diff --git a/install/fs/config.yml b/install/fs/config.yml index 620ccbf3..bee904c1 100644 --- a/install/fs/config.yml +++ b/install/fs/config.yml @@ -32,7 +32,7 @@ gerbil: site_block_size: 30 subnet_group: 100.89.137.0/20 -wg_site: +newt: start_port: 51820 block_size: 24 subnet_group: 100.89.138.0/20 diff --git a/server/lib/config.ts b/server/lib/config.ts index 336b3ccb..9a115884 100644 --- a/server/lib/config.ts +++ b/server/lib/config.ts @@ -110,7 +110,7 @@ const configSchema = z.object({ block_size: z.number().positive().gt(0), site_block_size: z.number().positive().gt(0) }), - wg_site: z.object({ + newt: z.object({ block_size: z.number().positive().gt(0), subnet_group: z.string(), start_port: portSchema, diff --git a/server/routers/client/createClient.ts b/server/routers/client/createClient.ts index 2ae59117..0dd1e2da 100644 --- a/server/routers/client/createClient.ts +++ b/server/routers/client/createClient.ts @@ -18,7 +18,7 @@ import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import logger from "@server/logger"; import { eq, and } from "drizzle-orm"; -import { addPeer } from "../gerbil/peers"; +import { addPeer } from "../newt/peers"; import { fromError } from "zod-validation-error"; import { newts } from "@server/db/schema"; import moment from "moment"; diff --git a/server/routers/client/pickClientDefaults.ts b/server/routers/client/pickClientDefaults.ts index 858c1bab..33802b03 100644 --- a/server/routers/client/pickClientDefaults.ts +++ b/server/routers/client/pickClientDefaults.ts @@ -101,16 +101,13 @@ export async function pickClientDefaults( subnets.push( address.replace( /\/\d+$/, - `/${config.getRawConfig().wg_site.site_block_size}` + `/${config.getRawConfig().newt.site_block_size}` ) ); - logger.debug(`Subnets: ${subnets}`); - logger.debug(`Address: ${address}`); - logger.debug(`Block size: ${config.getRawConfig().wg_site.block_size}`); - logger.debug(`Site block size: ${config.getRawConfig().wg_site.site_block_size}`); + const newSubnet = findNextAvailableCidr( subnets, - config.getRawConfig().wg_site.site_block_size, + config.getRawConfig().newt.site_block_size, address ); if (!newSubnet) { @@ -133,7 +130,7 @@ export async function pickClientDefaults( name: site.name, listenPort: listenPort, endpoint: endpoint, - subnet: newSubnet, + subnet: `${newSubnet.split("/")[0]}/${config.getRawConfig().newt.block_size}`, // we want the block size of the whole subnet olmId: olmId, olmSecret: secret }, diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts index be460ab0..ba8b5347 100644 --- a/server/routers/newt/handleGetConfigMessage.ts +++ b/server/routers/newt/handleGetConfigMessage.ts @@ -105,7 +105,7 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { clientsRes.map(async (client) => { return { publicKey: client.pubKey, - allowedIps: ["0.0.0.0/0"] // TODO: We should lock this down more + allowedIps: [client.subnet] }; }) ); @@ -144,8 +144,8 @@ async function getNextAvailableSubnet(): Promise { let subnet = findNextAvailableCidr( addresses, - config.getRawConfig().wg_site.block_size, - config.getRawConfig().wg_site.subnet_group + config.getRawConfig().newt.block_size, + config.getRawConfig().newt.subnet_group ); if (!subnet) { throw new Error("No available subnets remaining in space"); @@ -167,7 +167,7 @@ async function getNextAvailablePort(): Promise { }).from(sites); // Find the first available port between 1024 and 65535 - let nextPort = config.getRawConfig().wg_site.start_port; + let nextPort = config.getRawConfig().newt.start_port; for (const port of existingPorts) { if (port.listenPort && port.listenPort > nextPort) { break; diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts index 003cc3d6..0c82a523 100644 --- a/server/routers/olm/handleOlmRegisterMessage.ts +++ b/server/routers/olm/handleOlmRegisterMessage.ts @@ -73,11 +73,11 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { logger.warn("Site has no subnet"); return; } - + // add the peer to the exit node await addPeer(site.siteId, { publicKey: publicKey, - allowedIps: [site.subnet] + allowedIps: [client.subnet] }); return { @@ -87,7 +87,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { endpoint: `${site.endpoint}:${site.listenPort}`, publicKey: site.publicKey, serverIP: site.address!.split("/")[0], - tunnelIP: client.subnet.split("/")[0] + tunnelIP: client.subnet } }, broadcast: false, // Send to all olms diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts index 79c2b324..02c204d4 100644 --- a/server/routers/site/pickSiteDefaults.ts +++ b/server/routers/site/pickSiteDefaults.ts @@ -84,7 +84,7 @@ export async function pickSiteDefaults( name: exitNode.name, listenPort: exitNode.listenPort, endpoint: exitNode.endpoint, - subnet: newSubnet, + subnet: `${newSubnet.split("/")[0]}/${config.getRawConfig().gerbil.block_size}`, // we want the block size of the whole subnet newtId, newtSecret: secret },