Skip to content

Commit

Permalink
Disable routing flag for wireguard mode (#487)
Browse files Browse the repository at this point in the history
  • Loading branch information
@neacsu
neacsu authored Jun 13, 2024
1 parent 4a51efa commit 4e73fe1
Showing 1 changed file with 45 additions and 23 deletions.
68 changes: 45 additions & 23 deletions nym-vpn-core/nym-vpn-lib/src/tunnel_setup.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ use crate::{
init_wireguard_config, MixnetExitConnectionInfo, MixnetVpn, SpecificVpn, WireguardVpn,
};
use crate::{routing, MixnetConnectionInfo, NymVpn};
use futures::channel::oneshot;
use futures::channel::{mpsc, oneshot};
use futures::StreamExt;
use ipnetwork::IpNetwork;
use log::*;
Expand All @@ -23,7 +23,7 @@ use rand::rngs::OsRng;
use talpid_core::dns::DnsMonitor;
use talpid_core::firewall::Firewall;
use talpid_routing::RouteManager;
use talpid_tunnel::TunnelEvent;
use talpid_tunnel::{TunnelEvent, TunnelMetadata};
use tap::TapFallible;

pub struct TunnelSetup<T: TunnelSpecifcSetup> {
Expand Down Expand Up @@ -108,6 +108,24 @@ async fn init_firewall_dns(
}
}

async fn wait_interface_up(
mut event_rx: mpsc::UnboundedReceiver<(TunnelEvent, oneshot::Sender<()>)>,
) -> Result<TunnelMetadata> {
loop {
match event_rx.next().await {
Some((TunnelEvent::InterfaceUp(_, _), _)) => {
continue;
}
Some((TunnelEvent::Up(metadata), _)) => {
break Ok(metadata);
}
Some((TunnelEvent::AuthFailed(_), _)) | Some((TunnelEvent::Down, _)) | None => {
return Err(Error::BadWireguardEvent);
}
}
}
}

async fn setup_wg_tunnel(
nym_vpn: &mut NymVpn<WireguardVpn>,
route_manager: RouteManager,
Expand Down Expand Up @@ -153,12 +171,17 @@ async fn setup_wg_tunnel(
.collect::<Vec<_>>(),
);
});
exit_wireguard_config.0.peers.iter_mut().for_each(|peer| {
peer.allowed_ips
.append(&mut replace_default_prefixes(catch_all_ipv4()));
peer.allowed_ips
.append(&mut replace_default_prefixes(catch_all_ipv6()));
});
// If routing is disabled, we don't append the catch all routing rules
if !nym_vpn.disable_routing {
exit_wireguard_config.0.peers.iter_mut().for_each(|peer| {
peer.allowed_ips
.append(&mut replace_default_prefixes(catch_all_ipv4()));
peer.allowed_ips
.append(&mut replace_default_prefixes(catch_all_ipv6()));
});
} else {
info!("Routing is disabled, skipping adding routes");
}
info!("Entry wireguard config: \n{entry_wireguard_config}");
info!("Exit wireguard config: \n{exit_wireguard_config}");
let (firewall, dns_monitor) = init_firewall_dns(
Expand All @@ -167,33 +190,32 @@ async fn setup_wg_tunnel(
)
.await?;
std::env::set_var("TALPID_FORCE_USERSPACE_WIREGUARD", "1");
let (wireguard_waiting_entry, mut event_rx) = create_wireguard_tunnel(
let (wireguard_waiting_entry, event_rx) = create_wireguard_tunnel(
&route_manager,
nym_vpn.tun_provider.clone(),
entry_wireguard_config,
)
.await?;
// Wait for entry gateway routes to be finished before moving to exit gateway routes, as the two might race if
// started one after the other
loop {
match event_rx.next().await {
Some((TunnelEvent::InterfaceUp(_, _), _)) => {
continue;
}
Some((TunnelEvent::Up(_), _)) => {
break;
}
Some((TunnelEvent::AuthFailed(_), _)) | Some((TunnelEvent::Down, _)) | None => {
return Err(Error::BadWireguardEvent);
}
}
}
let (wireguard_waiting_exit, _) = create_wireguard_tunnel(
let metadata = wait_interface_up(event_rx).await?;
info!(
"Created entry tun device {device_name} with ip={device_ip:?}",
device_name = metadata.interface,
device_ip = metadata.ips
);
let (wireguard_waiting_exit, event_rx) = create_wireguard_tunnel(
&route_manager,
nym_vpn.tun_provider.clone(),
exit_wireguard_config,
)
.await?;
let metadata = wait_interface_up(event_rx).await?;
info!(
"Created exit tun device {device_name} with ip={device_ip:?}",
device_name = metadata.interface,
device_ip = metadata.ips
);
let entry = TunnelSetup {
specific_setup: wireguard_waiting_entry,
};
Expand Down

0 comments on commit 4e73fe1

Please sign in to comment.