Commit graph

266 commits

Author SHA1 Message Date
Jason A. Donenfeld
3bbacaaf14 wg-quick: android: disable roaming to v6 networks when v4 is specified
This works around an unfortunate bug in 464XLAT transitions.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-17 19:36:37 +02:00
Jason A. Donenfeld
2ce4680bd3 dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-17 19:36:37 +02:00
Jason A. Donenfeld
6f85449d79 wg: getentropy requires 10.12
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-14 05:25:23 +02:00
Jason A. Donenfeld
0632c8af68 wg: support getentropy(3)
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-08 03:24:46 +02:00
Jason A. Donenfeld
d90e49599b wg: encoding: add missing static array constraints
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-06 00:05:58 +02:00
Jason A. Donenfeld
8c4cf156d5 wg-quick: android: change name of intent
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-04 07:05:58 +02:00
Jason A. Donenfeld
2044bb026d wg-quick: android: delay setting users until end
`ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing
them to reconnect. By delaying this until after routes are set, we
ensure that the sockets reconnect using the tunnel, rather than the old
route.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 16:38:08 +02:00
Jason A. Donenfeld
2bca99893f wg: constanter time encoding
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 01:24:51 +02:00
Jason A. Donenfeld
206e8f08e2 wg-quick: darwin: set DNS servers after delay on route change
This works around a race condition in macOS's network daemons, while
also adding one in the form of possibly calling kill -ALRM on a stale
PID; unfortunately bash can't wait from a trap.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 01:24:51 +02:00
Jason A. Donenfeld
d532074ef5 wg-quick: freebsd: configure as p2p link
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-27 05:24:07 +02:00
Jason A. Donenfeld
df6c69e98c wg-quick: darwin: add multiple IP addresses
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-27 05:22:55 +02:00
Jason A. Donenfeld
19ce650fb6 wg-quick: determine IPs when saving interface
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-27 02:42:31 +02:00
Jason A. Donenfeld
c99e6beecb wg-quick: freebsd: work around security vulnerabilities in bash
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-24 02:24:02 +02:00
Jason A. Donenfeld
86dd5587a9 wg-quick: allow enumeration of socket files
These OSes have an unpriv'd ifconfig, so this isn't an even larger info
leak.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-23 15:31:47 +02:00
Jason A. Donenfeld
3d089e07e2 wg-quick: better bash completion for non-renaming OSes
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-23 15:24:07 +02:00
Jason A. Donenfeld
d40231c766 wg-quick: support FreeBSD/Darwin search path
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-23 15:24:07 +02:00
Jason A. Donenfeld
b818e71ba5 wg: always pass -v as first argument to install
This lets crippled OSes sed out our -v more easily.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-23 05:23:59 +02:00
Jason A. Donenfeld
6b7f88aa7d wg-quick: openbsd: add new implementation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-22 16:41:59 +02:00
Jason A. Donenfeld
333363f77c wg-quick: freebsd: add new implementation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-22 16:41:59 +02:00
Jason A. Donenfeld
52eb6a187c wg-quick: darwin: do not remove routes when no real interface
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-22 16:41:59 +02:00
Jason A. Donenfeld
59dae33e9a wg-quick: darwin: rename namefile environment variable
This paves the way for an openbsd implementation.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-22 16:41:59 +02:00
Filippo Valsorda
9d52a812c8 wg: fix OpenBSD build
License: MIT
Signed-off-by: Filippo Valsorda <valsorda@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-22 16:41:59 +02:00
Jason A. Donenfeld
550119bb08 ncat-client-server: do not always call sudo and use env bash
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-22 16:41:59 +02:00
Jason A. Donenfeld
a8654606c2 wg: fix errno propagation and messages
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-18 19:51:51 +02:00
Jason A. Donenfeld
434bc616b2 wg-quick: darwin: simpler inclusion check
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-17 19:30:34 +02:00
Jason A. Donenfeld
986feba2ee wg-quick: darwin: reorder functions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-17 05:01:50 +02:00
Jason A. Donenfeld
80ff1f8ded wg-quick: darwin: networksetup does not like missing stdio
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-17 05:01:50 +02:00
Jason A. Donenfeld
884f7c50ce wg-quick: darwin: avoid routing loop if no default
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-17 04:08:53 +02:00
Jason A. Donenfeld
0d9f30246d wg-quick: darwin: sometimes there are no network services
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-17 03:26:51 +02:00
Jason A. Donenfeld
fe9bc71e40 wg-quick: use invoking shell in auto rooting
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 19:19:48 +02:00
Jason A. Donenfeld
6c407ae27b wg-quick: add intentionally undocumented userspace implementation knob
This knob might disappear at some point, and we don't want to encourage
its use, so it's not being documented, but this should help with
development of new implementations.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 04:25:42 +02:00
Jason A. Donenfeld
4502350512 wg-quick: darwin: use bash from environment and require bash 4+
For properly configured Homebrew installations /usr/local/bin should be
before /bin, so this should still work. This allows the script to be
used in more than one setting.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 04:25:42 +02:00
Jason A. Donenfeld
699777da8c wg-quick: darwin: restore DNS on down
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 04:05:04 +02:00
Jason A. Donenfeld
9c18c70da6 wg-quick: darwin: bash correctness
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 04:05:04 +02:00
Jason A. Donenfeld
f64f0cc740 wg-quick: darwin: remove v6 routes after shutdown
This works around a Darwin kernel bug regarding interface removal.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 04:05:04 +02:00
Jason A. Donenfeld
cfa4203be7 wg-quick: darwin: ensure socket directory exists
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 04:05:04 +02:00
Jason A. Donenfeld
19990e2937 dns-hatchet: update paths
Suggested-by: Martin Hauke <mardnh@gmx.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-16 04:04:46 +02:00
Jason A. Donenfeld
2f34f3efe7 ncat-client-server: add wg-quick variant
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-15 02:26:55 +02:00
Jason A. Donenfeld
a5412d1056 wg-quick: add darwin implementation
It's pretty rough and leaves much to be desired, but it works.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-15 02:12:13 +02:00
Jason A. Donenfeld
5d9433d73f wg-quick: add wg symlink
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-14 19:23:17 +02:00
Jason A. Donenfeld
a563ba2cf9 wg-quick: add android implementation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-14 18:23:52 +02:00
Jason A. Donenfeld
08c78a65af wg: reorganize for multiplatform wg-quick
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-14 18:18:40 +02:00
Jason A. Donenfeld
0b64881c7a wg-quick: preliminary support for go implementation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-10 19:23:02 +02:00
Jason A. Donenfeld
f8a990763a embeddable-wg-library: zero attribute padding
See: http://git.netfilter.org/libmnl/commit/?id=37c876b55a2c00424ccda5a300ab5fdec1d88b22
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-03 19:08:20 +02:00
Jason A. Donenfeld
f36209f588 keygen-html: add zip file example
A little bit more JavaScript for easy copy&pasting.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-02 17:38:07 +02:00
Jason A. Donenfeld
81879fe346 wg-quick: account for specified fwmark in auto routing mode
If we're doing automatic routing with default routes, but the config has
also specified an explicit fwmark, then use that explicit fwmark, even
if it's conflicting, since the administrator has explicitly opted into
using it. Also, when shutting down the interface, we only now remove the
fancy rules if we're in automatic routing mode with default routes.

Suggested-by: Luis Ressel <aranea@aixah.de>
Reported-by: Saeid Akbari <saeidscorp@yahoo.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-04-15 15:41:57 +02:00
Jason A. Donenfeld
cd19f54970 wg-quick.8: fix typo
Reported-by: Mike Pechkin <mike.pechkin@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-04-04 10:53:20 -04:00
Jason A. Donenfeld
81b7e4863c wg-quick: hide errors on save
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-04 19:03:54 +01:00
Jason A. Donenfeld
d4421aea89 contrib: add extract-handshakes kprobe example
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-04 18:50:25 +01:00
Jason A. Donenfeld
e6ce5fd386 wg-quick: if resolvconf/run/iface exists, use it
Some older broken resolvconfs don't support resolvconf -l, but do have a
file in a standard location, so use it.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-04 18:50:25 +01:00