Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore: implement CoderVPN client & tunnel #15612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 5, 2024
Merged

chore: implement CoderVPN client & tunnel #15612

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cli/vpndaemon_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func (r *RootCmd) vpnDaemonRun() *serpent.Command {
defer pipe.Close()

logger.Info(ctx, "starting tunnel")
tunnel, err := vpn.NewTunnel(ctx, logger, pipe)
tunnel, err := vpn.NewTunnel(ctx, logger, pipe, vpn.NewClient())
if err != nil {
return xerrors.Errorf("create new tunnel for client: %w", err)
}
Expand Down
1 change: 1 addition & 0 deletions codersdk/wsjson/encoder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ func (e *Encoder[T]) Encode(v T) error {
return nil
}

// nolint: revive // complains that Decoder has the same function name
func (e *Encoder[T]) Close(c websocket.StatusCode) error {
return e.conn.Close(c, "")
}
Expand Down
24 changes: 17 additions & 7 deletions tailnet/conn.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (

"github.com/cenkalti/backoff/v4"
"github.com/google/uuid"
"github.com/tailscale/wireguard-go/tun"
"golang.org/x/xerrors"
"google.golang.org/protobuf/types/known/durationpb"
"google.golang.org/protobuf/types/known/wrapperspb"
Expand Down Expand Up @@ -113,6 +114,8 @@ type Options struct {
DNSConfigurator dns.OSConfigurator
// Router is optional, and is passed to the underlying wireguard engine.
Router router.Router
// TUNDev is optional, and is passed to the underlying wireguard engine.
TUNDev tun.Device
}

// TelemetrySink allows tailnet.Conn to send network telemetry to the Coder
Expand Down Expand Up @@ -143,6 +146,8 @@ func NewConn(options *Options) (conn *Conn, err error) {
return nil, xerrors.New("At least one IP range must be provided")
}

netns.SetEnabled(options.TUNDev != nil)

var telemetryStore *TelemetryStore
if options.TelemetrySink != nil {
var err error
Expand Down Expand Up @@ -187,6 +192,7 @@ func NewConn(options *Options) (conn *Conn, err error) {
SetSubsystem: sys.Set,
DNS: options.DNSConfigurator,
Router: options.Router,
Tun: options.TUNDev,
})
if err != nil {
return nil, xerrors.Errorf("create wgengine: %w", err)
Expand All @@ -197,11 +203,14 @@ func NewConn(options *Options) (conn *Conn, err error) {
}
}()
wireguardEngine.InstallCaptureHook(options.CaptureHook)
dialer.UseNetstackForIP = func(ip netip.Addr) bool {
_, ok := wireguardEngine.PeerForIP(ip)
return ok
if options.TUNDev == nil {
dialer.UseNetstackForIP = func(ip netip.Addr) bool {
_, ok := wireguardEngine.PeerForIP(ip)
return ok
}
}

wireguardEngine = wgengine.NewWatchdog(wireguardEngine)
sys.Set(wireguardEngine)

magicConn := sys.MagicSock.Get()
Expand Down Expand Up @@ -244,11 +253,12 @@ func NewConn(options *Options) (conn *Conn, err error) {
return nil, xerrors.Errorf("create netstack: %w", err)
}

dialer.NetstackDialTCP = func(ctx context.Context, dst netip.AddrPort) (net.Conn, error) {
return netStack.DialContextTCP(ctx, dst)
if options.TUNDev == nil {
dialer.NetstackDialTCP = func(ctx context.Context, dst netip.AddrPort) (net.Conn, error) {
return netStack.DialContextTCP(ctx, dst)
}
netStack.ProcessLocalIPs = true
Comment on lines +256 to +260
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we consolidate the places we do this check on options.TUNDev?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if changing some of the ordering here breaks anything, may need to revisit cleaning this up once we have tests that pass in a real TUN fd. The conn.go changes I just copied from Spike's prototype branch.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, ordering does matter here in general. It might be possible to do it better.

}
netStack.ProcessLocalIPs = true
wireguardEngine = wgengine.NewWatchdog(wireguardEngine)

cfgMaps := newConfigMaps(
options.Logger,
Expand Down
Loading
Loading