From ff99bfd4a674b18a0ad3bcdec15cf112bbec68d7 Mon Sep 17 00:00:00 2001 From: pufferffish Date: Mon, 22 Jul 2024 15:10:12 +0100 Subject: [PATCH 01/16] fix config parsing --- config.go | 16 ++++++---- config_test.go | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++ wireguard.go | 6 ++-- 3 files changed, 100 insertions(+), 9 deletions(-) create mode 100644 config_test.go diff --git a/config.go b/config.go index 76593cf..b70bfaf 100644 --- a/config.go +++ b/config.go @@ -149,13 +149,17 @@ func parseCIDRNetIP(section *ini.Section, keyName string) ([]netip.Addr, error) keys := key.StringsWithShadows(",") var ips = make([]netip.Addr, 0, len(keys)) for _, str := range keys { - prefix, err := netip.ParsePrefix(str) - if err != nil { - return nil, err - } + if addr, err := netip.ParseAddr(str); err == nil { + ips = append(ips, addr) + } else { + prefix, err := netip.ParsePrefix(str) + if err != nil { + return nil, err + } - addr := prefix.Addr() - ips = append(ips, addr) + addr := prefix.Addr() + ips = append(ips, addr) + } } return ips, nil } diff --git a/config_test.go b/config_test.go new file mode 100644 index 0000000..948fbf8 --- /dev/null +++ b/config_test.go @@ -0,0 +1,87 @@ +package wireproxy + +import ( + "github.com/go-ini/ini" + "testing" +) + +func loadIniConfig(config string) (*ini.File, error) { + iniOpt := ini.LoadOptions{ + Insensitive: true, + AllowShadows: true, + AllowNonUniqueSections: true, + } + + return ini.LoadSources(iniOpt, []byte(config)) +} + +func TestWireguardConfWithoutSubnet(t *testing.T) { + const config = ` +[Interface] +PrivateKey = LAr1aNSNF9d0MjwUgAVC4020T0N/E5NUtqVv5EnsSz0= +Address = 10.5.0.2 +DNS = 1.1.1.1 + +[Peer] +PublicKey = e8LKAc+f9xEzq9Ar7+MfKRrs+gZ/4yzvpRJLRJ/VJ1w= +AllowedIPs = 0.0.0.0/0, ::/0 +Endpoint = 94.140.11.15:51820 +PersistentKeepalive = 25` + var cfg DeviceConfig + iniData, err := loadIniConfig(config) + if err != nil { + t.Fatal(err) + } + + err = ParseInterface(iniData, &cfg) + if err != nil { + t.Fatal(err) + } +} + +func TestWireguardConfWithSubnet(t *testing.T) { + const config = ` +[Interface] +PrivateKey = LAr1aNSNF9d0MjwUgAVC4020T0N/E5NUtqVv5EnsSz0= +Address = 10.5.0.2/23 +DNS = 1.1.1.1 + +[Peer] +PublicKey = e8LKAc+f9xEzq9Ar7+MfKRrs+gZ/4yzvpRJLRJ/VJ1w= +AllowedIPs = 0.0.0.0/0, ::/0 +Endpoint = 94.140.11.15:51820 +PersistentKeepalive = 25` + var cfg DeviceConfig + iniData, err := loadIniConfig(config) + if err != nil { + t.Fatal(err) + } + + err = ParseInterface(iniData, &cfg) + if err != nil { + t.Fatal(err) + } +} + +func TestWireguardConfWithManyAddress(t *testing.T) { + const config = ` +[Interface] +PrivateKey = mBsVDahr1XIu9PPd17UmsDdB6E53nvmS47NbNqQCiFM= +Address = 100.96.0.190,2606:B300:FFFF:fe8a:2ac6:c7e8:b021:6f5f/128 +DNS = 198.18.0.1,198.18.0.2 + +[Peer] +PublicKey = SHnh4C2aDXhp1gjIqceGhJrhOLSeNYcqWLKcYnzj00U= +AllowedIPs = 0.0.0.0/0,::/0 +Endpoint = 192.200.144.22:51820` + var cfg DeviceConfig + iniData, err := loadIniConfig(config) + if err != nil { + t.Fatal(err) + } + + err = ParseInterface(iniData, &cfg) + if err != nil { + t.Fatal(err) + } +} diff --git a/wireguard.go b/wireguard.go index 31057ed..8b2d0f8 100644 --- a/wireguard.go +++ b/wireguard.go @@ -20,8 +20,8 @@ type DeviceSetting struct { mtu int } -// serialize the config into an IPC request and DeviceSetting -func createIPCRequest(conf *DeviceConfig) (*DeviceSetting, error) { +// CreateIPCRequest serialize the config into an IPC request and DeviceSetting +func CreateIPCRequest(conf *DeviceConfig) (*DeviceSetting, error) { var request bytes.Buffer request.WriteString(fmt.Sprintf("private_key=%s\n", conf.SecretKey)) @@ -60,7 +60,7 @@ func createIPCRequest(conf *DeviceConfig) (*DeviceSetting, error) { // StartWireguard creates a tun interface on netstack given a configuration func StartWireguard(conf *DeviceConfig, logLevel int) (*VirtualTun, error) { - setting, err := createIPCRequest(conf) + setting, err := CreateIPCRequest(conf) if err != nil { return nil, err } From 42a097d490717265d55ea0aa226c65575accf9ce Mon Sep 17 00:00:00 2001 From: Amirhossein Shaerpour <87924605+shaerpour@users.noreply.github.com> Date: Mon, 22 Jul 2024 17:41:26 +0330 Subject: [PATCH 02/16] change - add default configuration paths (#121) --- README.md | 3 ++- cmd/wireproxy/main.go | 24 ++++++++++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fd44869..71b6f96 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ of wireproxy by [@juev](https://github.com/juev). # Usage ``` -./wireproxy -c [path to config] +./wireproxy [-c path to config] ``` ``` @@ -47,6 +47,7 @@ Arguments: -h --help Print help information -c --config Path of configuration file + Default paths: /etc/wireproxy/wireproxy.conf, $HOME/.config/wireproxy.conf -s --silent Silent mode -d --daemon Make wireproxy run in background -i --info Specify the address and port for exposing health status diff --git a/cmd/wireproxy/main.go b/cmd/wireproxy/main.go index 48880c2..713943a 100644 --- a/cmd/wireproxy/main.go +++ b/cmd/wireproxy/main.go @@ -22,6 +22,12 @@ import ( // an argument to denote that this process was spawned by -d const daemonProcess = "daemon-process" +// default paths for wireproxy config file +var default_config_paths = []string { + "/etc/wireproxy/wireproxy.conf", + os.Getenv("HOME")+"/.config/wireproxy.conf", +} + var version = "1.0.8-dev" func panicIfError(err error) { @@ -51,6 +57,16 @@ func executablePath() string { return programPath } +// check if default config file paths exist +func configFilePath() (string, bool) { + for _, path := range default_config_paths { + if _, err := os.Stat(path); err == nil { + return path, true + } + } + return "", false +} + func lock(stage string) { switch stage { case "boot": @@ -177,8 +193,12 @@ func main() { } if *config == "" { - fmt.Println("configuration path is required") - return + if path, config_exist := configFilePath(); config_exist { + *config = path + } else { + fmt.Println("configuration path is required") + return + } } if !*daemon { From f8a5d70c717c92d988f2ab684d3c895d11a4034a Mon Sep 17 00:00:00 2001 From: pufferffish Date: Mon, 22 Jul 2024 15:38:07 +0100 Subject: [PATCH 03/16] make device setting fields public --- wireguard.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/wireguard.go b/wireguard.go index 8b2d0f8..27fb0f9 100644 --- a/wireguard.go +++ b/wireguard.go @@ -14,10 +14,10 @@ import ( // DeviceSetting contains the parameters for setting up a tun interface type DeviceSetting struct { - ipcRequest string - dns []netip.Addr - deviceAddr []netip.Addr - mtu int + IpcRequest string + DNS []netip.Addr + DeviceAddr []netip.Addr + MTU int } // CreateIPCRequest serialize the config into an IPC request and DeviceSetting @@ -54,7 +54,7 @@ func CreateIPCRequest(conf *DeviceConfig) (*DeviceSetting, error) { } } - setting := &DeviceSetting{ipcRequest: request.String(), dns: conf.DNS, deviceAddr: conf.Endpoint, mtu: conf.MTU} + setting := &DeviceSetting{IpcRequest: request.String(), DNS: conf.DNS, DeviceAddr: conf.Endpoint, MTU: conf.MTU} return setting, nil } @@ -65,12 +65,12 @@ func StartWireguard(conf *DeviceConfig, logLevel int) (*VirtualTun, error) { return nil, err } - tun, tnet, err := netstack.CreateNetTUN(setting.deviceAddr, setting.dns, setting.mtu) + tun, tnet, err := netstack.CreateNetTUN(setting.DeviceAddr, setting.DNS, setting.MTU) if err != nil { return nil, err } dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(logLevel, "")) - err = dev.IpcSet(setting.ipcRequest) + err = dev.IpcSet(setting.IpcRequest) if err != nil { return nil, err } @@ -84,7 +84,7 @@ func StartWireguard(conf *DeviceConfig, logLevel int) (*VirtualTun, error) { Tnet: tnet, Dev: dev, Conf: conf, - SystemDNS: len(setting.dns) == 0, + SystemDNS: len(setting.DNS) == 0, PingRecord: make(map[string]uint64), }, nil } From cb1f39b3e5896f50a899a2bd1a2a91470eda247e Mon Sep 17 00:00:00 2001 From: Nicholas Date: Tue, 23 Jul 2024 00:38:19 +1000 Subject: [PATCH 04/16] Support env lookup for some values (#122) Co-authored-by: pufferfish <74378430+pufferffish@users.noreply.github.com> --- .github/workflows/container.yml | 1 + README.md | 1 + config.go | 63 +++++++++++++++++++++++++-------- 3 files changed, 50 insertions(+), 15 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index b965173..18f582b 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -59,6 +59,7 @@ jobs: docker buildx build \ --platform "$BUILD_PLATFORMS" \ --tag "$CONTAINER_NAME:$CONTAINER_TAG" \ + --tag "$CONTAINER_NAME:$GITHUB_SHA" \ --label "org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}" \ --label "org.opencontainers.image.documentation=${{ github.server_url }}/${{ github.repository }}" \ --label "org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}/packages" \ diff --git a/README.md b/README.md index 71b6f96..06da167 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ Instructions for using wireproxy with Firefox container tabs and auto-start on M Address = 10.200.200.2/32 # The subnet should be /32 and /128 for IPv4 and v6 respectively # MTU = 1420 (optional) PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q= +# PrivateKey = $MY_WIREGUARD_PRIVATE_KEY # Alternatively, reference environment variables DNS = 10.200.200.1 [Peer] diff --git a/config.go b/config.go index b70bfaf..b1aba15 100644 --- a/config.go +++ b/config.go @@ -5,6 +5,7 @@ import ( "encoding/hex" "errors" "net" + "os" "strings" "github.com/go-ini/ini" @@ -68,6 +69,18 @@ func parseString(section *ini.Section, keyName string) (string, error) { if key == nil { return "", errors.New(keyName + " should not be empty") } + value := key.String() + if strings.HasPrefix(value, "$") { + if strings.HasPrefix(value, "$$") { + return strings.Replace(value, "$$", "$", 1), nil + } + var ok bool + value, ok = os.LookupEnv(strings.TrimPrefix(value, "$")) + if !ok { + return "", errors.New(keyName + " references unset environment variable " + key.String()) + } + return value, nil + } return key.String(), nil } @@ -122,15 +135,21 @@ func encodeBase64ToHex(key string) (string, error) { } func parseNetIP(section *ini.Section, keyName string) ([]netip.Addr, error) { - key := section.Key(keyName) - if key == nil { - return []netip.Addr{}, nil + key, err := parseString(section, keyName) + if err != nil { + if strings.Contains(err.Error(), "should not be empty") { + return []netip.Addr{}, nil + } + return nil, err } - keys := key.StringsWithShadows(",") + keys := strings.Split(key, ",") var ips = make([]netip.Addr, 0, len(keys)) for _, str := range keys { str = strings.TrimSpace(str) + if len(str) == 0 { + continue + } ip, err := netip.ParseAddr(str) if err != nil { return nil, err @@ -141,14 +160,22 @@ func parseNetIP(section *ini.Section, keyName string) ([]netip.Addr, error) { } func parseCIDRNetIP(section *ini.Section, keyName string) ([]netip.Addr, error) { - key := section.Key(keyName) - if key == nil { - return []netip.Addr{}, nil + key, err := parseString(section, keyName) + if err != nil { + if strings.Contains(err.Error(), "should not be empty") { + return []netip.Addr{}, nil + } + return nil, err } - keys := key.StringsWithShadows(",") + keys := strings.Split(key, ",") var ips = make([]netip.Addr, 0, len(keys)) for _, str := range keys { + str = strings.TrimSpace(str) + if len(str) == 0 { + continue + } + if addr, err := netip.ParseAddr(str); err == nil { ips = append(ips, addr) } else { @@ -156,7 +183,7 @@ func parseCIDRNetIP(section *ini.Section, keyName string) ([]netip.Addr, error) if err != nil { return nil, err } - + addr := prefix.Addr() ips = append(ips, addr) } @@ -165,14 +192,21 @@ func parseCIDRNetIP(section *ini.Section, keyName string) ([]netip.Addr, error) } func parseAllowedIPs(section *ini.Section) ([]netip.Prefix, error) { - key := section.Key("AllowedIPs") - if key == nil { - return []netip.Prefix{}, nil + key, err := parseString(section, "AllowedIPs") + if err != nil { + if strings.Contains(err.Error(), "should not be empty") { + return []netip.Prefix{}, nil + } + return nil, err } - keys := key.StringsWithShadows(",") + keys := strings.Split(key, ",") var ips = make([]netip.Prefix, 0, len(keys)) for _, str := range keys { + str = strings.TrimSpace(str) + if len(str) == 0 { + continue + } prefix, err := netip.ParsePrefix(str) if err != nil { return nil, err @@ -292,8 +326,7 @@ func ParsePeers(cfg *ini.File, peers *[]PeerConfig) error { peer.PreSharedKey = value } - if sectionKey, err := section.GetKey("Endpoint"); err == nil { - value := sectionKey.String() + if value, err := parseString(section, "Endpoint"); err == nil { decoded, err = resolveIPPAndPort(strings.ToLower(value)) if err != nil { return err From 3729bced931fd93af95dcd9156b0a1c8643a7143 Mon Sep 17 00:00:00 2001 From: Artem Russkikh Date: Wed, 4 Sep 2024 01:08:20 +0500 Subject: [PATCH 05/16] Update README (#137) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 06da167..9e36158 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,8 @@ and configured my browser to use wireproxy for certain sites. It's pretty useful wireproxy is completely isolated from my network interfaces, and I don't need root to configure anything. -Users who want something similar but for Amnezia VPN can use [this fork](https://github.com/juev/wireproxy/tree/feature/amnezia-go) -of wireproxy by [@juev](https://github.com/juev). +Users who want something similar but for Amnezia VPN can use [this fork](https://github.com/artem-russkikh/wireproxy-awg) +of wireproxy by [@artem-russkikh](https://github.com/artem-russkikh). # Feature - TCP static routing for client and server From 5b7f822f176e2358aa51460cd8dc3fee259200f2 Mon Sep 17 00:00:00 2001 From: Niko Date: Tue, 3 Sep 2024 20:08:52 +0000 Subject: [PATCH 06/16] Fix broken sandboxing resulting in SIGABRT (#136) --- systemd/wireproxy.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/wireproxy.service b/systemd/wireproxy.service index 832f813..0ecc551 100644 --- a/systemd/wireproxy.service +++ b/systemd/wireproxy.service @@ -40,7 +40,7 @@ RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK RestrictNamespaces=true RestrictRealtime=true SystemCallArchitectures=native -SystemCallFilter=@system-service +SystemCallFilter=@system-service @sandbox [Install] WantedBy=multi-user.target From 4a564b5ea2fa32caef9aae482a2df679fb6a7cf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luiz=20Henrique=20Gomes=20Pal=C3=A1cio?= Date: Tue, 3 Sep 2024 17:21:40 -0300 Subject: [PATCH 07/16] Fix HTTP proxy authentication to support both preemptive and challenge-response auth (#134) --- http.go | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/http.go b/http.go index 9fa7932..ebaa822 100644 --- a/http.go +++ b/http.go @@ -31,23 +31,23 @@ func (s *HTTPServer) authenticate(req *http.Request) (int, error) { } auth := req.Header.Get(proxyAuthHeaderKey) - if auth != "" { - enc := strings.TrimPrefix(auth, "Basic ") - str, err := base64.StdEncoding.DecodeString(enc) - if err != nil { - return http.StatusNotAcceptable, fmt.Errorf("decode username and password failed: %w", err) - } - pairs := bytes.SplitN(str, []byte(":"), 2) - if len(pairs) != 2 { - return http.StatusLengthRequired, fmt.Errorf("username and password format invalid") - } - if s.auth.Valid(string(pairs[0]), string(pairs[1])) { - return 0, nil - } - return http.StatusUnauthorized, fmt.Errorf("username and password not matching") + if auth == "" { + return http.StatusProxyAuthRequired, fmt.Errorf(http.StatusText(http.StatusProxyAuthRequired)) } - return http.StatusProxyAuthRequired, fmt.Errorf(http.StatusText(http.StatusProxyAuthRequired)) + enc := strings.TrimPrefix(auth, "Basic ") + str, err := base64.StdEncoding.DecodeString(enc) + if err != nil { + return http.StatusNotAcceptable, fmt.Errorf("decode username and password failed: %w", err) + } + pairs := bytes.SplitN(str, []byte(":"), 2) + if len(pairs) != 2 { + return http.StatusLengthRequired, fmt.Errorf("username and password format invalid") + } + if s.auth.Valid(string(pairs[0]), string(pairs[1])) { + return 0, nil + } + return http.StatusUnauthorized, fmt.Errorf("username and password not matching") } func (s *HTTPServer) handleConn(req *http.Request, conn net.Conn) (peer net.Conn, err error) { @@ -103,7 +103,11 @@ func (s *HTTPServer) serve(conn net.Conn) { code, err := s.authenticate(req) if err != nil { - _ = responseWith(req, code).Write(conn) + resp := responseWith(req, code) + if code == http.StatusProxyAuthRequired { + resp.Header.Set("Proxy-Authenticate", "Basic realm=\"Proxy\"") + } + _ = resp.Write(conn) log.Println(err) return } From 3e6e5a61f0ed0a1176a601cb59870c7a4d05451f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 00:24:48 +0000 Subject: [PATCH 08/16] Bump golang.org/x/crypto from 0.21.0 to 0.31.0 (#146) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 59ac71b..9d1b1dd 100644 --- a/go.mod +++ b/go.mod @@ -18,8 +18,8 @@ require ( require ( github.com/google/btree v1.1.2 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/sys v0.18.0 // indirect + golang.org/x/crypto v0.31.0 // indirect + golang.org/x/sys v0.28.0 // indirect golang.org/x/time v0.5.0 // indirect golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 // indirect diff --git a/go.sum b/go.sum index 74abd33..23a91dc 100644 --- a/go.sum +++ b/go.sum @@ -18,13 +18,13 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/things-go/go-socks5 v0.0.5 h1:qvKaGcBkfDrUL33SchHN93srAmYGzb4CxSM2DPYufe8= github.com/things-go/go-socks5 v0.0.5/go.mod h1:mtzInf8v5xmsBpHZVbIw2YQYhc4K0jRwzfsH64Uh0IQ= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg= From 3098c397e771a2e45a1f0ff353eb588bcfae9aca Mon Sep 17 00:00:00 2001 From: Yaroslav Date: Fri, 27 Dec 2024 00:19:42 +0700 Subject: [PATCH 09/16] Update README.md (#150) Fixed curl example command to work well with sudo --- systemd/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/README.md b/systemd/README.md index 33e8d00..b1a4ea0 100644 --- a/systemd/README.md +++ b/systemd/README.md @@ -8,7 +8,7 @@ The provided systemd unit assumes you have the wireproxy executable installed on 1. Copy the `wireproxy.service` file from this directory to `/etc/systemd/system/`, or use the following cURL command to download it: ```bash - sudo curl https://raw.githubusercontent.com/pufferffish/wireproxy/master/systemd/wireproxy.service > /etc/systemd/system/wireproxy.service + curl https://raw.githubusercontent.com/pufferffish/wireproxy/master/systemd/wireproxy.service | sudo tee /etc/systemd/system/wireproxy.service ``` 2. If necessary, customize the unit. From d7106831812f3b69d827148ddfb06a9a48e6c8ad Mon Sep 17 00:00:00 2001 From: Takanori Hirano Date: Fri, 27 Dec 2024 02:20:01 +0900 Subject: [PATCH 10/16] Fix PingRecord race condition (#149) --- routine.go | 6 +++++- wireguard.go | 12 +++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/routine.go b/routine.go index 465e6b1..8c65456 100644 --- a/routine.go +++ b/routine.go @@ -21,6 +21,7 @@ import ( "path" "strconv" "strings" + "sync" "time" "github.com/sourcegraph/conc" @@ -48,7 +49,8 @@ type VirtualTun struct { SystemDNS bool Conf *DeviceConfig // PingRecord stores the last time an IP was pinged - PingRecord map[string]uint64 + PingRecord map[string]uint64 + PingRecordLock *sync.Mutex } // RoutineSpawner spawns a routine (e.g. socks5, tcp static routes) after the configuration is parsed @@ -475,7 +477,9 @@ func (d VirtualTun) pingIPs() { } } + d.PingRecordLock.Lock() d.PingRecord[addr.String()] = uint64(time.Now().Unix()) + d.PingRecordLock.Unlock() defer socket.Close() }() diff --git a/wireguard.go b/wireguard.go index 27fb0f9..71a2960 100644 --- a/wireguard.go +++ b/wireguard.go @@ -3,6 +3,7 @@ package wireproxy import ( "bytes" "fmt" + "sync" "net/netip" @@ -81,10 +82,11 @@ func StartWireguard(conf *DeviceConfig, logLevel int) (*VirtualTun, error) { } return &VirtualTun{ - Tnet: tnet, - Dev: dev, - Conf: conf, - SystemDNS: len(setting.DNS) == 0, - PingRecord: make(map[string]uint64), + Tnet: tnet, + Dev: dev, + Conf: conf, + SystemDNS: len(setting.DNS) == 0, + PingRecord: make(map[string]uint64), + PingRecordLock: new(sync.Mutex), }, nil } From 47cd451c803b82d7511e9c6dba170c1896519924 Mon Sep 17 00:00:00 2001 From: Lars Gerber <75072836+larsgerber@users.noreply.github.com> Date: Fri, 31 Jan 2025 16:59:57 +0100 Subject: [PATCH 11/16] docs: add syntax highlighting and Go install command (#158) * docs: add syntax language for codeblocks * docs: add install instructions for Go --- README.md | 50 ++++++++++++++++++++++++++++++++++++++------------ UseWithVPN.md | 17 ++++++++++++----- 2 files changed, 50 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 9e36158..575c596 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # wireproxy + [![ISC licensed](https://img.shields.io/badge/license-ISC-blue)](./LICENSE) [![Build status](https://github.com/octeep/wireproxy/actions/workflows/build.yml/badge.svg)](https://github.com/octeep/wireproxy/actions) [![Documentation](https://img.shields.io/badge/godoc-wireproxy-blue)](https://pkg.go.dev/github.com/octeep/wireproxy) @@ -6,12 +7,14 @@ A wireguard client that exposes itself as a socks5/http proxy or tunnels. # What is this + `wireproxy` is a completely userspace application that connects to a wireguard peer, and exposes a socks5/http proxy or tunnels on the machine. This can be useful if you need to connect to certain sites via a wireguard peer, but can't be bothered to setup a new network interface for whatever reasons. # Why you might want this + - You simply want to use wireguard as a way to proxy some traffic. - You don't want root permission just to change wireguard settings. @@ -24,19 +27,22 @@ Users who want something similar but for Amnezia VPN can use [this fork](https:/ of wireproxy by [@artem-russkikh](https://github.com/artem-russkikh). # Feature + - TCP static routing for client and server - SOCKS5/HTTP proxy (currently only CONNECT is supported) # TODO + - UDP Support in SOCKS5 - UDP static routing # Usage -``` + +```bash ./wireproxy [-c path to config] ``` -``` +```bash usage: wireproxy [-h|--help] [-c|--config ""] [-s|--silent] [-d|--daemon] [-i|--info ""] [-v|--version] [-n|--configtest] @@ -54,21 +60,29 @@ Arguments: -v --version Print version -n --configtest Configtest mode. Only check the configuration file for validity. - ``` # Build instruction -``` + +```bash git clone https://github.com/octeep/wireproxy cd wireproxy make ``` +# Install + +```bash +go install github.com/pufferffish/wireproxy/cmd/wireproxy@v1.0.9 # or @latest +``` + # Use with VPN + Instructions for using wireproxy with Firefox container tabs and auto-start on MacOS can be found [here](/UseWithVPN.md). # Sample config file -``` + +```ini # The [Interface] and [Peer] configurations follow the same semantics and meaning # of a wg-quick configuration. To understand what these fields mean, please refer to: # https://wiki.archlinux.org/title/WireGuard#Persistent_configuration @@ -135,7 +149,8 @@ BindAddress = 127.0.0.1:25345 Alternatively, if you already have a wireguard config, you can import it in the wireproxy config file like this: -``` + +```ini WGConfig = # Same semantics as above @@ -151,7 +166,8 @@ WGConfig = Having multiple peers is also supported. `AllowedIPs` would need to be specified such that wireproxy would know which peer to forward to. -``` + +```ini [Interface] Address = 10.254.254.40/32 PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= @@ -183,7 +199,8 @@ Target = service-three.servicenet:80 ``` Wireproxy can also allow peers to connect to it: -``` + +```ini [Interface] ListenPort = 5400 ... @@ -193,7 +210,9 @@ PublicKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY= AllowedIPs = 10.254.254.100/32 # Note there is no Endpoint defined here. ``` + # Health endpoint + Wireproxy supports exposing a health endpoint for monitoring purposes. The argument `--info/-i` specifies an address and port (e.g. `localhost:9080`), which exposes a HTTP server that provides health status metric of the server. @@ -204,7 +223,8 @@ Currently two endpoints are implemented: `/readyz`: This responds with a json which shows the last time a pong is received from an IP specified with `CheckAlive`. When `CheckAlive` is set, a ping is sent out to addresses in `CheckAlive` per `CheckAliveInterval` seconds (defaults to 5) via wireguard. If a pong has not been received from one of the addresses within the last `CheckAliveInterval` seconds (+2 seconds for some leeway to account for latency), then it would respond with a 503, otherwise a 200. For example: -``` + +```ini [Interface] PrivateKey = censored Address = 10.2.0.2/32 @@ -220,8 +240,10 @@ Endpoint = 149.34.244.174:51820 [Socks5] BindAddress = 127.0.0.1:25344 ``` + `/readyz` would respond with -``` + +```text < HTTP/1.1 503 Service Unavailable < Date: Thu, 11 Apr 2024 00:54:59 GMT < Content-Length: 35 @@ -231,15 +253,18 @@ BindAddress = 127.0.0.1:25344 ``` And for: -``` + +```ini [Interface] PrivateKey = censored Address = 10.2.0.2/32 DNS = 10.2.0.1 CheckAlive = 1.1.1.1 ``` + `/readyz` would respond with -``` + +```text < HTTP/1.1 200 OK < Date: Thu, 11 Apr 2024 00:56:21 GMT < Content-Length: 23 @@ -253,4 +278,5 @@ If nothing is set for `CheckAlive`, an empty JSON object with 200 will be the re The peer which the ICMP ping packet is routed to depends on the `AllowedIPs` set for each peers. # Stargazers over time + [![Stargazers over time](https://starchart.cc/octeep/wireproxy.svg)](https://starchart.cc/octeep/wireproxy) diff --git a/UseWithVPN.md b/UseWithVPN.md index cb50538..6257258 100644 --- a/UseWithVPN.md +++ b/UseWithVPN.md @@ -1,11 +1,12 @@ # Getting a Wireguard Server + You can create your own wireguard server using a host service like DigitalOcean, or you can get a VPN service that provides WireGuard configs. I recommend ProtonVPN, because it is highly secure and has a great WireGuard config generator. -Simply go to https://account.protonvpn.com/downloads and scroll down to the +Simply go to and scroll down to the wireguard section to generate your configs, then paste into the appropriate section below. @@ -25,9 +26,11 @@ naming should also be similar (e.g. `/Users/jonny/Library/LaunchAgents/com.ProtonUS.adblock.plist`) ## Config File + Make sure you use a unique port for every separate server I recommend you set proxy authentication, you can use the same user/pass for all -``` + +```ini # Link to the Downloaded config WGConfig = /Users/jonny/vpntabs/ProtonUS.adblock.server.conf @@ -43,24 +46,27 @@ BindAddress = 127.0.0.1:25344 # Update the port here for each new server ``` ## Startup Script File + This is a bash script to facilitate startup, not strictly essential, but adds ease. Note, you MUST update the first path to wherever you installed this code to. Make sure you use the path for the config file above, not the one you downloaded from e.g. protonvpn. -``` + +```bash #!/bin/bash /Users/jonny/wireproxy/wireproxy -c /Users/jonny/vpntabs/ProtonUS.adblock.conf ``` ## MacOS LaunchAgent + To make it run every time you start your computer, you can create a launch agent in `$HOME/Library/LaunchAgents`. Name reference above. That file should contain the following, the label should be the same as the file name and the paths should be set correctly: -``` +```xml @@ -70,7 +76,7 @@ name and the paths should be set correctly: Program /Users/jonny/vpntabs/ProtonUS.adblock.sh RunAtLoad - + KeepAlive @@ -82,6 +88,7 @@ To enable it, run `launchtl start ~/Library/LaunchAgents/com.PortonUS.adblock.plist` # Firefox Setup + You will need to enable the Multi Account Container Tabs extension and a proxy extension, I recommend Sideberry, but Container Proxy also works. From 7bb1be2d20cc05a9d92de2c093786986f799bdb0 Mon Sep 17 00:00:00 2001 From: Christian Speckner Date: Fri, 31 Jan 2025 17:09:16 +0100 Subject: [PATCH 12/16] Make sure that closing one direction closes the other, too. (#159) * Make sure that closing one direction closes the other, too. * Pacify linter. --- go.mod | 1 - go.sum | 2 -- http.go | 26 +++++++++++++------------- routine.go | 51 ++++++++++----------------------------------------- 4 files changed, 23 insertions(+), 57 deletions(-) diff --git a/go.mod b/go.mod index 9d1b1dd..ec664d3 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,6 @@ require ( github.com/akamensky/argparse v1.4.0 github.com/go-ini/ini v1.67.0 github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a - github.com/sourcegraph/conc v0.3.0 github.com/things-go/go-socks5 v0.0.5 golang.org/x/net v0.23.0 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 diff --git a/go.sum b/go.sum index 23a91dc..4c70481 100644 --- a/go.sum +++ b/go.sum @@ -12,8 +12,6 @@ github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a h1:dz+a1M github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a/go.mod h1:1NY/VPO8xm3hXw3f+M65z+PJDLUaZA5cu7OfanxoUzY= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= -github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/things-go/go-socks5 v0.0.5 h1:qvKaGcBkfDrUL33SchHN93srAmYGzb4CxSM2DPYufe8= diff --git a/http.go b/http.go index ebaa822..88a7ef4 100644 --- a/http.go +++ b/http.go @@ -10,8 +10,6 @@ import ( "net" "net/http" "strings" - - "github.com/sourcegraph/conc" ) const proxyAuthHeaderKey = "Proxy-Authorization" @@ -32,7 +30,7 @@ func (s *HTTPServer) authenticate(req *http.Request) (int, error) { auth := req.Header.Get(proxyAuthHeaderKey) if auth == "" { - return http.StatusProxyAuthRequired, fmt.Errorf(http.StatusText(http.StatusProxyAuthRequired)) + return http.StatusProxyAuthRequired, fmt.Errorf("%s", http.StatusText(http.StatusProxyAuthRequired)) } enc := strings.TrimPrefix(auth, "Basic ") @@ -131,17 +129,19 @@ func (s *HTTPServer) serve(conn net.Conn) { log.Println("dial proxy failed: peer nil") return } + go func() { - wg := conc.NewWaitGroup() - wg.Go(func() { - _, err = io.Copy(conn, peer) - _ = conn.Close() - }) - wg.Go(func() { - _, err = io.Copy(peer, conn) - _ = peer.Close() - }) - wg.Wait() + defer conn.Close() + defer peer.Close() + + _, _ = io.Copy(conn, peer) + }() + + go func() { + defer conn.Close() + defer peer.Close() + + _, _ = io.Copy(peer, conn) }() } diff --git a/routine.go b/routine.go index 8c65456..edfc793 100644 --- a/routine.go +++ b/routine.go @@ -24,7 +24,6 @@ import ( "sync" "time" - "github.com/sourcegraph/conc" "github.com/things-go/go-socks5" "github.com/things-go/go-socks5/bufferpool" @@ -190,6 +189,9 @@ func (c CredentialValidator) Valid(username, password string) bool { // connForward copy data from `from` to `to` func connForward(from io.ReadWriteCloser, to io.ReadWriteCloser) { + defer from.Close() + defer to.Close() + _, err := io.Copy(to, from) if err != nil { errorLogger.Printf("Cannot forward traffic: %s\n", err.Error()) @@ -212,20 +214,8 @@ func tcpClientForward(vt *VirtualTun, raddr *addressPort, conn net.Conn) { return } - go func() { - wg := conc.NewWaitGroup() - wg.Go(func() { - connForward(sconn, conn) - }) - wg.Go(func() { - connForward(conn, sconn) - }) - wg.Wait() - _ = sconn.Close() - _ = conn.Close() - sconn = nil - conn = nil - }() + go connForward(sconn, conn) + go connForward(conn, sconn) } // STDIOTcpForward starts a new connection via wireguard and forward traffic from `conn` @@ -250,18 +240,8 @@ func STDIOTcpForward(vt *VirtualTun, raddr *addressPort) { return } - go func() { - wg := conc.NewWaitGroup() - wg.Go(func() { - connForward(os.Stdin, sconn) - }) - wg.Go(func() { - connForward(sconn, stdout) - }) - wg.Wait() - _ = sconn.Close() - sconn = nil - }() + go connForward(os.Stdin, sconn) + go connForward(sconn, stdout) } // SpawnRoutine spawns a local TCP server which acts as a proxy to the specified target @@ -311,20 +291,9 @@ func tcpServerForward(vt *VirtualTun, raddr *addressPort, conn net.Conn) { return } - go func() { - gr := conc.NewWaitGroup() - gr.Go(func() { - connForward(sconn, conn) - }) - gr.Go(func() { - connForward(conn, sconn) - }) - gr.Wait() - _ = sconn.Close() - _ = conn.Close() - sconn = nil - conn = nil - }() + go connForward(sconn, conn) + go connForward(conn, sconn) + } // SpawnRoutine spawns a TCP server on wireguard which acts as a proxy to the specified target From a57972e75621fa7ba1a47772e344dde3b36a1069 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 16:26:26 +0000 Subject: [PATCH 13/16] Bump golang.org/x/net from 0.23.0 to 0.33.0 (#160) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ec664d3..b022b0a 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-ini/ini v1.67.0 github.com/landlock-lsm/go-landlock v0.0.0-20240216195629-efb66220540a github.com/things-go/go-socks5 v0.0.5 - golang.org/x/net v0.23.0 + golang.org/x/net v0.33.0 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 suah.dev/protect v1.2.3 ) diff --git a/go.sum b/go.sum index 4c70481..f51522a 100644 --- a/go.sum +++ b/go.sum @@ -18,8 +18,8 @@ github.com/things-go/go-socks5 v0.0.5 h1:qvKaGcBkfDrUL33SchHN93srAmYGzb4CxSM2DPY github.com/things-go/go-socks5 v0.0.5/go.mod h1:mtzInf8v5xmsBpHZVbIw2YQYhc4K0jRwzfsH64Uh0IQ= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From f17557487dedef3940279ea43aa68b2704ae0678 Mon Sep 17 00:00:00 2001 From: pufferffish Date: Tue, 18 Feb 2025 12:26:13 +0000 Subject: [PATCH 14/16] add IPRoyal referral link --- README.md | 7 +++++++ assets/iproyal.png | Bin 0 -> 2628 bytes 2 files changed, 7 insertions(+) create mode 100644 assets/iproyal.png diff --git a/README.md b/README.md index 575c596..5c774e0 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,13 @@ anything. Users who want something similar but for Amnezia VPN can use [this fork](https://github.com/artem-russkikh/wireproxy-awg) of wireproxy by [@artem-russkikh](https://github.com/artem-russkikh). +# Sponsor + +This project is supported by [IPRoyal](https://iproyal.com/?r=795836). You can get premium quality proxies at unbeatable prices +with a discount using [this referral link](https://iproyal.com/?r=795836)! 🚀 + +![IPRoyal](/assets/iproyal.png) + # Feature - TCP static routing for client and server diff --git a/assets/iproyal.png b/assets/iproyal.png new file mode 100644 index 0000000000000000000000000000000000000000..f48a8458766ddcd625391bb80fb3a147c623e291 GIT binary patch literal 2628 zcmb7``9BkmAIFig&0Ui+Vv%ExM6o%Bg^|ysS>=u>QLYU+DrZ8>9oi=Mkv3Q5+#JnE z&U{otVSLEkN1`0<>-!&kzwg)M^?JVFKfQl_CED6xM8MKu9v&VMD@!xnA!81G9w=~_ z7HRD4L+}!D7&H%kP-fxq5WQt@bsLN2fgkR`L;rV%?J{|IK(kh6rub0a6-SqQ&KOA) z@%{=6r1)%{=k2keVpa#}bxF238qIEnz|$5-dFM)5(a$z5C`?$%DBp%aV19bS-nB|> zT^L{fvT|s$hGd3PWnFfCpg5XfTGT^d6Q0Uz(Ye3+VSF-$I(pM$oT}qB_~Dz*d_M7Z z2q1V=bb=sy-vWNz$j6rh(%FKjK+%n;wpJ`L}=Tn?M>ruJ?= z_|VQbZF%+|n+G!^=?XGUVO(EChhDOH`xKHu+!*+Z5!;`f(LHto0qPdo_K{4Ye~eX= z6xm5lNh|nr?K^ZhDh^M&7^wL^0w>1oEw0YVDbdb_PgyavF17xi*FoiKYZ z1!}KFE)NdpD5!q$S}+r*aC;}lU!V|%HMvwZ>9)r8fcp%mmAjaR>|%ahr^f>u-5d{$ zd@u!)qPIb72|qY3l00C0{k-XCu)kkDjr^h_GAQGeGgX`Nl_BOSA4!~D+lhRgFF4&S zpYe~Jwh9!{hV`= zzd~?6BM|IJenIu-R!&2{=*o^t7vi7!%QEY?mRe#Ta@E6+(|Ii`<&FC> z&yBF>xyv&m!m@iMS=HnXrR_d^i+*ON9I4;-NV-V}Xl9!jl!+Z(N&4NUg)77b98s;f ze#|;p;DFNCDC@oiyfnnbK@Nn)Hma6m11^b6%q_;KQ%|ZjX{UrwXBUMRLV9kXzxZ9; z`xHS3ZNGRPrI3rR%n`64+0nGy=x+>P;VZeb!DbdAJVB5})LxfrxkPfiJ9=o@oC^YU z$V@~=YMT3SgzKz}(t?+seK$iKMNihi`jAMBlIjy0eRcJu%TV)!OX^=c$H7UwOF%hqNZN&RXg{z%q?QP_9R*ggM~}SDDPD?WRUAzUo)_TGd3KE2ODa z{(5}~n-wGIJ+_NEYa2T_R^e`0+8TAb{?f#R@^WRY-b1&oqSA*l>yBl_I%o%AD7icI zTx`B^oV1`QuK5);s@vi^W3XANmXsRZ(r=ghYNo2w_APQm%Wm^$A#?|=qfe-h?`;fr zapMq-NIAQ?W0ZF9e{=C2_M}w@`QEu2k2m`Q*5qrW>z}h;{kfvMtGG_1sFj2t2#D;n zLp#eSYXjPqi~jPUj)1hJ65^Pr0-i$$19D*_FvL&V7*3+Ywkm%$QA+Cgqm9t+c_s$U zbYEZDJ}o}qd zo`Oq|+G5x+!sagMhe@qMfotgNA5Aa7Nj4tYVe}9!pShdjJxSo0@)t+zBpG;yy}s^6 zWV~ed@zi(ztBm8sbB-0(A$B+WL(yVQZ`71C&w+an%0u6IksHNT-JR#d=}^Qi`Jttz z?heGRx5$qilPtEH^90+uOqDRT4d0?_*>UCzs~0)MvQ0NrpM*sIM9?d?ZGNed@QATW z%rJQ+&=(k-(26AQrgb`T^m#j*m!B_MLJdq;#*uwc1D8A9bwb;H=O+Um-NjlX6&W5w zz=LWBgpGOPze${oe4$_;kcNvmDNEEuEpVcOq_SC|8iR=E7S`g=(U>g{NH#&Aw^`K}XG#p)+p z*+=<#g(jj)4=}ifDAUzm8clZB^+M%|!pfGFHg4zb`;~wl<8{uH?f#O^T9}w2)rl5Q zO}b-y7oyL$E!x1JHqUR#L;~0;uh6}cx$#=1ALM^9>aThej-=a^M4@B(-rfene2D>ENP)g3&D;*u+$@*C*KJ~WJ+*lSoRHWa9HBFSXt%mITb>4?a zi0JhkeaLD^9Lhn#&J2U)58{Pp{j`E5`^&Gyj0Oh1@3#2!bHt6i<|nd^g%`D50NwX_ zVnvip4q~hmI#?r^(qgo~CS1Ih1T`9K-9bc?}D&vab8vpN1*+ zEIEQ192Xa$&-6qqdXF6Ui}s$Ii(AU=x)wBdr?t$Q~mF&PjyTv-0})1W>)Xc?feMpDIA&1#D#dD zq`N@7ckq*81;#)dx9SZ1yDbezhxhEgs_qTL`SMh`$jxbM!JL79%voXec)it!G_P(F zL!hD3haX^e{e+~5Ug11tF#96CEq)CGU!}Smuynkcy=E4)2w-fQ0V`ldr<(^@G!2Cm(ZHv z>ldv(&hY&s{OC8-E&2jCxtUkL73k0Ve=C|RD6}sI^1J~$eXtk(-`ZzoZevDAyT$wm DZMW)n literal 0 HcmV?d00001 From 288687b873d9a31db90dab552b3b9b1d2119ad58 Mon Sep 17 00:00:00 2001 From: lexandr0s Date: Tue, 18 Feb 2025 16:27:18 +0400 Subject: [PATCH 15/16] Add hint to run Wireproxy as system daemon in rc.d-based system (#164) * Add hint for rc.d service * Update README.md --------- Co-authored-by: root --- rc.d/README.md | 21 +++++++++++++++++++++ rc.d/wireproxy | 30 ++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 rc.d/README.md create mode 100644 rc.d/wireproxy diff --git a/rc.d/README.md b/rc.d/README.md new file mode 100644 index 0000000..41ee820 --- /dev/null +++ b/rc.d/README.md @@ -0,0 +1,21 @@ +# Running wireproxy with rc.d + +If you're on a rc.d-based distro, you'll most likely want to run Wireproxy as a systemd unit. + +The provided systemd unit assumes you have the wireproxy executable installed on `/bin/wireproxy` and a configuration file stored at `/etc/wireproxy.conf`. These paths can be customized by editing the unit file. + +# Setting up the unit + +1. Copy the `wireproxy` file from this directory to `/usr/local/etc/rc.d`. + +2. If necessary, customize the unit. + Edit the parts with `procname`, `command`, `wireproxy_conf` to point to the executable and the configuration file. + +4. Add the following lines to `/etc/rc.conf` to enable wireproxy + `wireproxy_enable="YES"` + +5. Start wireproxy service and check status + ``` + sudo service wireproxy start + sudo service wireproxy status + ``` diff --git a/rc.d/wireproxy b/rc.d/wireproxy new file mode 100644 index 0000000..47b8f2e --- /dev/null +++ b/rc.d/wireproxy @@ -0,0 +1,30 @@ +#!/bin/sh +# +# PROVIDE: wireproxy +# REQUIRE: DAEMON +# KEYWORD: nojail +# + +# +# Add the following lines to /etc/rc.conf to enable wireproxy: +# +#wireproxy_enable="YES" +# + +. /etc/rc.subr + +name=wireproxy +rcvar=wireproxy_enable + +load_rc_config $name +procname="/bin/wireproxy" + +wireproxy_enable=${wireproxy_enable:-"NO"} + +wireproxy_bin=/bin/wireproxy +wireproxy_conf=/etc/wireproxy.conf + +command=${wireproxy_bin} +command_args="-s -d -c ${wireproxy_conf}" + +run_rc_command "$1" From 9dad356beeb3abad48434d5ec9272ad17af5b957 Mon Sep 17 00:00:00 2001 From: Emilien Devos <121870973+edevosc2c@users.noreply.github.com> Date: Wed, 19 Feb 2025 18:21:17 +0100 Subject: [PATCH 16/16] fix: issue with omiting endpoint (#157) fixes #156 --- config.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config.go b/config.go index b1aba15..1f6e4e4 100644 --- a/config.go +++ b/config.go @@ -326,7 +326,8 @@ func ParsePeers(cfg *ini.File, peers *[]PeerConfig) error { peer.PreSharedKey = value } - if value, err := parseString(section, "Endpoint"); err == nil { + if sectionKey, err := section.GetKey("Endpoint"); err == nil { + value := sectionKey.String() decoded, err = resolveIPPAndPort(strings.ToLower(value)) if err != nil { return err