diff --git a/cmd/serve/main.go b/cmd/serve/main.go index 0921ba1e..0348504a 100644 --- a/cmd/serve/main.go +++ b/cmd/serve/main.go @@ -25,6 +25,7 @@ import ( "gopkg.in/alecthomas/kingpin.v2" "gopkg.in/yaml.v2" + "github.com/freifunkMUC/wg-access-server/buildinfo" "github.com/freifunkMUC/wg-access-server/internal/config" "github.com/freifunkMUC/wg-access-server/internal/devices" "github.com/freifunkMUC/wg-access-server/internal/dnsproxy" @@ -33,7 +34,6 @@ import ( "github.com/freifunkMUC/wg-access-server/internal/storage" "github.com/freifunkMUC/wg-access-server/pkg/authnz" "github.com/freifunkMUC/wg-access-server/pkg/authnz/authconfig" - "github.com/freifunkMUC/wg-access-server/buildinfo" ) func Register(app *kingpin.Application) *servecmd { @@ -53,6 +53,7 @@ func Register(app *kingpin.Application) *servecmd { cli.Flag("wireguard-interface", "Set the wireguard interface name").Default("wg0").Envar("WG_WIREGUARD_INTERFACE").StringVar(&cmd.AppConfig.WireGuard.Interface) cli.Flag("wireguard-private-key", "Wireguard private key").Envar("WG_WIREGUARD_PRIVATE_KEY").StringVar(&cmd.AppConfig.WireGuard.PrivateKey) cli.Flag("wireguard-port", "The port that the Wireguard server will listen on").Envar("WG_WIREGUARD_PORT").Default("51820").IntVar(&cmd.AppConfig.WireGuard.Port) + cli.Flag("wireguard-mtu", "The maximum transmission unit (MTU) to be used on the server-side interface.").Envar("WG_WIREGUARD_MTU").Default("1420").IntVar(&cmd.AppConfig.WireGuard.MTU) cli.Flag("vpn-allowed-ips", "A list of networks that VPN clients will be allowed to connect to via the VPN").Envar("WG_VPN_ALLOWED_IPS").Default("0.0.0.0/0", "::/0").StringsVar(&cmd.AppConfig.VPN.AllowedIPs) cli.Flag("vpn-cidr", "The network CIDR for the VPN").Envar("WG_VPN_CIDR").Default("10.44.0.0/24").StringVar(&cmd.AppConfig.VPN.CIDR) cli.Flag("vpn-cidrv6", "The IPv6 network CIDR for the VPN").Envar("WG_VPN_CIDRV6").Default("fd48:4c4:7aa9::/64").StringVar(&cmd.AppConfig.VPN.CIDRv6) @@ -144,6 +145,7 @@ func (cmd *servecmd) Run() { PrivateKey: conf.WireGuard.PrivateKey, Address: vpnipstrings, ListenPort: &conf.WireGuard.Port, + MTU: &conf.WireGuard.MTU, }, } diff --git a/docs/2-configuration.md b/docs/2-configuration.md index 79e192e3..73e1022e 100644 --- a/docs/2-configuration.md +++ b/docs/2-configuration.md @@ -28,7 +28,7 @@ The format for specifying multiple values for options that allow it is: Here's what you can configure: | Environment Variable | CLI Flag | Config File Path | Required | Default (docker) | Description | -|--------------------------------------|-------------------------------------| ------------------------------ | -------- | -------------------------------------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ------------------------------------ | ----------------------------------- | ------------------------------ | -------- | -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `WG_CONFIG` | `--config` | | | | The path to a wg-access-server config.yaml file | | `WG_LOG_LEVEL` | `--log-level` | `logLevel` | | `info` | The global log level | | `WG_ADMIN_USERNAME` | `--admin-username` | `adminUsername` | | `admin` | The admin account username | @@ -44,6 +44,7 @@ Here's what you can configure: | `WG_WIREGUARD_INTERFACE` | `--wireguard-interface` | `wireguard.interface` | | `wg0` | The wireguard network interface name | | `WG_WIREGUARD_PRIVATE_KEY` | `--wireguard-private-key` | `wireguard.privateKey` | Yes | | The wireguard private key. This value is required and must be stable. If this value changes all devices must re-register. | | `WG_WIREGUARD_PORT` | `--wireguard-port` | `wireguard.port` | | `51820` | The wireguard server port (udp) | +| `WG_WIREGUARD_MTU` | `--wireguard-mtu` | `wireguard.mtu` | | `1420` | The maximum transmission unit (MTU) to be used on the server-side interface. | | `WG_VPN_CIDR` | `--vpn-cidr` | `vpn.cidr` | | `10.44.0.0/24` | The VPN IPv4 network range. VPN clients will be assigned IP addresses in this range. Set to `0` to disable IPv4. | | `WG_IPV4_NAT_ENABLED` | `--vpn-nat44-enabled` | `vpn.nat44` | | `true` | Disables NAT for IPv4 | | `WG_IPV6_NAT_ENABLED` | `--vpn-nat66-enabled` | `vpn.nat66` | | `true` | Disables NAT for IPv6 | @@ -56,7 +57,7 @@ Here's what you can configure: | `WG_DNS_DOMAIN` | `--dns-domain` | `dns.domain` | | | A domain to serve configured devices authoritatively. Queries for names in the format .. will be answered with the device's IP addresses. | | `WG_CLIENTCONFIG_DNS_SERVERS` | `--clientconfig-dns-servers` | `clientconfig.dnsservers` | | | DNS servers (one or more IP addresses) to write into the client configuration file. Are used instead of the servers DNS settings, if set. | | `WG_CLIENTCONFIG_DNS_SEARCH_DOMAIN` | `--clientconfig-dns-search-domain` | `clientconfig.dnssearchdomain` | | | DNS search domain to write into the client configuration file. | -| `WG_CLIENTCONFIG_MTU` | `--clientconfig-mtu` | `clientconfig.mtu` | | | The maximum transmission unit (MTU) to write into the client configuration file. | +| `WG_CLIENTCONFIG_MTU` | `--clientconfig-mtu` | `clientconfig.mtu` | | | The maximum transmission unit (MTU) to write into the client configuration file. If left empty, a sensible default is used. | ## The Config File (config.yaml) diff --git a/go.mod b/go.mod index a60e4f44..34b301a8 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible github.com/docker/libnetwork v0.8.0-dev.2.0.20200217033114-6659f7f4d8c1 github.com/freifunkMUC/pg-events v0.4.1 - github.com/freifunkMUC/wg-embed v0.9.0 + github.com/freifunkMUC/wg-embed v0.10.0 github.com/google/uuid v1.3.0 github.com/gorilla/mux v1.8.0 github.com/gorilla/sessions v1.2.1 diff --git a/go.sum b/go.sum index 21414f12..99ea673e 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVB github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/freifunkMUC/pg-events v0.4.1 h1:e+Zkj6Q5C5Owzt5iC2CO7/i0NBzjK1wzJ7CV9qItHeI= github.com/freifunkMUC/pg-events v0.4.1/go.mod h1:ShsE9Hlb3h2gfBN+CkoZMmSMizwYIk30A9fZBfeNoZ0= -github.com/freifunkMUC/wg-embed v0.9.0 h1:qFebEzSW1h8r6dThZSgr9zKVBzcBETOPecfGKfGHnG0= -github.com/freifunkMUC/wg-embed v0.9.0/go.mod h1:SK+QqRByh0TJFOwTc6y8llbo/bthIIcCc+DY9LHQWR8= +github.com/freifunkMUC/wg-embed v0.10.0 h1:YQwUlfRFKk2xNRTeYhBwKtWrmeFFAbDIP6Lrl3U7tSA= +github.com/freifunkMUC/wg-embed v0.10.0/go.mod h1:TY4/iMGgdMSb2oNndKerVwfbS2kegjN5vjKOk8EVrB0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= diff --git a/internal/config/config.go b/internal/config/config.go index 8a337d49..b12b096e 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -70,6 +70,9 @@ type AppConfig struct { // The WireGuard ListenPort // Defaults to 51820 Port int `yaml:"port"` + // The maximum transmission unit (MTU) used on the server-side. + // Empty by default. + MTU int `yaml:"mtu"` } `yaml:"wireguard"` // Configure VPN related settings (networking) VPN struct { diff --git a/internal/dnsproxy/server.go b/internal/dnsproxy/server.go index 52aea61e..ccbdeb86 100644 --- a/internal/dnsproxy/server.go +++ b/internal/dnsproxy/server.go @@ -103,7 +103,7 @@ func (d *DNSServer) ListenAndServe() { } go func(server *dns.Server) { if err := server.ListenAndServe(); err != nil { - logrus.Error(errors.Errorf("Dailed to start DNS server on %s/%s: %s", server.Addr, server.Net, err)) + logrus.Error(errors.Errorf("Failed to start DNS server on %s/%s: %s", server.Addr, server.Net, err)) wg.Done() } }(server) diff --git a/internal/services/server_service.go b/internal/services/server_service.go index 2eb57f89..63733a07 100644 --- a/internal/services/server_service.go +++ b/internal/services/server_service.go @@ -9,11 +9,11 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + "github.com/freifunkMUC/wg-access-server/buildinfo" "github.com/freifunkMUC/wg-access-server/internal/config" "github.com/freifunkMUC/wg-access-server/internal/network" "github.com/freifunkMUC/wg-access-server/pkg/authnz/authsession" "github.com/freifunkMUC/wg-access-server/proto/proto" - "github.com/freifunkMUC/wg-access-server/buildinfo" ) type ServerService struct { @@ -75,6 +75,7 @@ func (s *ServerService) Info(ctx context.Context, req *proto.InfoReq) (*proto.In ClientConfigDnsSearchDomain: s.Config.ClientConfig.DNSSearchDomain, ClientConfigMtu: int32(s.Config.ClientConfig.MTU), BuildInfo: &proto.BuildInfo{Version: buildinfo.Version(), Commit: buildinfo.ShortCommitHash()}, + Mtu: int32(s.Config.WireGuard.MTU), }, nil } diff --git a/proto/proto/server.pb.go b/proto/proto/server.pb.go index eabcb7ff..a9383350 100644 --- a/proto/proto/server.pb.go +++ b/proto/proto/server.pb.go @@ -81,6 +81,7 @@ type InfoRes struct { ClientConfigDnsSearchDomain string `protobuf:"bytes,14,opt,name=client_config_dns_search_domain,json=clientConfigDnsSearchDomain,proto3" json:"client_config_dns_search_domain,omitempty"` ClientConfigMtu int32 `protobuf:"varint,15,opt,name=client_config_mtu,json=clientConfigMtu,proto3" json:"client_config_mtu,omitempty"` BuildInfo *BuildInfo `protobuf:"bytes,16,opt,name=build_info,json=buildInfo,proto3" json:"build_info,omitempty"` + Mtu int32 `protobuf:"varint,17,opt,name=mtu,proto3" json:"mtu,omitempty"` } func (x *InfoRes) Reset() { @@ -227,6 +228,13 @@ func (x *InfoRes) GetBuildInfo() *BuildInfo { return nil } +func (x *InfoRes) GetMtu() int32 { + if x != nil { + return x.Mtu + } + return 0 +} + var File_server_proto protoreflect.FileDescriptor var file_server_proto_rawDesc = []byte{ @@ -237,7 +245,7 @@ var file_server_proto_rawDesc = []byte{ 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x09, 0x0a, 0x07, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, - 0x71, 0x22, 0xd6, 0x05, 0x0a, 0x07, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x12, 0x1d, 0x0a, + 0x71, 0x22, 0xe8, 0x05, 0x0a, 0x07, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x30, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, @@ -282,14 +290,15 @@ var file_server_proto_rawDesc = []byte{ 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4d, 0x74, 0x75, 0x12, 0x2f, 0x0a, 0x0a, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, - 0x09, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x32, 0x32, 0x0a, 0x06, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x12, 0x28, 0x0a, 0x04, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x0e, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x1a, 0x0e, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x22, 0x00, 0x42, 0x35, - 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, 0x72, 0x65, - 0x69, 0x66, 0x75, 0x6e, 0x6b, 0x4d, 0x55, 0x43, 0x2f, 0x77, 0x67, 0x2d, 0x61, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x09, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x74, + 0x75, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x6d, 0x74, 0x75, 0x32, 0x32, 0x0a, 0x06, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x28, 0x0a, 0x04, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x0e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x1a, 0x0e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x22, 0x00, + 0x42, 0x35, 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, + 0x72, 0x65, 0x69, 0x66, 0x75, 0x6e, 0x6b, 0x4d, 0x55, 0x43, 0x2f, 0x77, 0x67, 0x2d, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/server.proto b/proto/server.proto index d56480be..cc335608 100644 --- a/proto/server.proto +++ b/proto/server.proto @@ -33,4 +33,5 @@ message InfoRes { string client_config_dns_search_domain = 14; int32 client_config_mtu = 15; proto.BuildInfo build_info = 16; + int32 mtu = 17; } diff --git a/website/src/sdk/server_pb.ts b/website/src/sdk/server_pb.ts index b28dc4ea..35e67e49 100644 --- a/website/src/sdk/server_pb.ts +++ b/website/src/sdk/server_pb.ts @@ -125,6 +125,7 @@ export declare namespace InfoRes { clientConfigDnsSearchDomain: string, clientConfigMtu: number, buildInfo?: buildinfo.BuildInfo.AsObject, + mtu: number, } } @@ -255,6 +256,13 @@ export class InfoRes extends jspb.Message { (jspb.Message as any).setWrapperField(this, 16, value); } + getMtu(): number {return jspb.Message.getFieldWithDefault(this, 17, 0); + } + + setMtu(value: number): void { + (jspb.Message as any).setProto3IntField(this, 17, value); + } + serializeBinary(): Uint8Array { const writer = new jspb.BinaryWriter(); InfoRes.serializeBinaryToWriter(this, writer); @@ -280,6 +288,7 @@ export class InfoRes extends jspb.Message { clientConfigDnsSearchDomain: this.getClientConfigDnsSearchDomain(), clientConfigMtu: this.getClientConfigMtu(), buildInfo: (f = this.getBuildInfo()) && f.toObject(), + mtu: this.getMtu(), }; } @@ -348,6 +357,10 @@ export class InfoRes extends jspb.Message { if (field16 != null) { writer.writeMessage(16, field16, buildinfo.BuildInfo.serializeBinaryToWriter); } + const field17 = message.getMtu(); + if (field17 != 0) { + writer.writeInt32(17, field17); + } } static deserializeBinary(bytes: Uint8Array): InfoRes { @@ -430,6 +443,10 @@ export class InfoRes extends jspb.Message { reader.readMessage(field16, buildinfo.BuildInfo.deserializeBinaryFromReader); message.setBuildInfo(field16); break; + case 17: + const field17 = reader.readInt32() + message.setMtu(field17); + break; default: reader.skipField(); break; @@ -470,6 +487,7 @@ function InfoResFromObject(obj: InfoRes.AsObject | undefined): InfoRes | undefin message.setClientConfigDnsSearchDomain(obj.clientConfigDnsSearchDomain); message.setClientConfigMtu(obj.clientConfigMtu); message.setBuildInfo(BuildInfoFromObject(obj.buildInfo)); + message.setMtu(obj.mtu); return message; }