Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ba48069

Browse files
ethanndicksonethanndickson
authored
chore: implement CoderVPN client & tunnel (#15612)
Addresses #14734. This PR wires up `tunnel.go` to a `tailnet.Conn` via the new `/tailnet` endpoint, with all the necessary controllers such that a VPN connection can be started, stopped and inspected via the CoderVPN protocol.
1 parent b5b0a0e commit ba48069

14 files changed

+1431
-157
lines changed

cli/vpndaemon_windows.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ func (r *RootCmd) vpnDaemonRun() *serpent.Command {
6060
defer pipe.Close()
6161

6262
logger.Info(ctx, "starting tunnel")
63-
tunnel, err := vpn.NewTunnel(ctx, logger, pipe)
63+
tunnel, err := vpn.NewTunnel(ctx, logger, pipe, vpn.NewClient())
6464
if err != nil {
6565
return xerrors.Errorf("create new tunnel for client: %w", err)
6666
}

codersdk/wsjson/encoder.go

+1
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ func (e *Encoder[T]) Encode(v T) error {
2727
return nil
2828
}
2929

30+
// nolint: revive // complains that Decoder has the same function name
3031
func (e *Encoder[T]) Close(c websocket.StatusCode) error {
3132
return e.conn.Close(c, "")
3233
}

tailnet/conn.go

+17-7
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ import (
1414

1515
"github.com/cenkalti/backoff/v4"
1616
"github.com/google/uuid"
17+
"github.com/tailscale/wireguard-go/tun"
1718
"golang.org/x/xerrors"
1819
"google.golang.org/protobuf/types/known/durationpb"
1920
"google.golang.org/protobuf/types/known/wrapperspb"
@@ -113,6 +114,8 @@ type Options struct {
113114
DNSConfigurator dns.OSConfigurator
114115
// Router is optional, and is passed to the underlying wireguard engine.
115116
Router router.Router
117+
// TUNDev is optional, and is passed to the underlying wireguard engine.
118+
TUNDev tun.Device
116119
}
117120

118121
// TelemetrySink allows tailnet.Conn to send network telemetry to the Coder
@@ -143,6 +146,8 @@ func NewConn(options *Options) (conn *Conn, err error) {
143146
return nil, xerrors.New("At least one IP range must be provided")
144147
}
145148

149+
netns.SetEnabled(options.TUNDev != nil)
150+
146151
var telemetryStore *TelemetryStore
147152
if options.TelemetrySink != nil {
148153
var err error
@@ -187,6 +192,7 @@ func NewConn(options *Options) (conn *Conn, err error) {
187192
SetSubsystem: sys.Set,
188193
DNS: options.DNSConfigurator,
189194
Router: options.Router,
195+
Tun: options.TUNDev,
190196
})
191197
if err != nil {
192198
return nil, xerrors.Errorf("create wgengine: %w", err)
@@ -197,11 +203,14 @@ func NewConn(options *Options) (conn *Conn, err error) {
197203
}
198204
}()
199205
wireguardEngine.InstallCaptureHook(options.CaptureHook)
200-
dialer.UseNetstackForIP = func(ip netip.Addr) bool {
201-
_, ok := wireguardEngine.PeerForIP(ip)
202-
return ok
206+
if options.TUNDev == nil {
207+
dialer.UseNetstackForIP = func(ip netip.Addr) bool {
208+
_, ok := wireguardEngine.PeerForIP(ip)
209+
return ok
210+
}
203211
}
204212

213+
wireguardEngine = wgengine.NewWatchdog(wireguardEngine)
205214
sys.Set(wireguardEngine)
206215

207216
magicConn := sys.MagicSock.Get()
@@ -244,11 +253,12 @@ func NewConn(options *Options) (conn *Conn, err error) {
244253
return nil, xerrors.Errorf("create netstack: %w", err)
245254
}
246255

247-
dialer.NetstackDialTCP = func(ctx context.Context, dst netip.AddrPort) (net.Conn, error) {
248-
return netStack.DialContextTCP(ctx, dst)
256+
if options.TUNDev == nil {
257+
dialer.NetstackDialTCP = func(ctx context.Context, dst netip.AddrPort) (net.Conn, error) {
258+
return netStack.DialContextTCP(ctx, dst)
259+
}
260+
netStack.ProcessLocalIPs = true
249261
}
250-
netStack.ProcessLocalIPs = true
251-
wireguardEngine = wgengine.NewWatchdog(wireguardEngine)
252262

253263
cfgMaps := newConfigMaps(
254264
options.Logger,

0 commit comments

Comments
 (0)