"
"github.com/freifunkMUC/wg-access-server/internal/dnsproxy"
Expand All @@ -33,7 +34,6 @@ import (
"github.com/freifunkMUC/wg-access-server/internal/storage"
"github.com/freifunkMUC/wg-access-server/pkg/authnz"
"github.com/freifunkMUC/wg-access-server/pkg/authnz/authconfig"
"github.com/freifunkMUC/wg-access-server/buildinfo"
)

func Register(app *kingpin.Application) *servecmd {
Expand All @@ -53,6 +53,7 @@ func Register(app *kingpin.Application) *servecmd {
cli.Flag("wireguard-interface", "Set the wireguard interface name").Default("wg0").Envar("WG_WIREGUARD_INTERFACE").StringVar(&cmd.AppConfig.WireGuard.Interface)
cli.Flag("wireguard-private-key", "Wireguard private key").Envar("WG_WIREGUARD_PRIVATE_KEY").StringVar(&cmd.AppConfig.WireGuard.PrivateKey)
cli.Flag("wireguard-port", "The port that the Wireguard server will listen on").Envar("WG_WIREGUARD_PORT").Default("51820").IntVar(&cmd.AppConfig.WireGuard.Port)
cli.Flag("wireguard-mtu", "The maximum transmission unit (MTU) to be used on the server-side interface.").Envar("WG_WIREGUARD_MTU").Default("1420").IntVar(&cmd.AppConfig.WireGuard.MTU)
cli.Flag("vpn-allowed-ips", "A list of networks that VPN clients will be allowed to connect to via the VPN").Envar("WG_VPN_ALLOWED_IPS").Default("0.0.0.0/0", "::/0").StringsVar(&cmd.AppConfig.VPN.AllowedIPs)
cli.Flag("vpn-cidr", "The network CIDR for the VPN").Envar("WG_VPN_CIDR").Default("10.44.0.0/24").StringVar(&cmd.AppConfig.VPN.CIDR)
cli.Flag("vpn-cidrv6", "The IPv6 network CIDR for the VPN").Envar("WG_VPN_CIDRV6").Default("fd48:4c4:7aa9::/64").StringVar(&cmd.AppConfig.VPN.CIDRv6)
Expand Down Expand Up @@ -144,6 +145,7 @@ func (cmd *servecmd) Run() {
PrivateKey: conf.WireGuard.PrivateKey,
Address: vpnipstrings,
ListenPort: &conf.WireGuard.Port,
MTU: &conf.WireGuard.MTU,
},
}

Expand Down
5 changes: 3 additions & 2 deletions docs/2-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ The format for specifying multiple values for options that allow it is:
Here's what you can configure:

| Environment Variable | CLI Flag | Config File Path | Required | Default (docker) | Description |
|--------------------------------------|-------------------------------------| ------------------------------ | -------- | -------------------------------------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ------------------------------------ | ----------------------------------- | ------------------------------ | -------- | -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `WG_CONFIG` | `--config` | | | | The path to a wg-access-server config.yaml file |
| `WG_LOG_LEVEL` | `--log-level` | `logLevel` | | `info` | The global log level |
| `WG_ADMIN_USERNAME` | `--admin-username` | `adminUsername` | | `admin` | The admin account username |
Expand All @@ -44,6 +44,7 @@ Here's what you can configure:
| `WG_WIREGUARD_INTERFACE` | `--wireguard-interface` | `wireguard.interface` | | `wg0` | The wireguard network interface name |
| `WG_WIREGUARD_PRIVATE_KEY` | `--wireguard-private-key` | `wireguard.privateKey` | Yes | | The wireguard private key. This value is required and must be stable. If this value changes all devices must re-register. |
| `WG_WIREGUARD_PORT` | `--wireguard-port` | `wireguard.port` | | `51820` | The wireguard server port (udp) |
| `WG_WIREGUARD_MTU` | `--wireguard-mtu` | `wireguard.mtu` | | `1420` | The maximum transmission unit (MTU) to be used on the server-side interface. |
| `WG_VPN_CIDR` | `--vpn-cidr` | `vpn.cidr` | | `10.44.0.0/24` | The VPN IPv4 network range. VPN clients will be assigned IP addresses in this range. Set to `0` to disable IPv4. |
| `WG_IPV4_NAT_ENABLED` | `--vpn-nat44-enabled` | `vpn.nat44` | | `true` | Disables NAT for IPv4 |
| `WG_IPV6_NAT_ENABLED` | `--vpn-nat66-enabled` | `vpn.nat66` | | `true` | Disables NAT for IPv6 |
Expand All @@ -56,7 +57,7 @@ Here's what you can configure:
| `WG_DNS_DOMAIN` | `--dns-domain` | `dns.domain` | | | A domain to serve configured devices authoritatively. Queries for names in the format <device>.<user>.<domain> will be answered with the device's IP addresses. |
| `WG_CLIENTCONFIG_DNS_SERVERS` | `--clientconfig-dns-servers` | `clientconfig.dnsservers` | | | DNS servers (one or more IP addresses) to write into the client configuration file. Are used instead of the servers DNS settings, if set. |
| `WG_CLIENTCONFIG_DNS_SEARCH_DOMAIN` | `--clientconfig-dns-search-domain` | `clientconfig.dnssearchdomain` | | | DNS search domain to write into the client configuration file. |
| `WG_CLIENTCONFIG_MTU` | `--clientconfig-mtu` | `clientconfig.mtu` | | | The maximum transmission unit (MTU) to write into the client configuration file. |
| `WG_CLIENTCONFIG_MTU` | `--clientconfig-mtu` | `clientconfig.mtu` | | | The maximum transmission unit (MTU) to write into the client configuration file. If left empty, a sensible default is used. |


## The Config File (config.yaml)
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ require (
github.com/coreos/go-oidc v2.2.1+incompatible
github.com/docker/libnetwork v0.8.0-dev.2.0.20200217033114-6659f7f4d8c1
github.com/freifunkMUC/pg-events v0.4.1
github.com/freifunkMUC/wg-embed v0.9.0
github.com/freifunkMUC/wg-embed v0.10.0
github.com/google/uuid v1.3.0
github.com/gorilla/mux v1.8.0
github.com/gorilla/sessions v1.2.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVB
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
github.com/freifunkMUC/pg-events v0.4.1 h1:e+Zkj6Q5C5Owzt5iC2CO7/i0NBzjK1wzJ7CV9qItHeI=
github.com/freifunkMUC/pg-events v0.4.1/go.mod h1:ShsE9Hlb3h2gfBN+CkoZMmSMizwYIk30A9fZBfeNoZ0=
github.com/freifunkMUC/wg-embed v0.9.0 h1:qFebEzSW1h8r6dThZSgr9zKVBzcBETOPecfGKfGHnG0=
github.com/freifunkMUC/wg-embed v0.9.0/go.mod h1:SK+QqRByh0TJFOwTc6y8llbo/bthIIcCc+DY9LHQWR8=
github.com/freifunkMUC/wg-embed v0.10.0 h1:YQwUlfRFKk2xNRTeYhBwKtWrmeFFAbDIP6Lrl3U7tSA=
github.com/freifunkMUC/wg-embed v0.10.0/go.mod h1:TY4/iMGgdMSb2oNndKerVwfbS2kegjN5vjKOk8EVrB0=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
Expand Down
3 changes: 3 additions & 0 deletions internal/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ type AppConfig struct {
// The WireGuard ListenPort
// Defaults to 51820
Port int `yaml:"port"`
// The maximum transmission unit (MTU) used on the server-side.
// Empty by default.
MTU int `yaml:"mtu"`
} `yaml:"wireguard"`
// Configure VPN related settings (networking)
VPN struct {
Expand Down
2 changes: 1 addition & 1 deletion internal/dnsproxy/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ func (d *DNSServer) ListenAndServe() {
}
go func(server *dns.Server) {
if err := server.ListenAndServe(); err != nil {
logrus.Error(errors.Errorf("Dailed to start DNS server on %s/%s: %s", server.Addr, server.Net, err))
logrus.Error(errors.Errorf("Failed to start DNS server on %s/%s: %s", server.Addr, server.Net, err))
wg.Done()
}
}(server)
Expand Down
3 changes: 2 additions & 1 deletion internal/services/server_service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ import (
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"

"github.com/freifunkMUC/wg-access-server/buildinfo"
"github.com/freifunkMUC/wg-access-server/internal/config"
"github.com/freifunkMUC/wg-access-server/internal/network"
"github.com/freifunkMUC/wg-access-server/pkg/authnz/authsession"
"github.com/freifunkMUC/wg-access-server/proto/proto"
"github.com/freifunkMUC/wg-access-server/buildinfo"
)

type ServerService struct {
Expand Down Expand Up @@ -75,6 +75,7 @@ func (s *ServerService) Info(ctx context.Context, req *proto.InfoReq) (*proto.In
ClientConfigDnsSearchDomain: s.Config.ClientConfig.DNSSearchDomain,
ClientConfigMtu: int32(s.Config.ClientConfig.MTU),
BuildInfo: &proto.BuildInfo{Version: buildinfo.Version(), Commit: buildinfo.ShortCommitHash()},
Mtu: int32(s.Config.WireGuard.MTU),
}, nil
}

Expand Down
27 changes: 18 additions & 9 deletions proto/proto/server.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions proto/server.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,5 @@ message InfoRes {
string client_config_dns_search_domain = 14;
int32 client_config_mtu = 15;
proto.BuildInfo build_info = 16;
int32 mtu = 17;
}
18 changes: 18 additions & 0 deletions website/src/sdk/server_pb.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ export declare namespace InfoRes {
clientConfigDnsSearchDomain: string,
clientConfigMtu: number,
buildInfo?: buildinfo.BuildInfo.AsObject,
mtu: number,
}
}

Expand Down Expand Up @@ -255,6 +256,13 @@ export class InfoRes extends jspb.Message {
(jspb.Message as any).setWrapperField(this, 16, value);
}

getMtu(): number {return jspb.Message.getFieldWithDefault(this, 17, 0);
}

setMtu(value: number): void {
(jspb.Message as any).setProto3IntField(this, 17, value);
}

serializeBinary(): Uint8Array {
const writer = new jspb.BinaryWriter();
InfoRes.serializeBinaryToWriter(this, writer);
Expand All @@ -280,6 +288,7 @@ export class InfoRes extends jspb.Message {
clientConfigDnsSearchDomain: this.getClientConfigDnsSearchDomain(),
clientConfigMtu: this.getClientConfigMtu(),
buildInfo: (f = this.getBuildInfo()) && f.toObject(),
mtu: this.getMtu(),
};
}

Expand Down Expand Up @@ -348,6 +357,10 @@ export class InfoRes extends jspb.Message {
if (field16 != null) {
writer.writeMessage(16, field16, buildinfo.BuildInfo.serializeBinaryToWriter);
}
const field17 = message.getMtu();
if (field17 != 0) {
writer.writeInt32(17, field17);
}
}

static deserializeBinary(bytes: Uint8Array): InfoRes {
Expand Down Expand Up @@ -430,6 +443,10 @@ export class InfoRes extends jspb.Message {
reader.readMessage(field16, buildinfo.BuildInfo.deserializeBinaryFromReader);
message.setBuildInfo(field16);
break;
case 17:
const field17 = reader.readInt32()
message.setMtu(field17);
break;
default:
reader.skipField();
break;
Expand Down Expand Up @@ -470,6 +487,7 @@ function InfoResFromObject(obj: InfoRes.AsObject | undefined): InfoRes | undefin
message.setClientConfigDnsSearchDomain(obj.clientConfigDnsSearchDomain);
message.setClientConfigMtu(obj.clientConfigMtu);
message.setBuildInfo(BuildInfoFromObject(obj.buildInfo));
message.setMtu(obj.mtu);
return message;
}

Expand Down

0 comments on commit e1a0588

Please sign in to comment.