diff --git a/cmd/hvpn-node/hvpn-node.go b/cmd/hvpn-node/hvpn-node.go index c02eeeb..732b4e5 100644 --- a/cmd/hvpn-node/hvpn-node.go +++ b/cmd/hvpn-node/hvpn-node.go @@ -20,6 +20,7 @@ import ( "golang.zx2c4.com/wireguard/wgctrl/wgtypes" hvpnnode3 "gitea.hbanafa.com/HeshamTB/hvpn-node3" + netcmd "gitea.hbanafa.com/HeshamTB/hvpn-node3/net" ) /* @@ -174,6 +175,13 @@ func createCliApp() *cli.App { } app.Flags = append(app.Flags, &wgInterfaceName) + uplinkName := cli.StringFlag{ + Name: "uplink", + Usage: "Name of the interface to be used for Wireguard traffic", + Required: true, + } + app.Flags = append(app.Flags, &uplinkName) + wgEndpoint := cli.StringFlag{ Name: "endpoint", Usage: "Wireguard endpoint domain or address without the port", @@ -276,6 +284,7 @@ func createCliApp() *cli.App { app.Flags = append(app.Flags, &TLSCertKey) + app.Commands = append(app.Commands, NetSetupCommand()) app.Action = func(ctx *cli.Context) error { err := setup(ctx) @@ -289,6 +298,123 @@ func createCliApp() *cli.App { return app } +func NetSetupCommand() *cli.Command { + cmd := cli.Command{ + Name: "nsetup", + Usage: "Tools to setup the host for routing VPN traffic\nGlobal flags have an effect on this commands behaviour", + Action: func(ctx *cli.Context) error { + err := preUpCommands(ctx) + if err != nil { + return err + } + + return nil + }, + } + + return &cmd +} + +func preUpCommands(ctx *cli.Context) error { + + /* Make a Revertable Command Intrface to make this more general */ + sysProcFile, err := os.OpenFile( + hvpnnode3.SYS_PROC_IPV4_IP_FORWARD, + os.O_RDWR, 0644, + ) + defer sysProcFile.Close() + if err != nil { + return err + } + + uplinkIface := ctx.String("uplink") + wgIface := ctx.String("interface") + wgport := ctx.Int("port") + wgportStr := fmt.Sprint(wgport) + + sysCtlAllowForward := netcmd.SysctlIpv4Forward(sysProcFile, true) + ipTables1 := netcmd.IptablesForwardWGInAccept(true, uplinkIface, wgIface) + ipTables2 := netcmd.IptablesForwardWGOutAccept(true, uplinkIface, wgIface) + ipTables3 := netcmd.IptablesNatPostRoutingMasq(true, uplinkIface) + ipTablesAllowPort := netcmd.IptablesPort(true, uplinkIface, wgportStr, netcmd.UDP) + + sysCtlDisAllowForward := netcmd.SysctlIpv4Forward(sysProcFile, false) + ipTables4 := netcmd.IptablesForwardWGInAccept(false, uplinkIface, wgIface) + ipTables5 := netcmd.IptablesForwardWGOutAccept(false, uplinkIface, wgIface) + ipTables6 := netcmd.IptablesNatPostRoutingMasq(false, uplinkIface) + ipTablesDisAllow := netcmd.IptablesPort(false, uplinkIface, wgportStr, netcmd.UDP) + + slog.Debug(sysCtlAllowForward.String()) + err = sysCtlAllowForward.Run() + if err != nil { + return err + } + + slog.Debug(ipTables1.String()) + err = ipTables1.Run() + if err != nil { + sysCtlDisAllowForward.Run() + return err + } + + slog.Debug(ipTables2.String()) + err = ipTables2.Run() + if err != nil { + sysCtlDisAllowForward.Run() + ipTables4.Run() + return err + } + + slog.Debug(ipTables3.String()) + err = ipTables3.Run() + if err != nil { + sysCtlDisAllowForward.Run() + ipTables4.Run() + ipTables5.Run() + return err + } + + slog.Debug(ipTablesAllowPort.String()) + err = ipTablesAllowPort.Run() + if err != nil { + sysCtlDisAllowForward.Run() + ipTables4.Run() + ipTables5.Run() + ipTables6.Run() + return err + } + + /* At this point all passed. revert.*/ + + err = sysCtlDisAllowForward.Run() + if err != nil { + slog.Debug(err.Error()) + } + err = ipTables4.Run() + if err != nil { + slog.Debug(err.Error()) + } + err = ipTables5.Run() + if err != nil { + slog.Debug(err.Error()) + } + err = ipTables6.Run() + if err != nil { + slog.Debug(err.Error()) + } + err = ipTablesDisAllow.Run() + if err != nil { + slog.Debug(err.Error()) + } + + return nil + +} + +func postDownCommands(ctx *cli.Context) error { + return nil +} + func setup(ctx *cli.Context) error { slog.Debug("Starting setup()") uid := os.Getuid() diff --git a/const.go b/const.go index e7da1a2..47821bb 100644 --- a/const.go +++ b/const.go @@ -7,6 +7,7 @@ const ( CONTENT_OCTET = "application/octet-stream" CONTENT_PLAIN_TEXT = "text/plain" WG_CLIENT_MTU = 1380 + SYS_PROC_IPV4_IP_FORWARD = "/proc/sys/net/ipv4/ip_forward" ) var (